@okta/okta-auth-js 6.4.2 → 6.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/cjs/OktaAuth.js.map +1 -1
  3. package/cjs/OktaUserAgent.js +2 -2
  4. package/cjs/TransactionManager.js +25 -13
  5. package/cjs/TransactionManager.js.map +1 -1
  6. package/cjs/errors/AuthApiError.js.map +1 -1
  7. package/cjs/errors/AuthSdkError.js.map +1 -1
  8. package/cjs/idx/authenticate.js.map +1 -1
  9. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +1 -1
  10. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
  11. package/cjs/idx/authenticator/SecurityQuestionVerification.js +12 -1
  12. package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
  13. package/cjs/idx/authenticator/WebauthnEnrollment.js +8 -3
  14. package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
  15. package/cjs/idx/authenticator/WebauthnVerification.js +8 -3
  16. package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
  17. package/cjs/idx/cancel.js.map +1 -1
  18. package/cjs/idx/idxState/v1/generateIdxAction.js +0 -2
  19. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  20. package/cjs/idx/interact.js.map +1 -1
  21. package/cjs/idx/introspect.js +1 -1
  22. package/cjs/idx/introspect.js.map +1 -1
  23. package/cjs/idx/proceed.js.map +1 -1
  24. package/cjs/idx/recoverPassword.js.map +1 -1
  25. package/cjs/idx/register.js.map +1 -1
  26. package/cjs/idx/remediate.js +12 -12
  27. package/cjs/idx/remediate.js.map +1 -1
  28. package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
  29. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  30. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
  31. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  32. package/cjs/idx/run.js +39 -6
  33. package/cjs/idx/run.js.map +1 -1
  34. package/cjs/idx/startTransaction.js.map +1 -1
  35. package/cjs/idx/types/api.js +42 -0
  36. package/cjs/idx/types/api.js.map +1 -0
  37. package/cjs/idx/types/idx-js.js.map +1 -1
  38. package/cjs/idx/types/index.js +27 -51
  39. package/cjs/idx/types/index.js.map +1 -1
  40. package/cjs/idx/types/options.js +2 -0
  41. package/cjs/idx/types/options.js.map +1 -0
  42. package/cjs/idx/unlockAccount.js.map +1 -1
  43. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  44. package/cjs/types/Transaction.js.map +1 -1
  45. package/dist/okta-auth-js.min.js +1 -1
  46. package/dist/okta-auth-js.min.js.map +1 -1
  47. package/dist/okta-auth-js.umd.js +1 -1
  48. package/dist/okta-auth-js.umd.js.map +1 -1
  49. package/esm/esm.browser.js +114 -77
  50. package/esm/esm.browser.js.map +1 -1
  51. package/esm/esm.node.mjs +114 -77
  52. package/esm/esm.node.mjs.map +1 -1
  53. package/lib/OktaAuth.d.ts +2 -2
  54. package/lib/TransactionManager.d.ts +4 -3
  55. package/lib/errors/AuthApiError.d.ts +2 -2
  56. package/lib/errors/AuthSdkError.d.ts +2 -2
  57. package/lib/idx/authenticate.d.ts +1 -3
  58. package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +1 -0
  59. package/lib/idx/authenticator/WebauthnEnrollment.d.ts +1 -0
  60. package/lib/idx/authenticator/WebauthnVerification.d.ts +1 -0
  61. package/lib/idx/cancel.d.ts +2 -3
  62. package/lib/idx/emailVerify.d.ts +1 -1
  63. package/lib/idx/idxState/v1/generateIdxAction.d.ts +2 -2
  64. package/lib/idx/interact.d.ts +1 -16
  65. package/lib/idx/introspect.d.ts +1 -7
  66. package/lib/idx/proceed.d.ts +1 -9
  67. package/lib/idx/recoverPassword.d.ts +1 -3
  68. package/lib/idx/register.d.ts +1 -3
  69. package/lib/idx/remediate.d.ts +1 -9
  70. package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +1 -2
  71. package/lib/idx/remediators/Base/Remediator.d.ts +2 -2
  72. package/lib/idx/remediators/EnrollmentChannelData.d.ts +3 -3
  73. package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +3 -3
  74. package/lib/idx/run.d.ts +1 -10
  75. package/lib/idx/startTransaction.d.ts +2 -3
  76. package/lib/idx/types/api.d.ts +99 -0
  77. package/lib/idx/types/idx-js.d.ts +10 -3
  78. package/lib/idx/types/index.d.ts +4 -110
  79. package/lib/idx/types/options.d.ts +44 -0
  80. package/lib/idx/unlockAccount.d.ts +1 -3
  81. package/lib/types/OAuth.d.ts +2 -0
  82. package/lib/types/OktaAuthOptions.d.ts +27 -11
  83. package/lib/types/Storage.d.ts +2 -1
  84. package/lib/types/Transaction.d.ts +8 -28
  85. package/lib/types/api.d.ts +12 -36
  86. package/package.json +4 -4
package/CHANGELOG.md CHANGED
@@ -1,5 +1,21 @@
1
1
  # Changelog
2
2
 
3
+ ## 6.4.5
4
+
5
+ - [#1240](https://github.com/okta/okta-auth-js/pull/1204) Fixes Apple SSO flow: includes `stepUp` on returned `IdxTransaction`
6
+
7
+ ## 6.4.4
8
+
9
+ - [#1199](https://github.com/okta/okta-auth-js/pull/1199) Fixes webauthn enrollment/verification to accept `credentials` object
10
+
11
+ ## 6.4.3
12
+
13
+ ### Fixes
14
+
15
+ - [#1182](https://github.com/okta/okta-auth-js/pull/1182) Fixes security question verification to accept `credentials.answer`
16
+ - [#1184](https://github.com/okta/okta-auth-js/pull/1184) Fixes type declarations: `ApiError`, `responseType`, `responseMode`
17
+ - [#1185](https://github.com/okta/okta-auth-js/pull/1185) Fixes "cancel" and "skip" action called after receiving a terminal or error response
18
+
3
19
  ## 6.4.2
4
20
 
5
21
  ### Fixes
package/cjs/OktaAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["OktaAuth","constructor","args","features","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","introspectAuthn","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","useQueue","method","prototype","push","getWithRedirectFn","getWithRedirect","getWithRedirectApi","_setLocation","url","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","forEach","key","boundStartTransaction","startTransaction","idx","interact","authenticate","register","start","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallback","parseEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","flow","getFlow","canProceed","unlockAccount","http","setRequestHeader","fingerprint","emitter","Emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","serviceManager","ServiceManager","services","updateAuthState","stop","setHeaders","headers","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","assign","clearTokensBeforeRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","hasExpired","undefined","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","verifyRecoveryToken","invokeApiMethod","crypto","webauthn","constants"],"mappings":";;;;;;;;;;;;;;;;;;;;AAeA;;AAuCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AACA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAkBA;;AACA;;AACA;;AAWA;;;;;;AA3IA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AA2HA;AACA;AACA;AAGA,MAAMA,QAAN,CAAmE;AAsBjEC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AAAA,oDAXXC,QAWW;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaF,IAAb,CAA/B,CADiC,CAEjC;;AACA,SAAKG,cAAL,GAAsB,IAAIC,8BAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA4CD,OAAO,CAACG,OAApD,EAA8DH,OAAO,CAACI,WAAtE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuB,qBAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKE,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAE,qBAAcC,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd;AACA,gBAAMC,OAAO,GAAGnB,OAAO,CAACI,WAAR,CAAqBe,OAArC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AALuD,OAAlD,CAHA;AAURG,MAAAA,UAAU,EAAEC,oBAAgBV,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAVJ,KAAV;AAaA,SAAKW,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CAtBiC,CA4BjC;;AACA,yBAAc,KAAK3B,OAAL,CAAaI,WAA3B,EAAwC;AACtCwB,MAAAA,cAAc,EAAE,KAAK3B,cAAL,CAAoB4B,oBAApB,CAAyCjB,IAAzC,CAA8C,KAAKX,cAAnD,CADsB;AAEtC6B,MAAAA,YAAY,EAAE,KAAK7B,cAAL,CAAoB6B,YAApB,CAAiClB,IAAjC,CAAsC,KAAKX,cAA3C;AAFwB,KAAxC;AAKA,SAAK8B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKhC,OAAL,GAAe,qBAAc,KAAKA,OAAnB,EAA4B;AACzCiC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGD,KAxCgC,CA0CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACtC,IAAI,CAACuC,YAAN,IAAsBvC,IAAI,CAACuC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKrC,OAAL,CAAaqC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKtC,OAAL,CAAaqC,YAAb,GAA4BvC,IAAI,CAACuC,YAAjC;AACD,KArDgC,CAuDjC;AACA;AACA;;;AACA,SAAKrC,OAAL,CAAauC,cAAb,GAA8B,CAAC,CAACzC,IAAI,CAACyC,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;;AACA,UAAMC,QAAQ,GAAIC,MAAD,IAAY;AAC3B,aAAOF,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAP;AACD,KAFD,CArEiC,CAyEjC;;;AACA,UAAMG,iBAAiB,GAAGJ,QAAQ,CAACK,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAAD,CAAlC;AACA,UAAM4C,kBAAsC,GAAG,qBAAcF,iBAAd,EAAiC;AAC9E;AACAG,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJ6E,KAAjC,CAA/C,CA3EiC,CAiFjC;;AACA,UAAMC,cAAc,GAAGT,QAAQ,CAACU,mBAAahD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAAD,CAA/B;AACA,UAAMiD,eAAsC,GAAG,qBAAcF,cAAd,EAA8B;AAC3E;AACAG,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO5B,MAAM,CAAC6B,OAAd;AACD,OAJ0E;AAM3E;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO9B,MAAM,CAACC,QAAd;AACD,OAT0E;AAW3E;AACA8B,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO/B,MAAM,CAACgC,QAAd;AACD;AAd0E,KAA9B,CAA/C;AAgBA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBxD,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXyD,MAAAA,qBAAqB,EAAEA,4BAAsBzD,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX0D,MAAAA,gBAAgB,EAAEA,uBAAiB1D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX2D,MAAAA,YAAY,EAAEA,mBAAa3D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEC,kBALN;AAMXI,MAAAA,YAAY,EAAEC,eANH;AAOXW,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAY/D,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXgE,MAAAA,KAAK,EAAEC,iBAAWjE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXkE,MAAAA,sBAAsB,EAAEA,6BAAuBlE,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXmE,MAAAA,WAAW,EAAEA,kBAAYnE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXoE,MAAAA,WAAW,EAAEA,kBAAYpE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXqE,MAAAA,MAAM,EAAEC,kBAAYtE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXuE,MAAAA,eAAe,EAAEA,sBAAgBvE,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAnGiC,CAmHjC;;AACA,UAAMwE,WAAW,GAAG,CAClB;AACA,YAFkB,EAGlB,iBAHkB,EAIlB;AACA,qBALkB,EAMlB,cANkB,CAApB;AAQA,uBAAY,KAAKjB,KAAjB,EAAwBkB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAI,sBAAAF,WAAW,MAAX,CAAAA,WAAW,EAASE,GAAT,CAAX,IAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAInC,MAAM,GAAG,KAAKgB,KAAL,CAAWmB,GAAX,CAAb;AACA,WAAKnB,KAAL,CAAWmB,GAAX,IAAkBrC,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND,EA5HiC,CAoIjC;;AACA,UAAMoC,qBAAqB,GAAGC,sBAAiB5E,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAA9B;;AACA,SAAK6E,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAAS9E,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEA,gBAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAFH;AAGT+E,MAAAA,YAAY,EAAEA,kBAAa/E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITgF,MAAAA,QAAQ,EAAEA,cAAShF,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTiF,MAAAA,KAAK,EAAEN,qBALE;AAMTC,MAAAA,gBAAgB,EAAED,qBANT;AAMgC;AACzCO,MAAAA,IAAI,EAAEA,UAAKlF,IAAL,CAAU,IAAV,EAAgB,IAAhB,CAPG;AAQTmF,MAAAA,OAAO,EAAEA,aAAQnF,IAAR,CAAa,IAAb,EAAmB,IAAnB,CARA;AASToF,MAAAA,MAAM,EAAEA,YAAOpF,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CATC;AAUTqF,MAAAA,eAAe,EAAEA,qBAAgBrF,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAVR;AAYT;AACAsF,MAAAA,6BAA6B,EAAEA,mCAA8BtF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAbtB;AAeT;AACAuF,MAAAA,qBAAqB,EAAEA,4BAAsBvF,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAhBd;AAiBTwF,MAAAA,0BAA0B,EAA1BA,gCAjBS;AAmBT;AACAC,MAAAA,yBAAyB,EAAEA,+BAA0BzF,IAA1B,CAA+B,IAA/B,EAAqC,IAArC,CApBlB;AAqBT0F,MAAAA,qBAAqB,EAArBA,0BArBS;AAsBTC,MAAAA,wBAAwB,EAAxBA,6BAtBS;AAuBTC,MAAAA,0BAA0B,EAA1BA,+BAvBS;AAyBTC,MAAAA,uBAAuB,EAAEA,yCAAwB7F,IAAxB,CAA6B,IAA7B,EAAmC,IAAnC,CAzBhB;AA0BT8F,MAAAA,qBAAqB,EAAEA,uCAAsB9F,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CA1Bd;AA2BT+F,MAAAA,kBAAkB,EAAEA,oCAAmB/F,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CA3BX;AA4BTgG,MAAAA,mBAAmB,EAAEA,qCAAoBhG,IAApB,CAAyB,IAAzB,EAA+B,IAA/B,CA5BZ;AA6BTiG,MAAAA,oBAAoB,EAAEA,sCAAqBjG,IAArB,CAA0B,IAA1B,EAAgC,IAAhC,CA7Bb;AA8BTkG,MAAAA,sBAAsB,EAAtBA,uCA9BS;AA+BTC,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKhH,OAAL,CAAagH,IAAb,GAAoBA,IAApB;AACD,OAjCQ;AAkCTC,MAAAA,OAAO,EAAE,MAAkC;AACzC,eAAO,KAAKjH,OAAL,CAAagH,IAApB;AACD,OApCQ;AAqCTE,MAAAA,UAAU,EAAEA,gBAAWtG,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CArCH;AAsCTuG,MAAAA,aAAa,EAAEA,mBAAcvG,IAAd,CAAmB,IAAnB,EAAyB,IAAzB;AAtCN,KAAX,CAtIiC,CA+KjC;;AACA,SAAKwG,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBzG,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAhLiC,CAoLjC;;AACA,SAAK0G,WAAL,GAAmBA,qBAAY1G,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAK2G,OAAL,GAAe,IAAIC,oBAAJ,EAAf,CAvLiC,CAyLjC;;AACA,SAAKC,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB5H,IAAI,CAAC2H,YAA5B,CAApB,CA1LiC,CA4LjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB,CA7LiC,CA+LjC;;AACA,SAAKC,cAAL,GAAsB,IAAIC,8BAAJ,CAAmB,IAAnB,EAAyBhI,IAAI,CAACiI,QAA9B,CAAtB;AACD;;AAEDlC,EAAAA,KAAK,GAAG;AACN;AACA,SAAK4B,YAAL,CAAkB5B,KAAlB;;AACA,QAAI,CAAC,KAAK1B,KAAL,CAAWgB,eAAX,EAAL,EAAmC;AACjC,WAAKwC,gBAAL,CAAsBK,eAAtB;AACD;;AACD,SAAKH,cAAL,CAAoBhC,KAApB;AACD;;AAEDoC,EAAAA,IAAI,GAAG;AACL;AACA,SAAKR,YAAL,CAAkBQ,IAAlB;AACA,SAAKJ,cAAL,CAAoBI,IAApB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKnI,OAAL,CAAamI,OAAb,GAAuB,qBAAc,EAAd,EAAkB,KAAKnI,OAAL,CAAamI,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GA1OgE,CA6OjE;;;AACY,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD,GAhPgE,CAkPjE;;;AAC2B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAIvI,OAAD,IAAc;AACvC,aAAOqI,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CrI,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACqI,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKjB,WAAL,GACNmB,IADM,CACD,UAASnB,WAAT,EAAsB;AAC1B,aAAOiB,kBAAkB,CAAC;AACxBJ,QAAAA,OAAO,EAAE;AACP,kCAAwBb;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBoB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKtG,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI2G,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG,qBAAc;AAC3B;AACAC,QAAAA,MAAM,EAAE,KAAK/I,OAAL,CAAa+I,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKzE,KAAL,CAAWZ,eAAX,CAA2BuF,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAK/G,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GA3RgE,CA6RjE;;;AACAU,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNgG,IADM,CACD,YAAY;AAChB;AACA,WAAKhB,YAAL,CAAkBuB,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAChI,IAAF,KAAW,cAAX,IAA6BgI,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GA3SgE,CA6SjE;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA8C;AACnE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK9B,YAAL,CAAkB+B,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBF,cAAzB;AACD,KALkE,CAMnE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAO,iBAAQK,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkB2E,WAAlB,CAAP;AACD,GAzTgE,CA2TjE;;;AACwB,QAAlBM,kBAAkB,CAACC,YAAD,EAAgD;AACtE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKnC,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCM,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKpC,YAAL,CAAkB+B,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBI,eAAzB;AACD,KALqE,CAMtE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAO,iBAAQF,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkBkF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC9J,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF+J,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjK,OAJJ;;AAKA,QAAI,CAAC+J,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhK,OAAL,CAAagK,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GArWgE,CAuWjE;;;AACa,QAAPE,OAAO,CAACvK,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAG,qBAAc,EAAd,EAAkBA,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIwK,UAAU,GAAGtI,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIqI,UAAU,GAAGvI,MAAM,CAACC,QAAP,CAAgBuI,IAAjC;AACA,QAAIV,qBAAqB,GAAGhK,OAAO,CAACgK,qBAAR,IACvB,KAAKhK,OAAL,CAAagK,qBADU,IAEvBQ,UAFL;AAIA,QAAInB,WAAW,GAAGrJ,OAAO,CAACqJ,WAA1B;AACA,QAAIO,YAAY,GAAG5J,OAAO,CAAC4J,YAA3B;AACA,QAAIR,iBAAiB,GAAGpJ,OAAO,CAACoJ,iBAAR,KAA8B,KAAtD;AACA,QAAIO,kBAAkB,GAAG3J,OAAO,CAAC2J,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKnC,YAAL,CAAkByC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIR,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAK5B,YAAL,CAAkByC,aAAlB,GAAkCb,WAAhD;AACD;;AAED,QAAI,CAACrJ,OAAO,CAAC+J,OAAb,EAAsB;AACpB/J,MAAAA,OAAO,CAAC+J,OAAR,GAAkB,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIR,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMgB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG9J,OAAL;AAAcgK,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAK3H,YAAL,GAAoB;AAApB,OACN+F,IADM,CACD,YAAW;AACf,YAAIuB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxCvI,UAAAA,MAAM,CAACC,QAAP,CAAgBwI,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLzI,UAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBZ,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAIhK,OAAO,CAAC6K,yBAAZ,EAAuC;AACrC;AACA,aAAKpD,YAAL,CAAkBuB,KAAlB;AACD,OAHD,MAGO;AACL,aAAKvB,YAAL,CAAkBqD,qBAAlB;AACD,OANI,CAOL;;;AACA5I,MAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBP,SAAvB;AACD;AACF;;AAEDU,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAI3E,GAAG,GAAG,2BAA2B,yBAAc2E,IAAd,CAArC;AACA,QAAIrI,OAAO,GAAG;AACZmI,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUzE,GAAV,EAAe1D,OAAf,CAAP;AACD,GA5agE,CA8ajE;AACA;AACA;AAEA;AACA;;;AACqB,QAAfgL,eAAe,CAAChL,OAA+B,GAAG,EAAnC,EAAyD;AAC5E;AACA,UAAM;AAAEiL,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKzD,YAAL,CAAkB0D,UAAlB,EAAlC;AAEA,UAAMC,WAAW,GAAGpL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,OAApD,GAA8DJ,SAAlF;AACA,UAAMK,YAAY,GAAGtL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,QAApD,GAA+DH,UAApF;AAEA,QAAI;AAAE7B,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAtB;;AACA,QAAIb,WAAW,IAAI,KAAK5B,YAAL,CAAkB8D,UAAlB,CAA6BlC,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAGmC,SAAd;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACF/B,UAAAA,WAAW,GAAG,MAAM,KAAK5B,YAAL,CAAkB7C,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAI;AAAEM,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAAlB;;AACA,QAAIH,OAAO,IAAI,KAAKtC,YAAL,CAAkB8D,UAAlB,CAA6BxB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAGyB,SAAV;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACFrB,UAAAA,OAAO,GAAG,MAAM,KAAKtC,YAAL,CAAkB7C,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIU,OAAjB,CAAR;AACD;;AAEY,QAAP0B,OAAO,GAAwB;AACnC,UAAM;AAAE1B,MAAAA,OAAF;AAAWV,MAAAA;AAAX,QAA2B,KAAK5B,YAAL,CAAkByC,aAAlB,EAAjC;AACA,WAAO,KAAK/F,KAAL,CAAWa,WAAX,CAAuBqE,WAAvB,EAAoCU,OAApC,CAAP;AACD;;AAED2B,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAE3B,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqByB,SAAnC;AACD;;AAEDG,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEtC,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAxB;AACA,WAAOb,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BmC,SAA/C;AACD;;AAEDI,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAEhC,MAAAA;AAAF,QAAmB,KAAKnC,YAAL,CAAkByC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+B4B,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBK,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAK3H,KAAL,CAAWP,YAAX,EAAzB;AACA,SAAK6D,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAEDjD,EAAAA,cAAc,CAACF,WAAD,EAAsBsB,KAAtB,EAA4C;AACxD;AACA,UAAM+B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDzD,WAAlD,EAHwD,CAKxD;;AACAsB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsBlC,KAAtB,EAA6BtB,WAA7B;AACD;AACF;;AAED4D,EAAAA,cAAc,CAACtC,KAAD,EAAqC;AACjD;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACA,YAAM3D,WAAW,GAAG0D,aAAa,CAACG,OAAd,CAAsBvC,KAAtB,CAApB;;AACA,UAAItB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KATgD,CAWjD;;;AACA,UAAMxH,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA,WAAO/K,OAAO,GAAGA,OAAO,CAACqL,OAAR,CAAgBJ,mCAAhB,KAA8CZ,SAAjD,GAA6DA,SAA3E;AACD;;AAEDiB,EAAAA,iBAAiB,CAACxC,KAAD,EAAuB;AACtC;AACA,UAAM9I,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA/K,IAAAA,OAAO,CAACuL,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACAnC,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,IAA4BL,aAAa,CAACK,UAAd,CAAyBzC,KAAzB,CAA5B;AACD;AACF;;AAED9E,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBwH,mBAAmB,CAACb,MAAD,EAAkBnD,WAAlB,EAAuD;AAC9E,QAAIsB,KAAK,GAAG,KAAKjK,OAAL,CAAaiK,KAAzB,CAD8E,CAG9E;;AACA,QAAI6B,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACAnD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoB,KAAKvM,OAAL,CAAaiK,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAK9E,eAAL,EAAJ,EAA4B;AACjC,UAAI;AACF;AACA,cAAMyH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACA3C,QAAAA,KAAK,GAAG2C,aAAa,CAAC3C,KAAtB;AACAtB,QAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoBtC,KAApB,CAA7B;AACA,cAAM,KAAK4B,uBAAL,EAAN;AACD,OAND,CAME,OAAM3C,CAAN,EAAS;AACT;AACA,cAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN;AACA,cAAMkB,CAAN;AACD;AACF,KAZM,MAYA;AACL,aADK,CACG;AACT,KArB6E,CAuB9E;;;AACA,UAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN,CAxB8E,CA0B9E;;AACA,SAAKyE,iBAAL,CAAuBxC,KAAvB,EA3B8E,CA6B9E;;AACA,UAAM;AAAE4C,MAAAA;AAAF,QAAyB,KAAK7M,OAApC;;AACA,QAAI6M,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAOlE,WAAP,CAAxB;AACD,KAFD,MAEO,IAAIA,WAAJ,EAAiB;AACtBzG,MAAAA,MAAM,CAACC,QAAP,CAAgB2K,OAAhB,CAAwBnE,WAAxB;AACD;AACF;;AAEDoE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAK/M,OAAL,CAAauB,IAAtB;AACD;;AAEDyL,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKnN,OAAL,CAAaiN,YAA3B,KAA4C,KAAKjN,OAAL,CAAaiN,YAAb,CAA0BG,MAA1E,EAAkF;AAAA;;AAChFJ,MAAAA,eAAe,GAAG,sCAAKhN,OAAL,CAAaiN,YAAb,iBAAkCA,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKhN,OAAL,CAAaiN,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA1lBgE,CA4lBjE;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA;AACA,WAAO,KAAKtN,OAAL,CAAauN,MAAb,CAAqBC,KAArB,CAA2B,UAA3B,EAAuC,CAAvC,CAAP;AACD,GArmBgE,CAumBjE;;;AACAC,EAAAA,cAAc,CAACpF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA1mBgE,CA4mBjE;;;AACAlB,EAAAA,aAAa,CAACkB,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GA/mBgE,CAinBjE;;;AACAqF,EAAAA,mBAAmB,CAACrF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD,GApnBgE,CAsnBjE;;;AACqB,QAAfsF,eAAe,CAAC3N,OAAD,EAA4C;AAC/D,QAAI,CAACA,OAAO,CAACqJ,WAAb,EAA0B;AACxB,YAAMA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAA1D;AACArJ,MAAAA,OAAO,CAACqJ,WAAR,GAAsBA,WAAtB,aAAsBA,WAAtB,uBAAsBA,WAAW,CAAEA,WAAnC;AACD;;AACD,WAAO,uBAAY,IAAZ,EAAkBrJ,OAAlB,CAAP;AACD;;AA7nBgE,C,CAgoBnE;;;8BAhoBMJ,Q,cAQ2BG,Q;8BAR3BH,Q,YASuBgO,M;8BATvBhO,Q,cAU2BiO,Q;AAunBjCjO,QAAQ,CAACG,QAAT,GAAoBH,QAAQ,CAACwD,SAAT,CAAmBrD,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACA,qBAAcH,QAAd,EAAwB;AACtBkO,EAAAA;AADsB,CAAxB;eAIelO,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuthInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n CryptoAPI,\n WebauthnAPI,\n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n FlowIdentifier,\n GetWithRedirectAPI,\n ParseFromUrlInterface,\n GetWithRedirectFunction,\n RequestOptions,\n IsAuthenticatedOptions,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspectAuthn,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport * as crypto from './crypto';\nimport * as webauthn from './crypto/webauthn';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone,\n} from './util';\nimport { TokenManager } from './TokenManager';\nimport { ServiceManager } from './ServiceManager';\nimport { get, httpRequest, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport { StorageManager } from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect,\n authenticate,\n cancel,\n poll,\n proceed,\n register,\n recoverPassword,\n unlockAccount,\n startTransaction,\n handleInteractionCodeRedirect,\n canProceed,\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError\n} from './idx';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\nimport {\n getSavedTransactionMeta,\n createTransactionMeta,\n getTransactionMeta,\n saveTransactionMeta,\n clearTransactionMeta,\n isTransactionMetaValid\n} from './idx/transactionMeta';\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nclass OktaAuth implements OktaAuthInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI = features;\n static crypto: CryptoAPI = crypto;\n static webauthn: WebauthnAPI = webauthn;\n features: FeaturesAPI = features;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: any;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n serviceManager: ServiceManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n const options = this.options = buildOptions(args);\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = new StorageManager(options.storageManager!, options.cookies!, options.storageUtil!);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager,\n }, options.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n\n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = options.storageUtil!.storage;\n return storage.get(name);\n }\n }),\n introspect: introspectAuthn.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n };\n\n // eslint-disable-next-line max-len\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = [\n // sync methods\n 'decode',\n 'isLoginRedirect',\n // already bound\n 'getWithRedirect',\n 'parseFromUrl'\n ];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n\n // IDX\n const boundStartTransaction = startTransaction.bind(null, this);\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspect.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, this),\n proceed: proceed.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, this),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),\n createTransactionMeta: createTransactionMeta.bind(null, this),\n getTransactionMeta: getTransactionMeta.bind(null, this),\n saveTransactionMeta: saveTransactionMeta.bind(null, this),\n clearTransactionMeta: clearTransactionMeta.bind(null, this),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n this.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return this.options.flow;\n },\n canProceed: canProceed.bind(null, this),\n unlockAccount: unlockAccount.bind(null, this),\n };\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager(this, args.services);\n }\n\n start() {\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n this.serviceManager.start();\n }\n\n stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n this.serviceManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<unknown> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.tokenManager.clear();\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n\n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n\n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n\n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri(state);\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: string): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n}\n\n// Hoist feature detection functions to prototype & static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist constants for CommonJS users\nObject.assign(OktaAuth, {\n constants\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
1
+ {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["OktaAuth","constructor","args","features","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","introspectAuthn","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","useQueue","method","prototype","push","getWithRedirectFn","getWithRedirect","getWithRedirectApi","_setLocation","url","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","forEach","key","boundStartTransaction","startTransaction","idx","interact","authenticate","register","start","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallback","parseEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","flow","getFlow","canProceed","unlockAccount","http","setRequestHeader","fingerprint","emitter","Emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","serviceManager","ServiceManager","services","updateAuthState","stop","setHeaders","headers","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","assign","clearTokensBeforeRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","hasExpired","undefined","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","verifyRecoveryToken","invokeApiMethod","crypto","webauthn","constants"],"mappings":";;;;;;;;;;;;;;;;;;;;AAeA;;AAwCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AACA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAkBA;;AACA;;AACA;;AAWA;;;;;;AA5IA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AA4HA;AACA;AACA;AAGA,MAAMA,QAAN,CAAmE;AAsBjEC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AAAA,oDAXXC,QAWW;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaF,IAAb,CAA/B,CADiC,CAEjC;;AACA,SAAKG,cAAL,GAAsB,IAAIC,8BAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA4CD,OAAO,CAACG,OAApD,EAA8DH,OAAO,CAACI,WAAtE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuB,qBAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKE,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAE,qBAAcC,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd;AACA,gBAAMC,OAAO,GAAGnB,OAAO,CAACI,WAAR,CAAqBe,OAArC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AALuD,OAAlD,CAHA;AAURG,MAAAA,UAAU,EAAEC,oBAAgBV,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAVJ,KAAV;AAaA,SAAKW,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CAtBiC,CA4BjC;;AACA,yBAAc,KAAK3B,OAAL,CAAaI,WAA3B,EAAwC;AACtCwB,MAAAA,cAAc,EAAE,KAAK3B,cAAL,CAAoB4B,oBAApB,CAAyCjB,IAAzC,CAA8C,KAAKX,cAAnD,CADsB;AAEtC6B,MAAAA,YAAY,EAAE,KAAK7B,cAAL,CAAoB6B,YAApB,CAAiClB,IAAjC,CAAsC,KAAKX,cAA3C;AAFwB,KAAxC;AAKA,SAAK8B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKhC,OAAL,GAAe,qBAAc,KAAKA,OAAnB,EAA4B;AACzCiC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGD,KAxCgC,CA0CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACtC,IAAI,CAACuC,YAAN,IAAsBvC,IAAI,CAACuC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKrC,OAAL,CAAaqC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKtC,OAAL,CAAaqC,YAAb,GAA4BvC,IAAI,CAACuC,YAAjC;AACD,KArDgC,CAuDjC;AACA;AACA;;;AACA,SAAKrC,OAAL,CAAauC,cAAb,GAA8B,CAAC,CAACzC,IAAI,CAACyC,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;;AACA,UAAMC,QAAQ,GAAIC,MAAD,IAAY;AAC3B,aAAOF,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAP;AACD,KAFD,CArEiC,CAyEjC;;;AACA,UAAMG,iBAAiB,GAAGJ,QAAQ,CAACK,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAAD,CAAlC;AACA,UAAM4C,kBAAsC,GAAG,qBAAcF,iBAAd,EAAiC;AAC9E;AACAG,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJ6E,KAAjC,CAA/C,CA3EiC,CAiFjC;;AACA,UAAMC,cAAc,GAAGT,QAAQ,CAACU,mBAAahD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAAD,CAA/B;AACA,UAAMiD,eAAsC,GAAG,qBAAcF,cAAd,EAA8B;AAC3E;AACAG,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO5B,MAAM,CAAC6B,OAAd;AACD,OAJ0E;AAM3E;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO9B,MAAM,CAACC,QAAd;AACD,OAT0E;AAW3E;AACA8B,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO/B,MAAM,CAACgC,QAAd;AACD;AAd0E,KAA9B,CAA/C;AAgBA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBxD,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXyD,MAAAA,qBAAqB,EAAEA,4BAAsBzD,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX0D,MAAAA,gBAAgB,EAAEA,uBAAiB1D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX2D,MAAAA,YAAY,EAAEA,mBAAa3D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEC,kBALN;AAMXI,MAAAA,YAAY,EAAEC,eANH;AAOXW,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAY/D,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXgE,MAAAA,KAAK,EAAEC,iBAAWjE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXkE,MAAAA,sBAAsB,EAAEA,6BAAuBlE,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXmE,MAAAA,WAAW,EAAEA,kBAAYnE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXoE,MAAAA,WAAW,EAAEA,kBAAYpE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXqE,MAAAA,MAAM,EAAEC,kBAAYtE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXuE,MAAAA,eAAe,EAAEA,sBAAgBvE,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAnGiC,CAmHjC;;AACA,UAAMwE,WAAW,GAAG,CAClB;AACA,YAFkB,EAGlB,iBAHkB,EAIlB;AACA,qBALkB,EAMlB,cANkB,CAApB;AAQA,uBAAY,KAAKjB,KAAjB,EAAwBkB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAI,sBAAAF,WAAW,MAAX,CAAAA,WAAW,EAASE,GAAT,CAAX,IAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAInC,MAAM,GAAG,KAAKgB,KAAL,CAAWmB,GAAX,CAAb;AACA,WAAKnB,KAAL,CAAWmB,GAAX,IAAkBrC,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND,EA5HiC,CAoIjC;;AACA,UAAMoC,qBAAqB,GAAGC,sBAAiB5E,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAA9B;;AACA,SAAK6E,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAAS9E,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEA,gBAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAFH;AAGT+E,MAAAA,YAAY,EAAEA,kBAAa/E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITgF,MAAAA,QAAQ,EAAEA,cAAShF,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTiF,MAAAA,KAAK,EAAEN,qBALE;AAMTC,MAAAA,gBAAgB,EAAED,qBANT;AAMgC;AACzCO,MAAAA,IAAI,EAAEA,UAAKlF,IAAL,CAAU,IAAV,EAAgB,IAAhB,CAPG;AAQTmF,MAAAA,OAAO,EAAEA,aAAQnF,IAAR,CAAa,IAAb,EAAmB,IAAnB,CARA;AASToF,MAAAA,MAAM,EAAEA,YAAOpF,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CATC;AAUTqF,MAAAA,eAAe,EAAEA,qBAAgBrF,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAVR;AAYT;AACAsF,MAAAA,6BAA6B,EAAEA,mCAA8BtF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAbtB;AAeT;AACAuF,MAAAA,qBAAqB,EAAEA,4BAAsBvF,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAhBd;AAiBTwF,MAAAA,0BAA0B,EAA1BA,gCAjBS;AAmBT;AACAC,MAAAA,yBAAyB,EAAEA,+BAA0BzF,IAA1B,CAA+B,IAA/B,EAAqC,IAArC,CApBlB;AAqBT0F,MAAAA,qBAAqB,EAArBA,0BArBS;AAsBTC,MAAAA,wBAAwB,EAAxBA,6BAtBS;AAuBTC,MAAAA,0BAA0B,EAA1BA,+BAvBS;AAyBTC,MAAAA,uBAAuB,EAAEA,yCAAwB7F,IAAxB,CAA6B,IAA7B,EAAmC,IAAnC,CAzBhB;AA0BT8F,MAAAA,qBAAqB,EAAEA,uCAAsB9F,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CA1Bd;AA2BT+F,MAAAA,kBAAkB,EAAEA,oCAAmB/F,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CA3BX;AA4BTgG,MAAAA,mBAAmB,EAAEA,qCAAoBhG,IAApB,CAAyB,IAAzB,EAA+B,IAA/B,CA5BZ;AA6BTiG,MAAAA,oBAAoB,EAAEA,sCAAqBjG,IAArB,CAA0B,IAA1B,EAAgC,IAAhC,CA7Bb;AA8BTkG,MAAAA,sBAAsB,EAAtBA,uCA9BS;AA+BTC,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKhH,OAAL,CAAagH,IAAb,GAAoBA,IAApB;AACD,OAjCQ;AAkCTC,MAAAA,OAAO,EAAE,MAAkC;AACzC,eAAO,KAAKjH,OAAL,CAAagH,IAApB;AACD,OApCQ;AAqCTE,MAAAA,UAAU,EAAEA,gBAAWtG,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CArCH;AAsCTuG,MAAAA,aAAa,EAAEA,mBAAcvG,IAAd,CAAmB,IAAnB,EAAyB,IAAzB;AAtCN,KAAX,CAtIiC,CA+KjC;;AACA,SAAKwG,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBzG,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAhLiC,CAoLjC;;AACA,SAAK0G,WAAL,GAAmBA,qBAAY1G,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAK2G,OAAL,GAAe,IAAIC,oBAAJ,EAAf,CAvLiC,CAyLjC;;AACA,SAAKC,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB5H,IAAI,CAAC2H,YAA5B,CAApB,CA1LiC,CA4LjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB,CA7LiC,CA+LjC;;AACA,SAAKC,cAAL,GAAsB,IAAIC,8BAAJ,CAAmB,IAAnB,EAAyBhI,IAAI,CAACiI,QAA9B,CAAtB;AACD;;AAEDlC,EAAAA,KAAK,GAAG;AACN;AACA,SAAK4B,YAAL,CAAkB5B,KAAlB;;AACA,QAAI,CAAC,KAAK1B,KAAL,CAAWgB,eAAX,EAAL,EAAmC;AACjC,WAAKwC,gBAAL,CAAsBK,eAAtB;AACD;;AACD,SAAKH,cAAL,CAAoBhC,KAApB;AACD;;AAEDoC,EAAAA,IAAI,GAAG;AACL;AACA,SAAKR,YAAL,CAAkBQ,IAAlB;AACA,SAAKJ,cAAL,CAAoBI,IAApB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKnI,OAAL,CAAamI,OAAb,GAAuB,qBAAc,EAAd,EAAkB,KAAKnI,OAAL,CAAamI,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GA1OgE,CA6OjE;;;AACY,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD,GAhPgE,CAkPjE;;;AAC2B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAIvI,OAAD,IAAc;AACvC,aAAOqI,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CrI,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACqI,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKjB,WAAL,GACNmB,IADM,CACD,UAASnB,WAAT,EAAsB;AAC1B,aAAOiB,kBAAkB,CAAC;AACxBJ,QAAAA,OAAO,EAAE;AACP,kCAAwBb;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBoB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKtG,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI2G,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG,qBAAc;AAC3B;AACAC,QAAAA,MAAM,EAAE,KAAK/I,OAAL,CAAa+I,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKzE,KAAL,CAAWZ,eAAX,CAA2BuF,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAK/G,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GA3RgE,CA6RjE;;;AACAU,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNgG,IADM,CACD,YAAY;AAChB;AACA,WAAKhB,YAAL,CAAkBuB,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAChI,IAAF,KAAW,cAAX,IAA6BgI,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GA3SgE,CA6SjE;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA8C;AACnE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK9B,YAAL,CAAkB+B,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBF,cAAzB;AACD,KALkE,CAMnE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAO,iBAAQK,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkB2E,WAAlB,CAAP;AACD,GAzTgE,CA2TjE;;;AACwB,QAAlBM,kBAAkB,CAACC,YAAD,EAAgD;AACtE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKnC,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCM,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKpC,YAAL,CAAkB+B,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBI,eAAzB;AACD,KALqE,CAMtE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAO,iBAAQF,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkBkF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC9J,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF+J,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjK,OAJJ;;AAKA,QAAI,CAAC+J,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhK,OAAL,CAAagK,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GArWgE,CAuWjE;;;AACa,QAAPE,OAAO,CAACvK,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAG,qBAAc,EAAd,EAAkBA,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIwK,UAAU,GAAGtI,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIqI,UAAU,GAAGvI,MAAM,CAACC,QAAP,CAAgBuI,IAAjC;AACA,QAAIV,qBAAqB,GAAGhK,OAAO,CAACgK,qBAAR,IACvB,KAAKhK,OAAL,CAAagK,qBADU,IAEvBQ,UAFL;AAIA,QAAInB,WAAW,GAAGrJ,OAAO,CAACqJ,WAA1B;AACA,QAAIO,YAAY,GAAG5J,OAAO,CAAC4J,YAA3B;AACA,QAAIR,iBAAiB,GAAGpJ,OAAO,CAACoJ,iBAAR,KAA8B,KAAtD;AACA,QAAIO,kBAAkB,GAAG3J,OAAO,CAAC2J,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKnC,YAAL,CAAkByC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIR,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAK5B,YAAL,CAAkByC,aAAlB,GAAkCb,WAAhD;AACD;;AAED,QAAI,CAACrJ,OAAO,CAAC+J,OAAb,EAAsB;AACpB/J,MAAAA,OAAO,CAAC+J,OAAR,GAAkB,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIR,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMgB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG9J,OAAL;AAAcgK,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAK3H,YAAL,GAAoB;AAApB,OACN+F,IADM,CACD,YAAW;AACf,YAAIuB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxCvI,UAAAA,MAAM,CAACC,QAAP,CAAgBwI,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLzI,UAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBZ,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAIhK,OAAO,CAAC6K,yBAAZ,EAAuC;AACrC;AACA,aAAKpD,YAAL,CAAkBuB,KAAlB;AACD,OAHD,MAGO;AACL,aAAKvB,YAAL,CAAkBqD,qBAAlB;AACD,OANI,CAOL;;;AACA5I,MAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBP,SAAvB;AACD;AACF;;AAEDU,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAI3E,GAAG,GAAG,2BAA2B,yBAAc2E,IAAd,CAArC;AACA,QAAIrI,OAAO,GAAG;AACZmI,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUzE,GAAV,EAAe1D,OAAf,CAAP;AACD,GA5agE,CA8ajE;AACA;AACA;AAEA;AACA;;;AACqB,QAAfgL,eAAe,CAAChL,OAA+B,GAAG,EAAnC,EAAyD;AAC5E;AACA,UAAM;AAAEiL,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKzD,YAAL,CAAkB0D,UAAlB,EAAlC;AAEA,UAAMC,WAAW,GAAGpL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,OAApD,GAA8DJ,SAAlF;AACA,UAAMK,YAAY,GAAGtL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,QAApD,GAA+DH,UAApF;AAEA,QAAI;AAAE7B,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAtB;;AACA,QAAIb,WAAW,IAAI,KAAK5B,YAAL,CAAkB8D,UAAlB,CAA6BlC,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAGmC,SAAd;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACF/B,UAAAA,WAAW,GAAG,MAAM,KAAK5B,YAAL,CAAkB7C,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAI;AAAEM,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAAlB;;AACA,QAAIH,OAAO,IAAI,KAAKtC,YAAL,CAAkB8D,UAAlB,CAA6BxB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAGyB,SAAV;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACFrB,UAAAA,OAAO,GAAG,MAAM,KAAKtC,YAAL,CAAkB7C,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIU,OAAjB,CAAR;AACD;;AAEY,QAAP0B,OAAO,GAAwB;AACnC,UAAM;AAAE1B,MAAAA,OAAF;AAAWV,MAAAA;AAAX,QAA2B,KAAK5B,YAAL,CAAkByC,aAAlB,EAAjC;AACA,WAAO,KAAK/F,KAAL,CAAWa,WAAX,CAAuBqE,WAAvB,EAAoCU,OAApC,CAAP;AACD;;AAED2B,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAE3B,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqByB,SAAnC;AACD;;AAEDG,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEtC,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAxB;AACA,WAAOb,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BmC,SAA/C;AACD;;AAEDI,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAEhC,MAAAA;AAAF,QAAmB,KAAKnC,YAAL,CAAkByC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+B4B,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBK,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAK3H,KAAL,CAAWP,YAAX,EAAzB;AACA,SAAK6D,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAEDjD,EAAAA,cAAc,CAACF,WAAD,EAAsBsB,KAAtB,EAA4C;AACxD;AACA,UAAM+B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDzD,WAAlD,EAHwD,CAKxD;;AACAsB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsBlC,KAAtB,EAA6BtB,WAA7B;AACD;AACF;;AAED4D,EAAAA,cAAc,CAACtC,KAAD,EAAqC;AACjD;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACA,YAAM3D,WAAW,GAAG0D,aAAa,CAACG,OAAd,CAAsBvC,KAAtB,CAApB;;AACA,UAAItB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KATgD,CAWjD;;;AACA,UAAMxH,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA,WAAO/K,OAAO,GAAGA,OAAO,CAACqL,OAAR,CAAgBJ,mCAAhB,KAA8CZ,SAAjD,GAA6DA,SAA3E;AACD;;AAEDiB,EAAAA,iBAAiB,CAACxC,KAAD,EAAuB;AACtC;AACA,UAAM9I,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA/K,IAAAA,OAAO,CAACuL,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACAnC,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,IAA4BL,aAAa,CAACK,UAAd,CAAyBzC,KAAzB,CAA5B;AACD;AACF;;AAED9E,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBwH,mBAAmB,CAACb,MAAD,EAAkBnD,WAAlB,EAAuD;AAC9E,QAAIsB,KAAK,GAAG,KAAKjK,OAAL,CAAaiK,KAAzB,CAD8E,CAG9E;;AACA,QAAI6B,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACAnD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoB,KAAKvM,OAAL,CAAaiK,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAK9E,eAAL,EAAJ,EAA4B;AACjC,UAAI;AACF;AACA,cAAMyH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACA3C,QAAAA,KAAK,GAAG2C,aAAa,CAAC3C,KAAtB;AACAtB,QAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoBtC,KAApB,CAA7B;AACA,cAAM,KAAK4B,uBAAL,EAAN;AACD,OAND,CAME,OAAM3C,CAAN,EAAS;AACT;AACA,cAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN;AACA,cAAMkB,CAAN;AACD;AACF,KAZM,MAYA;AACL,aADK,CACG;AACT,KArB6E,CAuB9E;;;AACA,UAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN,CAxB8E,CA0B9E;;AACA,SAAKyE,iBAAL,CAAuBxC,KAAvB,EA3B8E,CA6B9E;;AACA,UAAM;AAAE4C,MAAAA;AAAF,QAAyB,KAAK7M,OAApC;;AACA,QAAI6M,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAOlE,WAAP,CAAxB;AACD,KAFD,MAEO,IAAIA,WAAJ,EAAiB;AACtBzG,MAAAA,MAAM,CAACC,QAAP,CAAgB2K,OAAhB,CAAwBnE,WAAxB;AACD;AACF;;AAEDoE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAK/M,OAAL,CAAauB,IAAtB;AACD;;AAEDyL,EAAAA,eAAe,CAACC,YAAD,EAA2C;AACxD,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKnN,OAAL,CAAaiN,YAA3B,KAA4C,KAAKjN,OAAL,CAAaiN,YAAb,CAA0BG,MAA1E,EAAkF;AAAA;;AAChFJ,MAAAA,eAAe,GAAG,sCAAKhN,OAAL,CAAaiN,YAAb,iBAAkCA,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKhN,OAAL,CAAaiN,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA1lBgE,CA4lBjE;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA;AACA,WAAO,KAAKtN,OAAL,CAAauN,MAAb,CAAqBC,KAArB,CAA2B,UAA3B,EAAuC,CAAvC,CAAP;AACD,GArmBgE,CAumBjE;;;AACAC,EAAAA,cAAc,CAACpF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA1mBgE,CA4mBjE;;;AACAlB,EAAAA,aAAa,CAACkB,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GA/mBgE,CAinBjE;;;AACAqF,EAAAA,mBAAmB,CAACrF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD,GApnBgE,CAsnBjE;;;AACqB,QAAfsF,eAAe,CAAC3N,OAAD,EAA4C;AAC/D,QAAI,CAACA,OAAO,CAACqJ,WAAb,EAA0B;AACxB,YAAMA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAA1D;AACArJ,MAAAA,OAAO,CAACqJ,WAAR,GAAsBA,WAAtB,aAAsBA,WAAtB,uBAAsBA,WAAW,CAAEA,WAAnC;AACD;;AACD,WAAO,uBAAY,IAAZ,EAAkBrJ,OAAlB,CAAP;AACD;;AA7nBgE,C,CAgoBnE;;;8BAhoBMJ,Q,cAQ2BG,Q;8BAR3BH,Q,YASuBgO,M;8BATvBhO,Q,cAU2BiO,Q;AAunBjCjO,QAAQ,CAACG,QAAT,GAAoBH,QAAQ,CAACwD,SAAT,CAAmBrD,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACA,qBAAcH,QAAd,EAAwB;AACtBkO,EAAAA;AADsB,CAAxB;eAIelO,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuthInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n CryptoAPI,\n WebauthnAPI,\n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n FlowIdentifier,\n GetWithRedirectAPI,\n ParseFromUrlInterface,\n GetWithRedirectFunction,\n RequestOptions,\n IsAuthenticatedOptions,\n OAuthResponseType,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspectAuthn,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport * as crypto from './crypto';\nimport * as webauthn from './crypto/webauthn';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone,\n} from './util';\nimport { TokenManager } from './TokenManager';\nimport { ServiceManager } from './ServiceManager';\nimport { get, httpRequest, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport { StorageManager } from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect,\n authenticate,\n cancel,\n poll,\n proceed,\n register,\n recoverPassword,\n unlockAccount,\n startTransaction,\n handleInteractionCodeRedirect,\n canProceed,\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError\n} from './idx';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\nimport {\n getSavedTransactionMeta,\n createTransactionMeta,\n getTransactionMeta,\n saveTransactionMeta,\n clearTransactionMeta,\n isTransactionMetaValid\n} from './idx/transactionMeta';\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nclass OktaAuth implements OktaAuthInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI = features;\n static crypto: CryptoAPI = crypto;\n static webauthn: WebauthnAPI = webauthn;\n features: FeaturesAPI = features;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: any;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n serviceManager: ServiceManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n const options = this.options = buildOptions(args);\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = new StorageManager(options.storageManager!, options.cookies!, options.storageUtil!);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager,\n }, options.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n\n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = options.storageUtil!.storage;\n return storage.get(name);\n }\n }),\n introspect: introspectAuthn.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n };\n\n // eslint-disable-next-line max-len\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = [\n // sync methods\n 'decode',\n 'isLoginRedirect',\n // already bound\n 'getWithRedirect',\n 'parseFromUrl'\n ];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n\n // IDX\n const boundStartTransaction = startTransaction.bind(null, this);\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspect.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, this),\n proceed: proceed.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, this),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),\n createTransactionMeta: createTransactionMeta.bind(null, this),\n getTransactionMeta: getTransactionMeta.bind(null, this),\n saveTransactionMeta: saveTransactionMeta.bind(null, this),\n clearTransactionMeta: clearTransactionMeta.bind(null, this),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n this.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return this.options.flow;\n },\n canProceed: canProceed.bind(null, this),\n unlockAccount: unlockAccount.bind(null, this),\n };\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager(this, args.services);\n }\n\n start() {\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n this.serviceManager.start();\n }\n\n stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n this.serviceManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<unknown> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.tokenManager.clear();\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n\n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n\n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n\n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri(state);\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n}\n\n// Hoist feature detection functions to prototype & static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist constants for CommonJS users\nObject.assign(OktaAuth, {\n constants\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
package/cjs/OktaUserAgent.js CHANGED
@@ -21,7 +21,7 @@ var _features = require("./features");
21
21
  class OktaUserAgent {
22
22
  constructor() {
23
23
  // add base sdk env
24
- this.environments = [`okta-auth-js/${"6.4.2"}`];
24
+ this.environments = [`okta-auth-js/${"6.4.5"}`];
25
25
  }
26
26
 
27
27
  addEnvironment(env) {
@@ -36,7 +36,7 @@ class OktaUserAgent {
36
36
  }
37
37
 
38
38
  getVersion() {
39
- return "6.4.2";
39
+ return "6.4.5";
40
40
  }
41
41
 
42
42
  maybeAddNodeEnvironment() {
package/cjs/TransactionManager.js CHANGED
@@ -49,9 +49,7 @@ class TransactionManager {
49
49
  const transactionStorage = this.storageManager.getTransactionStorage();
50
50
  const meta = transactionStorage.getStorage(); // Clear primary storage (by default, sessionStorage on browser)
51
51
 
52
- transactionStorage.clearStorage(); // clear IDX response storage
53
-
54
- this.clearIdxResponse(); // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow
52
+ transactionStorage.clearStorage(); // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow
55
53
 
56
54
  if (this.enableSharedStorage && options.clearSharedStorage !== false) {
57
55
  const state = options.state || (meta === null || meta === void 0 ? void 0 : meta.state);
@@ -61,6 +59,10 @@ class TransactionManager {
61
59
  }
62
60
  }
63
61
 
62
+ if (options.clearIdxResponse !== false) {
63
+ this.clearIdxResponse();
64
+ }
65
+
64
66
  if (!this.legacyWidgetSupport) {
65
67
  return;
66
68
  } // This is for compatibility with older versions of the signin widget. OKTA-304806
@@ -305,10 +307,7 @@ class TransactionManager {
305
307
  // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');
306
308
  }
307
309
 
308
- saveIdxResponse({
309
- rawIdxResponse,
310
- requestDidSucceed
311
- }) {
310
+ saveIdxResponse(data) {
312
311
  if (!this.saveLastResponse) {
313
312
  return;
314
313
  }
@@ -319,13 +318,11 @@ class TransactionManager {
319
318
  return;
320
319
  }
321
320
 
322
- storage.setStorage({
323
- rawIdxResponse,
324
- requestDidSucceed
325
- });
326
- }
321
+ storage.setStorage(data);
322
+ } // eslint-disable-next-line complexity
323
+
327
324
 
328
- loadIdxResponse() {
325
+ loadIdxResponse(options) {
329
326
  if (!this.saveLastResponse) {
330
327
  return null;
331
328
  }
@@ -342,6 +339,21 @@ class TransactionManager {
342
339
  return null;
343
340
  }
344
341
 
342
+ if (options) {
343
+ const {
344
+ stateHandle,
345
+ interactionHandle
346
+ } = options;
347
+
348
+ if (stateHandle && storedValue.stateHandle !== stateHandle) {
349
+ return null;
350
+ }
351
+
352
+ if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {
353
+ return null;
354
+ }
355
+ }
356
+
345
357
  return storedValue;
346
358
  }
347
359
 
package/cjs/TransactionManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/TransactionManager.ts"],"names":["TransactionManager","constructor","options","storageManager","legacyWidgetSupport","saveNonceCookie","saveStateCookie","saveParamsCookie","enableSharedStorage","saveLastResponse","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearIdxResponse","clearSharedStorage","state","oauth","clearLegacyOAuthParams","pkce","clearLegacyPKCE","save","storage","obj","muteWarning","setStorage","cookieStorage","storageType","responseType","nonce","scopes","clientId","urls","ignoreSignature","oauthParams","setItem","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_STATE_COOKIE_NAME","exists","load","loadLegacyOAuthParams","pkceMeta","loadLegacyPKCE","storageUtil","testStorageType","getLegacyPKCEStorage","codeVerifier","AuthSdkError","undefined","getLegacyOAuthParamsStorage","saveIdxResponse","rawIdxResponse","requestDidSucceed","getIdxResponseStorage","loadIdxResponse","storedValue"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAEA;;AAYA;;AACA;;AACA;;AA9BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA8Be,MAAMA,kBAAN,CAAyB;AAUtCC,EAAAA,WAAW,CAACC,OAAD,EAAqC;AAC9C;AACA,SAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;AACA,SAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,eAAL,GAAuBH,OAAO,CAACG,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,eAAL,GAAuBJ,OAAO,CAACI,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,gBAAL,GAAwBL,OAAO,CAACK,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKC,mBAAL,GAA2BN,OAAO,CAACM,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,gBAAL,GAAwBP,OAAO,CAACO,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKP,OAAL,GAAeA,OAAf;AACD,GApBqC,CAsBtC;;;AACAQ,EAAAA,KAAK,CAACR,OAAoC,GAAG,EAAxC,EAA4C;AAC/C,UAAMS,kBAAmC,GAAG,KAAKR,cAAL,CAAoBS,qBAApB,EAA5C;AACA,UAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAnB,EAAb,CAF+C,CAI/C;;AACAH,IAAAA,kBAAkB,CAACI,YAAnB,GAL+C,CAO/C;;AACA,SAAKC,gBAAL,GAR+C,CAU/C;;AACA,QAAI,KAAKR,mBAAL,IAA4BN,OAAO,CAACe,kBAAR,KAA+B,KAA/D,EAAsE;AACpE,YAAMC,KAAK,GAAGhB,OAAO,CAACgB,KAAR,KAAiBL,IAAjB,aAAiBA,IAAjB,uBAAiBA,IAAI,CAAEK,KAAvB,CAAd;;AACA,UAAIA,KAAJ,EAAW;AACT,8DAAkC,KAAKf,cAAvC,EAAuDe,KAAvD;AACD;AACF;;AAED,QAAI,CAAC,KAAKd,mBAAV,EAA+B;AAC7B;AACD,KApB8C,CAsB/C;;;AACA,QAAIF,OAAO,CAACiB,KAAZ,EAAmB;AACjB,WAAKC,sBAAL;AACD;;AAED,QAAIlB,OAAO,CAACmB,IAAZ,EAAkB;AAChB,WAAKC,eAAL;AACD;AACF,GArDqC,CAuDtC;;;AACAC,EAAAA,IAAI,CAACV,IAAD,EAAwBX,OAA+B,GAAG,EAA1D,EAA8D;AAChE;AACA;AACA;AAEA,QAAIsB,OAAwB,GAAG,KAAKrB,cAAL,CAAoBS,qBAApB,EAA/B;AACA,UAAMa,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAZ,CANgE,CAOhE;AACA;AACA;;AACA,QAAI,8BAAkBW,GAAlB,KAA0B,CAACvB,OAAO,CAACwB,WAAvC,EAAoD;AAClD;AACA,sBAAK,yGAAL;AACD;;AAEDF,IAAAA,OAAO,CAACG,UAAR,CAAmBd,IAAnB,EAfgE,CAiBhE;;AACA,QAAI,KAAKL,mBAAL,IAA4BK,IAAI,CAACK,KAArC,EAA4C;AAC1C,yDAA+B,KAAKf,cAApC,EAAoDU,IAAI,CAACK,KAAzD,EAAgEL,IAAhE;AACD;;AAED,QAAI,CAACX,OAAO,CAACiB,KAAb,EAAoB;AAClB;AACD,KAxB+D,CA0BhE;;;AACA,QAAI,KAAKd,eAAL,IAAwB,KAAKC,eAA7B,IAAgD,KAAKC,gBAAzD,EAA2E;AACzE,YAAMqB,aAA4B,GAAG,KAAKzB,cAAL,CAAoBW,UAApB,CAA+B;AAAEe,QAAAA,WAAW,EAAE;AAAf,OAA/B,CAArC;;AAEA,UAAI,KAAKtB,gBAAT,EAA2B;AACzB,cAAM;AACJuB,UAAAA,YADI;AAEJZ,UAAAA,KAFI;AAGJa,UAAAA,KAHI;AAIJC,UAAAA,MAJI;AAKJC,UAAAA,QALI;AAMJC,UAAAA,IANI;AAOJC,UAAAA;AAPI,YAQFtB,IARJ;AASA,cAAMuB,WAAW,GAAG;AAClBN,UAAAA,YADkB;AAElBZ,UAAAA,KAFkB;AAGlBa,UAAAA,KAHkB;AAIlBC,UAAAA,MAJkB;AAKlBC,UAAAA,QALkB;AAMlBC,UAAAA,IANkB;AAOlBC,UAAAA;AAPkB,SAApB;AASAP,QAAAA,aAAa,CAACS,OAAd,CAAsBC,qCAAtB,EAAkD,wBAAeF,WAAf,CAAlD,EAA+E,IAA/E;AACD;;AAED,UAAI,KAAK/B,eAAL,IAAwBQ,IAAI,CAACkB,KAAjC,EAAwC;AACtC;AACAH,QAAAA,aAAa,CAACS,OAAd,CAAsBE,qCAAtB,EAAkD1B,IAAI,CAACkB,KAAvD,EAA8D,IAA9D;AACD;;AAED,UAAI,KAAKzB,eAAL,IAAwBO,IAAI,CAACK,KAAjC,EAAwC;AACtC;AACAU,QAAAA,aAAa,CAACS,OAAd,CAAsBG,qCAAtB,EAAkD3B,IAAI,CAACK,KAAvD,EAA8D,IAA9D;AACD;AACF;AACF;;AAEDuB,EAAAA,MAAM,CAACvC,OAA+B,GAAG,EAAnC,EAAgD;AACpD,QAAI;AACF,YAAMW,IAAI,GAAG,KAAK6B,IAAL,CAAUxC,OAAV,CAAb;AACA,aAAO,CAAC,CAACW,IAAT;AACD,KAHD,CAGE,MAAM;AACN,aAAO,KAAP;AACD;AACF,GA/HqC,CAiItC;AACA;;;AACA6B,EAAAA,IAAI,CAACxC,OAA+B,GAAG,EAAnC,EAA+D;AAEjE,QAAIW,IAAJ,CAFiE,CAIjE;;AACA,QAAI,KAAKL,mBAAL,IAA4BN,OAAO,CAACgB,KAAxC,EAA+C;AAC7C,6CAAmB,KAAKf,cAAxB,EAD6C,CACJ;;AACzCU,MAAAA,IAAI,GAAG,qDAAiC,KAAKV,cAAtC,EAAsDD,OAAO,CAACgB,KAA9D,CAAP;;AACA,UAAI,8BAAkBL,IAAlB,CAAJ,EAA6B;AAC3B,eAAOA,IAAP;AACD;AACF;;AAED,QAAIW,OAAwB,GAAG,KAAKrB,cAAL,CAAoBS,qBAApB,EAA/B;AACAC,IAAAA,IAAI,GAAGW,OAAO,CAACV,UAAR,EAAP;;AACA,QAAI,8BAAkBD,IAAlB,CAAJ,EAA6B;AAC3B;AACA,aAAOA,IAAP;AACD;;AAED,QAAI,CAAC,KAAKT,mBAAV,EAA+B;AAC7B,aAAO,IAAP;AACD,KAtBgE,CAwBjE;;;AACA,QAAIF,OAAO,CAACiB,KAAZ,EAAmB;AACjB,UAAI;AACF,cAAMiB,WAAW,GAAG,KAAKO,qBAAL,EAApB;AACA,6BAAc9B,IAAd,EAAoBuB,WAApB;AACD,OAHD,SAGU;AACR,aAAKhB,sBAAL;AACD;AACF;;AAED,QAAIlB,OAAO,CAACmB,IAAZ,EAAkB;AAChB,UAAI;AACF,cAAMuB,QAA6B,GAAG,KAAKC,cAAL,EAAtC;AACA,6BAAchC,IAAd,EAAoB+B,QAApB;AACD,OAHD,SAGU;AACR,aAAKtB,eAAL;AACD;AACF;;AAED,QAAI,8BAAkBT,IAAlB,CAAJ,EAA6B;AAC3B,aAAOA,IAAP;AACD;;AACD,WAAO,IAAP;AACD,GAlLqC,CAoLtC;;;AACAS,EAAAA,eAAe,GAAS;AACtB;AACA,QAAIE,OAAJ;;AAEA,QAAI,KAAKrB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKZ,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAED8B,EAAAA,cAAc,GAAwB;AACpC,QAAIrB,OAAJ;AACA,QAAIC,GAAJ,CAFoC,CAIpC;;AACA,QAAI,KAAKtB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAN;;AACA,UAAIW,GAAG,IAAIA,GAAG,CAACwB,YAAf,EAA6B;AAC3B,eAAOxB,GAAP;AACD;AACF,KAXmC,CAapC;;;AACA,QAAI,KAAKtB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAN;;AACA,UAAIW,GAAG,IAAIA,GAAG,CAACwB,YAAf,EAA6B;AAC3B,eAAOxB,GAAP;AACD;AACF,KApBmC,CAsBpC;AACA;AACA;;;AACA,UAAM,IAAIyB,oBAAJ,CAAiB,yJAAjB,EAA4KC,SAA5K,CAAN;AACD;;AAED/B,EAAAA,sBAAsB,GAAS;AAC7B;AACA,QAAII,OAAJ;;AAEA,QAAI,KAAKrB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKZ,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAED4B,EAAAA,qBAAqB,GAAyB;AAC5C,QAAInB,OAAJ;AACA,QAAIY,WAAJ,CAF4C,CAI5C;;AACA,QAAI,KAAKjC,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACV,UAAR,EAAd;AACD;;AACD,QAAI,mCAAuBsB,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD,KAX2C,CAa5C;;;AACA,QAAI,KAAKjC,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACV,UAAR,EAAd;AACD;;AAED,QAAI,mCAAuBsB,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD;;AAGD,UAAM,IAAIc,oBAAJ,CAAiB,uDAAjB,CAAN,CAxB4C,CA0B5C;AACA;AACD;;AAEDG,EAAAA,eAAe,CAAC;AAAEC,IAAAA,cAAF;AAAkBC,IAAAA;AAAlB,GAAD,EAAgE;AAC7E,QAAI,CAAC,KAAK9C,gBAAV,EAA4B;AAC1B;AACD;;AACD,UAAMe,OAAO,GAAG,KAAKrB,cAAL,CAAoBqD,qBAApB,EAAhB;;AACA,QAAI,CAAChC,OAAL,EAAc;AACZ;AACD;;AACDA,IAAAA,OAAO,CAACG,UAAR,CAAmB;AAAE2B,MAAAA,cAAF;AAAkBC,MAAAA;AAAlB,KAAnB;AACD;;AAEDE,EAAAA,eAAe,GAA4B;AACzC,QAAI,CAAC,KAAKhD,gBAAV,EAA4B;AAC1B,aAAO,IAAP;AACD;;AACD,UAAMe,OAAO,GAAG,KAAKrB,cAAL,CAAoBqD,qBAApB,EAAhB;;AACA,QAAI,CAAChC,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AACD,UAAMkC,WAAW,GAAGlC,OAAO,CAACV,UAAR,EAApB;;AACA,QAAI,CAAC4C,WAAD,IAAgB,CAAC,6BAAiBA,WAAW,CAACJ,cAA7B,CAArB,EAAmE;AACjE,aAAO,IAAP;AACD;;AACD,WAAOI,WAAP;AACD;;AAED1C,EAAAA,gBAAgB,GAAS;AACvB,QAAI,CAAC,KAAKP,gBAAV,EAA4B;AAC1B;AACD;;AACD,UAAMe,OAAO,GAAG,KAAKrB,cAAL,CAAoBqD,qBAApB,EAAhB;AACAhC,IAAAA,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAET,YAAT;AACD;;AA7SqC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME } from './constants';\nimport { StorageManager } from './StorageManager';\nimport {\n StorageProvider,\n TransactionMeta,\n isTransactionMeta,\n isOAuthTransactionMeta,\n PKCETransactionMeta,\n OAuthTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n CookieStorage,\n SavedIdxResponse\n} from './types';\nimport { isRawIdxResponse } from './idx/types/idx-js';\nimport { warn } from './util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\nexport interface ClearTransactionMetaOptions extends TransactionMetaOptions {\n clearSharedStorage?: boolean;\n}\nexport default class TransactionManager {\n options: TransactionManagerOptions;\n storageManager: StorageManager;\n legacyWidgetSupport: boolean;\n saveNonceCookie: boolean;\n saveStateCookie: boolean;\n saveParamsCookie: boolean;\n enableSharedStorage: boolean;\n saveLastResponse: boolean;\n\n constructor(options: TransactionManagerOptions) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = options.storageManager!;\n this.legacyWidgetSupport = options.legacyWidgetSupport === false ? false : true;\n this.saveNonceCookie = options.saveNonceCookie === false ? false : true;\n this.saveStateCookie = options.saveStateCookie === false ? false : true;\n this.saveParamsCookie = options.saveParamsCookie === false ? false : true;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.saveLastResponse = options.saveLastResponse === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // clear IDX response storage\n this.clearIdxResponse();\n\n // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n \n if (!this.legacyWidgetSupport) {\n return;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n this.clearLegacyOAuthParams();\n }\n\n if (options.pkce) {\n this.clearLegacyPKCE();\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: TransactionMeta, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n\n if (!options.oauth) {\n return;\n }\n \n // Legacy cookie storage\n if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {\n const cookieStorage: CookieStorage = this.storageManager.getStorage({ storageType: 'cookie' }) as CookieStorage;\n\n if (this.saveParamsCookie) {\n const { \n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n } = meta;\n const oauthParams = {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n };\n cookieStorage.setItem(REDIRECT_OAUTH_PARAMS_NAME, JSON.stringify(oauthParams), null);\n }\n\n if (this.saveNonceCookie && meta.nonce) {\n // Set nonce cookie for servers to validate nonce in id_token\n cookieStorage.setItem(REDIRECT_NONCE_COOKIE_NAME, meta.nonce, null);\n }\n\n if (this.saveStateCookie && meta.state) {\n // Set state cookie for servers to validate state\n cookieStorage.setItem(REDIRECT_STATE_COOKIE_NAME, meta.state, null);\n }\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n if (!this.legacyWidgetSupport) {\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n try {\n const oauthParams = this.loadLegacyOAuthParams();\n Object.assign(meta, oauthParams);\n } finally {\n this.clearLegacyOAuthParams();\n }\n }\n\n if (options.pkce) {\n try {\n const pkceMeta: PKCETransactionMeta = this.loadLegacyPKCE();\n Object.assign(meta, pkceMeta);\n } finally {\n this.clearLegacyPKCE();\n }\n }\n\n if (isTransactionMeta(meta)) {\n return meta;\n }\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n clearLegacyPKCE(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n }\n\n loadLegacyPKCE(): PKCETransactionMeta {\n let storage: StorageProvider;\n let obj;\n \n // Try reading from localStorage first.\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n\n // If meta is not valid, read from sessionStorage. This is expected for more recent versions of the widget.\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n \n // If meta is not valid, throw an exception to avoid misleading server-side error\n // The most likely cause of this error is trying to handle a callback twice\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n }\n\n clearLegacyOAuthParams(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n storage.clearStorage();\n }\n }\n\n loadLegacyOAuthParams(): OAuthTransactionMeta {\n let storage: StorageProvider;\n let oauthParams;\n \n // load first from session storage\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n oauthParams = storage.getStorage();\n }\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n // try to load from cookie\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n oauthParams = storage.getStorage();\n }\n\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n\n throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n\n // Something is there but we don't recognize it\n // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');\n }\n\n saveIdxResponse({ rawIdxResponse, requestDidSucceed }: SavedIdxResponse): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return;\n }\n storage.setStorage({ rawIdxResponse, requestDidSucceed });\n }\n\n loadIdxResponse(): SavedIdxResponse | null {\n if (!this.saveLastResponse) {\n return null;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return null;\n }\n const storedValue = storage.getStorage();\n if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n return null;\n }\n return storedValue;\n }\n\n clearIdxResponse(): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n storage?.clearStorage();\n }\n}"],"file":"TransactionManager.js"}
1
+ {"version":3,"sources":["../../lib/TransactionManager.ts"],"names":["TransactionManager","constructor","options","storageManager","legacyWidgetSupport","saveNonceCookie","saveStateCookie","saveParamsCookie","enableSharedStorage","saveLastResponse","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearSharedStorage","state","clearIdxResponse","oauth","clearLegacyOAuthParams","pkce","clearLegacyPKCE","save","storage","obj","muteWarning","setStorage","cookieStorage","storageType","responseType","nonce","scopes","clientId","urls","ignoreSignature","oauthParams","setItem","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_STATE_COOKIE_NAME","exists","load","loadLegacyOAuthParams","pkceMeta","loadLegacyPKCE","storageUtil","testStorageType","getLegacyPKCEStorage","codeVerifier","AuthSdkError","undefined","getLegacyOAuthParamsStorage","saveIdxResponse","data","getIdxResponseStorage","loadIdxResponse","storedValue","rawIdxResponse","stateHandle","interactionHandle"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAEA;;AAaA;;AACA;;AACA;;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAgCe,MAAMA,kBAAN,CAAyB;AAUtCC,EAAAA,WAAW,CAACC,OAAD,EAAqC;AAC9C;AACA,SAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;AACA,SAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,eAAL,GAAuBH,OAAO,CAACG,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,eAAL,GAAuBJ,OAAO,CAACI,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,gBAAL,GAAwBL,OAAO,CAACK,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKC,mBAAL,GAA2BN,OAAO,CAACM,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,gBAAL,GAAwBP,OAAO,CAACO,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKP,OAAL,GAAeA,OAAf;AACD,GApBqC,CAsBtC;;;AACAQ,EAAAA,KAAK,CAACR,OAAoC,GAAG,EAAxC,EAA4C;AAC/C,UAAMS,kBAAmC,GAAG,KAAKR,cAAL,CAAoBS,qBAApB,EAA5C;AACA,UAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAnB,EAAb,CAF+C,CAI/C;;AACAH,IAAAA,kBAAkB,CAACI,YAAnB,GAL+C,CAO/C;;AACA,QAAI,KAAKP,mBAAL,IAA4BN,OAAO,CAACc,kBAAR,KAA+B,KAA/D,EAAsE;AACpE,YAAMC,KAAK,GAAGf,OAAO,CAACe,KAAR,KAAiBJ,IAAjB,aAAiBA,IAAjB,uBAAiBA,IAAI,CAAEI,KAAvB,CAAd;;AACA,UAAIA,KAAJ,EAAW;AACT,8DAAkC,KAAKd,cAAvC,EAAuDc,KAAvD;AACD;AACF;;AAED,QAAIf,OAAO,CAACgB,gBAAR,KAA6B,KAAjC,EAAwC;AACtC,WAAKA,gBAAL;AACD;;AAED,QAAI,CAAC,KAAKd,mBAAV,EAA+B;AAC7B;AACD,KArB8C,CAuB/C;;;AACA,QAAIF,OAAO,CAACiB,KAAZ,EAAmB;AACjB,WAAKC,sBAAL;AACD;;AAED,QAAIlB,OAAO,CAACmB,IAAZ,EAAkB;AAChB,WAAKC,eAAL;AACD;AACF,GAtDqC,CAwDtC;;;AACAC,EAAAA,IAAI,CAACV,IAAD,EAAwBX,OAA+B,GAAG,EAA1D,EAA8D;AAChE;AACA;AACA;AAEA,QAAIsB,OAAwB,GAAG,KAAKrB,cAAL,CAAoBS,qBAApB,EAA/B;AACA,UAAMa,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAZ,CANgE,CAOhE;AACA;AACA;;AACA,QAAI,8BAAkBW,GAAlB,KAA0B,CAACvB,OAAO,CAACwB,WAAvC,EAAoD;AAClD;AACA,sBAAK,yGAAL;AACD;;AAEDF,IAAAA,OAAO,CAACG,UAAR,CAAmBd,IAAnB,EAfgE,CAiBhE;;AACA,QAAI,KAAKL,mBAAL,IAA4BK,IAAI,CAACI,KAArC,EAA4C;AAC1C,yDAA+B,KAAKd,cAApC,EAAoDU,IAAI,CAACI,KAAzD,EAAgEJ,IAAhE;AACD;;AAED,QAAI,CAACX,OAAO,CAACiB,KAAb,EAAoB;AAClB;AACD,KAxB+D,CA0BhE;;;AACA,QAAI,KAAKd,eAAL,IAAwB,KAAKC,eAA7B,IAAgD,KAAKC,gBAAzD,EAA2E;AACzE,YAAMqB,aAA4B,GAAG,KAAKzB,cAAL,CAAoBW,UAApB,CAA+B;AAAEe,QAAAA,WAAW,EAAE;AAAf,OAA/B,CAArC;;AAEA,UAAI,KAAKtB,gBAAT,EAA2B;AACzB,cAAM;AACJuB,UAAAA,YADI;AAEJb,UAAAA,KAFI;AAGJc,UAAAA,KAHI;AAIJC,UAAAA,MAJI;AAKJC,UAAAA,QALI;AAMJC,UAAAA,IANI;AAOJC,UAAAA;AAPI,YAQFtB,IARJ;AASA,cAAMuB,WAAW,GAAG;AAClBN,UAAAA,YADkB;AAElBb,UAAAA,KAFkB;AAGlBc,UAAAA,KAHkB;AAIlBC,UAAAA,MAJkB;AAKlBC,UAAAA,QALkB;AAMlBC,UAAAA,IANkB;AAOlBC,UAAAA;AAPkB,SAApB;AASAP,QAAAA,aAAa,CAACS,OAAd,CAAsBC,qCAAtB,EAAkD,wBAAeF,WAAf,CAAlD,EAA+E,IAA/E;AACD;;AAED,UAAI,KAAK/B,eAAL,IAAwBQ,IAAI,CAACkB,KAAjC,EAAwC;AACtC;AACAH,QAAAA,aAAa,CAACS,OAAd,CAAsBE,qCAAtB,EAAkD1B,IAAI,CAACkB,KAAvD,EAA8D,IAA9D;AACD;;AAED,UAAI,KAAKzB,eAAL,IAAwBO,IAAI,CAACI,KAAjC,EAAwC;AACtC;AACAW,QAAAA,aAAa,CAACS,OAAd,CAAsBG,qCAAtB,EAAkD3B,IAAI,CAACI,KAAvD,EAA8D,IAA9D;AACD;AACF;AACF;;AAEDwB,EAAAA,MAAM,CAACvC,OAA+B,GAAG,EAAnC,EAAgD;AACpD,QAAI;AACF,YAAMW,IAAI,GAAG,KAAK6B,IAAL,CAAUxC,OAAV,CAAb;AACA,aAAO,CAAC,CAACW,IAAT;AACD,KAHD,CAGE,MAAM;AACN,aAAO,KAAP;AACD;AACF,GAhIqC,CAkItC;AACA;;;AACA6B,EAAAA,IAAI,CAACxC,OAA+B,GAAG,EAAnC,EAA+D;AAEjE,QAAIW,IAAJ,CAFiE,CAIjE;;AACA,QAAI,KAAKL,mBAAL,IAA4BN,OAAO,CAACe,KAAxC,EAA+C;AAC7C,6CAAmB,KAAKd,cAAxB,EAD6C,CACJ;;AACzCU,MAAAA,IAAI,GAAG,qDAAiC,KAAKV,cAAtC,EAAsDD,OAAO,CAACe,KAA9D,CAAP;;AACA,UAAI,8BAAkBJ,IAAlB,CAAJ,EAA6B;AAC3B,eAAOA,IAAP;AACD;AACF;;AAED,QAAIW,OAAwB,GAAG,KAAKrB,cAAL,CAAoBS,qBAApB,EAA/B;AACAC,IAAAA,IAAI,GAAGW,OAAO,CAACV,UAAR,EAAP;;AACA,QAAI,8BAAkBD,IAAlB,CAAJ,EAA6B;AAC3B;AACA,aAAOA,IAAP;AACD;;AAED,QAAI,CAAC,KAAKT,mBAAV,EAA+B;AAC7B,aAAO,IAAP;AACD,KAtBgE,CAwBjE;;;AACA,QAAIF,OAAO,CAACiB,KAAZ,EAAmB;AACjB,UAAI;AACF,cAAMiB,WAAW,GAAG,KAAKO,qBAAL,EAApB;AACA,6BAAc9B,IAAd,EAAoBuB,WAApB;AACD,OAHD,SAGU;AACR,aAAKhB,sBAAL;AACD;AACF;;AAED,QAAIlB,OAAO,CAACmB,IAAZ,EAAkB;AAChB,UAAI;AACF,cAAMuB,QAA6B,GAAG,KAAKC,cAAL,EAAtC;AACA,6BAAchC,IAAd,EAAoB+B,QAApB;AACD,OAHD,SAGU;AACR,aAAKtB,eAAL;AACD;AACF;;AAED,QAAI,8BAAkBT,IAAlB,CAAJ,EAA6B;AAC3B,aAAOA,IAAP;AACD;;AACD,WAAO,IAAP;AACD,GAnLqC,CAqLtC;;;AACAS,EAAAA,eAAe,GAAS;AACtB;AACA,QAAIE,OAAJ;;AAEA,QAAI,KAAKrB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKZ,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAED8B,EAAAA,cAAc,GAAwB;AACpC,QAAIrB,OAAJ;AACA,QAAIC,GAAJ,CAFoC,CAIpC;;AACA,QAAI,KAAKtB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAN;;AACA,UAAIW,GAAG,IAAIA,GAAG,CAACwB,YAAf,EAA6B;AAC3B,eAAOxB,GAAP;AACD;AACF,KAXmC,CAapC;;;AACA,QAAI,KAAKtB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEnB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAN;;AACA,UAAIW,GAAG,IAAIA,GAAG,CAACwB,YAAf,EAA6B;AAC3B,eAAOxB,GAAP;AACD;AACF,KApBmC,CAsBpC;AACA;AACA;;;AACA,UAAM,IAAIyB,oBAAJ,CAAiB,yJAAjB,EAA4KC,SAA5K,CAAN;AACD;;AAED/B,EAAAA,sBAAsB,GAAS;AAC7B;AACA,QAAII,OAAJ;;AAEA,QAAI,KAAKrB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKZ,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAED4B,EAAAA,qBAAqB,GAAyB;AAC5C,QAAInB,OAAJ;AACA,QAAIY,WAAJ,CAF4C,CAI5C;;AACA,QAAI,KAAKjC,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACV,UAAR,EAAd;AACD;;AACD,QAAI,mCAAuBsB,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD,KAX2C,CAa5C;;;AACA,QAAI,KAAKjC,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DvB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACV,UAAR,EAAd;AACD;;AAED,QAAI,mCAAuBsB,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD;;AAGD,UAAM,IAAIc,oBAAJ,CAAiB,uDAAjB,CAAN,CAxB4C,CA0B5C;AACA;AACD;;AAEDG,EAAAA,eAAe,CAACC,IAAD,EAA+B;AAC5C,QAAI,CAAC,KAAK7C,gBAAV,EAA4B;AAC1B;AACD;;AACD,UAAMe,OAAO,GAAG,KAAKrB,cAAL,CAAoBoD,qBAApB,EAAhB;;AACA,QAAI,CAAC/B,OAAL,EAAc;AACZ;AACD;;AACDA,IAAAA,OAAO,CAACG,UAAR,CAAmB2B,IAAnB;AACD,GAvRqC,CAyRtC;;;AACAE,EAAAA,eAAe,CAACtD,OAAD,EAAuD;AACpE,QAAI,CAAC,KAAKO,gBAAV,EAA4B;AAC1B,aAAO,IAAP;AACD;;AACD,UAAMe,OAAO,GAAG,KAAKrB,cAAL,CAAoBoD,qBAApB,EAAhB;;AACA,QAAI,CAAC/B,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AACD,UAAMiC,WAAW,GAAGjC,OAAO,CAACV,UAAR,EAApB;;AACA,QAAI,CAAC2C,WAAD,IAAgB,CAAC,6BAAiBA,WAAW,CAACC,cAA7B,CAArB,EAAmE;AACjE,aAAO,IAAP;AACD;;AAED,QAAIxD,OAAJ,EAAa;AACX,YAAM;AAAEyD,QAAAA,WAAF;AAAeC,QAAAA;AAAf,UAAqC1D,OAA3C;;AACA,UAAIyD,WAAW,IAAIF,WAAW,CAACE,WAAZ,KAA4BA,WAA/C,EAA4D;AAC1D,eAAO,IAAP;AACD;;AACD,UAAIC,iBAAiB,IAAIH,WAAW,CAACG,iBAAZ,KAAkCA,iBAA3D,EAA8E;AAC5E,eAAO,IAAP;AACD;AACF;;AAED,WAAOH,WAAP;AACD;;AAEDvC,EAAAA,gBAAgB,GAAS;AACvB,QAAI,CAAC,KAAKT,gBAAV,EAA4B;AAC1B;AACD;;AACD,UAAMe,OAAO,GAAG,KAAKrB,cAAL,CAAoBoD,qBAApB,EAAhB;AACA/B,IAAAA,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAET,YAAT;AACD;;AA1TqC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME } from './constants';\nimport { StorageManager } from './StorageManager';\nimport {\n StorageProvider,\n TransactionMeta,\n isTransactionMeta,\n isOAuthTransactionMeta,\n PKCETransactionMeta,\n OAuthTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n CookieStorage,\n SavedIdxResponse,\n IntrospectOptions\n} from './types';\nimport { isRawIdxResponse } from './idx/types/idx-js';\nimport { warn } from './util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\nexport interface ClearTransactionMetaOptions extends TransactionMetaOptions {\n clearSharedStorage?: boolean; // true by default\n clearIdxResponse?: boolean; // true by default\n}\nexport default class TransactionManager {\n options: TransactionManagerOptions;\n storageManager: StorageManager;\n legacyWidgetSupport: boolean;\n saveNonceCookie: boolean;\n saveStateCookie: boolean;\n saveParamsCookie: boolean;\n enableSharedStorage: boolean;\n saveLastResponse: boolean;\n\n constructor(options: TransactionManagerOptions) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = options.storageManager!;\n this.legacyWidgetSupport = options.legacyWidgetSupport === false ? false : true;\n this.saveNonceCookie = options.saveNonceCookie === false ? false : true;\n this.saveStateCookie = options.saveStateCookie === false ? false : true;\n this.saveParamsCookie = options.saveParamsCookie === false ? false : true;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.saveLastResponse = options.saveLastResponse === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n\n if (options.clearIdxResponse !== false) {\n this.clearIdxResponse();\n }\n \n if (!this.legacyWidgetSupport) {\n return;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n this.clearLegacyOAuthParams();\n }\n\n if (options.pkce) {\n this.clearLegacyPKCE();\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: TransactionMeta, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n\n if (!options.oauth) {\n return;\n }\n \n // Legacy cookie storage\n if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {\n const cookieStorage: CookieStorage = this.storageManager.getStorage({ storageType: 'cookie' }) as CookieStorage;\n\n if (this.saveParamsCookie) {\n const { \n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n } = meta;\n const oauthParams = {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n };\n cookieStorage.setItem(REDIRECT_OAUTH_PARAMS_NAME, JSON.stringify(oauthParams), null);\n }\n\n if (this.saveNonceCookie && meta.nonce) {\n // Set nonce cookie for servers to validate nonce in id_token\n cookieStorage.setItem(REDIRECT_NONCE_COOKIE_NAME, meta.nonce, null);\n }\n\n if (this.saveStateCookie && meta.state) {\n // Set state cookie for servers to validate state\n cookieStorage.setItem(REDIRECT_STATE_COOKIE_NAME, meta.state, null);\n }\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n if (!this.legacyWidgetSupport) {\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n try {\n const oauthParams = this.loadLegacyOAuthParams();\n Object.assign(meta, oauthParams);\n } finally {\n this.clearLegacyOAuthParams();\n }\n }\n\n if (options.pkce) {\n try {\n const pkceMeta: PKCETransactionMeta = this.loadLegacyPKCE();\n Object.assign(meta, pkceMeta);\n } finally {\n this.clearLegacyPKCE();\n }\n }\n\n if (isTransactionMeta(meta)) {\n return meta;\n }\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n clearLegacyPKCE(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n }\n\n loadLegacyPKCE(): PKCETransactionMeta {\n let storage: StorageProvider;\n let obj;\n \n // Try reading from localStorage first.\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n\n // If meta is not valid, read from sessionStorage. This is expected for more recent versions of the widget.\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n \n // If meta is not valid, throw an exception to avoid misleading server-side error\n // The most likely cause of this error is trying to handle a callback twice\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n }\n\n clearLegacyOAuthParams(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n storage.clearStorage();\n }\n }\n\n loadLegacyOAuthParams(): OAuthTransactionMeta {\n let storage: StorageProvider;\n let oauthParams;\n \n // load first from session storage\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n oauthParams = storage.getStorage();\n }\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n // try to load from cookie\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n oauthParams = storage.getStorage();\n }\n\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n\n throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n\n // Something is there but we don't recognize it\n // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');\n }\n\n saveIdxResponse(data: SavedIdxResponse): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return;\n }\n storage.setStorage(data);\n }\n\n // eslint-disable-next-line complexity\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n if (!this.saveLastResponse) {\n return null;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return null;\n }\n const storedValue = storage.getStorage();\n if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n return null;\n }\n\n if (options) {\n const { stateHandle, interactionHandle } = options;\n if (stateHandle && storedValue.stateHandle !== stateHandle) {\n return null;\n }\n if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n return null;\n }\n }\n\n return storedValue;\n }\n\n clearIdxResponse(): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n storage?.clearStorage();\n }\n}"],"file":"TransactionManager.js"}
package/cjs/errors/AuthApiError.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/errors/AuthApiError.ts"],"names":["AuthApiError","CustomError","constructor","err","xhr","message","errorSummary","name","errorCode","errorLink","errorId","errorCauses"],"mappings":";;;;;;AAYA;;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKe,MAAMA,YAAN,SAA2BC,oBAA3B,CAA2D;AAQxEC,EAAAA,WAAW,CAACC,GAAD,EAAgBC,GAAhB,EAAoC;AAC7C,UAAMC,OAAO,GAAGF,GAAG,CAACG,YAApB;AACA,UAAMD,OAAN;AAEA,SAAKE,IAAL,GAAY,cAAZ;AACA,SAAKD,YAAL,GAAoBH,GAAG,CAACG,YAAxB;AACA,SAAKE,SAAL,GAAiBL,GAAG,CAACK,SAArB;AACA,SAAKC,SAAL,GAAiBN,GAAG,CAACM,SAArB;AACA,SAAKC,OAAL,GAAeP,GAAG,CAACO,OAAnB;AACA,SAAKC,WAAL,GAAmBR,GAAG,CAACQ,WAAvB;;AAEA,QAAIP,GAAJ,EAAS;AACP,WAAKA,GAAL,GAAWA,GAAX;AACD;AACF;;AAtBuE","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError, HttpResponse } from '../types';\n\nexport default class AuthApiError extends CustomError implements APIError {\n errorSummary: string;\n errorCode?: string;\n errorLink?: string;\n errorId?: string;\n errorCauses?: string[];\n xhr?: HttpResponse;\n\n constructor(err: APIError, xhr?: HttpResponse) {\n const message = err.errorSummary;\n super(message);\n\n this.name = 'AuthApiError';\n this.errorSummary = err.errorSummary;\n this.errorCode = err.errorCode;\n this.errorLink = err.errorLink;\n this.errorId = err.errorId;\n this.errorCauses = err.errorCauses;\n\n if (xhr) {\n this.xhr = xhr;\n }\n }\n}\n"],"file":"AuthApiError.js"}
1
+ {"version":3,"sources":["../../../lib/errors/AuthApiError.ts"],"names":["AuthApiError","CustomError","constructor","err","xhr","message","errorSummary","name","errorCode","errorLink","errorId","errorCauses"],"mappings":";;;;;;AAYA;;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKe,MAAMA,YAAN,SAA2BC,oBAA3B,CAA2D;AAQxEC,EAAAA,WAAW,CAACC,GAAD,EAAgBC,GAAhB,EAAoC;AAC7C,UAAMC,OAAO,GAAGF,GAAG,CAACG,YAApB;AACA,UAAMD,OAAN;AAEA,SAAKE,IAAL,GAAY,cAAZ;AACA,SAAKD,YAAL,GAAoBH,GAAG,CAACG,YAAxB;AACA,SAAKE,SAAL,GAAiBL,GAAG,CAACK,SAArB;AACA,SAAKC,SAAL,GAAiBN,GAAG,CAACM,SAArB;AACA,SAAKC,OAAL,GAAeP,GAAG,CAACO,OAAnB;AACA,SAAKC,WAAL,GAAmBR,GAAG,CAACQ,WAAvB;;AAEA,QAAIP,GAAJ,EAAS;AACP,WAAKA,GAAL,GAAWA,GAAX;AACD;AACF;;AAtBuE","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError, FieldError, HttpResponse } from '../types';\n\nexport default class AuthApiError extends CustomError implements APIError {\n errorSummary: string;\n errorCode?: string;\n errorLink?: string;\n errorId?: string;\n errorCauses?: Array<FieldError>;\n xhr?: HttpResponse;\n\n constructor(err: APIError, xhr?: HttpResponse) {\n const message = err.errorSummary;\n super(message);\n\n this.name = 'AuthApiError';\n this.errorSummary = err.errorSummary;\n this.errorCode = err.errorCode;\n this.errorLink = err.errorLink;\n this.errorId = err.errorId;\n this.errorCauses = err.errorCauses;\n\n if (xhr) {\n this.xhr = xhr;\n }\n }\n}\n"],"file":"AuthApiError.js"}
package/cjs/errors/AuthSdkError.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/errors/AuthSdkError.ts"],"names":["AuthSdkError","CustomError","constructor","msg","xhr","name","errorCode","errorSummary","errorLink","errorId","errorCauses"],"mappings":";;;;;;AAYA;;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKe,MAAMA,YAAN,SAA2BC,oBAA3B,CAA2D;AAQxEC,EAAAA,WAAW,CAACC,GAAD,EAAcC,GAAd,EAAoC;AAC7C,UAAMD,GAAN;AACA,SAAKE,IAAL,GAAY,cAAZ;AACA,SAAKC,SAAL,GAAiB,UAAjB;AACA,SAAKC,YAAL,GAAoBJ,GAApB;AACA,SAAKK,SAAL,GAAiB,UAAjB;AACA,SAAKC,OAAL,GAAe,UAAf;AACA,SAAKC,WAAL,GAAmB,EAAnB;;AACA,QAAIN,GAAJ,EAAS;AACP,WAAKA,GAAL,GAAWA,GAAX;AACD;AACF;;AAnBuE","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError } from '../types';\n\nexport default class AuthSdkError extends CustomError implements APIError {\n errorSummary: string;\n errorCode: string;\n errorLink: string;\n errorId: string;\n errorCauses: string[];\n xhr?: XMLHttpRequest;\n\n constructor(msg: string, xhr?: XMLHttpRequest) {\n super(msg);\n this.name = 'AuthSdkError';\n this.errorCode = 'INTERNAL';\n this.errorSummary = msg;\n this.errorLink = 'INTERNAL';\n this.errorId = 'INTERNAL';\n this.errorCauses = [];\n if (xhr) {\n this.xhr = xhr;\n }\n }\n}\n"],"file":"AuthSdkError.js"}
1
+ {"version":3,"sources":["../../../lib/errors/AuthSdkError.ts"],"names":["AuthSdkError","CustomError","constructor","msg","xhr","name","errorCode","errorSummary","errorLink","errorId","errorCauses"],"mappings":";;;;;;AAYA;;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKe,MAAMA,YAAN,SAA2BC,oBAA3B,CAA2D;AAQxEC,EAAAA,WAAW,CAACC,GAAD,EAAcC,GAAd,EAAoC;AAC7C,UAAMD,GAAN;AACA,SAAKE,IAAL,GAAY,cAAZ;AACA,SAAKC,SAAL,GAAiB,UAAjB;AACA,SAAKC,YAAL,GAAoBJ,GAApB;AACA,SAAKK,SAAL,GAAiB,UAAjB;AACA,SAAKC,OAAL,GAAe,UAAf;AACA,SAAKC,WAAL,GAAmB,EAAnB;;AACA,QAAIN,GAAJ,EAAS;AACP,WAAKA,GAAL,GAAWA,GAAX;AACD;AACF;;AAnBuE","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError, FieldError } from '../types';\n\nexport default class AuthSdkError extends CustomError implements APIError {\n errorSummary: string;\n errorCode: string;\n errorLink: string;\n errorId: string;\n errorCauses: Array<FieldError>;\n xhr?: XMLHttpRequest;\n\n constructor(msg: string, xhr?: XMLHttpRequest) {\n super(msg);\n this.name = 'AuthSdkError';\n this.errorCode = 'INTERNAL';\n this.errorSummary = msg;\n this.errorLink = 'INTERNAL';\n this.errorId = 'INTERNAL';\n this.errorCauses = [];\n if (xhr) {\n this.xhr = xhr;\n }\n }\n}\n"],"file":"AuthSdkError.js"}
package/cjs/idx/authenticate.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/idx/authenticate.ts"],"names":["authenticate","authClient","options","password","authenticator","AuthenticatorKey","OKTA_PASSWORD","flow"],"mappings":";;;;AAaA;;AAMA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA6BO,eAAeA,YAAf,CACLC,UADK,EAC0BC,OAA8B,GAAG,EAD3D,EAEoB;AACzB,MAAIA,OAAO,CAACC,QAAR,IAAoB,CAACD,OAAO,CAACE,aAAjC,EAAgD;AAC9CF,IAAAA,OAAO,CAACE,aAAR,GAAwBC,wBAAiBC,aAAzC;AACD;;AACD,SAAO,cAAIL,UAAJ,EAAgB,EACrB,GAAGC,OADkB;AAErBK,IAAAA,IAAI,EAAE;AAFe,GAAhB,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n OktaAuthInterface,\n IdxOptions,\n IdxTransaction,\n AuthenticatorKey\n} from '../types';\nimport { run } from './run';\nimport { \n IdentifyValues,\n SelectAuthenticatorAuthenticateValues,\n ChallengeAuthenticatorValues,\n ReEnrollAuthenticatorValues,\n AuthenticatorEnrollmentDataValues,\n SelectAuthenticatorEnrollValues,\n EnrollAuthenticatorValues,\n} from './remediators';\n\nexport type AuthenticationOptions = IdxOptions \n & IdentifyValues \n & SelectAuthenticatorAuthenticateValues \n & SelectAuthenticatorEnrollValues\n & ChallengeAuthenticatorValues \n & ReEnrollAuthenticatorValues\n & AuthenticatorEnrollmentDataValues\n & EnrollAuthenticatorValues;\n\nexport async function authenticate(\n authClient: OktaAuthInterface, options: AuthenticationOptions = {}\n): Promise<IdxTransaction> {\n if (options.password && !options.authenticator) {\n options.authenticator = AuthenticatorKey.OKTA_PASSWORD;\n }\n return run(authClient, { \n ...options, \n flow: 'authenticate'\n });\n}\n"],"file":"authenticate.js"}
1
+ {"version":3,"sources":["../../../lib/idx/authenticate.ts"],"names":["authenticate","authClient","options","password","authenticator","AuthenticatorKey","OKTA_PASSWORD","flow"],"mappings":";;;;AAaA;;AAMA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAWO,eAAeA,YAAf,CACLC,UADK,EAC0BC,OAA8B,GAAG,EAD3D,EAEoB;AACzB,MAAIA,OAAO,CAACC,QAAR,IAAoB,CAACD,OAAO,CAACE,aAAjC,EAAgD;AAC9CF,IAAAA,OAAO,CAACE,aAAR,GAAwBC,wBAAiBC,aAAzC;AACD;;AACD,SAAO,cAAIL,UAAJ,EAAgB,EACrB,GAAGC,OADkB;AAErBK,IAAAA,IAAI,EAAE;AAFe,GAAhB,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n OktaAuthInterface,\n IdxTransaction,\n AuthenticatorKey,\n AuthenticationOptions\n} from '../types';\nimport { run } from './run';\n\nexport async function authenticate(\n authClient: OktaAuthInterface, options: AuthenticationOptions = {}\n): Promise<IdxTransaction> {\n if (options.password && !options.authenticator) {\n options.authenticator = AuthenticatorKey.OKTA_PASSWORD;\n }\n return run(authClient, { \n ...options, \n flow: 'authenticate'\n });\n}\n"],"file":"authenticate.js"}
package/cjs/idx/authenticator/SecurityQuestionEnrollment.js CHANGED
@@ -29,7 +29,7 @@ class SecurityQuestionEnrollment extends _Authenticator.Authenticator {
29
29
  answer
30
30
  } = values;
31
31
 
32
- if (!questionKey && !question && !answer) {
32
+ if (!answer || !questionKey && !question) {
33
33
  return;
34
34
  }
35
35
 
package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionEnrollment.ts"],"names":["SecurityQuestionEnrollment","Authenticator","canVerify","values","credentials","questionKey","answer","question","mapCredentials","getInputs","name","type","required","label"],"mappings":";;;;AAAA;;AASO,MAAMA,0BAAN,SAAyCC,4BAAzC,CAAqF;AAC1FC,EAAAA,SAAS,CAACC,MAAD,EAAuC;AAC9C,UAAM;AAAEC,MAAAA;AAAF,QAAkBD,MAAxB;;AACA,QAAIC,WAAW,IAAIA,WAAW,CAACC,WAA3B,IAA0CD,WAAW,CAACE,MAA1D,EAAkE;AAChE,aAAO,IAAP;AACD;;AACD,UAAM;AAAED,MAAAA,WAAF;AAAeE,MAAAA,QAAf;AAAyBD,MAAAA;AAAzB,QAAoCH,MAA1C;AACA,WAAO,CAAC,EAAEE,WAAW,IAAIC,MAAjB,CAAD,IAA6B,CAAC,EAAEC,QAAQ,IAAID,MAAd,CAArC;AACD;;AAEDE,EAAAA,cAAc,CAACL,MAAD,EAAgE;AAC5E,UAAM;AAAEE,MAAAA,WAAF;AAAeE,MAAAA,QAAf;AAAyBD,MAAAA;AAAzB,QAAoCH,MAA1C;;AACA,QAAI,CAACE,WAAD,IAAgB,CAACE,QAAjB,IAA6B,CAACD,MAAlC,EAA0C;AACxC;AACD;;AACD,WAAO;AACLD,MAAAA,WAAW,EAAEE,QAAQ,GAAG,QAAH,GAAcF,WAD9B;AAELE,MAAAA,QAFK;AAGLD,MAAAA;AAHK,KAAP;AAKD;;AAEDG,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,aAAR;AAAuBC,MAAAA,IAAI,EAAE,QAA7B;AAAuCC,MAAAA,QAAQ,EAAE;AAAjD,KADK,EAEL;AAAEF,MAAAA,IAAI,EAAE,UAAR;AAAoBC,MAAAA,IAAI,EAAE,QAA1B;AAAoCE,MAAAA,KAAK,EAAE;AAA3C,KAFK,EAGL;AAAEH,MAAAA,IAAI,EAAE,QAAR;AAAkBC,MAAAA,IAAI,EAAE,QAAxB;AAAkCE,MAAAA,KAAK,EAAE,QAAzC;AAAmDD,MAAAA,QAAQ,EAAE;AAA7D,KAHK,CAAP;AAKD;;AA5ByF","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionEnrollValues {\n questionKey?: string;\n question?: string;\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEnrollValues> {\n canVerify(values: SecurityQuestionEnrollValues) {\n const { credentials } = values;\n if (credentials && credentials.questionKey && credentials.answer) {\n return true;\n }\n const { questionKey, question, answer } = values;\n return !!(questionKey && answer) || !!(question && answer);\n }\n\n mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {\n const { questionKey, question, answer } = values;\n if (!questionKey && !question && !answer) {\n return;\n }\n return {\n questionKey: question ? 'custom' : questionKey,\n question,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'questionKey', type: 'string', required: true },\n { name: 'question', type: 'string', label: 'Create a security question' },\n { name: 'answer', type: 'string', label: 'Answer', required: true },\n ];\n }\n}\n"],"file":"SecurityQuestionEnrollment.js"}
1
+ {"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionEnrollment.ts"],"names":["SecurityQuestionEnrollment","Authenticator","canVerify","values","credentials","questionKey","answer","question","mapCredentials","getInputs","name","type","required","label"],"mappings":";;;;AAAA;;AASO,MAAMA,0BAAN,SAAyCC,4BAAzC,CAAqF;AAC1FC,EAAAA,SAAS,CAACC,MAAD,EAAuC;AAC9C,UAAM;AAAEC,MAAAA;AAAF,QAAkBD,MAAxB;;AACA,QAAIC,WAAW,IAAIA,WAAW,CAACC,WAA3B,IAA0CD,WAAW,CAACE,MAA1D,EAAkE;AAChE,aAAO,IAAP;AACD;;AACD,UAAM;AAAED,MAAAA,WAAF;AAAeE,MAAAA,QAAf;AAAyBD,MAAAA;AAAzB,QAAoCH,MAA1C;AACA,WAAO,CAAC,EAAEE,WAAW,IAAIC,MAAjB,CAAD,IAA6B,CAAC,EAAEC,QAAQ,IAAID,MAAd,CAArC;AACD;;AAEDE,EAAAA,cAAc,CAACL,MAAD,EAAgE;AAC5E,UAAM;AAAEE,MAAAA,WAAF;AAAeE,MAAAA,QAAf;AAAyBD,MAAAA;AAAzB,QAAoCH,MAA1C;;AACA,QAAI,CAACG,MAAD,IAAY,CAACD,WAAD,IAAgB,CAACE,QAAjC,EAA4C;AAC1C;AACD;;AACD,WAAO;AACLF,MAAAA,WAAW,EAAEE,QAAQ,GAAG,QAAH,GAAcF,WAD9B;AAELE,MAAAA,QAFK;AAGLD,MAAAA;AAHK,KAAP;AAKD;;AAEDG,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,aAAR;AAAuBC,MAAAA,IAAI,EAAE,QAA7B;AAAuCC,MAAAA,QAAQ,EAAE;AAAjD,KADK,EAEL;AAAEF,MAAAA,IAAI,EAAE,UAAR;AAAoBC,MAAAA,IAAI,EAAE,QAA1B;AAAoCE,MAAAA,KAAK,EAAE;AAA3C,KAFK,EAGL;AAAEH,MAAAA,IAAI,EAAE,QAAR;AAAkBC,MAAAA,IAAI,EAAE,QAAxB;AAAkCE,MAAAA,KAAK,EAAE,QAAzC;AAAmDD,MAAAA,QAAQ,EAAE;AAA7D,KAHK,CAAP;AAKD;;AA5ByF","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionEnrollValues {\n questionKey?: string;\n question?: string;\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEnrollValues> {\n canVerify(values: SecurityQuestionEnrollValues) {\n const { credentials } = values;\n if (credentials && credentials.questionKey && credentials.answer) {\n return true;\n }\n const { questionKey, question, answer } = values;\n return !!(questionKey && answer) || !!(question && answer);\n }\n\n mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {\n const { questionKey, question, answer } = values;\n if (!answer || (!questionKey && !question)) {\n return;\n }\n return {\n questionKey: question ? 'custom' : questionKey,\n question,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'questionKey', type: 'string', required: true },\n { name: 'question', type: 'string', label: 'Create a security question' },\n { name: 'answer', type: 'string', label: 'Answer', required: true },\n ];\n }\n}\n"],"file":"SecurityQuestionEnrollment.js"}
package/cjs/idx/authenticator/SecurityQuestionVerification.js CHANGED
@@ -7,7 +7,18 @@ var _Authenticator = require("./Authenticator");
7
7
  /* eslint-disable @typescript-eslint/no-non-null-assertion */
8
8
  class SecurityQuestionVerification extends _Authenticator.Authenticator {
9
9
  canVerify(values) {
10
- return !!values.answer;
10
+ const {
11
+ credentials
12
+ } = values;
13
+
14
+ if (credentials && credentials.answer) {
15
+ return true;
16
+ }
17
+
18
+ const {
19
+ answer
20
+ } = values;
21
+ return !!answer;
11
22
  }
12
23
 
13
24
  mapCredentials(values) {
package/cjs/idx/authenticator/SecurityQuestionVerification.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionVerification.ts"],"names":["SecurityQuestionVerification","Authenticator","canVerify","values","answer","mapCredentials","questionKey","meta","contextualData","enrolledQuestion","getInputs","name","type","label","required"],"mappings":";;;;AACA;;AADA;AAOO,MAAMA,4BAAN,SAA2CC,4BAA3C,CAA6F;AAClGC,EAAAA,SAAS,CAACC,MAAD,EAA6C;AACpD,WAAO,CAAC,CAACA,MAAM,CAACC,MAAhB;AACD;;AAEDC,EAAAA,cAAc,CAACF,MAAD,EAAsE;AAClF,UAAM;AAAEC,MAAAA;AAAF,QAAaD,MAAnB;;AACA,QAAI,CAACC,MAAL,EAAa;AACX;AACD;;AACD,WAAO;AACLE,MAAAA,WAAW,EAAE,KAAKC,IAAL,CAAUC,cAAV,CAA0BC,gBAA1B,CAA4CH,WADpD;AAELF,MAAAA;AAFK,KAAP;AAID;;AAEDM,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,QAAR;AAAkBC,MAAAA,IAAI,EAAE,QAAxB;AAAkCC,MAAAA,KAAK,EAAE,QAAzC;AAAmDC,MAAAA,QAAQ,EAAE;AAA7D,KADK,CAAP;AAGD;;AApBiG","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionVerificationValues {\n answer?: string;\n}\n\nexport class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {\n canVerify(values: SecurityQuestionVerificationValues) {\n return !!values.answer;\n }\n\n mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {\n const { answer } = values;\n if (!answer) {\n return;\n }\n return {\n questionKey: this.meta.contextualData!.enrolledQuestion!.questionKey,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'answer', type: 'string', label: 'Answer', required: true }\n ];\n }\n}\n"],"file":"SecurityQuestionVerification.js"}
1
+ {"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionVerification.ts"],"names":["SecurityQuestionVerification","Authenticator","canVerify","values","credentials","answer","mapCredentials","questionKey","meta","contextualData","enrolledQuestion","getInputs","name","type","label","required"],"mappings":";;;;AACA;;AADA;AAQO,MAAMA,4BAAN,SAA2CC,4BAA3C,CAA6F;AAClGC,EAAAA,SAAS,CAACC,MAAD,EAA6C;AACpD,UAAM;AAAEC,MAAAA;AAAF,QAAkBD,MAAxB;;AACA,QAAIC,WAAW,IAAIA,WAAW,CAACC,MAA/B,EAAuC;AACrC,aAAO,IAAP;AACD;;AACD,UAAM;AAAEA,MAAAA;AAAF,QAAaF,MAAnB;AACA,WAAO,CAAC,CAACE,MAAT;AACD;;AAEDC,EAAAA,cAAc,CAACH,MAAD,EAAsE;AAClF,UAAM;AAAEE,MAAAA;AAAF,QAAaF,MAAnB;;AACA,QAAI,CAACE,MAAL,EAAa;AACX;AACD;;AACD,WAAO;AACLE,MAAAA,WAAW,EAAE,KAAKC,IAAL,CAAUC,cAAV,CAA0BC,gBAA1B,CAA4CH,WADpD;AAELF,MAAAA;AAFK,KAAP;AAID;;AAEDM,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,QAAR;AAAkBC,MAAAA,IAAI,EAAE,QAAxB;AAAkCC,MAAAA,KAAK,EAAE,QAAzC;AAAmDC,MAAAA,QAAQ,EAAE;AAA7D,KADK,CAAP;AAGD;;AAzBiG","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionVerificationValues {\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {\n canVerify(values: SecurityQuestionVerificationValues) {\n const { credentials } = values;\n if (credentials && credentials.answer) {\n return true;\n }\n const { answer } = values;\n return !!answer;\n }\n\n mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {\n const { answer } = values;\n if (!answer) {\n return;\n }\n return {\n questionKey: this.meta.contextualData!.enrolledQuestion!.questionKey,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'answer', type: 'string', label: 'Answer', required: true }\n ];\n }\n}\n"],"file":"SecurityQuestionVerification.js"}
package/cjs/idx/authenticator/WebauthnEnrollment.js CHANGED
@@ -6,24 +6,29 @@ var _Authenticator = require("./Authenticator");
6
6
 
7
7
  class WebauthnEnrollment extends _Authenticator.Authenticator {
8
8
  canVerify(values) {
9
+ const {
10
+ credentials
11
+ } = values;
12
+ const obj = credentials || values;
9
13
  const {
10
14
  clientData,
11
15
  attestation
12
- } = values;
16
+ } = obj;
13
17
  return !!(clientData && attestation);
14
18
  }
15
19
 
16
20
  mapCredentials(values) {
17
21
  const {
22
+ credentials,
18
23
  clientData,
19
24
  attestation
20
25
  } = values;
21
26
 
22
- if (!clientData && !attestation) {
27
+ if (!credentials && !clientData && !attestation) {
23
28
  return;
24
29
  }
25
30
 
26
- return {
31
+ return credentials || {
27
32
  clientData,
28
33
  attestation
29
34
  };