@okta/okta-auth-js 6.5.1 → 6.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (151) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/cjs/OktaAuth.js +23 -21
  3. package/cjs/OktaAuth.js.map +1 -1
  4. package/cjs/OktaUserAgent.js +2 -2
  5. package/cjs/ServiceManager.js +9 -9
  6. package/cjs/ServiceManager.js.map +1 -1
  7. package/cjs/TokenManager.js +6 -0
  8. package/cjs/TokenManager.js.map +1 -1
  9. package/cjs/errors/index.js +5 -0
  10. package/cjs/errors/index.js.map +1 -1
  11. package/cjs/http/request.js.map +1 -1
  12. package/cjs/idx/authenticate.js.map +1 -1
  13. package/cjs/idx/cancel.js.map +1 -1
  14. package/cjs/idx/emailVerify.js.map +1 -1
  15. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  16. package/cjs/idx/idxState/index.js +1 -1
  17. package/cjs/idx/idxState/index.js.map +1 -1
  18. package/cjs/idx/idxState/v1/generateIdxAction.js +2 -4
  19. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  20. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  21. package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
  22. package/cjs/idx/idxState/v1/remediationParser.js.map +1 -1
  23. package/cjs/idx/interact.js +1 -3
  24. package/cjs/idx/interact.js.map +1 -1
  25. package/cjs/idx/introspect.js.map +1 -1
  26. package/cjs/idx/poll.js.map +1 -1
  27. package/cjs/idx/proceed.js.map +1 -1
  28. package/cjs/idx/recoverPassword.js.map +1 -1
  29. package/cjs/idx/register.js.map +1 -1
  30. package/cjs/idx/remediate.js +13 -0
  31. package/cjs/idx/remediate.js.map +1 -1
  32. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  33. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  34. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  35. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  36. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  37. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
  38. package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js +1 -3
  39. package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js.map +1 -1
  40. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  41. package/cjs/idx/run.js +7 -9
  42. package/cjs/idx/run.js.map +1 -1
  43. package/cjs/idx/startTransaction.js.map +1 -1
  44. package/cjs/idx/transactionMeta.js.map +1 -1
  45. package/cjs/idx/types/api.js.map +1 -1
  46. package/cjs/idx/unlockAccount.js.map +1 -1
  47. package/cjs/idx/util.js +1 -3
  48. package/cjs/idx/util.js.map +1 -1
  49. package/cjs/oidc/endpoints/token.js.map +1 -1
  50. package/cjs/oidc/endpoints/well-known.js.map +1 -1
  51. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  52. package/cjs/oidc/getToken.js.map +1 -1
  53. package/cjs/oidc/getUserInfo.js.map +1 -1
  54. package/cjs/oidc/getWithPopup.js.map +1 -1
  55. package/cjs/oidc/getWithRedirect.js.map +1 -1
  56. package/cjs/oidc/getWithoutPrompt.js.map +1 -1
  57. package/cjs/oidc/handleOAuthResponse.js +1 -3
  58. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  59. package/cjs/oidc/renewToken.js.map +1 -1
  60. package/cjs/oidc/renewTokensWithRefresh.js +26 -15
  61. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  62. package/cjs/oidc/revokeToken.js.map +1 -1
  63. package/cjs/oidc/util/browser.js.map +1 -1
  64. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  65. package/cjs/oidc/util/errors.js +8 -0
  66. package/cjs/oidc/util/errors.js.map +1 -1
  67. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  68. package/cjs/oidc/util/oauth.js.map +1 -1
  69. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  70. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  71. package/cjs/oidc/util/validateClaims.js.map +1 -1
  72. package/cjs/oidc/verifyToken.js.map +1 -1
  73. package/cjs/options/index.js +5 -2
  74. package/cjs/options/index.js.map +1 -1
  75. package/cjs/tx/AuthTransaction.js +1 -1
  76. package/cjs/tx/AuthTransaction.js.map +1 -1
  77. package/cjs/tx/api.js +3 -5
  78. package/cjs/tx/api.js.map +1 -1
  79. package/cjs/tx/poll.js +1 -3
  80. package/cjs/tx/poll.js.map +1 -1
  81. package/dist/okta-auth-js.min.js +1 -1
  82. package/dist/okta-auth-js.min.js.map +1 -1
  83. package/dist/okta-auth-js.umd.js +1 -1
  84. package/dist/okta-auth-js.umd.js.map +1 -1
  85. package/esm/esm.browser.js +525 -377
  86. package/esm/esm.browser.js.map +1 -1
  87. package/esm/esm.node.mjs +525 -377
  88. package/esm/esm.node.mjs.map +1 -1
  89. package/lib/OktaAuth.d.ts +4 -4
  90. package/lib/ServiceManager.d.ts +2 -2
  91. package/lib/TokenManager.d.ts +1 -0
  92. package/lib/errors/index.d.ts +2 -1
  93. package/lib/http/request.d.ts +4 -4
  94. package/lib/idx/authenticate.d.ts +2 -2
  95. package/lib/idx/cancel.d.ts +2 -2
  96. package/lib/idx/emailVerify.d.ts +2 -2
  97. package/lib/idx/flow/FlowSpecification.d.ts +2 -2
  98. package/lib/idx/idxState/index.d.ts +3 -3
  99. package/lib/idx/idxState/v1/generateIdxAction.d.ts +2 -2
  100. package/lib/idx/idxState/v1/idxResponseParser.d.ts +3 -3
  101. package/lib/idx/idxState/v1/makeIdxState.d.ts +3 -3
  102. package/lib/idx/idxState/v1/remediationParser.d.ts +2 -2
  103. package/lib/idx/interact.d.ts +2 -2
  104. package/lib/idx/introspect.d.ts +2 -2
  105. package/lib/idx/poll.d.ts +2 -2
  106. package/lib/idx/proceed.d.ts +3 -3
  107. package/lib/idx/recoverPassword.d.ts +2 -2
  108. package/lib/idx/register.d.ts +2 -2
  109. package/lib/idx/remediate.d.ts +2 -2
  110. package/lib/idx/remediators/Base/AuthenticatorData.d.ts +7 -2
  111. package/lib/idx/remediators/Base/Remediator.d.ts +2 -2
  112. package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +7 -2
  113. package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +2 -2
  114. package/lib/idx/remediators/EnrollPoll.d.ts +2 -2
  115. package/lib/idx/remediators/EnrollmentChannelData.d.ts +7 -2
  116. package/lib/idx/remediators/GenericRemediator/GenericRemediator.d.ts +2 -2
  117. package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +7 -2
  118. package/lib/idx/run.d.ts +2 -2
  119. package/lib/idx/startTransaction.d.ts +2 -2
  120. package/lib/idx/transactionMeta.d.ts +7 -7
  121. package/lib/idx/types/api.d.ts +5 -2
  122. package/lib/idx/unlockAccount.d.ts +2 -2
  123. package/lib/idx/util.d.ts +4 -4
  124. package/lib/oidc/endpoints/token.d.ts +2 -2
  125. package/lib/oidc/endpoints/well-known.d.ts +3 -3
  126. package/lib/oidc/exchangeCodeForTokens.d.ts +2 -2
  127. package/lib/oidc/getToken.d.ts +2 -2
  128. package/lib/oidc/getUserInfo.d.ts +2 -2
  129. package/lib/oidc/getWithPopup.d.ts +2 -2
  130. package/lib/oidc/getWithRedirect.d.ts +2 -2
  131. package/lib/oidc/getWithoutPrompt.d.ts +2 -2
  132. package/lib/oidc/handleOAuthResponse.d.ts +2 -2
  133. package/lib/oidc/renewToken.d.ts +2 -2
  134. package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
  135. package/lib/oidc/revokeToken.d.ts +2 -2
  136. package/lib/oidc/util/browser.d.ts +2 -2
  137. package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
  138. package/lib/oidc/util/errors.d.ts +3 -2
  139. package/lib/oidc/util/loginRedirect.d.ts +4 -4
  140. package/lib/oidc/util/oauth.d.ts +4 -4
  141. package/lib/oidc/util/oauthMeta.d.ts +2 -2
  142. package/lib/oidc/util/prepareTokenParams.d.ts +5 -5
  143. package/lib/oidc/util/validateClaims.d.ts +2 -2
  144. package/lib/oidc/verifyToken.d.ts +2 -2
  145. package/lib/tx/api.d.ts +2 -3
  146. package/lib/types/OktaAuthOptions.d.ts +2 -2
  147. package/lib/types/Service.d.ts +2 -2
  148. package/lib/types/TokenManager.d.ts +1 -0
  149. package/lib/types/UserClaims.d.ts +4 -1
  150. package/lib/types/api.d.ts +28 -8
  151. package/package.json +13 -22
package/CHANGELOG.md CHANGED
@@ -1,5 +1,25 @@
1
1
  # Changelog
2
2
 
3
+ ## 6.6.0
4
+
5
+ ## Features
6
+
7
+ - [#1225](https://github.com/okta/okta-auth-js/pull/1225) `oktaAuth.start`/`oktaAuth.stop` now return a `Promise`, ensures services have started/stopped before resolving
8
+ ### Fixes
9
+
10
+ - [#1226](https://github.com/okta/okta-auth-js/pull/1226) Fixes idx terminal status response SDK level `undefined` error when use GenericRemediator (beta)
11
+ - [#1222](https://github.com/okta/okta-auth-js/pull/1222) Invalid (or expired) refresh tokens are now removed from storage when invalid token error occurs
12
+
13
+ ## 6.5.3
14
+
15
+ - [#1224](https://github.com/okta/okta-auth-js/pull/1224) Fixes missing `relatesTo` type from `NextStep`
16
+
17
+ ## 6.5.2
18
+
19
+ ### Fixes
20
+
21
+ - [#1215](https://github.com/okta/okta-auth-js/pull/1215) Fixes polling issue in GenericRemediator (beta)
22
+
3
23
  ## 6.5.1
4
24
 
5
25
  ### Fixes
package/cjs/OktaAuth.js CHANGED
@@ -10,12 +10,10 @@ exports.default = void 0;
10
10
 
11
11
  var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
12
12
 
13
- var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/keys"));
13
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
14
14
 
15
15
  var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
16
16
 
17
- var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
18
-
19
17
  var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs3/helpers/defineProperty"));
20
18
 
21
19
  var constants = _interopRequireWildcard(require("./constants"));
@@ -66,6 +64,8 @@ var _transactionMeta = require("./idx/transactionMeta");
66
64
 
67
65
  var _tinyEmitter = _interopRequireDefault(require("tiny-emitter"));
68
66
 
67
+ var _idxState = require("./idx/idxState");
68
+
69
69
  function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
70
70
 
71
71
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -110,7 +110,13 @@ class OktaAuth {
110
110
  return storage.get(name);
111
111
  }
112
112
  }),
113
- introspect: _tx.introspectAuthn.bind(null, this)
113
+ introspect: _tx.introspectAuthn.bind(null, this),
114
+ createTransaction: res => {
115
+ return new _tx.AuthTransaction(this, res);
116
+ },
117
+ postToTransaction: (url, args, options) => {
118
+ return (0, _tx.postToTransaction)(this, url, args, options);
119
+ }
114
120
  };
115
121
  this.pkce = {
116
122
  DEFAULT_CODE_CHALLENGE_METHOD: _pkce.default.DEFAULT_CODE_CHALLENGE_METHOD,
@@ -199,22 +205,17 @@ class OktaAuth {
199
205
  renew: _oidc.renewToken.bind(null, this),
200
206
  renewTokensWithRefresh: _oidc.renewTokensWithRefresh.bind(null, this),
201
207
  renewTokens: _oidc.renewTokens.bind(null, this),
202
- getUserInfo: _oidc.getUserInfo.bind(null, this),
208
+ getUserInfo: (accessTokenObject, idTokenObject) => {
209
+ return (0, _oidc.getUserInfo)(this, accessTokenObject, idTokenObject);
210
+ },
203
211
  verify: _oidc.verifyToken.bind(null, this),
204
212
  isLoginRedirect: _oidc.isLoginRedirect.bind(null, this)
205
- }; // Wrap all async token API methods using MethodQueue to avoid issues with concurrency
206
-
207
- const syncMethods = [// sync methods
208
- 'decode', 'isLoginRedirect', // already bound
209
- 'getWithRedirect', 'parseFromUrl'];
210
- (0, _keys.default)(this.token).forEach(key => {
211
- if ((0, _indexOf.default)(syncMethods).call(syncMethods, key) >= 0) {
212
- // sync methods should not be wrapped
213
- return;
214
- }
213
+ }; // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency
214
+ // 'getWithRedirect' and 'parseFromUrl' are already wrapped
215
215
 
216
- var method = this.token[key];
217
- this.token[key] = _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
216
+ const toWrap = ['getWithoutPrompt', 'getWithPopup', 'revoke', 'renew', 'renewTokensWithRefresh', 'renewTokens'];
217
+ toWrap.forEach(key => {
218
+ this.token[key] = useQueue(this.token[key]);
218
219
  }); // IDX
219
220
 
220
221
  const boundStartTransaction = _idx.startTransaction.bind(null, this);
@@ -222,6 +223,7 @@ class OktaAuth {
222
223
  this.idx = {
223
224
  interact: _idx.interact.bind(null, this),
224
225
  introspect: _idx.introspect.bind(null, this),
226
+ makeIdxResponse: _idxState.makeIdxState.bind(null, this),
225
227
  authenticate: _idx.authenticate.bind(null, this),
226
228
  register: _idx.register.bind(null, this),
227
229
  start: boundStartTransaction,
@@ -271,7 +273,7 @@ class OktaAuth {
271
273
  this.serviceManager = new _ServiceManager.ServiceManager(this, args.services);
272
274
  }
273
275
 
274
- start() {
276
+ async start() {
275
277
  // TODO: review tokenManager.start
276
278
  this.tokenManager.start();
277
279
 
@@ -279,13 +281,13 @@ class OktaAuth {
279
281
  this.authStateManager.updateAuthState();
280
282
  }
281
283
 
282
- this.serviceManager.start();
284
+ await this.serviceManager.start();
283
285
  }
284
286
 
285
- stop() {
287
+ async stop() {
286
288
  // TODO: review tokenManager.stop
287
289
  this.tokenManager.stop();
288
- this.serviceManager.stop();
290
+ await this.serviceManager.stop();
289
291
  }
290
292
 
291
293
  setHeaders(headers) {
package/cjs/OktaAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["OktaAuth","constructor","args","features","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","introspectAuthn","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","useQueue","method","prototype","push","getWithRedirectFn","getWithRedirect","getWithRedirectApi","_setLocation","url","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","forEach","key","boundStartTransaction","startTransaction","idx","interact","authenticate","register","start","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallback","parseEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","flow","getFlow","canProceed","unlockAccount","http","setRequestHeader","fingerprint","emitter","Emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","serviceManager","ServiceManager","services","updateAuthState","stop","setHeaders","headers","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","assign","clearTokensBeforeRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","hasExpired","undefined","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","verifyRecoveryToken","invokeApiMethod","crypto","webauthn","constants"],"mappings":";;;;;;;;;;;;;;;;;;;;AAeA;;AAwCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AACA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAkBA;;AACA;;AACA;;AAWA;;;;;;AA5IA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AA4HA;AACA;AACA;AAGA,MAAMA,QAAN,CAAmE;AAsBjEC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AAAA,oDAXXC,QAWW;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaF,IAAb,CAA/B,CADiC,CAEjC;;AACA,SAAKG,cAAL,GAAsB,IAAIC,8BAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA4CD,OAAO,CAACG,OAApD,EAA8DH,OAAO,CAACI,WAAtE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuB,qBAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKE,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAE,qBAAcC,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd;AACA,gBAAMC,OAAO,GAAGnB,OAAO,CAACI,WAAR,CAAqBe,OAArC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AALuD,OAAlD,CAHA;AAURG,MAAAA,UAAU,EAAEC,oBAAgBV,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAVJ,KAAV;AAaA,SAAKW,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CAtBiC,CA4BjC;;AACA,yBAAc,KAAK3B,OAAL,CAAaI,WAA3B,EAAwC;AACtCwB,MAAAA,cAAc,EAAE,KAAK3B,cAAL,CAAoB4B,oBAApB,CAAyCjB,IAAzC,CAA8C,KAAKX,cAAnD,CADsB;AAEtC6B,MAAAA,YAAY,EAAE,KAAK7B,cAAL,CAAoB6B,YAApB,CAAiClB,IAAjC,CAAsC,KAAKX,cAA3C;AAFwB,KAAxC;AAKA,SAAK8B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKhC,OAAL,GAAe,qBAAc,KAAKA,OAAnB,EAA4B;AACzCiC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGD,KAxCgC,CA0CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACtC,IAAI,CAACuC,YAAN,IAAsBvC,IAAI,CAACuC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKrC,OAAL,CAAaqC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKtC,OAAL,CAAaqC,YAAb,GAA4BvC,IAAI,CAACuC,YAAjC;AACD,KArDgC,CAuDjC;AACA;AACA;;;AACA,SAAKrC,OAAL,CAAauC,cAAb,GAA8B,CAAC,CAACzC,IAAI,CAACyC,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;;AACA,UAAMC,QAAQ,GAAIC,MAAD,IAAY;AAC3B,aAAOF,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAP;AACD,KAFD,CArEiC,CAyEjC;;;AACA,UAAMG,iBAAiB,GAAGJ,QAAQ,CAACK,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAAD,CAAlC;AACA,UAAM4C,kBAAsC,GAAG,qBAAcF,iBAAd,EAAiC;AAC9E;AACAG,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJ6E,KAAjC,CAA/C,CA3EiC,CAiFjC;;AACA,UAAMC,cAAc,GAAGT,QAAQ,CAACU,mBAAahD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAAD,CAA/B;AACA,UAAMiD,eAAsC,GAAG,qBAAcF,cAAd,EAA8B;AAC3E;AACAG,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO5B,MAAM,CAAC6B,OAAd;AACD,OAJ0E;AAM3E;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO9B,MAAM,CAACC,QAAd;AACD,OAT0E;AAW3E;AACA8B,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO/B,MAAM,CAACgC,QAAd;AACD;AAd0E,KAA9B,CAA/C;AAgBA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBxD,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXyD,MAAAA,qBAAqB,EAAEA,4BAAsBzD,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX0D,MAAAA,gBAAgB,EAAEA,uBAAiB1D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX2D,MAAAA,YAAY,EAAEA,mBAAa3D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEC,kBALN;AAMXI,MAAAA,YAAY,EAAEC,eANH;AAOXW,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAY/D,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXgE,MAAAA,KAAK,EAAEC,iBAAWjE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXkE,MAAAA,sBAAsB,EAAEA,6BAAuBlE,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXmE,MAAAA,WAAW,EAAEA,kBAAYnE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXoE,MAAAA,WAAW,EAAEA,kBAAYpE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXqE,MAAAA,MAAM,EAAEC,kBAAYtE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXuE,MAAAA,eAAe,EAAEA,sBAAgBvE,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAnGiC,CAmHjC;;AACA,UAAMwE,WAAW,GAAG,CAClB;AACA,YAFkB,EAGlB,iBAHkB,EAIlB;AACA,qBALkB,EAMlB,cANkB,CAApB;AAQA,uBAAY,KAAKjB,KAAjB,EAAwBkB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAI,sBAAAF,WAAW,MAAX,CAAAA,WAAW,EAASE,GAAT,CAAX,IAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAInC,MAAM,GAAG,KAAKgB,KAAL,CAAWmB,GAAX,CAAb;AACA,WAAKnB,KAAL,CAAWmB,GAAX,IAAkBrC,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND,EA5HiC,CAoIjC;;AACA,UAAMoC,qBAAqB,GAAGC,sBAAiB5E,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAA9B;;AACA,SAAK6E,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAAS9E,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEA,gBAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAFH;AAGT+E,MAAAA,YAAY,EAAEA,kBAAa/E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITgF,MAAAA,QAAQ,EAAEA,cAAShF,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTiF,MAAAA,KAAK,EAAEN,qBALE;AAMTC,MAAAA,gBAAgB,EAAED,qBANT;AAMgC;AACzCO,MAAAA,IAAI,EAAEA,UAAKlF,IAAL,CAAU,IAAV,EAAgB,IAAhB,CAPG;AAQTmF,MAAAA,OAAO,EAAEA,aAAQnF,IAAR,CAAa,IAAb,EAAmB,IAAnB,CARA;AASToF,MAAAA,MAAM,EAAEA,YAAOpF,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CATC;AAUTqF,MAAAA,eAAe,EAAEA,qBAAgBrF,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAVR;AAYT;AACAsF,MAAAA,6BAA6B,EAAEA,mCAA8BtF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAbtB;AAeT;AACAuF,MAAAA,qBAAqB,EAAEA,4BAAsBvF,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAhBd;AAiBTwF,MAAAA,0BAA0B,EAA1BA,gCAjBS;AAmBT;AACAC,MAAAA,yBAAyB,EAAEA,+BAA0BzF,IAA1B,CAA+B,IAA/B,EAAqC,IAArC,CApBlB;AAqBT0F,MAAAA,qBAAqB,EAArBA,0BArBS;AAsBTC,MAAAA,wBAAwB,EAAxBA,6BAtBS;AAuBTC,MAAAA,0BAA0B,EAA1BA,+BAvBS;AAyBTC,MAAAA,uBAAuB,EAAEA,yCAAwB7F,IAAxB,CAA6B,IAA7B,EAAmC,IAAnC,CAzBhB;AA0BT8F,MAAAA,qBAAqB,EAAEA,uCAAsB9F,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CA1Bd;AA2BT+F,MAAAA,kBAAkB,EAAEA,oCAAmB/F,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CA3BX;AA4BTgG,MAAAA,mBAAmB,EAAEA,qCAAoBhG,IAApB,CAAyB,IAAzB,EAA+B,IAA/B,CA5BZ;AA6BTiG,MAAAA,oBAAoB,EAAEA,sCAAqBjG,IAArB,CAA0B,IAA1B,EAAgC,IAAhC,CA7Bb;AA8BTkG,MAAAA,sBAAsB,EAAtBA,uCA9BS;AA+BTC,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKhH,OAAL,CAAagH,IAAb,GAAoBA,IAApB;AACD,OAjCQ;AAkCTC,MAAAA,OAAO,EAAE,MAAkC;AACzC,eAAO,KAAKjH,OAAL,CAAagH,IAApB;AACD,OApCQ;AAqCTE,MAAAA,UAAU,EAAEA,gBAAWtG,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CArCH;AAsCTuG,MAAAA,aAAa,EAAEA,mBAAcvG,IAAd,CAAmB,IAAnB,EAAyB,IAAzB;AAtCN,KAAX,CAtIiC,CA+KjC;;AACA,SAAKwG,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBzG,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAhLiC,CAoLjC;;AACA,SAAK0G,WAAL,GAAmBA,qBAAY1G,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAK2G,OAAL,GAAe,IAAIC,oBAAJ,EAAf,CAvLiC,CAyLjC;;AACA,SAAKC,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB5H,IAAI,CAAC2H,YAA5B,CAApB,CA1LiC,CA4LjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB,CA7LiC,CA+LjC;;AACA,SAAKC,cAAL,GAAsB,IAAIC,8BAAJ,CAAmB,IAAnB,EAAyBhI,IAAI,CAACiI,QAA9B,CAAtB;AACD;;AAEDlC,EAAAA,KAAK,GAAG;AACN;AACA,SAAK4B,YAAL,CAAkB5B,KAAlB;;AACA,QAAI,CAAC,KAAK1B,KAAL,CAAWgB,eAAX,EAAL,EAAmC;AACjC,WAAKwC,gBAAL,CAAsBK,eAAtB;AACD;;AACD,SAAKH,cAAL,CAAoBhC,KAApB;AACD;;AAEDoC,EAAAA,IAAI,GAAG;AACL;AACA,SAAKR,YAAL,CAAkBQ,IAAlB;AACA,SAAKJ,cAAL,CAAoBI,IAApB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKnI,OAAL,CAAamI,OAAb,GAAuB,qBAAc,EAAd,EAAkB,KAAKnI,OAAL,CAAamI,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GA1OgE,CA6OjE;;;AACY,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD,GAhPgE,CAkPjE;;;AAC2B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAIvI,OAAD,IAAc;AACvC,aAAOqI,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CrI,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACqI,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKjB,WAAL,GACNmB,IADM,CACD,UAASnB,WAAT,EAAsB;AAC1B,aAAOiB,kBAAkB,CAAC;AACxBJ,QAAAA,OAAO,EAAE;AACP,kCAAwBb;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBoB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKtG,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI2G,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG,qBAAc;AAC3B;AACAC,QAAAA,MAAM,EAAE,KAAK/I,OAAL,CAAa+I,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKzE,KAAL,CAAWZ,eAAX,CAA2BuF,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAK/G,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GA3RgE,CA6RjE;;;AACAU,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNgG,IADM,CACD,YAAY;AAChB;AACA,WAAKhB,YAAL,CAAkBuB,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAChI,IAAF,KAAW,cAAX,IAA6BgI,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GA3SgE,CA6SjE;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA8C;AACnE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK9B,YAAL,CAAkB+B,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBF,cAAzB;AACD,KALkE,CAMnE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAO,iBAAQK,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkB2E,WAAlB,CAAP;AACD,GAzTgE,CA2TjE;;;AACwB,QAAlBM,kBAAkB,CAACC,YAAD,EAAgD;AACtE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKnC,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCM,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKpC,YAAL,CAAkB+B,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBI,eAAzB;AACD,KALqE,CAMtE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAO,iBAAQF,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkBkF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC9J,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF+J,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjK,OAJJ;;AAKA,QAAI,CAAC+J,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhK,OAAL,CAAagK,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GArWgE,CAuWjE;;;AACa,QAAPE,OAAO,CAACvK,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAG,qBAAc,EAAd,EAAkBA,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIwK,UAAU,GAAGtI,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIqI,UAAU,GAAGvI,MAAM,CAACC,QAAP,CAAgBuI,IAAjC;AACA,QAAIV,qBAAqB,GAAGhK,OAAO,CAACgK,qBAAR,IACvB,KAAKhK,OAAL,CAAagK,qBADU,IAEvBQ,UAFL;AAIA,QAAInB,WAAW,GAAGrJ,OAAO,CAACqJ,WAA1B;AACA,QAAIO,YAAY,GAAG5J,OAAO,CAAC4J,YAA3B;AACA,QAAIR,iBAAiB,GAAGpJ,OAAO,CAACoJ,iBAAR,KAA8B,KAAtD;AACA,QAAIO,kBAAkB,GAAG3J,OAAO,CAAC2J,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKnC,YAAL,CAAkByC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIR,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAK5B,YAAL,CAAkByC,aAAlB,GAAkCb,WAAhD;AACD;;AAED,QAAI,CAACrJ,OAAO,CAAC+J,OAAb,EAAsB;AACpB/J,MAAAA,OAAO,CAAC+J,OAAR,GAAkB,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIR,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMgB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG9J,OAAL;AAAcgK,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAK3H,YAAL,GAAoB;AAApB,OACN+F,IADM,CACD,YAAW;AACf,YAAIuB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxCvI,UAAAA,MAAM,CAACC,QAAP,CAAgBwI,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLzI,UAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBZ,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAIhK,OAAO,CAAC6K,yBAAZ,EAAuC;AACrC;AACA,aAAKpD,YAAL,CAAkBuB,KAAlB;AACD,OAHD,MAGO;AACL,aAAKvB,YAAL,CAAkBqD,qBAAlB;AACD,OANI,CAOL;;;AACA5I,MAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBP,SAAvB;AACD;AACF;;AAEDU,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAI3E,GAAG,GAAG,2BAA2B,yBAAc2E,IAAd,CAArC;AACA,QAAIrI,OAAO,GAAG;AACZmI,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUzE,GAAV,EAAe1D,OAAf,CAAP;AACD,GA5agE,CA8ajE;AACA;AACA;AAEA;AACA;;;AACqB,QAAfgL,eAAe,CAAChL,OAA+B,GAAG,EAAnC,EAAyD;AAC5E;AACA,UAAM;AAAEiL,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKzD,YAAL,CAAkB0D,UAAlB,EAAlC;AAEA,UAAMC,WAAW,GAAGpL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,OAApD,GAA8DJ,SAAlF;AACA,UAAMK,YAAY,GAAGtL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,QAApD,GAA+DH,UAApF;AAEA,QAAI;AAAE7B,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAtB;;AACA,QAAIb,WAAW,IAAI,KAAK5B,YAAL,CAAkB8D,UAAlB,CAA6BlC,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAGmC,SAAd;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACF/B,UAAAA,WAAW,GAAG,MAAM,KAAK5B,YAAL,CAAkB7C,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAI;AAAEM,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAAlB;;AACA,QAAIH,OAAO,IAAI,KAAKtC,YAAL,CAAkB8D,UAAlB,CAA6BxB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAGyB,SAAV;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACFrB,UAAAA,OAAO,GAAG,MAAM,KAAKtC,YAAL,CAAkB7C,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIU,OAAjB,CAAR;AACD;;AAEY,QAAP0B,OAAO,GAAwB;AACnC,UAAM;AAAE1B,MAAAA,OAAF;AAAWV,MAAAA;AAAX,QAA2B,KAAK5B,YAAL,CAAkByC,aAAlB,EAAjC;AACA,WAAO,KAAK/F,KAAL,CAAWa,WAAX,CAAuBqE,WAAvB,EAAoCU,OAApC,CAAP;AACD;;AAED2B,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAE3B,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqByB,SAAnC;AACD;;AAEDG,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEtC,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAxB;AACA,WAAOb,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BmC,SAA/C;AACD;;AAEDI,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAEhC,MAAAA;AAAF,QAAmB,KAAKnC,YAAL,CAAkByC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+B4B,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBK,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAK3H,KAAL,CAAWP,YAAX,EAAzB;AACA,SAAK6D,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAEDjD,EAAAA,cAAc,CAACF,WAAD,EAAsBsB,KAAtB,EAA4C;AACxD;AACA,UAAM+B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDzD,WAAlD,EAHwD,CAKxD;;AACAsB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsBlC,KAAtB,EAA6BtB,WAA7B;AACD;AACF;;AAED4D,EAAAA,cAAc,CAACtC,KAAD,EAAqC;AACjD;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACA,YAAM3D,WAAW,GAAG0D,aAAa,CAACG,OAAd,CAAsBvC,KAAtB,CAApB;;AACA,UAAItB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KATgD,CAWjD;;;AACA,UAAMxH,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA,WAAO/K,OAAO,GAAGA,OAAO,CAACqL,OAAR,CAAgBJ,mCAAhB,KAA8CZ,SAAjD,GAA6DA,SAA3E;AACD;;AAEDiB,EAAAA,iBAAiB,CAACxC,KAAD,EAAuB;AACtC;AACA,UAAM9I,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA/K,IAAAA,OAAO,CAACuL,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACAnC,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,IAA4BL,aAAa,CAACK,UAAd,CAAyBzC,KAAzB,CAA5B;AACD;AACF;;AAED9E,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBwH,mBAAmB,CAACb,MAAD,EAAkBnD,WAAlB,EAAuD;AAC9E,QAAIsB,KAAK,GAAG,KAAKjK,OAAL,CAAaiK,KAAzB,CAD8E,CAG9E;;AACA,QAAI6B,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACAnD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoB,KAAKvM,OAAL,CAAaiK,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAK9E,eAAL,EAAJ,EAA4B;AACjC,UAAI;AACF;AACA,cAAMyH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACA3C,QAAAA,KAAK,GAAG2C,aAAa,CAAC3C,KAAtB;AACAtB,QAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoBtC,KAApB,CAA7B;AACA,cAAM,KAAK4B,uBAAL,EAAN;AACD,OAND,CAME,OAAM3C,CAAN,EAAS;AACT;AACA,cAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN;AACA,cAAMkB,CAAN;AACD;AACF,KAZM,MAYA;AACL,aADK,CACG;AACT,KArB6E,CAuB9E;;;AACA,UAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN,CAxB8E,CA0B9E;;AACA,SAAKyE,iBAAL,CAAuBxC,KAAvB,EA3B8E,CA6B9E;;AACA,UAAM;AAAE4C,MAAAA;AAAF,QAAyB,KAAK7M,OAApC;;AACA,QAAI6M,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAOlE,WAAP,CAAxB;AACD,KAFD,MAEO,IAAIA,WAAJ,EAAiB;AACtBzG,MAAAA,MAAM,CAACC,QAAP,CAAgB2K,OAAhB,CAAwBnE,WAAxB;AACD;AACF;;AAEDoE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAK/M,OAAL,CAAauB,IAAtB;AACD;;AAEDyL,EAAAA,eAAe,CAACC,YAAD,EAA2C;AACxD,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKnN,OAAL,CAAaiN,YAA3B,KAA4C,KAAKjN,OAAL,CAAaiN,YAAb,CAA0BG,MAA1E,EAAkF;AAAA;;AAChFJ,MAAAA,eAAe,GAAG,sCAAKhN,OAAL,CAAaiN,YAAb,iBAAkCA,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKhN,OAAL,CAAaiN,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA1lBgE,CA4lBjE;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA;AACA,WAAO,KAAKtN,OAAL,CAAauN,MAAb,CAAqBC,KAArB,CAA2B,UAA3B,EAAuC,CAAvC,CAAP;AACD,GArmBgE,CAumBjE;;;AACAC,EAAAA,cAAc,CAACpF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA1mBgE,CA4mBjE;;;AACAlB,EAAAA,aAAa,CAACkB,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GA/mBgE,CAinBjE;;;AACAqF,EAAAA,mBAAmB,CAACrF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD,GApnBgE,CAsnBjE;;;AACqB,QAAfsF,eAAe,CAAC3N,OAAD,EAA4C;AAC/D,QAAI,CAACA,OAAO,CAACqJ,WAAb,EAA0B;AACxB,YAAMA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAA1D;AACArJ,MAAAA,OAAO,CAACqJ,WAAR,GAAsBA,WAAtB,aAAsBA,WAAtB,uBAAsBA,WAAW,CAAEA,WAAnC;AACD;;AACD,WAAO,uBAAY,IAAZ,EAAkBrJ,OAAlB,CAAP;AACD;;AA7nBgE,C,CAgoBnE;;;8BAhoBMJ,Q,cAQ2BG,Q;8BAR3BH,Q,YASuBgO,M;8BATvBhO,Q,cAU2BiO,Q;AAunBjCjO,QAAQ,CAACG,QAAT,GAAoBH,QAAQ,CAACwD,SAAT,CAAmBrD,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACA,qBAAcH,QAAd,EAAwB;AACtBkO,EAAAA;AADsB,CAAxB;eAIelO,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuthInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n CryptoAPI,\n WebauthnAPI,\n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n FlowIdentifier,\n GetWithRedirectAPI,\n ParseFromUrlInterface,\n GetWithRedirectFunction,\n RequestOptions,\n IsAuthenticatedOptions,\n OAuthResponseType,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspectAuthn,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport * as crypto from './crypto';\nimport * as webauthn from './crypto/webauthn';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone,\n} from './util';\nimport { TokenManager } from './TokenManager';\nimport { ServiceManager } from './ServiceManager';\nimport { get, httpRequest, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport { StorageManager } from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect,\n authenticate,\n cancel,\n poll,\n proceed,\n register,\n recoverPassword,\n unlockAccount,\n startTransaction,\n handleInteractionCodeRedirect,\n canProceed,\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError\n} from './idx';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\nimport {\n getSavedTransactionMeta,\n createTransactionMeta,\n getTransactionMeta,\n saveTransactionMeta,\n clearTransactionMeta,\n isTransactionMetaValid\n} from './idx/transactionMeta';\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nclass OktaAuth implements OktaAuthInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI = features;\n static crypto: CryptoAPI = crypto;\n static webauthn: WebauthnAPI = webauthn;\n features: FeaturesAPI = features;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: any;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n serviceManager: ServiceManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n const options = this.options = buildOptions(args);\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = new StorageManager(options.storageManager!, options.cookies!, options.storageUtil!);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager,\n }, options.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n\n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = options.storageUtil!.storage;\n return storage.get(name);\n }\n }),\n introspect: introspectAuthn.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n };\n\n // eslint-disable-next-line max-len\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = [\n // sync methods\n 'decode',\n 'isLoginRedirect',\n // already bound\n 'getWithRedirect',\n 'parseFromUrl'\n ];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n\n // IDX\n const boundStartTransaction = startTransaction.bind(null, this);\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspect.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, this),\n proceed: proceed.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, this),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),\n createTransactionMeta: createTransactionMeta.bind(null, this),\n getTransactionMeta: getTransactionMeta.bind(null, this),\n saveTransactionMeta: saveTransactionMeta.bind(null, this),\n clearTransactionMeta: clearTransactionMeta.bind(null, this),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n this.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return this.options.flow;\n },\n canProceed: canProceed.bind(null, this),\n unlockAccount: unlockAccount.bind(null, this),\n };\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager(this, args.services);\n }\n\n start() {\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n this.serviceManager.start();\n }\n\n stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n this.serviceManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<unknown> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.tokenManager.clear();\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n\n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n\n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n\n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri(state);\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n}\n\n// Hoist feature detection functions to prototype & static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist constants for CommonJS users\nObject.assign(OktaAuth, {\n constants\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
1
+ {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["OktaAuth","constructor","args","features","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","introspectAuthn","createTransaction","res","AuthTransaction","postToTransaction","url","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","useQueue","method","prototype","push","getWithRedirectFn","getWithRedirect","getWithRedirectApi","_setLocation","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","toWrap","forEach","key","boundStartTransaction","startTransaction","idx","interact","makeIdxResponse","makeIdxState","authenticate","register","start","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallback","parseEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","flow","getFlow","canProceed","unlockAccount","http","setRequestHeader","fingerprint","emitter","Emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","serviceManager","ServiceManager","services","updateAuthState","stop","setHeaders","headers","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","assign","clearTokensBeforeRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","hasExpired","undefined","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","verifyRecoveryToken","invokeApiMethod","crypto","webauthn","constants"],"mappings":";;;;;;;;;;;;;;;;;;AAeA;;AA0CA;;AASA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AACA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAkBA;;AACA;;AACA;;AAWA;;AACA;;;;;;AAhJA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AA+HA;AACA;AACA;AAIA,MAAMA,QAAN,CAAmE;AAsBjEC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AAAA,oDAXXC,QAWW;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaF,IAAb,CAA/B,CADiC,CAEjC;;AACA,SAAKG,cAAL,GAAsB,IAAIC,8BAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA4CD,OAAO,CAACG,OAApD,EAA8DH,OAAO,CAACI,WAAtE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuB,qBAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKE,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAE,qBAAcC,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd;AACA,gBAAMC,OAAO,GAAGnB,OAAO,CAACI,WAAR,CAAqBe,OAArC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AALuD,OAAlD,CAHA;AAURG,MAAAA,UAAU,EAAEC,oBAAgBV,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAVJ;AAWRW,MAAAA,iBAAiB,EAAGC,GAAD,IAA4B;AAC7C,eAAO,IAAIC,mBAAJ,CAAoB,IAApB,EAA0BD,GAA1B,CAAP;AACD,OAbO;AAcRE,MAAAA,iBAAiB,EAAE,CAACC,GAAD,EAAc7B,IAAd,EAAkCE,OAAlC,KAA+D;AAChF,eAAO,2BAAkB,IAAlB,EAAwB2B,GAAxB,EAA6B7B,IAA7B,EAAmCE,OAAnC,CAAP;AACD;AAhBO,KAAV;AAmBA,SAAK4B,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CA5BiC,CAkCjC;;AACA,yBAAc,KAAKhC,OAAL,CAAaI,WAA3B,EAAwC;AACtC6B,MAAAA,cAAc,EAAE,KAAKhC,cAAL,CAAoBiC,oBAApB,CAAyCtB,IAAzC,CAA8C,KAAKX,cAAnD,CADsB;AAEtCkC,MAAAA,YAAY,EAAE,KAAKlC,cAAL,CAAoBkC,YAApB,CAAiCvB,IAAjC,CAAsC,KAAKX,cAA3C;AAFwB,KAAxC;AAKA,SAAKmC,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKrC,OAAL,GAAe,qBAAc,KAAKA,OAAnB,EAA4B;AACzCsC,QAAAA,WAAW,EAAE,yBAAcxC,IAAI,CAACwC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGD,KA9CgC,CAgDjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAAC3C,IAAI,CAAC4C,YAAN,IAAsB5C,IAAI,CAAC4C,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAK1C,OAAL,CAAa0C,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAK3C,OAAL,CAAa0C,YAAb,GAA4B5C,IAAI,CAAC4C,YAAjC;AACD,KA3DgC,CA6DjC;AACA;AACA;;;AACA,SAAK1C,OAAL,CAAa4C,cAAb,GAA8B,CAAC,CAAC9C,IAAI,CAAC8C,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAanC,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAEiC,uBAAcpC,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAE6B,oBAAWrC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbsC,MAAAA,OAAO,EAAEC,wBAAevC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbwC,MAAAA,oBAAoB,EAAEA,8BAAqBxC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKyC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;;AACA,UAAMC,QAAQ,GAAIC,MAAD,IAAY;AAC3B,aAAOF,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4B9C,IAA5B,CAAiC,KAAKyC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAP;AACD,KAFD,CA3EiC,CA+EjC;;;AACA,UAAMG,iBAAiB,GAAGJ,QAAQ,CAACK,sBAAgBhD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAAD,CAAlC;AACA,UAAMiD,kBAAsC,GAAG,qBAAcF,iBAAd,EAAiC;AAC9E;AACAG,MAAAA,YAAY,EAAE,UAASnC,GAAT,EAAc;AAC1BY,QAAAA,MAAM,CAACC,QAAP,GAAkBb,GAAlB;AACD;AAJ6E,KAAjC,CAA/C,CAjFiC,CAuFjC;;AACA,UAAMoC,cAAc,GAAGR,QAAQ,CAACS,mBAAapD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAAD,CAA/B;AACA,UAAMqD,eAAsC,GAAG,qBAAcF,cAAd,EAA8B;AAC3E;AACAG,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO3B,MAAM,CAAC4B,OAAd;AACD,OAJ0E;AAM3E;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO7B,MAAM,CAACC,QAAd;AACD,OAT0E;AAW3E;AACA6B,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO9B,MAAM,CAAC+B,QAAd;AACD;AAd0E,KAA9B,CAA/C;AAgBA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmB5D,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEX6D,MAAAA,qBAAqB,EAAEA,4BAAsB7D,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX8D,MAAAA,gBAAgB,EAAEA,uBAAiB9D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX+D,MAAAA,YAAY,EAAEA,mBAAa/D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKXgD,MAAAA,eAAe,EAAEC,kBALN;AAMXG,MAAAA,YAAY,EAAEC,eANH;AAOXW,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAYnE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXoE,MAAAA,KAAK,EAAEC,iBAAWrE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXsE,MAAAA,sBAAsB,EAAEA,6BAAuBtE,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXuE,MAAAA,WAAW,EAAEA,kBAAYvE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXwE,MAAAA,WAAW,EAAE,CACXC,iBADW,EAEXC,aAFW,KAGgB;AAC3B,eAAO,uBAAY,IAAZ,EAAkBD,iBAAlB,EAAqCC,aAArC,CAAP;AACD,OAjBU;AAkBXC,MAAAA,MAAM,EAAEC,kBAAY5E,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAlBG;AAmBX6E,MAAAA,eAAe,EAAEA,sBAAgB7E,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAnBN,KAAb,CAzGiC,CA8HjC;AACA;;AACA,UAAM8E,MAAM,GAAG,CACb,kBADa,EAEb,cAFa,EAGb,QAHa,EAIb,OAJa,EAKb,wBALa,EAMb,aANa,CAAf;AAQAA,IAAAA,MAAM,CAACC,OAAP,CAAeC,GAAG,IAAI;AACpB,WAAKrB,KAAL,CAAWqB,GAAX,IAAkBrC,QAAQ,CAAC,KAAKgB,KAAL,CAAWqB,GAAX,CAAD,CAA1B;AACD,KAFD,EAxIiC,CA4IjC;;AACA,UAAMC,qBAAqB,GAAGC,sBAAiBlF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAA9B;;AACA,SAAKmF,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAASpF,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEA,gBAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAFH;AAGTqF,MAAAA,eAAe,EAAEC,uBAAatF,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHR;AAKTuF,MAAAA,YAAY,EAAEA,kBAAavF,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CALL;AAMTwF,MAAAA,QAAQ,EAAEA,cAASxF,IAAT,CAAc,IAAd,EAAoB,IAApB,CAND;AAOTyF,MAAAA,KAAK,EAAER,qBAPE;AAQTC,MAAAA,gBAAgB,EAAED,qBART;AAQgC;AACzCS,MAAAA,IAAI,EAAEA,UAAK1F,IAAL,CAAU,IAAV,EAAgB,IAAhB,CATG;AAUT2F,MAAAA,OAAO,EAAEA,aAAQ3F,IAAR,CAAa,IAAb,EAAmB,IAAnB,CAVA;AAWT4F,MAAAA,MAAM,EAAEA,YAAO5F,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CAXC;AAYT6F,MAAAA,eAAe,EAAEA,qBAAgB7F,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAZR;AAcT;AACA8F,MAAAA,6BAA6B,EAAEA,mCAA8B9F,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAftB;AAiBT;AACA+F,MAAAA,qBAAqB,EAAEA,4BAAsB/F,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAlBd;AAmBTgG,MAAAA,0BAA0B,EAA1BA,gCAnBS;AAqBT;AACAC,MAAAA,yBAAyB,EAAEA,+BAA0BjG,IAA1B,CAA+B,IAA/B,EAAqC,IAArC,CAtBlB;AAuBTkG,MAAAA,qBAAqB,EAArBA,0BAvBS;AAwBTC,MAAAA,wBAAwB,EAAxBA,6BAxBS;AAyBTC,MAAAA,0BAA0B,EAA1BA,+BAzBS;AA2BTC,MAAAA,uBAAuB,EAAEA,yCAAwBrG,IAAxB,CAA6B,IAA7B,EAAmC,IAAnC,CA3BhB;AA4BTsG,MAAAA,qBAAqB,EAAEA,uCAAsBtG,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CA5Bd;AA6BTuG,MAAAA,kBAAkB,EAAEA,oCAAmBvG,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CA7BX;AA8BTwG,MAAAA,mBAAmB,EAAEA,qCAAoBxG,IAApB,CAAyB,IAAzB,EAA+B,IAA/B,CA9BZ;AA+BTyG,MAAAA,oBAAoB,EAAEA,sCAAqBzG,IAArB,CAA0B,IAA1B,EAAgC,IAAhC,CA/Bb;AAgCT0G,MAAAA,sBAAsB,EAAtBA,uCAhCS;AAiCTC,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKxH,OAAL,CAAawH,IAAb,GAAoBA,IAApB;AACD,OAnCQ;AAoCTC,MAAAA,OAAO,EAAE,MAAkC;AACzC,eAAO,KAAKzH,OAAL,CAAawH,IAApB;AACD,OAtCQ;AAuCTE,MAAAA,UAAU,EAAEA,gBAAW9G,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAvCH;AAwCT+G,MAAAA,aAAa,EAAEA,mBAAc/G,IAAd,CAAmB,IAAnB,EAAyB,IAAzB;AAxCN,KAAX,CA9IiC,CAyLjC;;AACA,SAAKgH,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBjH,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CA1LiC,CA8LjC;;AACA,SAAKkH,WAAL,GAAmBA,qBAAYlH,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAKmH,OAAL,GAAe,IAAIC,oBAAJ,EAAf,CAjMiC,CAmMjC;;AACA,SAAKC,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuBpI,IAAI,CAACmI,YAA5B,CAApB,CApMiC,CAsMjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB,CAvMiC,CAyMjC;;AACA,SAAKC,cAAL,GAAsB,IAAIC,8BAAJ,CAAmB,IAAnB,EAAyBxI,IAAI,CAACyI,QAA9B,CAAtB;AACD;;AAEU,QAALlC,KAAK,GAAG;AACZ;AACA,SAAK4B,YAAL,CAAkB5B,KAAlB;;AACA,QAAI,CAAC,KAAK9B,KAAL,CAAWkB,eAAX,EAAL,EAAmC;AACjC,WAAK0C,gBAAL,CAAsBK,eAAtB;AACD;;AACD,UAAM,KAAKH,cAAL,CAAoBhC,KAApB,EAAN;AACD;;AAES,QAAJoC,IAAI,GAAG;AACX;AACA,SAAKR,YAAL,CAAkBQ,IAAlB;AACA,UAAM,KAAKJ,cAAL,CAAoBI,IAApB,EAAN;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAK3I,OAAL,CAAa2I,OAAb,GAAuB,qBAAc,EAAd,EAAkB,KAAK3I,OAAL,CAAa2I,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GApPgE,CAuPjE;;;AACY,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD,GA1PgE,CA4PjE;;;AAC2B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAI/I,OAAD,IAAc;AACvC,aAAO6I,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+C7I,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAAC6I,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKjB,WAAL,GACNmB,IADM,CACD,UAASnB,WAAT,EAAsB;AAC1B,aAAOiB,kBAAkB,CAAC;AACxBJ,QAAAA,OAAO,EAAE;AACP,kCAAwBb;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBoB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKzG,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI8G,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG,qBAAc;AAC3B;AACAC,QAAAA,MAAM,EAAE,KAAKvJ,OAAL,CAAauJ,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAK7E,KAAL,CAAWX,eAAX,CAA2B0F,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAKlH,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GArSgE,CAuSjE;;;AACAU,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNmG,IADM,CACD,YAAY;AAChB;AACA,WAAKhB,YAAL,CAAkBuB,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAACxI,IAAF,KAAW,cAAX,IAA6BwI,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GArTgE,CAuTjE;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA8C;AACnE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK9B,YAAL,CAAkB+B,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBF,cAAzB;AACD,KALkE,CAMnE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAO,iBAAQK,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAK3F,KAAL,CAAWO,MAAX,CAAkB+E,WAAlB,CAAP;AACD,GAnUgE,CAqUjE;;;AACwB,QAAlBM,kBAAkB,CAACC,YAAD,EAAgD;AACtE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKnC,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCM,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKpC,YAAL,CAAkB+B,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBI,eAAzB;AACD,KALqE,CAMtE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAO,iBAAQF,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAK3F,KAAL,CAAWO,MAAX,CAAkBsF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAACtK,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACFuK,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAzK,OAJJ;;AAKA,QAAI,CAACuK,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKxK,OAAL,CAAawK,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GA/WgE,CAiXjE;;;AACa,QAAPE,OAAO,CAAC/K,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAG,qBAAc,EAAd,EAAkBA,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIgL,UAAU,GAAGzI,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIwI,UAAU,GAAG1I,MAAM,CAACC,QAAP,CAAgB0I,IAAjC;AACA,QAAIV,qBAAqB,GAAGxK,OAAO,CAACwK,qBAAR,IACvB,KAAKxK,OAAL,CAAawK,qBADU,IAEvBQ,UAFL;AAIA,QAAInB,WAAW,GAAG7J,OAAO,CAAC6J,WAA1B;AACA,QAAIO,YAAY,GAAGpK,OAAO,CAACoK,YAA3B;AACA,QAAIR,iBAAiB,GAAG5J,OAAO,CAAC4J,iBAAR,KAA8B,KAAtD;AACA,QAAIO,kBAAkB,GAAGnK,OAAO,CAACmK,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKnC,YAAL,CAAkByC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIR,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAK5B,YAAL,CAAkByC,aAAlB,GAAkCb,WAAhD;AACD;;AAED,QAAI,CAAC7J,OAAO,CAACuK,OAAb,EAAsB;AACpBvK,MAAAA,OAAO,CAACuK,OAAR,GAAkB,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIR,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMgB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAGtK,OAAL;AAAcwK,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAK9H,YAAL,GAAoB;AAApB,OACNkG,IADM,CACD,YAAW;AACf,YAAIuB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxC1I,UAAAA,MAAM,CAACC,QAAP,CAAgB2I,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACL5I,UAAAA,MAAM,CAACC,QAAP,CAAgB4I,MAAhB,CAAuBZ,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAIxK,OAAO,CAACqL,yBAAZ,EAAuC;AACrC;AACA,aAAKpD,YAAL,CAAkBuB,KAAlB;AACD,OAHD,MAGO;AACL,aAAKvB,YAAL,CAAkBqD,qBAAlB;AACD,OANI,CAOL;;;AACA/I,MAAAA,MAAM,CAACC,QAAP,CAAgB4I,MAAhB,CAAuBP,SAAvB;AACD;AACF;;AAEDU,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAIlH,GAAG,GAAG,2BAA2B,yBAAckH,IAAd,CAArC;AACA,QAAI7I,OAAO,GAAG;AACZ2I,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUhH,GAAV,EAAe3B,OAAf,CAAP;AACD,GAtbgE,CAwbjE;AACA;AACA;AAEA;AACA;;;AACqB,QAAfwL,eAAe,CAACxL,OAA+B,GAAG,EAAnC,EAAyD;AAC5E;AACA,UAAM;AAAEyL,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKzD,YAAL,CAAkB0D,UAAlB,EAAlC;AAEA,UAAMC,WAAW,GAAG5L,OAAO,CAAC6L,cAAR,GAAyB7L,OAAO,CAAC6L,cAAR,KAA2B,OAApD,GAA8DJ,SAAlF;AACA,UAAMK,YAAY,GAAG9L,OAAO,CAAC6L,cAAR,GAAyB7L,OAAO,CAAC6L,cAAR,KAA2B,QAApD,GAA+DH,UAApF;AAEA,QAAI;AAAE7B,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAtB;;AACA,QAAIb,WAAW,IAAI,KAAK5B,YAAL,CAAkB8D,UAAlB,CAA6BlC,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAGmC,SAAd;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACF/B,UAAAA,WAAW,GAAG,MAAM,KAAK5B,YAAL,CAAkBjD,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI8G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAI;AAAEM,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAAlB;;AACA,QAAIH,OAAO,IAAI,KAAKtC,YAAL,CAAkB8D,UAAlB,CAA6BxB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAGyB,SAAV;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACFrB,UAAAA,OAAO,GAAG,MAAM,KAAKtC,YAAL,CAAkBjD,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI8G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIU,OAAjB,CAAR;AACD;;AAEY,QAAP0B,OAAO,GAA0E;AACrF,UAAM;AAAE1B,MAAAA,OAAF;AAAWV,MAAAA;AAAX,QAA2B,KAAK5B,YAAL,CAAkByC,aAAlB,EAAjC;AACA,WAAO,KAAKnG,KAAL,CAAWa,WAAX,CAAuByE,WAAvB,EAAoCU,OAApC,CAAP;AACD;;AAED2B,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAE3B,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqByB,SAAnC;AACD;;AAEDG,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEtC,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAxB;AACA,WAAOb,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BmC,SAA/C;AACD;;AAEDI,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAEhC,MAAAA;AAAF,QAAmB,KAAKnC,YAAL,CAAkByC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+B4B,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBK,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAK/H,KAAL,CAAWP,YAAX,EAAzB;AACA,SAAKiE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAEDjD,EAAAA,cAAc,CAACF,WAAD,EAAsBsB,KAAtB,EAA4C;AACxD;AACA,UAAM+B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDzD,WAAlD,EAHwD,CAKxD;;AACAsB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKzK,OAAL,CAAayK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAK5M,cAAL,CAAoB6M,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsBlC,KAAtB,EAA6BtB,WAA7B;AACD;AACF;;AAED4D,EAAAA,cAAc,CAACtC,KAAD,EAAqC;AACjD;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKzK,OAAL,CAAayK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAK5M,cAAL,CAAoB6M,qBAApB,EAAtB;AACA,YAAM3D,WAAW,GAAG0D,aAAa,CAACG,OAAd,CAAsBvC,KAAtB,CAApB;;AACA,UAAItB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KATgD,CAWjD;;;AACA,UAAMhI,OAAO,GAAGsL,wBAAeC,iBAAf,EAAhB;;AACA,WAAOvL,OAAO,GAAGA,OAAO,CAAC6L,OAAR,CAAgBJ,mCAAhB,KAA8CZ,SAAjD,GAA6DA,SAA3E;AACD;;AAEDiB,EAAAA,iBAAiB,CAACxC,KAAD,EAAuB;AACtC;AACA,UAAMtJ,OAAO,GAAGsL,wBAAeC,iBAAf,EAAhB;;AACAvL,IAAAA,OAAO,CAAC+L,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACAnC,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKzK,OAAL,CAAayK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAK5M,cAAL,CAAoB6M,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,IAA4BL,aAAa,CAACK,UAAd,CAAyBzC,KAAzB,CAA5B;AACD;AACF;;AAEDhF,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnB0H,mBAAmB,CAACb,MAAD,EAAkBnD,WAAlB,EAAuD;AAC9E,QAAIsB,KAAK,GAAG,KAAKzK,OAAL,CAAayK,KAAzB,CAD8E,CAG9E;;AACA,QAAI6B,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACAnD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoB,KAAK/M,OAAL,CAAayK,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAKhF,eAAL,EAAJ,EAA4B;AACjC,UAAI;AACF;AACA,cAAM2H,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACA3C,QAAAA,KAAK,GAAG2C,aAAa,CAAC3C,KAAtB;AACAtB,QAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoBtC,KAApB,CAA7B;AACA,cAAM,KAAK4B,uBAAL,EAAN;AACD,OAND,CAME,OAAM3C,CAAN,EAAS;AACT;AACA,cAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN;AACA,cAAMkB,CAAN;AACD;AACF,KAZM,MAYA;AACL,aADK,CACG;AACT,KArB6E,CAuB9E;;;AACA,UAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN,CAxB8E,CA0B9E;;AACA,SAAKyE,iBAAL,CAAuBxC,KAAvB,EA3B8E,CA6B9E;;AACA,UAAM;AAAE4C,MAAAA;AAAF,QAAyB,KAAKrN,OAApC;;AACA,QAAIqN,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAOlE,WAAP,CAAxB;AACD,KAFD,MAEO,IAAIA,WAAJ,EAAiB;AACtB5G,MAAAA,MAAM,CAACC,QAAP,CAAgB8K,OAAhB,CAAwBnE,WAAxB;AACD;AACF;;AAEDoE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAKvN,OAAL,CAAa4B,IAAtB;AACD;;AAED4L,EAAAA,eAAe,CAACC,YAAD,EAA2C;AACxD,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAK3N,OAAL,CAAayN,YAA3B,KAA4C,KAAKzN,OAAL,CAAayN,YAAb,CAA0BG,MAA1E,EAAkF;AAAA;;AAChFJ,MAAAA,eAAe,GAAG,sCAAKxN,OAAL,CAAayN,YAAb,iBAAkCA,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKxN,OAAL,CAAayN,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GApmBgE,CAsmBjE;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA;AACA,WAAO,KAAK9N,OAAL,CAAa+N,MAAb,CAAqBC,KAArB,CAA2B,UAA3B,EAAuC,CAAvC,CAAP;AACD,GA/mBgE,CAinBjE;;;AACAC,EAAAA,cAAc,CAACpF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GApnBgE,CAsnBjE;;;AACAlB,EAAAA,aAAa,CAACkB,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GAznBgE,CA2nBjE;;;AACAqF,EAAAA,mBAAmB,CAACrF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD,GA9nBgE,CAgoBjE;;;AACqB,QAAfsF,eAAe,CAACnO,OAAD,EAA4C;AAC/D,QAAI,CAACA,OAAO,CAAC6J,WAAb,EAA0B;AACxB,YAAMA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAA1D;AACA7J,MAAAA,OAAO,CAAC6J,WAAR,GAAsBA,WAAtB,aAAsBA,WAAtB,uBAAsBA,WAAW,CAAEA,WAAnC;AACD;;AACD,WAAO,uBAAY,IAAZ,EAAkB7J,OAAlB,CAAP;AACD;;AAvoBgE,C,CA0oBnE;;;8BA1oBMJ,Q,cAQ2BG,Q;8BAR3BH,Q,YASuBwO,M;8BATvBxO,Q,cAU2ByO,Q;AAioBjCzO,QAAQ,CAACG,QAAT,GAAoBH,QAAQ,CAAC6D,SAAT,CAAmB1D,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACA,qBAAcH,QAAd,EAAwB;AACtB0O,EAAAA;AADsB,CAAxB;eAIe1O,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuthInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n CryptoAPI,\n WebauthnAPI,\n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n FlowIdentifier,\n GetWithRedirectAPI,\n ParseFromUrlInterface,\n GetWithRedirectFunction,\n RequestOptions,\n IsAuthenticatedOptions,\n OAuthResponseType,\n CustomUserClaims,\n RequestData,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspectAuthn,\n postToTransaction,\n AuthTransaction,\n TransactionState\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport * as crypto from './crypto';\nimport * as webauthn from './crypto/webauthn';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone,\n} from './util';\nimport { TokenManager } from './TokenManager';\nimport { ServiceManager } from './ServiceManager';\nimport { get, httpRequest, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport { StorageManager } from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect,\n authenticate,\n cancel,\n poll,\n proceed,\n register,\n recoverPassword,\n unlockAccount,\n startTransaction,\n handleInteractionCodeRedirect,\n canProceed,\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError\n} from './idx';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\nimport {\n getSavedTransactionMeta,\n createTransactionMeta,\n getTransactionMeta,\n saveTransactionMeta,\n clearTransactionMeta,\n isTransactionMetaValid\n} from './idx/transactionMeta';\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\nimport { makeIdxState } from './idx/idxState';\n\nclass OktaAuth implements OktaAuthInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI = features;\n static crypto: CryptoAPI = crypto;\n static webauthn: WebauthnAPI = webauthn;\n features: FeaturesAPI = features;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: any;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n serviceManager: ServiceManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n const options = this.options = buildOptions(args);\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = new StorageManager(options.storageManager!, options.cookies!, options.storageUtil!);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager,\n }, options.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n\n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = options.storageUtil!.storage;\n return storage.get(name);\n }\n }),\n introspect: introspectAuthn.bind(null, this),\n createTransaction: (res?: TransactionState) => {\n return new AuthTransaction(this, res);\n },\n postToTransaction: (url: string, args?: RequestData, options?: RequestOptions) => {\n return postToTransaction(this, url, args, options);\n }\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n };\n\n // eslint-disable-next-line max-len\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(this, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n this.token[key] = useQueue(this.token[key]);\n });\n\n // IDX\n const boundStartTransaction = startTransaction.bind(null, this);\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspect.bind(null, this),\n makeIdxResponse: makeIdxState.bind(null, this),\n \n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, this),\n proceed: proceed.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, this),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),\n createTransactionMeta: createTransactionMeta.bind(null, this),\n getTransactionMeta: getTransactionMeta.bind(null, this),\n saveTransactionMeta: saveTransactionMeta.bind(null, this),\n clearTransactionMeta: clearTransactionMeta.bind(null, this),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n this.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return this.options.flow;\n },\n canProceed: canProceed.bind(null, this),\n unlockAccount: unlockAccount.bind(null, this),\n };\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager(this, args.services);\n }\n\n async start() {\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n await this.serviceManager.start();\n }\n\n async stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n await this.serviceManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<unknown> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.tokenManager.clear();\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n\n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n\n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n\n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri(state);\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n}\n\n// Hoist feature detection functions to prototype & static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist constants for CommonJS users\nObject.assign(OktaAuth, {\n constants\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
package/cjs/OktaUserAgent.js CHANGED
@@ -21,7 +21,7 @@ var _features = require("./features");
21
21
  class OktaUserAgent {
22
22
  constructor() {
23
23
  // add base sdk env
24
- this.environments = [`okta-auth-js/${"6.5.1"}`];
24
+ this.environments = [`okta-auth-js/${"6.6.0"}`];
25
25
  }
26
26
 
27
27
  addEnvironment(env) {
@@ -36,7 +36,7 @@ class OktaUserAgent {
36
36
  }
37
37
 
38
38
  getVersion() {
39
- return "6.5.1";
39
+ return "6.6.0";
40
40
  }
41
41
 
42
42
  maybeAddNodeEnvironment() {
package/cjs/ServiceManager.js CHANGED
@@ -87,22 +87,22 @@ class ServiceManager {
87
87
  return [...(0, _values.default)(_context = this.services).call(_context)].some(srv => srv.requiresLeadership());
88
88
  }
89
89
 
90
- start() {
90
+ async start() {
91
91
  if (this.started) {
92
92
  return; // noop if services have already started
93
93
  } // only start election if a leader is required
94
94
 
95
95
 
96
96
  if (this.isLeaderRequired()) {
97
- this.startElector();
97
+ await this.startElector();
98
98
  }
99
99
 
100
100
  this.startServices();
101
101
  this.started = true;
102
102
  }
103
103
 
104
- stop() {
105
- this.stopElector();
104
+ async stop() {
105
+ await this.stopElector();
106
106
  this.stopServices();
107
107
  this.started = false;
108
108
  }
@@ -131,8 +131,8 @@ class ServiceManager {
131
131
  }
132
132
  }
133
133
 
134
- startElector() {
135
- this.stopElector();
134
+ async startElector() {
135
+ await this.stopElector();
136
136
 
137
137
  if (ServiceManager.canUseLeaderElection()) {
138
138
  if (!this.channel) {
@@ -150,13 +150,13 @@ class ServiceManager {
150
150
  }
151
151
  }
152
152
 
153
- stopElector() {
153
+ async stopElector() {
154
154
  if (this.elector) {
155
155
  var _this$elector3, _this$channel;
156
156
 
157
- (_this$elector3 = this.elector) === null || _this$elector3 === void 0 ? void 0 : _this$elector3.die();
157
+ await ((_this$elector3 = this.elector) === null || _this$elector3 === void 0 ? void 0 : _this$elector3.die());
158
158
  this.elector = undefined;
159
- (_this$channel = this.channel) === null || _this$channel === void 0 ? void 0 : _this$channel.close();
159
+ await ((_this$channel = this.channel) === null || _this$channel === void 0 ? void 0 : _this$channel.close());
160
160
  this.channel = undefined;
161
161
  }
162
162
  }
package/cjs/ServiceManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/ServiceManager.ts"],"names":["ServiceManager","constructor","sdk","options","autoRenew","autoRemove","syncStorage","tokenManager","getOptions","defaultOptions","started","services","onLeaderDuplicate","bind","onLeader","knownServices","forEach","name","svc","createService","set","canUseLeaderElection","startServices","isLeader","elector","hasLeader","isLeaderRequired","some","srv","requiresLeadership","start","startElector","stop","stopElector","stopServices","getService","get","canStart","isStarted","channel","broadcastChannelName","BroadcastChannel","onduplicate","awaitLeadership","then","die","undefined","close","service","AutoRenewService","SyncStorageService","Error"],"mappings":";;;;;;;;;;;;;;AAmBA;;AAKA;;AACA;;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAiBO,MAAMA,cAAN,CAAwD;AAgB7DC,EAAAA,WAAW,CAACC,GAAD,EAAgBC,OAA8B,GAAG,EAAjD,EAAqD;AAC9D,SAAKD,GAAL,GAAWA,GAAX,CAD8D,CAG9D;;AACA,UAAM;AAAEE,MAAAA,SAAF;AAAaC,MAAAA,UAAb;AAAyBC,MAAAA;AAAzB,QAAyCJ,GAAG,CAACK,YAAJ,CAAiBC,UAAjB,EAA/C;AACA,SAAKL,OAAL,GAAe,qBAAc,EAAd,EACbH,cAAc,CAACS,cADF,EAEb;AAAEL,MAAAA,SAAF;AAAaC,MAAAA,UAAb;AAAyBC,MAAAA;AAAzB,KAFa,EAGbH,OAHa,CAAf;AAMA,SAAKO,OAAL,GAAe,KAAf;AACA,SAAKC,QAAL,GAAgB,kBAAhB;AACA,SAAKC,iBAAL,GAAyB,KAAKA,iBAAL,CAAuBC,IAAvB,CAA4B,IAA5B,CAAzB;AACA,SAAKC,QAAL,GAAgB,KAAKA,QAAL,CAAcD,IAAd,CAAmB,IAAnB,CAAhB;AAEAb,IAAAA,cAAc,CAACe,aAAf,CAA6BC,OAA7B,CAAqCC,IAAI,IAAI;AAC3C,YAAMC,GAAG,GAAG,KAAKC,aAAL,CAAmBF,IAAnB,CAAZ;;AACA,UAAIC,GAAJ,EAAS;AACP,aAAKP,QAAL,CAAcS,GAAd,CAAkBH,IAAlB,EAAwBC,GAAxB;AACD;AACF,KALD;AAMD;;AAEiC,SAApBG,oBAAoB,GAAG;AACnC,WAAO,0BAAP;AACD;;AAEOP,EAAAA,QAAQ,GAAG;AACjB,QAAI,KAAKJ,OAAT,EAAkB;AAChB;AACA,WAAKY,aAAL;AACD;AACF;;AAEOV,EAAAA,iBAAiB,GAAG,CAC3B;;AAEDW,EAAAA,QAAQ,GAAG;AAAA;;AACT,WAAO,CAAC,mBAAC,KAAKC,OAAN,0CAAC,cAAcD,QAAf,CAAR;AACD;;AAEDE,EAAAA,SAAS,GAAG;AAAA;;AACV,6BAAO,KAAKD,OAAZ,mDAAO,eAAcC,SAArB;AACD;;AAEDC,EAAAA,gBAAgB,GAAG;AAAA;;AACjB,WAAO,CAAC,GAAG,qCAAKf,QAAL,gBAAJ,EAA4BgB,IAA5B,CAAiCC,GAAG,IAAIA,GAAG,CAACC,kBAAJ,EAAxC,CAAP;AACD;;AAEDC,EAAAA,KAAK,GAAG;AACN,QAAI,KAAKpB,OAAT,EAAkB;AAChB,aADgB,CACJ;AACb,KAHK,CAIN;;;AACA,QAAI,KAAKgB,gBAAL,EAAJ,EAA6B;AAC3B,WAAKK,YAAL;AACD;;AACD,SAAKT,aAAL;AACA,SAAKZ,OAAL,GAAe,IAAf;AACD;;AAEDsB,EAAAA,IAAI,GAAG;AACL,SAAKC,WAAL;AACA,SAAKC,YAAL;AACA,SAAKxB,OAAL,GAAe,KAAf;AACD;;AAEDyB,EAAAA,UAAU,CAAClB,IAAD,EAA6C;AACrD,WAAO,KAAKN,QAAL,CAAcyB,GAAd,CAAkBnB,IAAlB,CAAP;AACD;;AAEOK,EAAAA,aAAa,GAAG;AACtB,SAAK,MAAMM,GAAX,IAAkB,sCAAKjB,QAAL,iBAAlB,EAA0C;AAAA;;AACxC,YAAM0B,QAAQ,GAAGT,GAAG,CAACS,QAAJ,MAAkB,CAACT,GAAG,CAACU,SAAJ,EAAnB,KAAuCV,GAAG,CAACC,kBAAJ,KAA2B,KAAKN,QAAL,EAA3B,GAA6C,IAApF,CAAjB;;AACA,UAAIc,QAAJ,EAAc;AACZT,QAAAA,GAAG,CAACE,KAAJ;AACD;AACF;AACF;;AAEOI,EAAAA,YAAY,GAAG;AACrB,SAAK,MAAMN,GAAX,IAAkB,sCAAKjB,QAAL,iBAAlB,EAA0C;AAAA;;AACxCiB,MAAAA,GAAG,CAACI,IAAJ;AACD;AACF;;AAEOD,EAAAA,YAAY,GAAG;AACrB,SAAKE,WAAL;;AACA,QAAIjC,cAAc,CAACqB,oBAAf,EAAJ,EAA2C;AACzC,UAAI,CAAC,KAAKkB,OAAV,EAAmB;AACjB,cAAM;AAAEC,UAAAA;AAAF,YAA2B,KAAKrC,OAAtC;AACA,aAAKoC,OAAL,GAAe,IAAIE,kCAAJ,CAAqBD,oBAArB,CAAf;AACD;;AACD,UAAI,CAAC,KAAKhB,OAAV,EAAmB;AACjB,aAAKA,OAAL,GAAe,4CAAqB,KAAKe,OAA1B,CAAf;AACA,aAAKf,OAAL,CAAakB,WAAb,GAA2B,KAAK9B,iBAAhC;AACA,aAAKY,OAAL,CAAamB,eAAb,GAA+BC,IAA/B,CAAoC,KAAK9B,QAAzC;AACD;AACF;AACF;;AAEOmB,EAAAA,WAAW,GAAG;AACpB,QAAI,KAAKT,OAAT,EAAkB;AAAA;;AAChB,6BAAKA,OAAL,kEAAcqB,GAAd;AACA,WAAKrB,OAAL,GAAesB,SAAf;AACA,4BAAKP,OAAL,gEAAcQ,KAAd;AACA,WAAKR,OAAL,GAAeO,SAAf;AACD;AACF;;AAEO3B,EAAAA,aAAa,CAACF,IAAD,EAAiC;AACpD,UAAMV,YAAY,GAAG,KAAKL,GAAL,CAASK,YAA9B;AAEA,QAAIyC,OAAJ;;AACA,YAAQ/B,IAAR;AACE,WAAK,WAAL;AACE+B,QAAAA,OAAO,GAAG,IAAIC,0BAAJ,CAAqB1C,YAArB,EAAmC,EAAC,GAAG,KAAKJ;AAAT,SAAnC,CAAV;AACA;;AACF,WAAK,aAAL;AACE6C,QAAAA,OAAO,GAAG,IAAIE,4BAAJ,CAAuB3C,YAAvB,EAAqC,EAAC,GAAG,KAAKJ;AAAT,SAArC,CAAV;AACA;;AACF;AACE,cAAM,IAAIgD,KAAJ,CAAW,mBAAkBlC,IAAK,EAAlC,CAAN;AARJ;;AAUA,WAAO+B,OAAP;AACD;;AA9I4D;;;8BAAlDhD,c,mBAQoB,CAAC,WAAD,EAAc,aAAd,C;8BARpBA,c,oBAUqB;AAC9BI,EAAAA,SAAS,EAAE,IADmB;AAE9BC,EAAAA,UAAU,EAAE,IAFkB;AAG9BC,EAAAA,WAAW,EAAE;AAHiB,C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport {\n ServiceManagerInterface,\n ServiceInterface,\n ServiceManagerOptions\n} from './types';\nimport { OktaAuth } from '.';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { AutoRenewService, SyncStorageService } from './services';\nimport { isBrowser } from './features';\n\nexport class ServiceManager implements ServiceManagerInterface {\n private sdk: OktaAuth;\n private options: ServiceManagerOptions;\n private services: Map<string, ServiceInterface>;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started: boolean;\n\n private static knownServices = ['autoRenew', 'syncStorage'];\n\n private static defaultOptions = {\n autoRenew: true,\n autoRemove: true,\n syncStorage: true\n };\n\n constructor(sdk: OktaAuth, options: ServiceManagerOptions = {}) {\n this.sdk = sdk;\n\n // TODO: backwards compatibility, remove in next major version - OKTA-473815\n const { autoRenew, autoRemove, syncStorage } = sdk.tokenManager.getOptions();\n this.options = Object.assign({}, \n ServiceManager.defaultOptions,\n { autoRenew, autoRemove, syncStorage },\n options\n );\n\n this.started = false;\n this.services = new Map();\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n\n ServiceManager.knownServices.forEach(name => {\n const svc = this.createService(name);\n if (svc) {\n this.services.set(name, svc);\n }\n });\n }\n\n public static canUseLeaderElection() {\n return isBrowser();\n }\n\n private onLeader() {\n if (this.started) {\n // Start services that requires leadership\n this.startServices();\n }\n }\n\n private onLeaderDuplicate() {\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return this.elector?.hasLeader;\n }\n\n isLeaderRequired() {\n return [...this.services.values()].some(srv => srv.requiresLeadership());\n }\n\n start() {\n if (this.started) {\n return; // noop if services have already started\n }\n // only start election if a leader is required\n if (this.isLeaderRequired()) {\n this.startElector();\n }\n this.startServices();\n this.started = true;\n }\n \n stop() {\n this.stopElector();\n this.stopServices();\n this.started = false;\n }\n\n getService(name: string): ServiceInterface | undefined {\n return this.services.get(name);\n }\n\n private startServices() {\n for (const srv of this.services.values()) {\n const canStart = srv.canStart() && !srv.isStarted() && (srv.requiresLeadership() ? this.isLeader() : true);\n if (canStart) {\n srv.start();\n }\n }\n }\n\n private stopServices() {\n for (const srv of this.services.values()) {\n srv.stop();\n }\n }\n\n private startElector() {\n this.stopElector();\n if (ServiceManager.canUseLeaderElection()) {\n if (!this.channel) {\n const { broadcastChannelName } = this.options;\n this.channel = new BroadcastChannel(broadcastChannelName as string);\n }\n if (!this.elector) {\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n }\n }\n }\n\n private stopElector() {\n if (this.elector) {\n this.elector?.die();\n this.elector = undefined;\n this.channel?.close();\n this.channel = undefined;\n }\n }\n\n private createService(name: string): ServiceInterface {\n const tokenManager = this.sdk.tokenManager;\n\n let service: ServiceInterface | undefined;\n switch (name) {\n case 'autoRenew':\n service = new AutoRenewService(tokenManager, {...this.options});\n break;\n case 'syncStorage':\n service = new SyncStorageService(tokenManager, {...this.options});\n break;\n default:\n throw new Error(`Unknown service ${name}`);\n }\n return service;\n }\n\n}\n"],"file":"ServiceManager.js"}
1
+ {"version":3,"sources":["../../lib/ServiceManager.ts"],"names":["ServiceManager","constructor","sdk","options","autoRenew","autoRemove","syncStorage","tokenManager","getOptions","defaultOptions","started","services","onLeaderDuplicate","bind","onLeader","knownServices","forEach","name","svc","createService","set","canUseLeaderElection","startServices","isLeader","elector","hasLeader","isLeaderRequired","some","srv","requiresLeadership","start","startElector","stop","stopElector","stopServices","getService","get","canStart","isStarted","channel","broadcastChannelName","BroadcastChannel","onduplicate","awaitLeadership","then","die","undefined","close","service","AutoRenewService","SyncStorageService","Error"],"mappings":";;;;;;;;;;;;;;AAmBA;;AAKA;;AACA;;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAiBO,MAAMA,cAAN,CAAwD;AAgB7DC,EAAAA,WAAW,CAACC,GAAD,EAAgBC,OAA8B,GAAG,EAAjD,EAAqD;AAC9D,SAAKD,GAAL,GAAWA,GAAX,CAD8D,CAG9D;;AACA,UAAM;AAAEE,MAAAA,SAAF;AAAaC,MAAAA,UAAb;AAAyBC,MAAAA;AAAzB,QAAyCJ,GAAG,CAACK,YAAJ,CAAiBC,UAAjB,EAA/C;AACA,SAAKL,OAAL,GAAe,qBAAc,EAAd,EACbH,cAAc,CAACS,cADF,EAEb;AAAEL,MAAAA,SAAF;AAAaC,MAAAA,UAAb;AAAyBC,MAAAA;AAAzB,KAFa,EAGbH,OAHa,CAAf;AAMA,SAAKO,OAAL,GAAe,KAAf;AACA,SAAKC,QAAL,GAAgB,kBAAhB;AACA,SAAKC,iBAAL,GAAyB,KAAKA,iBAAL,CAAuBC,IAAvB,CAA4B,IAA5B,CAAzB;AACA,SAAKC,QAAL,GAAgB,KAAKA,QAAL,CAAcD,IAAd,CAAmB,IAAnB,CAAhB;AAEAb,IAAAA,cAAc,CAACe,aAAf,CAA6BC,OAA7B,CAAqCC,IAAI,IAAI;AAC3C,YAAMC,GAAG,GAAG,KAAKC,aAAL,CAAmBF,IAAnB,CAAZ;;AACA,UAAIC,GAAJ,EAAS;AACP,aAAKP,QAAL,CAAcS,GAAd,CAAkBH,IAAlB,EAAwBC,GAAxB;AACD;AACF,KALD;AAMD;;AAEiC,SAApBG,oBAAoB,GAAG;AACnC,WAAO,0BAAP;AACD;;AAEOP,EAAAA,QAAQ,GAAG;AACjB,QAAI,KAAKJ,OAAT,EAAkB;AAChB;AACA,WAAKY,aAAL;AACD;AACF;;AAEOV,EAAAA,iBAAiB,GAAG,CAC3B;;AAEDW,EAAAA,QAAQ,GAAG;AAAA;;AACT,WAAO,CAAC,mBAAC,KAAKC,OAAN,0CAAC,cAAcD,QAAf,CAAR;AACD;;AAEDE,EAAAA,SAAS,GAAG;AAAA;;AACV,6BAAO,KAAKD,OAAZ,mDAAO,eAAcC,SAArB;AACD;;AAEDC,EAAAA,gBAAgB,GAAG;AAAA;;AACjB,WAAO,CAAC,GAAG,qCAAKf,QAAL,gBAAJ,EAA4BgB,IAA5B,CAAiCC,GAAG,IAAIA,GAAG,CAACC,kBAAJ,EAAxC,CAAP;AACD;;AAEU,QAALC,KAAK,GAAG;AACZ,QAAI,KAAKpB,OAAT,EAAkB;AAChB,aADgB,CACJ;AACb,KAHW,CAIZ;;;AACA,QAAI,KAAKgB,gBAAL,EAAJ,EAA6B;AAC3B,YAAM,KAAKK,YAAL,EAAN;AACD;;AACD,SAAKT,aAAL;AACA,SAAKZ,OAAL,GAAe,IAAf;AACD;;AAES,QAAJsB,IAAI,GAAG;AACX,UAAM,KAAKC,WAAL,EAAN;AACA,SAAKC,YAAL;AACA,SAAKxB,OAAL,GAAe,KAAf;AACD;;AAEDyB,EAAAA,UAAU,CAAClB,IAAD,EAA6C;AACrD,WAAO,KAAKN,QAAL,CAAcyB,GAAd,CAAkBnB,IAAlB,CAAP;AACD;;AAEOK,EAAAA,aAAa,GAAG;AACtB,SAAK,MAAMM,GAAX,IAAkB,sCAAKjB,QAAL,iBAAlB,EAA0C;AAAA;;AACxC,YAAM0B,QAAQ,GAAGT,GAAG,CAACS,QAAJ,MAAkB,CAACT,GAAG,CAACU,SAAJ,EAAnB,KAAuCV,GAAG,CAACC,kBAAJ,KAA2B,KAAKN,QAAL,EAA3B,GAA6C,IAApF,CAAjB;;AACA,UAAIc,QAAJ,EAAc;AACZT,QAAAA,GAAG,CAACE,KAAJ;AACD;AACF;AACF;;AAEOI,EAAAA,YAAY,GAAG;AACrB,SAAK,MAAMN,GAAX,IAAkB,sCAAKjB,QAAL,iBAAlB,EAA0C;AAAA;;AACxCiB,MAAAA,GAAG,CAACI,IAAJ;AACD;AACF;;AAEyB,QAAZD,YAAY,GAAG;AAC3B,UAAM,KAAKE,WAAL,EAAN;;AACA,QAAIjC,cAAc,CAACqB,oBAAf,EAAJ,EAA2C;AACzC,UAAI,CAAC,KAAKkB,OAAV,EAAmB;AACjB,cAAM;AAAEC,UAAAA;AAAF,YAA2B,KAAKrC,OAAtC;AACA,aAAKoC,OAAL,GAAe,IAAIE,kCAAJ,CAAqBD,oBAArB,CAAf;AACD;;AACD,UAAI,CAAC,KAAKhB,OAAV,EAAmB;AACjB,aAAKA,OAAL,GAAe,4CAAqB,KAAKe,OAA1B,CAAf;AACA,aAAKf,OAAL,CAAakB,WAAb,GAA2B,KAAK9B,iBAAhC;AACA,aAAKY,OAAL,CAAamB,eAAb,GAA+BC,IAA/B,CAAoC,KAAK9B,QAAzC;AACD;AACF;AACF;;AAEwB,QAAXmB,WAAW,GAAG;AAC1B,QAAI,KAAKT,OAAT,EAAkB;AAAA;;AAChB,+BAAM,KAAKA,OAAX,mDAAM,eAAcqB,GAAd,EAAN;AACA,WAAKrB,OAAL,GAAesB,SAAf;AACA,8BAAM,KAAKP,OAAX,kDAAM,cAAcQ,KAAd,EAAN;AACA,WAAKR,OAAL,GAAeO,SAAf;AACD;AACF;;AAEO3B,EAAAA,aAAa,CAACF,IAAD,EAAiC;AACpD,UAAMV,YAAY,GAAG,KAAKL,GAAL,CAASK,YAA9B;AAEA,QAAIyC,OAAJ;;AACA,YAAQ/B,IAAR;AACE,WAAK,WAAL;AACE+B,QAAAA,OAAO,GAAG,IAAIC,0BAAJ,CAAqB1C,YAArB,EAAmC,EAAC,GAAG,KAAKJ;AAAT,SAAnC,CAAV;AACA;;AACF,WAAK,aAAL;AACE6C,QAAAA,OAAO,GAAG,IAAIE,4BAAJ,CAAuB3C,YAAvB,EAAqC,EAAC,GAAG,KAAKJ;AAAT,SAArC,CAAV;AACA;;AACF;AACE,cAAM,IAAIgD,KAAJ,CAAW,mBAAkBlC,IAAK,EAAlC,CAAN;AARJ;;AAUA,WAAO+B,OAAP;AACD;;AA9I4D;;;8BAAlDhD,c,mBAQoB,CAAC,WAAD,EAAc,aAAd,C;8BARpBA,c,oBAUqB;AAC9BI,EAAAA,SAAS,EAAE,IADmB;AAE9BC,EAAAA,UAAU,EAAE,IAFkB;AAG9BC,EAAAA,WAAW,EAAE;AAHiB,C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport {\n ServiceManagerInterface,\n ServiceInterface,\n ServiceManagerOptions\n} from './types';\nimport { OktaAuth } from '.';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { AutoRenewService, SyncStorageService } from './services';\nimport { isBrowser } from './features';\n\nexport class ServiceManager implements ServiceManagerInterface {\n private sdk: OktaAuth;\n private options: ServiceManagerOptions;\n private services: Map<string, ServiceInterface>;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started: boolean;\n\n private static knownServices = ['autoRenew', 'syncStorage'];\n\n private static defaultOptions = {\n autoRenew: true,\n autoRemove: true,\n syncStorage: true\n };\n\n constructor(sdk: OktaAuth, options: ServiceManagerOptions = {}) {\n this.sdk = sdk;\n\n // TODO: backwards compatibility, remove in next major version - OKTA-473815\n const { autoRenew, autoRemove, syncStorage } = sdk.tokenManager.getOptions();\n this.options = Object.assign({}, \n ServiceManager.defaultOptions,\n { autoRenew, autoRemove, syncStorage },\n options\n );\n\n this.started = false;\n this.services = new Map();\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n\n ServiceManager.knownServices.forEach(name => {\n const svc = this.createService(name);\n if (svc) {\n this.services.set(name, svc);\n }\n });\n }\n\n public static canUseLeaderElection() {\n return isBrowser();\n }\n\n private onLeader() {\n if (this.started) {\n // Start services that requires leadership\n this.startServices();\n }\n }\n\n private onLeaderDuplicate() {\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return this.elector?.hasLeader;\n }\n\n isLeaderRequired() {\n return [...this.services.values()].some(srv => srv.requiresLeadership());\n }\n\n async start() {\n if (this.started) {\n return; // noop if services have already started\n }\n // only start election if a leader is required\n if (this.isLeaderRequired()) {\n await this.startElector();\n }\n this.startServices();\n this.started = true;\n }\n \n async stop() {\n await this.stopElector();\n this.stopServices();\n this.started = false;\n }\n\n getService(name: string): ServiceInterface | undefined {\n return this.services.get(name);\n }\n\n private startServices() {\n for (const srv of this.services.values()) {\n const canStart = srv.canStart() && !srv.isStarted() && (srv.requiresLeadership() ? this.isLeader() : true);\n if (canStart) {\n srv.start();\n }\n }\n }\n\n private stopServices() {\n for (const srv of this.services.values()) {\n srv.stop();\n }\n }\n\n private async startElector() {\n await this.stopElector();\n if (ServiceManager.canUseLeaderElection()) {\n if (!this.channel) {\n const { broadcastChannelName } = this.options;\n this.channel = new BroadcastChannel(broadcastChannelName as string);\n }\n if (!this.elector) {\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n }\n }\n }\n\n private async stopElector() {\n if (this.elector) {\n await this.elector?.die();\n this.elector = undefined;\n await this.channel?.close();\n this.channel = undefined;\n }\n }\n\n private createService(name: string): ServiceInterface {\n const tokenManager = this.sdk.tokenManager;\n\n let service: ServiceInterface | undefined;\n switch (name) {\n case 'autoRenew':\n service = new AutoRenewService(tokenManager, {...this.options});\n break;\n case 'syncStorage':\n service = new SyncStorageService(tokenManager, {...this.options});\n break;\n default:\n throw new Error(`Unknown service ${name}`);\n }\n return service;\n }\n\n}\n"],"file":"ServiceManager.js"}
package/cjs/TokenManager.js CHANGED
@@ -477,6 +477,12 @@ class TokenManager {
477
477
  this.storage.setStorage(tokenStorage);
478
478
  }
479
479
 
480
+ removeRefreshToken() {
481
+ const key = this.getStorageKeyByType('refreshToken') || _constants.REFRESH_TOKEN_STORAGE_KEY;
482
+
483
+ this.remove(key);
484
+ }
485
+
480
486
  addPendingRemoveFlags() {
481
487
  const tokens = this.getTokensSync();
482
488
  (0, _keys.default)(tokens).forEach(key => {