@okta/okta-auth-js 6.5.1 → 6.6.0

package/cjs/idx/startTransaction.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["startTransaction","authClient","options","transactionManager","clear","exchangeCodeForTokens"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,gBAAf,CACLC,UADK,EAELC,OAAqB,GAAG,EAFnB,EAGoB;AACzB;AACAD,EAAAA,UAAU,CAACE,kBAAX,CAA8BC,KAA9B;AAEA,SAAO,cAAIH,UAAJ,EAAgB;AACrBI,IAAAA,qBAAqB,EAAE,KADF;AAErB,OAAGH;AAFkB,GAAhB,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuthInterface, IdxTransaction, StartOptions } from '../types';\n\nexport async function startTransaction(\n  authClient: OktaAuthInterface, \n  options: StartOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, {\n    exchangeCodeForTokens: false,\n    ...options\n  });\n}\n"],"file":"startTransaction.js"}
+{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["startTransaction","authClient","options","transactionManager","clear","exchangeCodeForTokens"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,gBAAf,CACLC,UADK,EAELC,OAAqB,GAAG,EAFnB,EAGoB;AACzB;AACAD,EAAAA,UAAU,CAACE,kBAAX,CAA8BC,KAA9B;AAEA,SAAO,cAAIH,UAAJ,EAAgB;AACrBI,IAAAA,qBAAqB,EAAE,KADF;AAErB,OAAGH;AAFkB,GAAhB,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuthIdxInterface, IdxTransaction, StartOptions } from '../types';\n\nexport async function startTransaction(\n  authClient: OktaAuthIdxInterface, \n  options: StartOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, {\n    exchangeCodeForTokens: false,\n    ...options\n  });\n}\n"],"file":"startTransaction.js"}

package/cjs/idx/transactionMeta.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","pkceMeta","flow","withCredentials","activationToken","undefined","recoveryToken","maxAge","meta","hasSavedInteractionHandle","savedMeta","getSavedTransactionMeta","interactionHandle","transactionManager","load","e","isTransactionMetaValid","getTransactionMeta","validExistingMeta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","shouldValidateFlow","mismatch","some","key","value"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CACLC,UADK,EAELC,OAA+B,GAAG,EAF7B,EAGwB;AAC7B,QAAMC,WAAW,GAAG,MAAMF,UAAU,CAACG,KAAX,CAAiBC,kBAAjB,CAAoCH,OAApC,CAA1B;AACA,QAAMI,QAAQ,GAAG,2BAAgBL,UAAhB,EAA4BE,WAA5B,CAAjB;AACA,MAAI;AACFI,IAAAA,IAAI,GAAG,SADL;AAEFC,IAAAA,eAAe,GAAG,IAFhB;AAGFC,IAAAA,eAAe,GAAGC,SAHhB;AAIFC,IAAAA,aAAa,GAAGD,SAJd;AAKFE,IAAAA,MAAM,GAAGF;AALP,MAMA,EAAE,GAAGT,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GANJ,CAH6B,CASc;;AAE3C,QAAMW,IAAwB,GAAG,EAC/B,GAAGP,QAD4B;AAE/BC,IAAAA,IAF+B;AAG/BC,IAAAA,eAH+B;AAI/BC,IAAAA,eAJ+B;AAK/BE,IAAAA,aAL+B;AAM/BC,IAAAA;AAN+B,GAAjC;AAQA,SAAOC,IAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCb,UAAnC,EAAkEC,OAAlE,EAA6G;AAClH,QAAMa,SAAS,GAAGC,uBAAuB,CAACf,UAAD,EAAaC,OAAb,CAAzC;;AACA,MAAIa,SAAJ,aAAIA,SAAJ,eAAIA,SAAS,CAAEE,iBAAf,EAAkC;AAChC,WAAO,IAAP;AACD;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASD,uBAAT,CACLf,UADK,EAELC,OAFK,EAG2B;AAChCA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAFgC,CAEiB;;AACjD,MAAIa,SAAJ;;AACA,MAAI;AACFA,IAAAA,SAAS,GAAGd,UAAU,CAACiB,kBAAX,CAA8BC,IAA9B,CAAmCjB,OAAnC,CAAZ;AACD,GAFD,CAEE,OAAOkB,CAAP,EAAU,CACV;AACD;;AAED,MAAI,CAACL,SAAL,EAAgB;AACd;AACD;;AAED,MAAIM,sBAAsB,CAACN,SAAD,EAAYb,OAAZ,CAA1B,EAAgD;AAC9C,WAAOa,SAAP;AACD,GAhB+B,CAkBhC;AACA;AACA;;;AACA,kBAAK,sEACH,4DADF;AAGD;;AAEM,eAAeO,kBAAf,CACLrB,UADK,EAELC,OAFK,EAGwB;AAC7BA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAF6B,CAEoB;AACjD;;AACA,QAAMqB,iBAAiB,GAAGP,uBAAuB,CAACf,UAAD,EAAaC,OAAb,CAAjD;;AACA,MAAIqB,iBAAJ,EAAuB;AACrB,WAAOA,iBAAP;AACD,GAP4B,CAQ7B;;;AACA,SAAOvB,qBAAqB,CAACC,UAAD,EAAaC,OAAb,CAA5B;AACD;;AAEM,SAASsB,mBAAT,CAA8BvB,UAA9B,EAA6DY,IAA7D,EAAyE;AAC9EZ,EAAAA,UAAU,CAACiB,kBAAX,CAA8BO,IAA9B,CAAmCZ,IAAnC,EAAyC;AAAEa,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+B1B,UAA/B,EAAoE;AACzEA,EAAAA,UAAU,CAACiB,kBAAX,CAA8BU,KAA9B;AACD;;AAEM,SAASP,sBAAT,CAAiCR,IAAjC,EAAuCX,OAA+B,GAAI,EAA1E,EAAuF;AAC5F;AACA,QAAM2B,IAAI,GAAG,CACX,QADW,EAEX,UAFW,EAGX,aAHW,EAIX,OAJW,EAKX,eALW,EAMX,qBANW,EAOX,iBAPW,EAQX,eARW,CAAb;;AAUA,MAAIC,gCAAgC,CAACjB,IAAD,EAAOX,OAAP,EAAgB2B,IAAhB,CAAhC,KAA0D,KAA9D,EAAqE;AACnE,WAAO,KAAP;AACD,GAd2F,CAgB5F;;;AACA,QAAM;AAAEtB,IAAAA;AAAF,MAAWL,OAAjB;;AACA,MAAI6B,6BAA6B,CAAClB,IAAD,EAAON,IAAP,CAA7B,KAA8C,KAAlD,EAAyD;AACvD,WAAO,KAAP;AACD;;AAED,SAAO,IAAP;AACD;;AAEM,SAASwB,6BAAT,CAAuClB,IAAvC,EAA6CN,IAA7C,EAAmD;AACxD;AACA,QAAMyB,kBAAkB,GAAGzB,IAAI,IAAIA,IAAI,KAAK,SAAjB,IAA8BA,IAAI,KAAK,SAAlE;;AACA,MAAIyB,kBAAJ,EAAwB;AACtB,QAAIzB,IAAI,KAAKM,IAAI,CAACN,IAAlB,EAAwB;AACtB;AACA,aAAO,KAAP;AACD;AACF;;AACD,SAAO,IAAP;AACD;;AAEM,SAASuB,gCAAT,CAA0CjB,IAA1C,EAAgDX,OAAhD,EAAyD2B,IAAzD,EAA+D;AACpE;AACA;AACA,QAAMI,QAAQ,GAAGJ,IAAI,CAACK,IAAL,CAAUC,GAAG,IAAI;AAChC,UAAMC,KAAK,GAAGlC,OAAO,CAACiC,GAAD,CAArB;;AACA,QAAIC,KAAK,IAAIA,KAAK,KAAKvB,IAAI,CAACsB,GAAD,CAA3B,EAAkC;AAChC,aAAO,IAAP;AACD;AACF,GALgB,CAAjB;AAMA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthInterface, IdxTransactionMeta, TransactionMetaOptions, PKCETransactionMeta } from '../types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n  authClient: OktaAuthInterface,\n  options: TransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n  const tokenParams = await authClient.token.prepareTokenParams(options);\n  const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n  let {\n    flow = 'default',\n    withCredentials = true,\n    activationToken = undefined,\n    recoveryToken = undefined,\n    maxAge = undefined,\n  } = { ...authClient.options, ...options }; // local options override SDK options\n\n  const meta: IdxTransactionMeta = {\n    ...pkceMeta,\n    flow,\n    withCredentials,\n    activationToken,\n    recoveryToken,\n    maxAge\n  };\n  return meta;\n}\n\nexport function hasSavedInteractionHandle(authClient: OktaAuthInterface, options?: TransactionMetaOptions): boolean {\n  const savedMeta = getSavedTransactionMeta(authClient, options);\n  if (savedMeta?.interactionHandle) {\n    return true;\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n  authClient: OktaAuthInterface,\n  options?: TransactionMetaOptions\n): IdxTransactionMeta | undefined {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  let savedMeta;\n  try {\n    savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n  } catch (e) {\n    // ignore errors here\n  }\n\n  if (!savedMeta) {\n    return;\n  }\n\n  if (isTransactionMetaValid(savedMeta, options)) {\n    return savedMeta;\n  }\n\n  // existing meta is not valid for this configuration\n  // this is common when changing configuration in local development environment\n  // in a production environment, this may indicate that two apps are sharing a storage key\n  warn('Saved transaction meta does not match the current configuration. ' + \n    'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuthInterface,\n  options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  // Load existing transaction meta from storage\n  const validExistingMeta = getSavedTransactionMeta(authClient, options);\n  if (validExistingMeta) {\n    return validExistingMeta;\n  }\n  // No existing? Create new transaction meta.\n  return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuthInterface, meta): void {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuthInterface): void {\n  authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: TransactionMetaOptions  = {}): boolean {\n  // Validate against certain options. If these exist in options, they must match in meta\n  const keys = [\n    'issuer',\n    'clientId',\n    'redirectUri',\n    'state',\n    'codeChallenge',\n    'codeChallengeMethod',\n    'activationToken',\n    'recoveryToken'\n  ];\n  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n    return false;\n  }\n\n  // Validate configured flow\n  const { flow } = options;\n  if (isTransactionMetaValidForFlow(meta, flow) === false) {\n    return false;\n  }\n\n  return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n  // Specific flows should not share transaction data\n  const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n  if (shouldValidateFlow) {\n    if (flow !== meta.flow) {\n      // The flow has changed; abandon the old transaction\n      return false;\n    }\n  }\n  return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n  // returns false if values in meta do not match options\n  // if the option does not have a value for a specific key, it is ignored\n  const mismatch = keys.some(key => {\n    const value = options[key];\n    if (value && value !== meta[key]) {\n      return true;\n    }\n  });\n  return !mismatch;\n}\n"],"file":"transactionMeta.js"}
+{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","pkceMeta","flow","withCredentials","activationToken","undefined","recoveryToken","maxAge","meta","hasSavedInteractionHandle","savedMeta","getSavedTransactionMeta","interactionHandle","transactionManager","load","e","isTransactionMetaValid","getTransactionMeta","validExistingMeta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","shouldValidateFlow","mismatch","some","key","value"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CACLC,UADK,EAELC,OAA+B,GAAG,EAF7B,EAGwB;AAC7B,QAAMC,WAAW,GAAG,MAAMF,UAAU,CAACG,KAAX,CAAiBC,kBAAjB,CAAoCH,OAApC,CAA1B;AACA,QAAMI,QAAQ,GAAG,2BAAgBL,UAAhB,EAA4BE,WAA5B,CAAjB;AACA,MAAI;AACFI,IAAAA,IAAI,GAAG,SADL;AAEFC,IAAAA,eAAe,GAAG,IAFhB;AAGFC,IAAAA,eAAe,GAAGC,SAHhB;AAIFC,IAAAA,aAAa,GAAGD,SAJd;AAKFE,IAAAA,MAAM,GAAGF;AALP,MAMA,EAAE,GAAGT,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GANJ,CAH6B,CASc;;AAE3C,QAAMW,IAAwB,GAAG,EAC/B,GAAGP,QAD4B;AAE/BC,IAAAA,IAF+B;AAG/BC,IAAAA,eAH+B;AAI/BC,IAAAA,eAJ+B;AAK/BE,IAAAA,aAL+B;AAM/BC,IAAAA;AAN+B,GAAjC;AAQA,SAAOC,IAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCb,UAAnC,EAAqEC,OAArE,EAAgH;AACrH,QAAMa,SAAS,GAAGC,uBAAuB,CAACf,UAAD,EAAaC,OAAb,CAAzC;;AACA,MAAIa,SAAJ,aAAIA,SAAJ,eAAIA,SAAS,CAAEE,iBAAf,EAAkC;AAChC,WAAO,IAAP;AACD;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASD,uBAAT,CACLf,UADK,EAELC,OAFK,EAG2B;AAChCA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAFgC,CAEiB;;AACjD,MAAIa,SAAJ;;AACA,MAAI;AACFA,IAAAA,SAAS,GAAGd,UAAU,CAACiB,kBAAX,CAA8BC,IAA9B,CAAmCjB,OAAnC,CAAZ;AACD,GAFD,CAEE,OAAOkB,CAAP,EAAU,CACV;AACD;;AAED,MAAI,CAACL,SAAL,EAAgB;AACd;AACD;;AAED,MAAIM,sBAAsB,CAACN,SAAD,EAAYb,OAAZ,CAA1B,EAAgD;AAC9C,WAAOa,SAAP;AACD,GAhB+B,CAkBhC;AACA;AACA;;;AACA,kBAAK,sEACH,4DADF;AAGD;;AAEM,eAAeO,kBAAf,CACLrB,UADK,EAELC,OAFK,EAGwB;AAC7BA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAF6B,CAEoB;AACjD;;AACA,QAAMqB,iBAAiB,GAAGP,uBAAuB,CAACf,UAAD,EAAaC,OAAb,CAAjD;;AACA,MAAIqB,iBAAJ,EAAuB;AACrB,WAAOA,iBAAP;AACD,GAP4B,CAQ7B;;;AACA,SAAOvB,qBAAqB,CAACC,UAAD,EAAaC,OAAb,CAA5B;AACD;;AAEM,SAASsB,mBAAT,CAA8BvB,UAA9B,EAAgEY,IAAhE,EAA4E;AACjFZ,EAAAA,UAAU,CAACiB,kBAAX,CAA8BO,IAA9B,CAAmCZ,IAAnC,EAAyC;AAAEa,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+B1B,UAA/B,EAAuE;AAC5EA,EAAAA,UAAU,CAACiB,kBAAX,CAA8BU,KAA9B;AACD;;AAEM,SAASP,sBAAT,CAAiCR,IAAjC,EAAuCX,OAA+B,GAAI,EAA1E,EAAuF;AAC5F;AACA,QAAM2B,IAAI,GAAG,CACX,QADW,EAEX,UAFW,EAGX,aAHW,EAIX,OAJW,EAKX,eALW,EAMX,qBANW,EAOX,iBAPW,EAQX,eARW,CAAb;;AAUA,MAAIC,gCAAgC,CAACjB,IAAD,EAAOX,OAAP,EAAgB2B,IAAhB,CAAhC,KAA0D,KAA9D,EAAqE;AACnE,WAAO,KAAP;AACD,GAd2F,CAgB5F;;;AACA,QAAM;AAAEtB,IAAAA;AAAF,MAAWL,OAAjB;;AACA,MAAI6B,6BAA6B,CAAClB,IAAD,EAAON,IAAP,CAA7B,KAA8C,KAAlD,EAAyD;AACvD,WAAO,KAAP;AACD;;AAED,SAAO,IAAP;AACD;;AAEM,SAASwB,6BAAT,CAAuClB,IAAvC,EAA6CN,IAA7C,EAAmD;AACxD;AACA,QAAMyB,kBAAkB,GAAGzB,IAAI,IAAIA,IAAI,KAAK,SAAjB,IAA8BA,IAAI,KAAK,SAAlE;;AACA,MAAIyB,kBAAJ,EAAwB;AACtB,QAAIzB,IAAI,KAAKM,IAAI,CAACN,IAAlB,EAAwB;AACtB;AACA,aAAO,KAAP;AACD;AACF;;AACD,SAAO,IAAP;AACD;;AAEM,SAASuB,gCAAT,CAA0CjB,IAA1C,EAAgDX,OAAhD,EAAyD2B,IAAzD,EAA+D;AACpE;AACA;AACA,QAAMI,QAAQ,GAAGJ,IAAI,CAACK,IAAL,CAAUC,GAAG,IAAI;AAChC,UAAMC,KAAK,GAAGlC,OAAO,CAACiC,GAAD,CAArB;;AACA,QAAIC,KAAK,IAAIA,KAAK,KAAKvB,IAAI,CAACsB,GAAD,CAA3B,EAAkC;AAChC,aAAO,IAAP;AACD;AACF,GALgB,CAAjB;AAMA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, IdxTransactionMeta, TransactionMetaOptions, PKCETransactionMeta } from '../types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n  authClient: OktaAuthIdxInterface,\n  options: TransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n  const tokenParams = await authClient.token.prepareTokenParams(options);\n  const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n  let {\n    flow = 'default',\n    withCredentials = true,\n    activationToken = undefined,\n    recoveryToken = undefined,\n    maxAge = undefined,\n  } = { ...authClient.options, ...options }; // local options override SDK options\n\n  const meta: IdxTransactionMeta = {\n    ...pkceMeta,\n    flow,\n    withCredentials,\n    activationToken,\n    recoveryToken,\n    maxAge\n  };\n  return meta;\n}\n\nexport function hasSavedInteractionHandle(authClient: OktaAuthIdxInterface, options?: TransactionMetaOptions): boolean {\n  const savedMeta = getSavedTransactionMeta(authClient, options);\n  if (savedMeta?.interactionHandle) {\n    return true;\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n  authClient: OktaAuthIdxInterface,\n  options?: TransactionMetaOptions\n): IdxTransactionMeta | undefined {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  let savedMeta;\n  try {\n    savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n  } catch (e) {\n    // ignore errors here\n  }\n\n  if (!savedMeta) {\n    return;\n  }\n\n  if (isTransactionMetaValid(savedMeta, options)) {\n    return savedMeta;\n  }\n\n  // existing meta is not valid for this configuration\n  // this is common when changing configuration in local development environment\n  // in a production environment, this may indicate that two apps are sharing a storage key\n  warn('Saved transaction meta does not match the current configuration. ' + \n    'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuthIdxInterface,\n  options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  // Load existing transaction meta from storage\n  const validExistingMeta = getSavedTransactionMeta(authClient, options);\n  if (validExistingMeta) {\n    return validExistingMeta;\n  }\n  // No existing? Create new transaction meta.\n  return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuthIdxInterface, meta): void {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuthIdxInterface): void {\n  authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: TransactionMetaOptions  = {}): boolean {\n  // Validate against certain options. If these exist in options, they must match in meta\n  const keys = [\n    'issuer',\n    'clientId',\n    'redirectUri',\n    'state',\n    'codeChallenge',\n    'codeChallengeMethod',\n    'activationToken',\n    'recoveryToken'\n  ];\n  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n    return false;\n  }\n\n  // Validate configured flow\n  const { flow } = options;\n  if (isTransactionMetaValidForFlow(meta, flow) === false) {\n    return false;\n  }\n\n  return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n  // Specific flows should not share transaction data\n  const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n  if (shouldValidateFlow) {\n    if (flow !== meta.flow) {\n      // The flow has changed; abandon the old transaction\n      return false;\n    }\n  }\n  return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n  // returns false if values in meta do not match options\n  // if the option does not have a value for a specific key, it is ignored\n  const mismatch = keys.some(key => {\n    const value = options[key];\n    if (value && value !== meta[key]) {\n      return true;\n    }\n  });\n  return !mismatch;\n}\n"],"file":"transactionMeta.js"}

package/cjs/idx/types/api.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/types/api.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"mappings":";;;;IAkBYA,S;;;WAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,yBAAAA,S;;IAQAC,gB;;;WAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,gCAAAA,gB;;IA+CAC,U;;;WAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;GAAAA,U,0BAAAA,U;;AA+CL,SAASC,eAAT,CAAyBC,GAAzB,EAAyD;AAC9D,SAAOA,GAAG,KAAKA,GAAG,CAACC,GAAJ,IAAWD,GAAG,CAACE,EAApB,CAAV;AACD","sourcesContent":["import { APIError } from '../../types/api';\nimport { Tokens } from '../../types/Token';\nimport { PKCETransactionMeta } from '../../types/Transaction';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n} from './idx-js';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  relatesTo?: IdxAuthenticator;\n  mutable?: boolean;\n  visible?: boolean;\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  options?: IdxOption[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\nexport interface IdxTransactionMeta extends PKCETransactionMeta {\n  interactionHandle?: string;\n  remediations?: string[];\n  flow?: FlowIdentifier;\n  withCredentials?: boolean;\n  activationToken?: string;\n  recoveryToken?: string;\n  maxAge?: string | number;\n  useGenericRemediator?: boolean;\n}\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n"],"file":"api.js"}
+{"version":3,"sources":["../../../../lib/idx/types/api.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"mappings":";;;;IAkBYA,S;;;WAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,yBAAAA,S;;IAQAC,gB;;;WAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,gCAAAA,gB;;IAmDAC,U;;;WAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;GAAAA,U,0BAAAA,U;;AA8CL,SAASC,eAAT,CAAyBC,GAAzB,EAAyD;AAC9D,SAAOA,GAAG,KAAKA,GAAG,CAACC,GAAJ,IAAWD,GAAG,CAACE,EAApB,CAAV;AACD","sourcesContent":["import { APIError } from '../../types/api';\nimport { Tokens } from '../../types/Token';\nimport { PKCETransactionMeta } from '../../types/Transaction';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n} from './idx-js';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  mutable?: boolean;\n  visible?: boolean;\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  options?: IdxOption[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  refresh?: number;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\nexport interface IdxTransactionMeta extends PKCETransactionMeta {\n  interactionHandle?: string;\n  remediations?: string[];\n  flow?: FlowIdentifier;\n  withCredentials?: boolean;\n  activationToken?: string;\n  recoveryToken?: string;\n  maxAge?: string | number;\n}\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n"],"file":"api.js"}

package/cjs/idx/unlockAccount.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/unlockAccount.ts"],"names":["unlockAccount","authClient","options","flow","enabledFeatures","autoRemediate","IdxFeature","ACCOUNT_UNLOCK","AuthSdkError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAcO,eAAeA,aAAf,CACLC,UADK,EAC0BC,OAA6B,GAAG,EAD1D,EAEoB;AACzBA,EAAAA,OAAO,CAACC,IAAR,GAAe,eAAf,CADyB,CAGzB;;AACA,MAAI,CAAC,gDAA0BF,UAA1B,CAAL,EAA4C;AAC1C,UAAM;AAAEG,MAAAA;AAAF,QAAsB,MAAM,wCAAiBH,UAAjB,EAA6B,EAAE,GAAGC,OAAL;AAAcG,MAAAA,aAAa,EAAE;AAA7B,KAA7B,CAAlC;;AACA,QAAID,eAAe,IAAI,CAAC,uBAAAA,eAAe,MAAf,CAAAA,eAAe,EAAUE,kBAAWC,cAArB,CAAvC,EAA6E;AAC3E,YAAM,IAAIC,oBAAJ,CACJ,uFADI,CAAN;AAGD;AACF;;AAED,SAAO,cAAIP,UAAJ,EAAgB,EAAE,GAAGC;AAAL,GAAhB,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n  OktaAuthInterface, \n  AccountUnlockOptions, \n  IdxTransaction,\n  IdxFeature,\n} from '../types';\n\nexport async function unlockAccount(\n  authClient: OktaAuthInterface, options: AccountUnlockOptions = {}\n): Promise<IdxTransaction> {\n  options.flow = 'unlockAccount';\n\n  // Only check at the beginning of the transaction\n  if (!hasSavedInteractionHandle(authClient)) {\n    const { enabledFeatures } = await startTransaction(authClient, { ...options, autoRemediate: false });\n    if (enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK)) {\n      throw new AuthSdkError(\n        'Self Service Account Unlock is not supported based on your current org configuration.'\n      );\n    }\n  }\n\n  return run(authClient, { ...options });\n}\n"],"file":"unlockAccount.js"}
+{"version":3,"sources":["../../../lib/idx/unlockAccount.ts"],"names":["unlockAccount","authClient","options","flow","enabledFeatures","autoRemediate","IdxFeature","ACCOUNT_UNLOCK","AuthSdkError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAcO,eAAeA,aAAf,CACLC,UADK,EAC6BC,OAA6B,GAAG,EAD7D,EAEoB;AACzBA,EAAAA,OAAO,CAACC,IAAR,GAAe,eAAf,CADyB,CAGzB;;AACA,MAAI,CAAC,gDAA0BF,UAA1B,CAAL,EAA4C;AAC1C,UAAM;AAAEG,MAAAA;AAAF,QAAsB,MAAM,wCAAiBH,UAAjB,EAA6B,EAAE,GAAGC,OAAL;AAAcG,MAAAA,aAAa,EAAE;AAA7B,KAA7B,CAAlC;;AACA,QAAID,eAAe,IAAI,CAAC,uBAAAA,eAAe,MAAf,CAAAA,eAAe,EAAUE,kBAAWC,cAArB,CAAvC,EAA6E;AAC3E,YAAM,IAAIC,oBAAJ,CACJ,uFADI,CAAN;AAGD;AACF;;AAED,SAAO,cAAIP,UAAJ,EAAgB,EAAE,GAAGC;AAAL,GAAhB,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n  OktaAuthIdxInterface, \n  AccountUnlockOptions, \n  IdxTransaction,\n  IdxFeature,\n} from '../types';\n\nexport async function unlockAccount(\n  authClient: OktaAuthIdxInterface, options: AccountUnlockOptions = {}\n): Promise<IdxTransaction> {\n  options.flow = 'unlockAccount';\n\n  // Only check at the beginning of the transaction\n  if (!hasSavedInteractionHandle(authClient)) {\n    const { enabledFeatures } = await startTransaction(authClient, { ...options, autoRemediate: false });\n    if (enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK)) {\n      throw new AuthSdkError(\n        'Self Service Account Unlock is not supported based on your current org configuration.'\n      );\n    }\n  }\n\n  return run(authClient, { ...options });\n}\n"],"file":"unlockAccount.js"}

package/cjs/idx/util.js

@@ -38,8 +38,6 @@ var remediators = _interopRequireWildcard(require("./remediators"));
 
 var _GenericRemediator = require("./remediators/GenericRemediator");
 
-var _proceed = require("./proceed");
-
 var _types = require("./types");
 
 var _idxJs = require("./types/idx-js");
@@ -201,7 +199,7 @@ function getAvailableSteps(authClient, idxResponse, useGenericRemediator) {
     res.push({
       name,
       action: async params => {
-        return (0, _proceed.proceed)(authClient, {
+        return authClient.idx.proceed({
           actions: [{
             name,
             params

package/cjs/idx/util.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/util.ts"],"names":["isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","name","canResendFn","actions","actionName","getMessagesFromIdxRemediationValue","value","Array","isArray","messages","form","messagesFromForm","options","optionValues","forEach","option","messagesFromOptions","getMessagesFromResponse","rawIdxState","globalMessages","message","remediation","fieldMessages","seen","filtered","key","i18n","getEnabledFeatures","res","push","IdxFeature","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","authClient","useGenericRemediator","remediatorMap","remediators","map","remediatorClass","remediationName","T","getRemediatorClass","remediator","getNextStep","context","action","params","filterValuesForRemediation","values","remediations","r","valuesForRemediation","entry","undefined","GenericRemediator","getRemediator","idxRemediations","step","remediatorCandidates","isRemeditionInFlow","canRemediate","nextStep","canSkip","canResend","handleIdxError","e","requestDidSucceed","terminal"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AACA;;AAEA;;AACA;;AACA;;AACA;;;;;;AAGO,SAASA,kBAAT,CAA4BC,WAA5B,EAAsD;AAC3D,QAAM;AAAEC,IAAAA,eAAF;AAAmBC,IAAAA;AAAnB,MAAuCF,WAA7C;AACA,SAAO,CAACC,eAAe,CAACE,MAAjB,IAA2B,CAACD,eAAnC;AACD;;AAEM,SAASE,SAAT,CAAmBJ,WAAnB,EAA6C;AAClD,SAAOA,WAAW,CAACC,eAAZ,CAA4BI,IAA5B,CAAiC,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,MAAxD,CAAP;AACD;;AAEM,SAASC,WAAT,CAAqBP,WAArB,EAA+C;AACpD,SAAO,mBAAYA,WAAW,CAACQ,OAAxB,EAAiCH,IAAjC,CAAsCI,UAAU,IAAI,uBAAAA,UAAU,MAAV,CAAAA,UAAU,EAAU,QAAV,CAA9D,CAAP;AACD;;AAEM,SAASC,kCAAT,CACLC,KADK,EAEqB;AAC1B,MAAI,CAACA,KAAD,IAAU,CAACC,KAAK,CAACC,OAAN,CAAcF,KAAd,CAAf,EAAqC;AACnC;AACD;;AACD,SAAO,qBAAAA,KAAK,MAAL,CAAAA,KAAK,EAAQ,CAACG,QAAD,EAAWH,KAAX,KAAqB;AACvC,QAAIA,KAAK,CAACG,QAAV,EAAoB;AAClBA,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGH,KAAK,CAACG,QAAN,CAAeH,KAAhC,CAAX;AACD;;AACD,QAAIA,KAAK,CAACI,IAAV,EAAgB;AACd,YAAMC,gBAAgB,GAAGN,kCAAkC,CAACC,KAAK,CAACI,IAAN,CAAWJ,KAAZ,CAAlC,IAAwD,EAAjF;AACAG,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGE,gBAAjB,CAAX;AACD;;AACD,QAAIL,KAAK,CAACM,OAAV,EAAmB;AACjB,UAAIC,YAAY,GAAG,EAAnB;AACAP,MAAAA,KAAK,CAACM,OAAN,CAAcE,OAAd,CAAsBC,MAAM,IAAI;AAC9B,YAAI,CAACA,MAAM,CAACT,KAAR,IAAiB,OAAOS,MAAM,CAACT,KAAd,KAAwB,QAA7C,EAAuD;AACrD;AACD;;AACDO,QAAAA,YAAY,GAAG,CAAC,GAAGA,YAAJ,EAAkBE,MAAM,CAACT,KAAzB,CAAf;AACD,OALD;AAMA,YAAMU,mBAAmB,GAAGX,kCAAkC,CAACQ,YAAD,CAAlC,IAAoD,EAAhF;AACAJ,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGO,mBAAjB,CAAX;AACD;;AACD,WAAOP,QAAP;AACD,GApBW,EAoBT,EApBS,CAAZ;AAqBD;;AAEM,SAASQ,uBAAT,CAAiCtB,WAAjC,EAAyE;AAAA;;AAC9E,MAAIc,QAAsB,GAAG,EAA7B;AACA,QAAM;AAAES,IAAAA,WAAF;AAAetB,IAAAA;AAAf,MAAmCD,WAAzC,CAF8E,CAI9E;;AACA,QAAMwB,cAAc,4BAAGD,WAAW,CAACT,QAAf,0DAAG,mDAAsBH,KAAtB,iBAAgCc,OAAO,IAAIA,OAA3C,CAAvB;;AACA,MAAID,cAAJ,EAAoB;AAClBV,IAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGU,cAAjB,CAAX;AACD,GAR6E,CAU9E;;;AACA,OAAK,IAAIE,WAAT,IAAwBzB,eAAxB,EAAyC;AACvC,UAAM0B,aAAa,GAAGjB,kCAAkC,CAACgB,WAAW,CAACf,KAAb,CAAxD;;AACA,QAAIgB,aAAJ,EAAmB;AACjBb,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGa,aAAjB,CAAX;AACD;AACF,GAhB6E,CAkB9E;;;AACA,QAAMC,IAAI,GAAG,EAAb;AACAd,EAAAA,QAAQ,GAAG,qBAAAA,QAAQ,MAAR,CAAAA,QAAQ,EAAQ,CAACe,QAAD,EAAWJ,OAAX,KAAuB;AAAA;;AAChD,UAAMK,GAAG,oBAAGL,OAAO,CAACM,IAAX,kDAAG,cAAcD,GAA1B;;AACA,QAAIA,GAAG,IAAIF,IAAI,CAACE,GAAD,CAAf,EAAsB;AACpB,aAAOD,QAAP;AACD;;AACDD,IAAAA,IAAI,CAACE,GAAD,CAAJ,GAAYL,OAAZ;AACAI,IAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAcJ,OAAd,CAAX;AACA,WAAOI,QAAP;AACD,GARkB,EAQhB,EARgB,CAAnB;AASA,SAAOf,QAAP;AACD;;AAGM,SAASkB,kBAAT,CAA4BhC,WAA5B,EAAoE;AACzE,QAAMiC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEzB,IAAAA,OAAF;AAAWP,IAAAA;AAAX,MAA+BD,WAArC;;AAEA,MAAIQ,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CyB,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAInC,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxE2B,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWE,YAApB;AACD;;AAED,MAAIpC,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/D2B,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWG,UAApB;AACD;;AAED,MAAIrC,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,gBAA5C,CAAJ,EAAmE;AACjE2B,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWI,cAApB;AACD;;AAED,SAAON,GAAP;AACD;;AAEM,SAASO,iBAAT,CACLC,UADK,EAELzC,WAFK,EAGL0C,oBAHK,EAIO;AAAA;;AACZ,QAAMT,GAAe,GAAG,EAAxB;AAEA,QAAMU,aAAoD,GAAG,sDAAcC,WAAd,mBACnD,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChC;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GAP0D,EAOxD,EAPwD,CAA7D;;AASA,OAAK,IAAInB,WAAT,IAAwB1B,WAAW,CAACC,eAApC,EAAqD;AACnD,UAAM+C,CAAC,GAAGC,kBAAkB,CAACvB,WAAD,EAAc;AAAEgB,MAAAA,oBAAF;AAAwBE,MAAAA,WAAW,EAAED;AAArC,KAAd,CAA5B;;AACA,QAAIK,CAAJ,EAAO;AACL,YAAME,UAAsB,GAAG,IAAIF,CAAJ,CAAMtB,WAAN,CAA/B;AACAO,MAAAA,GAAG,CAACC,IAAJ,CAAUgB,UAAU,CAACC,WAAX,CAAuBV,UAAvB,EAAmCzC,WAAW,CAACoD,OAA/C,CAAV;AACD;AACF;;AAED,OAAK,MAAM,CAAC9C,IAAD,CAAX,IAAqB,sBAAgBN,WAAW,CAACQ,OAAZ,IAAuB,EAAvC,CAArB,EAAkE;AAChEyB,IAAAA,GAAG,CAACC,IAAJ,CAAS;AACP5B,MAAAA,IADO;AAEP+C,MAAAA,MAAM,EAAE,MAAOC,MAAP,IAAmB;AACzB,eAAO,sBAAQb,UAAR,EAAoB;AACzBjC,UAAAA,OAAO,EAAE,CAAC;AAAEF,YAAAA,IAAF;AAAQgD,YAAAA;AAAR,WAAD;AADgB,SAApB,CAAP;AAGD;AANM,KAAT;AAQD;;AAED,SAAOrB,GAAP;AACD;;AAEM,SAASsB,0BAAT,CACLvD,WADK,EAEL+C,eAFK,EAGLS,MAHK,EAIc;AAAA;;AACnB,QAAMC,YAAY,GAAGzD,WAAW,CAACC,eAAZ,IAA+B,EAApD;AACA,QAAMyB,WAAW,GAAG,mBAAA+B,YAAY,MAAZ,CAAAA,YAAY,EAAMC,CAAC,IAAIA,CAAC,CAACpD,IAAF,KAAWyC,eAAtB,CAAhC;;AACA,MAAI,CAACrB,WAAL,EAAkB;AAChB;AACA,oBAAM,gCAA+BqB,eAAgB,kCAArD;AACA,WAAOS,MAAP;AACD,GAPkB,CASnB;;;AACA,QAAMG,oBAAoB,GAAG,iCAAAjC,WAAW,CAACf,KAAZ,kBAA0B,CAACsB,GAAD,EAAM2B,KAAN,KAAgB;AACrE,UAAM;AAAEtD,MAAAA,IAAF;AAAQK,MAAAA;AAAR,QAAkBiD,KAAxB;;AACA,QAAItD,IAAI,KAAK,aAAb,EAA4B;AAC1B2B,MAAAA,GAAG,CAAC3B,IAAD,CAAH,GAAYK,KAAZ,CAD0B,CACP;AACpB,KAFD,MAEO;AACLsB,MAAAA,GAAG,CAAC3B,IAAD,CAAH,GAAYkD,MAAM,CAAClD,IAAD,CAAlB,CADK,CACqB;AAC3B;;AACD,WAAO2B,GAAP;AACD,GAR4B,EAQ1B,EAR0B,CAA7B;AASA,SAAO0B,oBAAP;AACD;;AAED,SAASV,kBAAT,CAA4BvB,WAA5B,EAAyDT,OAAzD,EAAoF;AAClF,QAAM;AAAEyB,IAAAA,oBAAF;AAAwBE,IAAAA;AAAxB,MAAwC3B,OAA9C;;AAEA,MAAI,CAACS,WAAL,EAAkB;AAChB,WAAOmC,SAAP;AACD;;AAED,MAAInB,oBAAJ,EAA0B;AACxB,WAAOoB,oCAAP;AACD,GATiF,CAWlF;;;AACA,SAAOlB,WAAW,CAAElB,WAAW,CAACpB,IAAd,CAAlB;AACD,C,CAED;AACA;;;AACO,SAASyD,aAAT,CACLC,eADK,EAELR,MAFK,EAGLvC,OAHK,EAImB;AACxB;AACA,QAAM2B,WAAW,GAAG3B,OAAO,CAAC2B,WAA5B;AACA,QAAMF,oBAAoB,GAAGzB,OAAO,CAACyB,oBAArC;AAEA,MAAIQ,UAAJ,CALwB,CAMxB;;AACA,MAAIjC,OAAO,CAACgD,IAAZ,EAAkB;AAChB;AACA,UAAMvC,WAAW,GAAG,mBAAAsC,eAAe,MAAf,CAAAA,eAAe,EAAM,CAAC;AAAE1D,MAAAA;AAAF,KAAD,KAAcA,IAAI,KAAKW,OAAO,CAACgD,IAArC,CAAnC;;AACA,QAAIvC,WAAJ,EAAiB;AACf,YAAMsB,CAAC,GAAGC,kBAAkB,CAACvB,WAAD,EAAcT,OAAd,CAA5B;AACA,aAAO+B,CAAC,GAAG,IAAIA,CAAJ,CAAMtB,WAAN,EAAmB8B,MAAnB,EAA2BvC,OAA3B,CAAH,GAAyC4C,SAAjD;AACD,KAHD,MAGO;AACL;AACA,sBAAM,SAAQ5C,OAAO,CAACgD,IAAK,kCAA3B;AACA;AACD;AACF;;AAED,QAAMC,oBAAkC,GAAG,EAA3C;;AACA,MAAIxB,oBAAJ,EAA0B;AACxB;AACAwB,IAAAA,oBAAoB,CAAChC,IAArB,CAA0B,IAAI4B,oCAAJ,CAAsBE,eAAe,CAAC,CAAD,CAArC,EAA0CR,MAA1C,EAAkDvC,OAAlD,CAA1B;AACD,GAHD,MAGO;AACL,SAAK,IAAIS,WAAT,IAAwBsC,eAAxB,EAAyC;AAAA;;AACvC,YAAMG,kBAAkB,GAAG,sDAAYvB,WAAZ,mBAA4ClB,WAAW,CAACpB,IAAxD,CAA3B;;AACA,UAAI,CAAC6D,kBAAL,EAAyB;AACvB;AACD,OAJsC,CAMvC;;;AACA,YAAMnB,CAAC,GAAGC,kBAAkB,CAACvB,WAAD,EAAcT,OAAd,CAA5B;AACAiC,MAAAA,UAAU,GAAG,IAAIF,CAAJ,CAAMtB,WAAN,EAAmB8B,MAAnB,EAA2BvC,OAA3B,CAAb;;AACA,UAAIiC,UAAU,CAACkB,YAAX,EAAJ,EAA+B;AAC7B;AACA,eAAOlB,UAAP;AACD,OAZsC,CAavC;AACA;;;AACAgB,MAAAA,oBAAoB,CAAChC,IAArB,CAA0BgB,UAA1B;AACD;AACF;;AAED,SAAOgB,oBAAoB,CAAC,CAAD,CAA3B;AACD;;AAGM,SAASf,WAAT,CACLV,UADK,EAC0BS,UAD1B,EACkDlD,WADlD,EAEK;AACV,QAAMqE,QAAQ,GAAGnB,UAAU,CAACC,WAAX,CAAuBV,UAAvB,EAAmCzC,WAAW,CAACoD,OAA/C,CAAjB;AACA,QAAMkB,OAAO,GAAGlE,SAAS,CAACJ,WAAD,CAAzB;AACA,QAAMuE,SAAS,GAAGhE,WAAW,CAACP,WAAD,CAA7B;AACA,SAAO,EACL,GAAGqE,QADE;AAEL,QAAIC,OAAO,IAAI;AAACA,MAAAA;AAAD,KAAf,CAFK;AAGL,QAAIC,SAAS,IAAI;AAACA,MAAAA;AAAD,KAAjB;AAHK,GAAP;AAKD;;AAEM,SAASC,cAAT,CAAwB/B,UAAxB,EAAuDgC,CAAvD,EAA0DvB,UAA1D,EAA4F;AACjG;AACA,MAAIlD,WAAW,GAAG,0BAAcyE,CAAd,IAAmBA,CAAnB,GAAuB,IAAzC;;AACA,MAAI,CAACzE,WAAL,EAAkB;AAChB;AACA,UAAMyE,CAAN;AACD;;AACDzE,EAAAA,WAAW,GAAG,EACZ,GAAGA,WADS;AAEZ0E,IAAAA,iBAAiB,EAAE;AAFP,GAAd;AAIA,QAAMC,QAAQ,GAAG5E,kBAAkB,CAACC,WAAD,CAAnC;AACA,QAAMc,QAAQ,GAAGQ,uBAAuB,CAACtB,WAAD,CAAxC;;AACA,MAAI2E,QAAJ,EAAc;AACZ,WAAO;AAAE3E,MAAAA,WAAF;AAAe2E,MAAAA,QAAf;AAAyB7D,MAAAA;AAAzB,KAAP;AACD,GAFD,MAEO;AACL,UAAMuD,QAAQ,GAAGnB,UAAU,IAAIC,WAAW,CAACV,UAAD,EAAaS,UAAb,EAAyBlD,WAAzB,CAA1C;AACA,WAAO;AACLA,MAAAA,WADK;AAELc,MAAAA,QAFK;AAGL,UAAIuD,QAAQ,IAAI;AAAEA,QAAAA;AAAF,OAAhB;AAHK,KAAP;AAKD;AACF","sourcesContent":["import { warn } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { proceed } from './proceed';\nimport { IdxFeature, NextStep, RemediateOptions, RemediationResponse } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse, isIdxResponse } from './types/idx-js';\nimport { OktaAuthInterface } from '../types';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n  const { neededToProceed, interactionCode } = idxResponse;\n  return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n  return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n  return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n  value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n  if (!value || !Array.isArray(value)) {\n    return;\n  }\n  return value.reduce((messages, value) => {\n    if (value.messages) {\n      messages = [...messages, ...value.messages.value] as never;\n    }\n    if (value.form) {\n      const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n      messages = [...messages, ...messagesFromForm] as never;\n    } \n    if (value.options) {\n      let optionValues = [];\n      value.options.forEach(option => {\n        if (!option.value || typeof option.value === 'string') {\n          return;\n        }\n        optionValues = [...optionValues, option.value] as never;\n      });\n      const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n      messages = [...messages, ...messagesFromOptions] as never;\n    }\n    return messages;\n  }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse): IdxMessage[] {\n  let messages: IdxMessage[] = [];\n  const { rawIdxState, neededToProceed } = idxResponse;\n\n  // Handle global messages\n  const globalMessages = rawIdxState.messages?.value.map(message => message);\n  if (globalMessages) {\n    messages = [...messages, ...globalMessages] as never;\n  }\n\n  // Handle field messages for current flow\n  for (let remediation of neededToProceed) {\n    const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n    if (fieldMessages) {\n      messages = [...messages, ...fieldMessages] as never;\n    }\n  }\n\n  // API may return identical error on same field, filter by i18n key\n  const seen = {};\n  messages = messages.reduce((filtered, message) => {\n    const key = message.i18n?.key;\n    if (key && seen[key]) {\n      return filtered;\n    }\n    seen[key] = message;\n    filtered = [...filtered, message] as never;\n    return filtered;\n  }, []);\n  return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n    res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n  }\n\n  return res;\n}\n\nexport function getAvailableSteps(\n  authClient: OktaAuthInterface, \n  idxResponse: IdxResponse, \n  useGenericRemediator?: boolean\n): NextStep[] {\n  const res: NextStep[] = [];\n\n  const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n    .reduce((map, remediatorClass) => {\n      // Only add concrete subclasses to the map\n      if (remediatorClass.remediationName) {\n        map[remediatorClass.remediationName] = remediatorClass;\n      }\n      return map;\n    }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n    if (T) {\n      const remediator: Remediator = new T(remediation);\n      res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n    }\n  }\n\n  for (const [name] of Object.entries((idxResponse.actions || {}))) {\n    res.push({ \n      name, \n      action: async (params?) => {\n        return proceed(authClient, { \n          actions: [{ name, params }] \n        });\n      }\n    });\n  }\n\n  return res;\n}\n\nexport function filterValuesForRemediation(\n  idxResponse: IdxResponse,\n  remediationName: string,\n  values: RemediationValues\n): RemediationValues {\n  const remediations = idxResponse.neededToProceed || [];\n  const remediation = remediations.find(r => r.name === remediationName);\n  if (!remediation) {\n    // step was specified, but remediation was not found. This is unexpected!\n    warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n    return values;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n    const { name, value } = entry;\n    if (name === 'stateHandle') {\n      res[name] = value; // use the stateHandle value in the remediation\n    } else {\n      res[name] = values[name]; // use the value provided by the caller\n    }\n    return res;\n  }, {});\n  return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n  const { useGenericRemediator, remediators } = options;\n  \n  if (!remediation) {\n    return undefined;\n  }\n\n  if (useGenericRemediator) {\n    return GenericRemediator;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n  idxRemediations: IdxRemediation[],\n  values: RemediationValues,\n  options: RemediateOptions,\n): Remediator | undefined {\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const remediators = options.remediators!;\n  const useGenericRemediator = options.useGenericRemediator;\n\n  let remediator: Remediator;\n  // remediation name specified by caller - fast-track remediator lookup \n  if (options.step) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n    if (remediation) {\n      const T = getRemediatorClass(remediation, options);\n      return T ? new T(remediation, values, options) : undefined;\n    } else {\n      // step was specified, but remediation was not found. This is unexpected!\n      warn(`step \"${options.step}\" did not match any remediations`);\n      return;\n    }\n  }\n\n  const remediatorCandidates: Remediator[] = [];\n  if (useGenericRemediator) {\n    // always pick the first remediation for when use GenericRemediator\n    remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n  } else {\n    for (let remediation of idxRemediations) {\n      const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n      if (!isRemeditionInFlow) {\n        continue;\n      }\n\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      const T = getRemediatorClass(remediation, options)!;\n      remediator = new T(remediation, values, options);\n      if (remediator.canRemediate()) {\n        // found the remediator\n        return remediator;\n      }\n      // remediator cannot handle the current values\n      // maybe return for next step\n      remediatorCandidates.push(remediator);  \n    }\n  }\n  \n  return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n  authClient: OktaAuthInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n  const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n  const canSkip = canSkipFn(idxResponse);\n  const canResend = canResendFn(idxResponse);\n  return {\n    ...nextStep,\n    ...(canSkip && {canSkip}),\n    ...(canResend && {canResend}),\n  };\n}\n\nexport function handleIdxError(authClient: OktaAuthInterface, e, remediator?): RemediationResponse {\n  // Handle idx messages\n  let idxResponse = isIdxResponse(e) ? e : null;\n  if (!idxResponse) {\n    // Thrown error terminates the interaction with idx\n    throw e;\n  }\n  idxResponse = {\n    ...idxResponse,\n    requestDidSucceed: false\n  };\n  const terminal = isTerminalResponse(idxResponse);\n  const messages = getMessagesFromResponse(idxResponse);\n  if (terminal) {\n    return { idxResponse, terminal, messages };\n  } else {\n    const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n    return { \n      idxResponse,\n      messages, \n      ...(nextStep && { nextStep }) \n    };\n  }\n}\n"],"file":"util.js"}
+{"version":3,"sources":["../../../lib/idx/util.ts"],"names":["isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","name","canResendFn","actions","actionName","getMessagesFromIdxRemediationValue","value","Array","isArray","messages","form","messagesFromForm","options","optionValues","forEach","option","messagesFromOptions","getMessagesFromResponse","rawIdxState","globalMessages","message","remediation","fieldMessages","seen","filtered","key","i18n","getEnabledFeatures","res","push","IdxFeature","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","authClient","useGenericRemediator","remediatorMap","remediators","map","remediatorClass","remediationName","T","getRemediatorClass","remediator","getNextStep","context","action","params","idx","proceed","filterValuesForRemediation","values","remediations","r","valuesForRemediation","entry","undefined","GenericRemediator","getRemediator","idxRemediations","step","remediatorCandidates","isRemeditionInFlow","canRemediate","nextStep","canSkip","canResend","handleIdxError","e","requestDidSucceed","terminal"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AACA;;AAEA;;AACA;;AACA;;;;;;AAGO,SAASA,kBAAT,CAA4BC,WAA5B,EAAsD;AAC3D,QAAM;AAAEC,IAAAA,eAAF;AAAmBC,IAAAA;AAAnB,MAAuCF,WAA7C;AACA,SAAO,CAACC,eAAe,CAACE,MAAjB,IAA2B,CAACD,eAAnC;AACD;;AAEM,SAASE,SAAT,CAAmBJ,WAAnB,EAA6C;AAClD,SAAOA,WAAW,CAACC,eAAZ,CAA4BI,IAA5B,CAAiC,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,MAAxD,CAAP;AACD;;AAEM,SAASC,WAAT,CAAqBP,WAArB,EAA+C;AACpD,SAAO,mBAAYA,WAAW,CAACQ,OAAxB,EAAiCH,IAAjC,CAAsCI,UAAU,IAAI,uBAAAA,UAAU,MAAV,CAAAA,UAAU,EAAU,QAAV,CAA9D,CAAP;AACD;;AAEM,SAASC,kCAAT,CACLC,KADK,EAEqB;AAC1B,MAAI,CAACA,KAAD,IAAU,CAACC,KAAK,CAACC,OAAN,CAAcF,KAAd,CAAf,EAAqC;AACnC;AACD;;AACD,SAAO,qBAAAA,KAAK,MAAL,CAAAA,KAAK,EAAQ,CAACG,QAAD,EAAWH,KAAX,KAAqB;AACvC,QAAIA,KAAK,CAACG,QAAV,EAAoB;AAClBA,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGH,KAAK,CAACG,QAAN,CAAeH,KAAhC,CAAX;AACD;;AACD,QAAIA,KAAK,CAACI,IAAV,EAAgB;AACd,YAAMC,gBAAgB,GAAGN,kCAAkC,CAACC,KAAK,CAACI,IAAN,CAAWJ,KAAZ,CAAlC,IAAwD,EAAjF;AACAG,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGE,gBAAjB,CAAX;AACD;;AACD,QAAIL,KAAK,CAACM,OAAV,EAAmB;AACjB,UAAIC,YAAY,GAAG,EAAnB;AACAP,MAAAA,KAAK,CAACM,OAAN,CAAcE,OAAd,CAAsBC,MAAM,IAAI;AAC9B,YAAI,CAACA,MAAM,CAACT,KAAR,IAAiB,OAAOS,MAAM,CAACT,KAAd,KAAwB,QAA7C,EAAuD;AACrD;AACD;;AACDO,QAAAA,YAAY,GAAG,CAAC,GAAGA,YAAJ,EAAkBE,MAAM,CAACT,KAAzB,CAAf;AACD,OALD;AAMA,YAAMU,mBAAmB,GAAGX,kCAAkC,CAACQ,YAAD,CAAlC,IAAoD,EAAhF;AACAJ,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGO,mBAAjB,CAAX;AACD;;AACD,WAAOP,QAAP;AACD,GApBW,EAoBT,EApBS,CAAZ;AAqBD;;AAEM,SAASQ,uBAAT,CAAiCtB,WAAjC,EAAyE;AAAA;;AAC9E,MAAIc,QAAsB,GAAG,EAA7B;AACA,QAAM;AAAES,IAAAA,WAAF;AAAetB,IAAAA;AAAf,MAAmCD,WAAzC,CAF8E,CAI9E;;AACA,QAAMwB,cAAc,4BAAGD,WAAW,CAACT,QAAf,0DAAG,mDAAsBH,KAAtB,iBAAgCc,OAAO,IAAIA,OAA3C,CAAvB;;AACA,MAAID,cAAJ,EAAoB;AAClBV,IAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGU,cAAjB,CAAX;AACD,GAR6E,CAU9E;;;AACA,OAAK,IAAIE,WAAT,IAAwBzB,eAAxB,EAAyC;AACvC,UAAM0B,aAAa,GAAGjB,kCAAkC,CAACgB,WAAW,CAACf,KAAb,CAAxD;;AACA,QAAIgB,aAAJ,EAAmB;AACjBb,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGa,aAAjB,CAAX;AACD;AACF,GAhB6E,CAkB9E;;;AACA,QAAMC,IAAI,GAAG,EAAb;AACAd,EAAAA,QAAQ,GAAG,qBAAAA,QAAQ,MAAR,CAAAA,QAAQ,EAAQ,CAACe,QAAD,EAAWJ,OAAX,KAAuB;AAAA;;AAChD,UAAMK,GAAG,oBAAGL,OAAO,CAACM,IAAX,kDAAG,cAAcD,GAA1B;;AACA,QAAIA,GAAG,IAAIF,IAAI,CAACE,GAAD,CAAf,EAAsB;AACpB,aAAOD,QAAP;AACD;;AACDD,IAAAA,IAAI,CAACE,GAAD,CAAJ,GAAYL,OAAZ;AACAI,IAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAcJ,OAAd,CAAX;AACA,WAAOI,QAAP;AACD,GARkB,EAQhB,EARgB,CAAnB;AASA,SAAOf,QAAP;AACD;;AAGM,SAASkB,kBAAT,CAA4BhC,WAA5B,EAAoE;AACzE,QAAMiC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEzB,IAAAA,OAAF;AAAWP,IAAAA;AAAX,MAA+BD,WAArC;;AAEA,MAAIQ,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CyB,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAInC,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxE2B,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWE,YAApB;AACD;;AAED,MAAIpC,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/D2B,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWG,UAApB;AACD;;AAED,MAAIrC,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,gBAA5C,CAAJ,EAAmE;AACjE2B,IAAAA,GAAG,CAACC,IAAJ,CAASC,kBAAWI,cAApB;AACD;;AAED,SAAON,GAAP;AACD;;AAEM,SAASO,iBAAT,CACLC,UADK,EAELzC,WAFK,EAGL0C,oBAHK,EAIO;AAAA;;AACZ,QAAMT,GAAe,GAAG,EAAxB;AAEA,QAAMU,aAAoD,GAAG,sDAAcC,WAAd,mBACnD,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChC;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GAP0D,EAOxD,EAPwD,CAA7D;;AASA,OAAK,IAAInB,WAAT,IAAwB1B,WAAW,CAACC,eAApC,EAAqD;AACnD,UAAM+C,CAAC,GAAGC,kBAAkB,CAACvB,WAAD,EAAc;AAAEgB,MAAAA,oBAAF;AAAwBE,MAAAA,WAAW,EAAED;AAArC,KAAd,CAA5B;;AACA,QAAIK,CAAJ,EAAO;AACL,YAAME,UAAsB,GAAG,IAAIF,CAAJ,CAAMtB,WAAN,CAA/B;AACAO,MAAAA,GAAG,CAACC,IAAJ,CAAUgB,UAAU,CAACC,WAAX,CAAuBV,UAAvB,EAAmCzC,WAAW,CAACoD,OAA/C,CAAV;AACD;AACF;;AAED,OAAK,MAAM,CAAC9C,IAAD,CAAX,IAAqB,sBAAgBN,WAAW,CAACQ,OAAZ,IAAuB,EAAvC,CAArB,EAAkE;AAChEyB,IAAAA,GAAG,CAACC,IAAJ,CAAS;AACP5B,MAAAA,IADO;AAEP+C,MAAAA,MAAM,EAAE,MAAOC,MAAP,IAAmB;AACzB,eAAOb,UAAU,CAACc,GAAX,CAAeC,OAAf,CAAuB;AAC5BhD,UAAAA,OAAO,EAAE,CAAC;AAAEF,YAAAA,IAAF;AAAQgD,YAAAA;AAAR,WAAD;AADmB,SAAvB,CAAP;AAGD;AANM,KAAT;AAQD;;AAED,SAAOrB,GAAP;AACD;;AAEM,SAASwB,0BAAT,CACLzD,WADK,EAEL+C,eAFK,EAGLW,MAHK,EAIc;AAAA;;AACnB,QAAMC,YAAY,GAAG3D,WAAW,CAACC,eAAZ,IAA+B,EAApD;AACA,QAAMyB,WAAW,GAAG,mBAAAiC,YAAY,MAAZ,CAAAA,YAAY,EAAMC,CAAC,IAAIA,CAAC,CAACtD,IAAF,KAAWyC,eAAtB,CAAhC;;AACA,MAAI,CAACrB,WAAL,EAAkB;AAChB;AACA,oBAAM,gCAA+BqB,eAAgB,kCAArD;AACA,WAAOW,MAAP;AACD,GAPkB,CASnB;;;AACA,QAAMG,oBAAoB,GAAG,iCAAAnC,WAAW,CAACf,KAAZ,kBAA0B,CAACsB,GAAD,EAAM6B,KAAN,KAAgB;AACrE,UAAM;AAAExD,MAAAA,IAAF;AAAQK,MAAAA;AAAR,QAAkBmD,KAAxB;;AACA,QAAIxD,IAAI,KAAK,aAAb,EAA4B;AAC1B2B,MAAAA,GAAG,CAAC3B,IAAD,CAAH,GAAYK,KAAZ,CAD0B,CACP;AACpB,KAFD,MAEO;AACLsB,MAAAA,GAAG,CAAC3B,IAAD,CAAH,GAAYoD,MAAM,CAACpD,IAAD,CAAlB,CADK,CACqB;AAC3B;;AACD,WAAO2B,GAAP;AACD,GAR4B,EAQ1B,EAR0B,CAA7B;AASA,SAAO4B,oBAAP;AACD;;AAED,SAASZ,kBAAT,CAA4BvB,WAA5B,EAAyDT,OAAzD,EAAoF;AAClF,QAAM;AAAEyB,IAAAA,oBAAF;AAAwBE,IAAAA;AAAxB,MAAwC3B,OAA9C;;AAEA,MAAI,CAACS,WAAL,EAAkB;AAChB,WAAOqC,SAAP;AACD;;AAED,MAAIrB,oBAAJ,EAA0B;AACxB,WAAOsB,oCAAP;AACD,GATiF,CAWlF;;;AACA,SAAOpB,WAAW,CAAElB,WAAW,CAACpB,IAAd,CAAlB;AACD,C,CAED;AACA;;;AACO,SAAS2D,aAAT,CACLC,eADK,EAELR,MAFK,EAGLzC,OAHK,EAImB;AACxB;AACA,QAAM2B,WAAW,GAAG3B,OAAO,CAAC2B,WAA5B;AACA,QAAMF,oBAAoB,GAAGzB,OAAO,CAACyB,oBAArC;AAEA,MAAIQ,UAAJ,CALwB,CAMxB;;AACA,MAAIjC,OAAO,CAACkD,IAAZ,EAAkB;AAChB;AACA,UAAMzC,WAAW,GAAG,mBAAAwC,eAAe,MAAf,CAAAA,eAAe,EAAM,CAAC;AAAE5D,MAAAA;AAAF,KAAD,KAAcA,IAAI,KAAKW,OAAO,CAACkD,IAArC,CAAnC;;AACA,QAAIzC,WAAJ,EAAiB;AACf,YAAMsB,CAAC,GAAGC,kBAAkB,CAACvB,WAAD,EAAcT,OAAd,CAA5B;AACA,aAAO+B,CAAC,GAAG,IAAIA,CAAJ,CAAMtB,WAAN,EAAmBgC,MAAnB,EAA2BzC,OAA3B,CAAH,GAAyC8C,SAAjD;AACD,KAHD,MAGO;AACL;AACA,sBAAM,SAAQ9C,OAAO,CAACkD,IAAK,kCAA3B;AACA;AACD;AACF;;AAED,QAAMC,oBAAkC,GAAG,EAA3C;;AACA,MAAI1B,oBAAJ,EAA0B;AACxB;AACA0B,IAAAA,oBAAoB,CAAClC,IAArB,CAA0B,IAAI8B,oCAAJ,CAAsBE,eAAe,CAAC,CAAD,CAArC,EAA0CR,MAA1C,EAAkDzC,OAAlD,CAA1B;AACD,GAHD,MAGO;AACL,SAAK,IAAIS,WAAT,IAAwBwC,eAAxB,EAAyC;AAAA;;AACvC,YAAMG,kBAAkB,GAAG,sDAAYzB,WAAZ,mBAA4ClB,WAAW,CAACpB,IAAxD,CAA3B;;AACA,UAAI,CAAC+D,kBAAL,EAAyB;AACvB;AACD,OAJsC,CAMvC;;;AACA,YAAMrB,CAAC,GAAGC,kBAAkB,CAACvB,WAAD,EAAcT,OAAd,CAA5B;AACAiC,MAAAA,UAAU,GAAG,IAAIF,CAAJ,CAAMtB,WAAN,EAAmBgC,MAAnB,EAA2BzC,OAA3B,CAAb;;AACA,UAAIiC,UAAU,CAACoB,YAAX,EAAJ,EAA+B;AAC7B;AACA,eAAOpB,UAAP;AACD,OAZsC,CAavC;AACA;;;AACAkB,MAAAA,oBAAoB,CAAClC,IAArB,CAA0BgB,UAA1B;AACD;AACF;;AAED,SAAOkB,oBAAoB,CAAC,CAAD,CAA3B;AACD;;AAGM,SAASjB,WAAT,CACLV,UADK,EAC6BS,UAD7B,EACqDlD,WADrD,EAEK;AACV,QAAMuE,QAAQ,GAAGrB,UAAU,CAACC,WAAX,CAAuBV,UAAvB,EAAmCzC,WAAW,CAACoD,OAA/C,CAAjB;AACA,QAAMoB,OAAO,GAAGpE,SAAS,CAACJ,WAAD,CAAzB;AACA,QAAMyE,SAAS,GAAGlE,WAAW,CAACP,WAAD,CAA7B;AACA,SAAO,EACL,GAAGuE,QADE;AAEL,QAAIC,OAAO,IAAI;AAACA,MAAAA;AAAD,KAAf,CAFK;AAGL,QAAIC,SAAS,IAAI;AAACA,MAAAA;AAAD,KAAjB;AAHK,GAAP;AAKD;;AAEM,SAASC,cAAT,CAAwBjC,UAAxB,EAA0DkC,CAA1D,EAA6DzB,UAA7D,EAA+F;AACpG;AACA,MAAIlD,WAAW,GAAG,0BAAc2E,CAAd,IAAmBA,CAAnB,GAAuB,IAAzC;;AACA,MAAI,CAAC3E,WAAL,EAAkB;AAChB;AACA,UAAM2E,CAAN;AACD;;AACD3E,EAAAA,WAAW,GAAG,EACZ,GAAGA,WADS;AAEZ4E,IAAAA,iBAAiB,EAAE;AAFP,GAAd;AAIA,QAAMC,QAAQ,GAAG9E,kBAAkB,CAACC,WAAD,CAAnC;AACA,QAAMc,QAAQ,GAAGQ,uBAAuB,CAACtB,WAAD,CAAxC;;AACA,MAAI6E,QAAJ,EAAc;AACZ,WAAO;AAAE7E,MAAAA,WAAF;AAAe6E,MAAAA,QAAf;AAAyB/D,MAAAA;AAAzB,KAAP;AACD,GAFD,MAEO;AACL,UAAMyD,QAAQ,GAAGrB,UAAU,IAAIC,WAAW,CAACV,UAAD,EAAaS,UAAb,EAAyBlD,WAAzB,CAA1C;AACA,WAAO;AACLA,MAAAA,WADK;AAELc,MAAAA,QAFK;AAGL,UAAIyD,QAAQ,IAAI;AAAEA,QAAAA;AAAF,OAAhB;AAHK,KAAP;AAKD;AACF","sourcesContent":["import { warn } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { IdxFeature, NextStep, RemediateOptions, RemediationResponse } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse, isIdxResponse } from './types/idx-js';\nimport { OktaAuthIdxInterface } from '../types';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n  const { neededToProceed, interactionCode } = idxResponse;\n  return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n  return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n  return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n  value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n  if (!value || !Array.isArray(value)) {\n    return;\n  }\n  return value.reduce((messages, value) => {\n    if (value.messages) {\n      messages = [...messages, ...value.messages.value] as never;\n    }\n    if (value.form) {\n      const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n      messages = [...messages, ...messagesFromForm] as never;\n    } \n    if (value.options) {\n      let optionValues = [];\n      value.options.forEach(option => {\n        if (!option.value || typeof option.value === 'string') {\n          return;\n        }\n        optionValues = [...optionValues, option.value] as never;\n      });\n      const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n      messages = [...messages, ...messagesFromOptions] as never;\n    }\n    return messages;\n  }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse): IdxMessage[] {\n  let messages: IdxMessage[] = [];\n  const { rawIdxState, neededToProceed } = idxResponse;\n\n  // Handle global messages\n  const globalMessages = rawIdxState.messages?.value.map(message => message);\n  if (globalMessages) {\n    messages = [...messages, ...globalMessages] as never;\n  }\n\n  // Handle field messages for current flow\n  for (let remediation of neededToProceed) {\n    const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n    if (fieldMessages) {\n      messages = [...messages, ...fieldMessages] as never;\n    }\n  }\n\n  // API may return identical error on same field, filter by i18n key\n  const seen = {};\n  messages = messages.reduce((filtered, message) => {\n    const key = message.i18n?.key;\n    if (key && seen[key]) {\n      return filtered;\n    }\n    seen[key] = message;\n    filtered = [...filtered, message] as never;\n    return filtered;\n  }, []);\n  return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n    res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n  }\n\n  return res;\n}\n\nexport function getAvailableSteps(\n  authClient: OktaAuthIdxInterface, \n  idxResponse: IdxResponse, \n  useGenericRemediator?: boolean\n): NextStep[] {\n  const res: NextStep[] = [];\n\n  const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n    .reduce((map, remediatorClass) => {\n      // Only add concrete subclasses to the map\n      if (remediatorClass.remediationName) {\n        map[remediatorClass.remediationName] = remediatorClass;\n      }\n      return map;\n    }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n    if (T) {\n      const remediator: Remediator = new T(remediation);\n      res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n    }\n  }\n\n  for (const [name] of Object.entries((idxResponse.actions || {}))) {\n    res.push({ \n      name, \n      action: async (params?) => {\n        return authClient.idx.proceed({ \n          actions: [{ name, params }] \n        });\n      }\n    });\n  }\n\n  return res;\n}\n\nexport function filterValuesForRemediation(\n  idxResponse: IdxResponse,\n  remediationName: string,\n  values: RemediationValues\n): RemediationValues {\n  const remediations = idxResponse.neededToProceed || [];\n  const remediation = remediations.find(r => r.name === remediationName);\n  if (!remediation) {\n    // step was specified, but remediation was not found. This is unexpected!\n    warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n    return values;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n    const { name, value } = entry;\n    if (name === 'stateHandle') {\n      res[name] = value; // use the stateHandle value in the remediation\n    } else {\n      res[name] = values[name]; // use the value provided by the caller\n    }\n    return res;\n  }, {});\n  return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n  const { useGenericRemediator, remediators } = options;\n  \n  if (!remediation) {\n    return undefined;\n  }\n\n  if (useGenericRemediator) {\n    return GenericRemediator;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n  idxRemediations: IdxRemediation[],\n  values: RemediationValues,\n  options: RemediateOptions,\n): Remediator | undefined {\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const remediators = options.remediators!;\n  const useGenericRemediator = options.useGenericRemediator;\n\n  let remediator: Remediator;\n  // remediation name specified by caller - fast-track remediator lookup \n  if (options.step) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n    if (remediation) {\n      const T = getRemediatorClass(remediation, options);\n      return T ? new T(remediation, values, options) : undefined;\n    } else {\n      // step was specified, but remediation was not found. This is unexpected!\n      warn(`step \"${options.step}\" did not match any remediations`);\n      return;\n    }\n  }\n\n  const remediatorCandidates: Remediator[] = [];\n  if (useGenericRemediator) {\n    // always pick the first remediation for when use GenericRemediator\n    remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n  } else {\n    for (let remediation of idxRemediations) {\n      const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n      if (!isRemeditionInFlow) {\n        continue;\n      }\n\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      const T = getRemediatorClass(remediation, options)!;\n      remediator = new T(remediation, values, options);\n      if (remediator.canRemediate()) {\n        // found the remediator\n        return remediator;\n      }\n      // remediator cannot handle the current values\n      // maybe return for next step\n      remediatorCandidates.push(remediator);  \n    }\n  }\n  \n  return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n  authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n  const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n  const canSkip = canSkipFn(idxResponse);\n  const canResend = canResendFn(idxResponse);\n  return {\n    ...nextStep,\n    ...(canSkip && {canSkip}),\n    ...(canResend && {canResend}),\n  };\n}\n\nexport function handleIdxError(authClient: OktaAuthIdxInterface, e, remediator?): RemediationResponse {\n  // Handle idx messages\n  let idxResponse = isIdxResponse(e) ? e : null;\n  if (!idxResponse) {\n    // Thrown error terminates the interaction with idx\n    throw e;\n  }\n  idxResponse = {\n    ...idxResponse,\n    requestDidSucceed: false\n  };\n  const terminal = isTerminalResponse(idxResponse);\n  const messages = getMessagesFromResponse(idxResponse);\n  if (terminal) {\n    return { idxResponse, terminal, messages };\n  } else {\n    const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n    return { \n      idxResponse,\n      messages, \n      ...(nextStep && { nextStep }) \n    };\n  }\n}\n"],"file":"util.js"}

package/cjs/oidc/endpoints/token.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AAAA;;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYP,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CAA0BZ,GAA1B,EAA+BR,OAA/B,EAAqDqB,YAArD,EAAyG;AAAA;;AAC9G,SAAO,uBAAYb,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAE,oDAAe;AACnBG,MAAAA,SAAS,EAAEtB,OAAO,CAACC,QADA;AACU;AAC7BsB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHH,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}"],"file":"token.js"}
+{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AAAA;;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYP,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CACLZ,GADK,EAELR,OAFK,EAGLqB,YAHK,EAImB;AAAA;;AACxB,SAAO,uBAAYb,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAE,oDAAe;AACnBG,MAAAA,SAAS,EAAEtB,OAAO,CAACC,QADA;AACU;AAC7BsB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHH,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, OktaAuthHttpInterface, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(\n  sdk: OktaAuthHttpInterface,\n  options: TokenParams,\n  refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}"],"file":"token.js"}

package/cjs/oidc/endpoints/well-known.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAA8CC,MAA9C,EAA2F;AAChG,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAAwCC,MAAxC,EAAwDK,GAAxD,EAAsF;AAC3F,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;AACjDf,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;AACvBjB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAIkB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"file":"well-known.js"}
+{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,MAAlD,EAA+F;AACpG,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAA4CC,MAA5C,EAA4DK,GAA5D,EAA0F;AAC/F,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;AACjDf,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;AACvBjB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAIkB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOIDCInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOIDCInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthOIDCInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"file":"well-known.js"}

package/cjs/oidc/exchangeCodeForTokens.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAAuDC,WAAvD,EAAiFC,IAAjF,EAA4H;AACjIA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADiI,CAEjI;;AACAA,EAAAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJE,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFT,WATJ;AAWA,MAAIU,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;AAAA;;AAEjC;AACA;AACA;AACA,UAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;AACrD,QAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCM,MAAAA,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCV,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJK,OAzBI,CAyBI,MAAM;AACblB,IAAAA,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"file":"exchangeCodeForTokens.js"}
+{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2DC,WAA3D,EAAqFC,IAArF,EAAgI;AACrIA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADqI,CAErI;;AACAA,EAAAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJE,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFT,WATJ;AAWA,MAAIU,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;AAAA;;AAEjC;AACA;AACA;AACA,UAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;AACrD,QAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCM,MAAAA,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCV,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJK,OAzBI,CAyBI,MAAM;AACblB,IAAAA,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOIDCInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"file":"exchangeCodeForTokens.js"}

package/cjs/oidc/getToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA0CC,OAA1C,EAA8E;AACnF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CALmF,CAOnF;AACA;;AACA,QAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxB,2BAAcN,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;AACtB,2BAAcP,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;AACAS,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIc,QAAJ;;AACA,QAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DU,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CU,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AAAA;;AACpC,qCAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAIpB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;AACnBiB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACb,GAAD,CAAP;AACD,WAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;AACtCtC,YAAAA,WAAW,CAAC0C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}
+{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA8CC,OAA9C,EAAkF;AACvF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CALuF,CAOvF;AACA;;AACA,QAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxB,2BAAcN,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;AACtB,2BAAcP,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;AACAS,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIc,QAAJ;;AACA,QAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DU,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CU,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AAAA;;AACpC,qCAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAIpB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;AACnBiB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACb,GAAD,CAAP;AACD,WAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;AACtCtC,YAAAA,WAAW,CAAC0C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOIDCInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOIDCInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}

package/cjs/oidc/getUserInfo.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,iBAAhC,EAAgEC,aAAhE,EAA6G;AAClH;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBN,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken } from '../types';\n\nexport async function getUserInfo(sdk, accessTokenObject: AccessToken, idTokenObject: IDToken): Promise<UserClaims> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"file":"getUserInfo.js"}
+{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;AACxB;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBN,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from '../types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"file":"getUserInfo.js"}

package/cjs/oidc/getWithPopup.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAA8CC,OAA9C,EAA4F;AACjG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHgG,CAKjG;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBM,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBF,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
+{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,OAAlD,EAAgG;AACrG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHoG,CAKrG;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBM,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBF,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}

package/cjs/oidc/getWithRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAAuDC,OAAvD,EAA6F;AAClG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAN,EAAAA,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAb,EAAAA,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}
+{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA2DC,OAA3D,EAAiG;AACtG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAN,EAAAA,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAb,EAAAA,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOIDCInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}

package/cjs/oidc/getWithoutPrompt.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAkDC,OAAlD,EAAgG;AACrG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBK,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}
+{"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAsDC,OAAtD,EAAoG;AACzG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBK,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}

package/cjs/oidc/handleOAuthResponse.js

@@ -14,8 +14,6 @@ var _oauth = require("./util/oauth");
 
 var _errors = require("../errors");
 
-var _exchangeCodeForTokens = require("./exchangeCodeForTokens");
-
 var _verifyToken = require("./verifyToken");
 
 var _util2 = require("./util");
@@ -51,7 +49,7 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
   // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result
 
   if (pkce && (res.code || res.interaction_code)) {
-    return (0, _exchangeCodeForTokens.exchangeCodeForTokens)(sdk, (0, _assign.default)({}, tokenParams, {
+    return sdk.token.exchangeCodeForTokens((0, _assign.default)({}, tokenParams, {
       authorizationCode: res.code,
       interactionCode: res.interaction_code
     }), urls);

package/cjs/oidc/handleOAuthResponse.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","token","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","tokens"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AACA;;AAhCA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAoBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;AACnC,UAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;AACxB,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;AACA;;AACA,MAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;AAC9C,WAAO,kDAAsBN,GAAtB,EAA2B,qBAAc,EAAd,EAAkBC,WAAlB,EAA+B;AAC/DM,MAAAA,iBAAiB,EAAEb,GAAG,CAACW,IADwC;AAE/DG,MAAAA,eAAe,EAAEd,GAAG,CAACY;AAF0C,KAA/B,CAA3B,EAGHJ,IAHG,CAAP;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;AAEA,MAAIQ,YAAY,GAAGR,WAAW,CAACQ,YAAZ,IAA4B,EAA/C;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIlB,GAAG,CAACmB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGlB,GAAG,CAACmB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG,iBAAMX,WAAW,CAACW,MAAlB,CAAT;AACD;;AACD,MAAIG,QAAQ,GAAGd,WAAW,CAACc,QAAZ,IAAwBf,GAAG,CAACI,OAAJ,CAAYW,QAAnD,CA1BwB,CA4BxB;;AACAtB,EAAAA,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;AAEA,MAAIe,SAAS,GAAG,EAAhB;AACA,MAAIC,SAAS,GAAGvB,GAAG,CAACwB,UAApB;AACA,MAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;AACA,MAAIC,WAAW,GAAG3B,GAAG,CAAC4B,YAAtB;AACA,MAAIC,OAAO,GAAG7B,GAAG,CAAC8B,QAAlB;AACA,MAAIC,YAAY,GAAG/B,GAAG,CAACgC,aAAvB;AACA,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIN,WAAJ,EAAiB;AACf,QAAIU,SAAS,GAAG/B,GAAG,CAACgC,KAAJ,CAAUC,MAAV,CAAiBZ,WAAjB,CAAhB;AACAL,IAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,MAAAA,WAAW,EAAEA,WADS;AAEtBa,MAAAA,MAAM,EAAEH,SAAS,CAACI,OAFI;AAGtBC,MAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,MAAAA,SAAS,EAAEA,SAJW;AAKtBP,MAAAA,MAAM,EAAEA,MALc;AAMtB0B,MAAAA,YAAY,EAAEpC,IAAI,CAACoC,YANG;AAOtBC,MAAAA,WAAW,EAAErC,IAAI,CAACqC;AAPI,KAAxB;AASD;;AAED,MAAId,YAAJ,EAAkB;AAChBT,IAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,MAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAW,MAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAJR;AAKvBf,MAAAA,MAAM,EAAEA,MALe;AAMvB4B,MAAAA,QAAQ,EAAEtC,IAAI,CAACsC,QANQ;AAOvBF,MAAAA,YAAY,EAAEpC,IAAI,CAACoC,YAPI;AAQvBG,MAAAA,MAAM,EAAEvC,IAAI,CAACuC;AARU,KAAzB;AAUD;;AAED,MAAIlB,OAAJ,EAAa;AACX,QAAImB,KAAK,GAAG1C,GAAG,CAACgC,KAAJ,CAAUC,MAAV,CAAiBV,OAAjB,CAAZ;AACA,QAAIoB,UAAmB,GAAG;AACxBpB,MAAAA,OAAO,EAAEA,OADe;AAExBW,MAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,MAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0ClB,GAH7B;AAGkC;AAC1Df,MAAAA,MAAM,EAAEA,MAJgB;AAKxB0B,MAAAA,YAAY,EAAEpC,IAAI,CAACoC,YALK;AAMxBG,MAAAA,MAAM,EAAEvC,IAAI,CAACuC,MANW;AAOxB1B,MAAAA,QAAQ,EAAEA;AAPc,KAA1B;AAUA,QAAI+B,gBAAmC,GAAG;AACxC/B,MAAAA,QAAQ,EAAEA,QAD8B;AAExC0B,MAAAA,MAAM,EAAEvC,IAAI,CAACuC,MAF2B;AAGxCM,MAAAA,KAAK,EAAE9C,WAAW,CAAC8C,KAHqB;AAIxC1B,MAAAA,WAAW,EAAEA;AAJ2B,KAA1C;;AAOA,QAAIpB,WAAW,CAAC+C,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,MAAAA,gBAAgB,CAACE,eAAjB,GAAmC/C,WAAW,CAAC+C,eAA/C;AACD;;AAED,UAAM,8BAAYhD,GAAZ,EAAiB2C,UAAjB,EAA6BG,gBAA7B,CAAN;AACA9B,IAAAA,SAAS,CAACO,OAAV,GAAoBoB,UAApB;AACD,GA1FuB,CA4FxB;;;AACA,MAAI,sBAAAlC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACO,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,UAAM,IAAIvB,oBAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,MAAI,sBAAAW,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACO,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,UAAM,IAAIzB,oBAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,SAAO;AACLoD,IAAAA,MAAM,EAAElC,SADH;AAELnB,IAAAA,KAAK,EAAEH,GAAG,CAACG,KAFN;AAGLQ,IAAAA,IAAI,EAAEX,GAAG,CAACW;AAHL,GAAP;AAMD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from '../types';\nimport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return exchangeCodeForTokens(sdk, Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  var tokenDict = {} as Tokens;\n  var expiresIn = res.expires_in;\n  var tokenType = res.token_type;\n  var accessToken = res.access_token;\n  var idToken = res.id_token;\n  var refreshToken = res.refresh_token;\n  var now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    var accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    var idJwt = sdk.token.decode(idToken);\n    var idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    var validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code\n  };\n  \n}"],"file":"handleOAuthResponse.js"}
+{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","tokens"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;AACnC,UAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;AACxB,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;AACA;;AACA,MAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;AAC9C,WAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgC,qBAAc,EAAd,EAAkBP,WAAlB,EAA+B;AACpEQ,MAAAA,iBAAiB,EAAEf,GAAG,CAACW,IAD6C;AAEpEK,MAAAA,eAAe,EAAEhB,GAAG,CAACY;AAF+C,KAA/B,CAAhC,EAGHJ,IAHG,CAAP;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;AAEA,MAAIU,YAAY,GAAGV,WAAW,CAACU,YAAZ,IAA4B,EAA/C;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIpB,GAAG,CAACqB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGpB,GAAG,CAACqB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG,iBAAMb,WAAW,CAACa,MAAlB,CAAT;AACD;;AACD,MAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1BwB,CA4BxB;;AACAxB,EAAAA,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;AAEA,MAAIiB,SAAS,GAAG,EAAhB;AACA,MAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;AACA,MAAIC,SAAS,GAAG3B,GAAG,CAAC4B,UAApB;AACA,MAAIC,WAAW,GAAG7B,GAAG,CAAC8B,YAAtB;AACA,MAAIC,OAAO,GAAG/B,GAAG,CAACgC,QAAlB;AACA,MAAIC,YAAY,GAAGjC,GAAG,CAACkC,aAAvB;AACA,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIN,WAAJ,EAAiB;AACf,QAAIU,SAAS,GAAGjC,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBX,WAAjB,CAAhB;AACAL,IAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,MAAAA,WAAW,EAAEA,WADS;AAEtBY,MAAAA,MAAM,EAAEF,SAAS,CAACG,OAFI;AAGtBC,MAAAA,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,MAAAA,SAAS,EAAEA,SAJW;AAKtBP,MAAAA,MAAM,EAAEA,MALc;AAMtByB,MAAAA,YAAY,EAAErC,IAAI,CAACqC,YANG;AAOtBC,MAAAA,WAAW,EAAEtC,IAAI,CAACsC;AAPI,KAAxB;AASD;;AAED,MAAIb,YAAJ,EAAkB;AAChBT,IAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,MAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAU,MAAAA,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;AAKvBf,MAAAA,MAAM,EAAEA,MALe;AAMvB2B,MAAAA,QAAQ,EAAEvC,IAAI,CAACuC,QANQ;AAOvBF,MAAAA,YAAY,EAAErC,IAAI,CAACqC,YAPI;AAQvBG,MAAAA,MAAM,EAAExC,IAAI,CAACwC;AARU,KAAzB;AAUD;;AAED,MAAIjB,OAAJ,EAAa;AACX,QAAIkB,KAAK,GAAG3C,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBT,OAAjB,CAAZ;AACA,QAAImB,UAAmB,GAAG;AACxBnB,MAAAA,OAAO,EAAEA,OADe;AAExBU,MAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,MAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;AAGkC;AAC1Df,MAAAA,MAAM,EAAEA,MAJgB;AAKxByB,MAAAA,YAAY,EAAErC,IAAI,CAACqC,YALK;AAMxBG,MAAAA,MAAM,EAAExC,IAAI,CAACwC,MANW;AAOxBzB,MAAAA,QAAQ,EAAEA;AAPc,KAA1B;AAUA,QAAI8B,gBAAmC,GAAG;AACxC9B,MAAAA,QAAQ,EAAEA,QAD8B;AAExCyB,MAAAA,MAAM,EAAExC,IAAI,CAACwC,MAF2B;AAGxCM,MAAAA,KAAK,EAAE/C,WAAW,CAAC+C,KAHqB;AAIxCzB,MAAAA,WAAW,EAAEA;AAJ2B,KAA1C;;AAOA,QAAItB,WAAW,CAACgD,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,MAAAA,gBAAgB,CAACE,eAAjB,GAAmChD,WAAW,CAACgD,eAA/C;AACD;;AAED,UAAM,8BAAYjD,GAAZ,EAAiB4C,UAAjB,EAA6BG,gBAA7B,CAAN;AACA7B,IAAAA,SAAS,CAACO,OAAV,GAAoBmB,UAApB;AACD,GA1FuB,CA4FxB;;;AACA,MAAI,sBAAAjC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACO,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,UAAM,IAAIzB,oBAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,MAAI,sBAAAa,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACO,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,UAAM,IAAI3B,oBAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,SAAO;AACLqD,IAAAA,MAAM,EAAEjC,SADH;AAELrB,IAAAA,KAAK,EAAEH,GAAG,CAACG,KAFN;AAGLQ,IAAAA,IAAI,EAAEX,GAAG,CAACW;AAHL,GAAP;AAMD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthOIDCInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from '../types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  var tokenDict = {} as Tokens;\n  var expiresIn = res.expires_in;\n  var tokenType = res.token_type;\n  var accessToken = res.access_token;\n  var idToken = res.id_token;\n  var refreshToken = res.refresh_token;\n  var now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    var accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    var idJwt = sdk.token.decode(idToken);\n    var idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    var validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code\n  };\n  \n}"],"file":"handleOAuthResponse.js"}

package/cjs/oidc/renewToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAkDC,KAAlD,EAA4F;AACjG,MAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;AAC9CT,IAAAA,sBAAsB;AACvB;;AAED,MAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;AACA,MAAIP,MAAM,CAACQ,YAAX,EAAyB;AACvBR,IAAAA,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;AACzCK,MAAAA,MAAM,EAAEJ,KAAK,CAACI;AAD2B,KAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;AAGA,WAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;AACD;;AAED,MAAIU,YAAJ;;AACA,MAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;AACpBF,IAAAA,YAAY,GAAG,MAAf;AACD,GAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;AAC/BK,IAAAA,YAAY,GAAG,OAAf;AACD,GAFM,MAEA;AACLA,IAAAA,YAAY,GAAG,UAAf;AACD;;AAED,QAAM;AAAED,IAAAA,MAAF;AAAUI,IAAAA,YAAV;AAAwBC,IAAAA,WAAxB;AAAqCC,IAAAA;AAArC,MAAgDV,KAAtD;AACA,SAAO,wCAAiBD,GAAjB,EAAsB;AAC3BM,IAAAA,YAD2B;AAE3BD,IAAAA,MAF2B;AAG3BI,IAAAA,YAH2B;AAI3BC,IAAAA,WAJ2B;AAK3BC,IAAAA;AAL2B,GAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;AACnB,WAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;AACD,GATI,CAAP;AAUD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"file":"renewToken.js"}
+{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;AACrG,MAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;AAC9CT,IAAAA,sBAAsB;AACvB;;AAED,MAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;AACA,MAAIP,MAAM,CAACQ,YAAX,EAAyB;AACvBR,IAAAA,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;AACzCK,MAAAA,MAAM,EAAEJ,KAAK,CAACI;AAD2B,KAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;AAGA,WAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;AACD;;AAED,MAAIU,YAAJ;;AACA,MAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;AACpBF,IAAAA,YAAY,GAAG,MAAf;AACD,GAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;AAC/BK,IAAAA,YAAY,GAAG,OAAf;AACD,GAFM,MAEA;AACLA,IAAAA,YAAY,GAAG,UAAf;AACD;;AAED,QAAM;AAAED,IAAAA,MAAF;AAAUI,IAAAA,YAAV;AAAwBC,IAAAA,WAAxB;AAAqCC,IAAAA;AAArC,MAAgDV,KAAtD;AACA,SAAO,wCAAiBD,GAAjB,EAAsB;AAC3BM,IAAAA,YAD2B;AAE3BD,IAAAA,MAF2B;AAG3BI,IAAAA,YAH2B;AAI3BC,IAAAA,WAJ2B;AAK3BC,IAAAA;AAL2B,GAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;AACnB,WAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;AACD,GATI,CAAP;AAUD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"file":"renewToken.js"}