@okta/okta-auth-js 6.5.2 → 6.6.1

package/esm/esm.browser.js

@@ -28,7 +28,6 @@ import _asyncToGenerator from '@babel/runtime-corejs3/helpers/asyncToGenerator';
 import _createClass from '@babel/runtime-corejs3/helpers/createClass';
 import _regeneratorRuntime from '@babel/runtime-corejs3/regenerator';
 import _Object$assign from '@babel/runtime-corejs3/core-js-stable/object/assign';
-import _Object$keys from '@babel/runtime-corejs3/core-js-stable/object/keys';
 import _typeof from '@babel/runtime-corejs3/helpers/typeof';
 import _Array$from from '@babel/runtime-corejs3/core-js-stable/array/from';
 import _slicedToArray from '@babel/runtime-corejs3/helpers/slicedToArray';
@@ -37,6 +36,7 @@ import _Object$entries from '@babel/runtime-corejs3/core-js-stable/object/entrie
 import _keysInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/keys';
 import _Object$values from '@babel/runtime-corejs3/core-js-stable/object/values';
 import _findInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/find';
+import _Object$keys from '@babel/runtime-corejs3/core-js-stable/object/keys';
 import Cookies from 'js-cookie';
 import _filterInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/filter';
 import _parseInt from '@babel/runtime-corejs3/core-js-stable/parse-int';
@@ -155,6 +155,9 @@ var OAuthError = function (_CustomError) {
 function isAuthApiError(obj) {
   return obj instanceof AuthApiError;
 }
+function isOAuthError(obj) {
+  return obj instanceof OAuthError;
+}
 
 var a = function a(str) {
   return atob(str);
@@ -666,6 +669,60 @@ function getStateToken(res) {
   return addStateToken(res);
 }
 
+function transactionStatus(sdk, args) {
+  args = addStateToken(sdk, args);
+  return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, {
+    withCredentials: true
+  });
+}
+function resumeTransaction(sdk, args) {
+  if (!args || !args.stateToken) {
+    var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);
+    if (stateToken) {
+      args = {
+        stateToken: stateToken
+      };
+    } else {
+      return _Promise.reject(new AuthSdkError('No transaction to resume'));
+    }
+  }
+  return sdk.tx.status(args).then(function (res) {
+    return sdk.tx.createTransaction(res);
+  });
+}
+function introspectAuthn(sdk, args) {
+  if (!args || !args.stateToken) {
+    var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);
+    if (stateToken) {
+      args = {
+        stateToken: stateToken
+      };
+    } else {
+      return _Promise.reject(new AuthSdkError('No transaction to evaluate'));
+    }
+  }
+  return transactionStep(sdk, args).then(function (res) {
+    return sdk.tx.createTransaction(res);
+  });
+}
+function transactionStep(sdk, args) {
+  args = addStateToken(sdk, args);
+  return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, {
+    withCredentials: true
+  });
+}
+function transactionExists(sdk) {
+  return !!sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);
+}
+function postToTransaction(sdk, url, args, options) {
+  options = _Object$assign({
+    withCredentials: true
+  }, options);
+  return post(sdk, url, args, options).then(function (res) {
+    return sdk.tx.createTransaction(res);
+  });
+}
+
 function getPollFn(sdk, res, ref) {
   return function (options) {
     var delay$1;
@@ -729,7 +786,7 @@ function getPollFn(sdk, res, ref) {
           return delay(delay$1).then(recursivePoll);
         } else {
           ref.isPolling = false;
-          return new AuthTransaction(sdk, pollRes);
+          return sdk.tx.createTransaction(pollRes);
         }
       }).catch(function (err) {
         if (err.xhr && (err.xhr.status === 0 || err.xhr.status === 429) && retryCount <= 4) {
@@ -762,7 +819,7 @@ var AuthTransaction = function AuthTransaction(sdk) {
     delete this.stateToken;
     if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {
       this.cancel = function () {
-        return _Promise.resolve(new AuthTransaction(sdk));
+        return _Promise.resolve(sdk.tx.createTransaction());
       };
     }
   }
@@ -893,60 +950,6 @@ function flattenEmbedded(sdk, res, obj, ref) {
   return obj;
 }
 
-function transactionStatus(sdk, args) {
-  args = addStateToken(sdk, args);
-  return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, {
-    withCredentials: true
-  });
-}
-function resumeTransaction(sdk, args) {
-  if (!args || !args.stateToken) {
-    var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);
-    if (stateToken) {
-      args = {
-        stateToken: stateToken
-      };
-    } else {
-      return _Promise.reject(new AuthSdkError('No transaction to resume'));
-    }
-  }
-  return sdk.tx.status(args).then(function (res) {
-    return new AuthTransaction(sdk, res);
-  });
-}
-function introspectAuthn(sdk, args) {
-  if (!args || !args.stateToken) {
-    var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);
-    if (stateToken) {
-      args = {
-        stateToken: stateToken
-      };
-    } else {
-      return _Promise.reject(new AuthSdkError('No transaction to evaluate'));
-    }
-  }
-  return transactionStep(sdk, args).then(function (res) {
-    return new AuthTransaction(sdk, res);
-  });
-}
-function transactionStep(sdk, args) {
-  args = addStateToken(sdk, args);
-  return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, {
-    withCredentials: true
-  });
-}
-function transactionExists(sdk) {
-  return !!sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);
-}
-function postToTransaction(sdk, url, args, options) {
-  options = _Object$assign({
-    withCredentials: true
-  }, options);
-  return post(sdk, url, args, options).then(function (res) {
-    return new AuthTransaction(sdk, res);
-  });
-}
-
 function dec2hex(dec) {
   return ('0' + dec.toString(16)).substr(-2);
 }
@@ -1378,6 +1381,9 @@ function isAuthorizationCodeError(sdk, error) {
   var responseJSON = errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.responseJSON;
   return sdk.options.pkce && (responseJSON === null || responseJSON === void 0 ? void 0 : responseJSON.error) === 'invalid_grant';
 }
+function isRefreshTokenInvalidError(error) {
+  return isOAuthError(error) && error.errorCode === 'invalid_grant' && error.errorSummary === 'The refresh token is invalid or expired.';
+}
 
 function hasTokensInHash(hash) {
   return /((id|access)_token=)/i.test(hash);
@@ -1820,47 +1826,6 @@ function _revokeToken() {
   return _revokeToken.apply(this, arguments);
 }
 
-function exchangeCodeForTokens(sdk, tokenParams, urls) {
-  urls = urls || getOAuthUrls(sdk, tokenParams);
-  tokenParams = _Object$assign({}, getDefaultTokenParams(sdk), clone(tokenParams));
-  var _tokenParams = tokenParams,
-      authorizationCode = _tokenParams.authorizationCode,
-      interactionCode = _tokenParams.interactionCode,
-      codeVerifier = _tokenParams.codeVerifier,
-      clientId = _tokenParams.clientId,
-      redirectUri = _tokenParams.redirectUri,
-      scopes = _tokenParams.scopes,
-      ignoreSignature = _tokenParams.ignoreSignature,
-      state = _tokenParams.state;
-  var getTokenOptions = {
-    clientId: clientId,
-    redirectUri: redirectUri,
-    authorizationCode: authorizationCode,
-    interactionCode: interactionCode,
-    codeVerifier: codeVerifier
-  };
-  return postToTokenEndpoint(sdk, getTokenOptions, urls).then(function (response) {
-    var responseType = ['token'];
-    if (_indexOfInstanceProperty(scopes).call(scopes, 'openid') !== -1) {
-      responseType.push('id_token');
-    }
-    var handleResponseOptions = {
-      clientId: clientId,
-      redirectUri: redirectUri,
-      scopes: scopes,
-      responseType: responseType,
-      ignoreSignature: ignoreSignature
-    };
-    return handleOAuthResponse(sdk, handleResponseOptions, response, urls).then(function (response) {
-      response.code = authorizationCode;
-      response.state = state;
-      return response;
-    });
-  }).finally(function () {
-    sdk.transactionManager.clear();
-  });
-}
-
 function verifyToken(_x, _x2, _x3) {
   return _verifyToken.apply(this, arguments);
 }
@@ -1959,7 +1924,7 @@ function _handleOAuthResponse() {
               _context.next = 3;
               break;
             }
-            return _context.abrupt("return", exchangeCodeForTokens(sdk, _Object$assign({}, tokenParams, {
+            return _context.abrupt("return", sdk.token.exchangeCodeForTokens(_Object$assign({}, tokenParams, {
               authorizationCode: res.code,
               interactionCode: res.interaction_code
             }), urls));
@@ -2175,17 +2140,18 @@ function _renewTokensWithRefresh() {
             }
             throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
           case 3:
+            _context.prev = 3;
             renewTokenParams = _Object$assign({}, tokenParams, {
               clientId: clientId
             });
-            _context.next = 6;
+            _context.next = 7;
             return postRefreshToken(sdk, renewTokenParams, refreshTokenObject);
-          case 6:
+          case 7:
             tokenResponse = _context.sent;
             urls = getOAuthUrls(sdk, tokenParams);
-            _context.next = 10;
+            _context.next = 11;
             return handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);
-          case 10:
+          case 11:
             _yield$handleOAuthRes = _context.sent;
             tokens = _yield$handleOAuthRes.tokens;
             refreshToken = tokens.refreshToken;
@@ -2193,12 +2159,19 @@ function _renewTokensWithRefresh() {
               sdk.tokenManager.updateRefreshToken(refreshToken);
             }
             return _context.abrupt("return", tokens);
-          case 15:
+          case 18:
+            _context.prev = 18;
+            _context.t0 = _context["catch"](3);
+            if (isRefreshTokenInvalidError(_context.t0)) {
+              sdk.tokenManager.removeRefreshToken();
+            }
+            throw _context.t0;
+          case 22:
           case "end":
             return _context.stop();
         }
       }
-    }, _callee);
+    }, _callee, null, [[3, 18]]);
   }));
   return _renewTokensWithRefresh.apply(this, arguments);
 }
@@ -2412,6 +2385,47 @@ function _getUserInfo() {
   return _getUserInfo.apply(this, arguments);
 }
 
+function exchangeCodeForTokens(sdk, tokenParams, urls) {
+  urls = urls || getOAuthUrls(sdk, tokenParams);
+  tokenParams = _Object$assign({}, getDefaultTokenParams(sdk), clone(tokenParams));
+  var _tokenParams = tokenParams,
+      authorizationCode = _tokenParams.authorizationCode,
+      interactionCode = _tokenParams.interactionCode,
+      codeVerifier = _tokenParams.codeVerifier,
+      clientId = _tokenParams.clientId,
+      redirectUri = _tokenParams.redirectUri,
+      scopes = _tokenParams.scopes,
+      ignoreSignature = _tokenParams.ignoreSignature,
+      state = _tokenParams.state;
+  var getTokenOptions = {
+    clientId: clientId,
+    redirectUri: redirectUri,
+    authorizationCode: authorizationCode,
+    interactionCode: interactionCode,
+    codeVerifier: codeVerifier
+  };
+  return postToTokenEndpoint(sdk, getTokenOptions, urls).then(function (response) {
+    var responseType = ['token'];
+    if (_indexOfInstanceProperty(scopes).call(scopes, 'openid') !== -1) {
+      responseType.push('id_token');
+    }
+    var handleResponseOptions = {
+      clientId: clientId,
+      redirectUri: redirectUri,
+      scopes: scopes,
+      responseType: responseType,
+      ignoreSignature: ignoreSignature
+    };
+    return handleOAuthResponse(sdk, handleResponseOptions, response, urls).then(function (response) {
+      response.code = authorizationCode;
+      response.state = state;
+      return response;
+    });
+  }).finally(function () {
+    sdk.transactionManager.clear();
+  });
+}
+
 function getWithPopup(sdk, options) {
   if (arguments.length > 2) {
     return _Promise.reject(new AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
@@ -3317,6 +3331,12 @@ var TokenManager = function () {
       tokenStorage[key] = token;
       this.storage.setStorage(tokenStorage);
     }
+  }, {
+    key: "removeRefreshToken",
+    value: function removeRefreshToken() {
+      var key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;
+      this.remove(key);
+    }
   }, {
     key: "addPendingRemoveFlags",
     value: function addPendingRemoveFlags() {
@@ -3469,7 +3489,7 @@ var SyncStorageService = function () {
 }();
 
 function _createForOfIteratorHelper$7(o, allowArrayLike) { var it = typeof _Symbol !== "undefined" && _getIteratorMethod(o) || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray$7(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
-function _unsupportedIterableToArray$7(o, minLen) { var _context4; if (!o) return; if (typeof o === "string") return _arrayLikeToArray$7(o, minLen); var n = _sliceInstanceProperty(_context4 = Object.prototype.toString.call(o)).call(_context4, 8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return _Array$from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray$7(o, minLen); }
+function _unsupportedIterableToArray$7(o, minLen) { var _context8; if (!o) return; if (typeof o === "string") return _arrayLikeToArray$7(o, minLen); var n = _sliceInstanceProperty(_context8 = Object.prototype.toString.call(o)).call(_context8, 8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return _Array$from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray$7(o, minLen); }
 function _arrayLikeToArray$7(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
 var ServiceManager = function () {
   function ServiceManager(sdk) {
@@ -3529,23 +3549,64 @@ var ServiceManager = function () {
     }
   }, {
     key: "start",
-    value: function start() {
-      if (this.started) {
-        return;
-      }
-      if (this.isLeaderRequired()) {
-        this.startElector();
+    value: function () {
+      var _start = _asyncToGenerator( _regeneratorRuntime.mark(function _callee() {
+        return _regeneratorRuntime.wrap(function _callee$(_context2) {
+          while (1) {
+            switch (_context2.prev = _context2.next) {
+              case 0:
+                if (!this.started) {
+                  _context2.next = 2;
+                  break;
+                }
+                return _context2.abrupt("return");
+              case 2:
+                if (!this.isLeaderRequired()) {
+                  _context2.next = 5;
+                  break;
+                }
+                _context2.next = 5;
+                return this.startElector();
+              case 5:
+                this.startServices();
+                this.started = true;
+              case 7:
+              case "end":
+                return _context2.stop();
+            }
+          }
+        }, _callee, this);
+      }));
+      function start() {
+        return _start.apply(this, arguments);
       }
-      this.startServices();
-      this.started = true;
-    }
+      return start;
+    }()
   }, {
     key: "stop",
-    value: function stop() {
-      this.stopElector();
-      this.stopServices();
-      this.started = false;
-    }
+    value: function () {
+      var _stop = _asyncToGenerator( _regeneratorRuntime.mark(function _callee2() {
+        return _regeneratorRuntime.wrap(function _callee2$(_context3) {
+          while (1) {
+            switch (_context3.prev = _context3.next) {
+              case 0:
+                _context3.next = 2;
+                return this.stopElector();
+              case 2:
+                this.stopServices();
+                this.started = false;
+              case 4:
+              case "end":
+                return _context3.stop();
+            }
+          }
+        }, _callee2, this);
+      }));
+      function stop() {
+        return _stop.apply(this, arguments);
+      }
+      return stop;
+    }()
   }, {
     key: "getService",
     value: function getService(name) {
@@ -3554,8 +3615,8 @@ var ServiceManager = function () {
   }, {
     key: "startServices",
     value: function startServices() {
-      var _context2;
-      var _iterator = _createForOfIteratorHelper$7(_valuesInstanceProperty(_context2 = this.services).call(_context2)),
+      var _context4;
+      var _iterator = _createForOfIteratorHelper$7(_valuesInstanceProperty(_context4 = this.services).call(_context4)),
           _step;
       try {
         for (_iterator.s(); !(_step = _iterator.n()).done;) {
@@ -3574,8 +3635,8 @@ var ServiceManager = function () {
   }, {
     key: "stopServices",
     value: function stopServices() {
-      var _context3;
-      var _iterator2 = _createForOfIteratorHelper$7(_valuesInstanceProperty(_context3 = this.services).call(_context3)),
+      var _context5;
+      var _iterator2 = _createForOfIteratorHelper$7(_valuesInstanceProperty(_context5 = this.services).call(_context5)),
           _step2;
       try {
         for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
@@ -3590,31 +3651,72 @@ var ServiceManager = function () {
     }
   }, {
     key: "startElector",
-    value: function startElector() {
-      this.stopElector();
-      if (ServiceManager.canUseLeaderElection()) {
-        if (!this.channel) {
-          var broadcastChannelName = this.options.broadcastChannelName;
-          this.channel = new BroadcastChannel(broadcastChannelName);
-        }
-        if (!this.elector) {
-          this.elector = createLeaderElection(this.channel);
-          this.elector.onduplicate = this.onLeaderDuplicate;
-          this.elector.awaitLeadership().then(this.onLeader);
-        }
+    value: function () {
+      var _startElector = _asyncToGenerator( _regeneratorRuntime.mark(function _callee3() {
+        var broadcastChannelName;
+        return _regeneratorRuntime.wrap(function _callee3$(_context6) {
+          while (1) {
+            switch (_context6.prev = _context6.next) {
+              case 0:
+                _context6.next = 2;
+                return this.stopElector();
+              case 2:
+                if (ServiceManager.canUseLeaderElection()) {
+                  if (!this.channel) {
+                    broadcastChannelName = this.options.broadcastChannelName;
+                    this.channel = new BroadcastChannel(broadcastChannelName);
+                  }
+                  if (!this.elector) {
+                    this.elector = createLeaderElection(this.channel);
+                    this.elector.onduplicate = this.onLeaderDuplicate;
+                    this.elector.awaitLeadership().then(this.onLeader);
+                  }
+                }
+              case 3:
+              case "end":
+                return _context6.stop();
+            }
+          }
+        }, _callee3, this);
+      }));
+      function startElector() {
+        return _startElector.apply(this, arguments);
       }
-    }
+      return startElector;
+    }()
   }, {
     key: "stopElector",
-    value: function stopElector() {
-      var _a, _b;
-      if (this.elector) {
-        (_a = this.elector) === null || _a === void 0 ? void 0 : _a.die();
-        this.elector = undefined;
-        (_b = this.channel) === null || _b === void 0 ? void 0 : _b.close();
-        this.channel = undefined;
+    value: function () {
+      var _stopElector = _asyncToGenerator( _regeneratorRuntime.mark(function _callee4() {
+        var _a, _b;
+        return _regeneratorRuntime.wrap(function _callee4$(_context7) {
+          while (1) {
+            switch (_context7.prev = _context7.next) {
+              case 0:
+                if (!this.elector) {
+                  _context7.next = 7;
+                  break;
+                }
+                _context7.next = 3;
+                return (_a = this.elector) === null || _a === void 0 ? void 0 : _a.die();
+              case 3:
+                this.elector = undefined;
+                _context7.next = 6;
+                return (_b = this.channel) === null || _b === void 0 ? void 0 : _b.close();
+              case 6:
+                this.channel = undefined;
+              case 7:
+              case "end":
+                return _context7.stop();
+            }
+          }
+        }, _callee4, this);
+      }));
+      function stopElector() {
+        return _stopElector.apply(this, arguments);
       }
-    }
+      return stopElector;
+    }()
   }, {
     key: "createService",
     value: function createService(name) {
@@ -4658,7 +4760,7 @@ function mergeOptions(options, args) {
 }
 function buildOptions() {
   var args = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var _a;
+  var _a, _b;
   assertValidConfig(args);
   args = mergeOptions(getDefaultOptions(), args);
   return removeNils({
@@ -4693,7 +4795,8 @@ function buildOptions() {
     recoveryToken: args.recoveryToken,
     activationToken: args.activationToken,
     idx: {
-      useGenericRemediator: !!((_a = args.idx) === null || _a === void 0 ? void 0 : _a.useGenericRemediator)
+      useGenericRemediator: !!((_a = args.idx) === null || _a === void 0 ? void 0 : _a.useGenericRemediator),
+      exchangeCodeForTokens: ((_b = args.idx) === null || _b === void 0 ? void 0 : _b.exchangeCodeForTokens) !== false
     },
     ignoreSignature: !!args.ignoreSignature,
     clientSecret: args.clientSecret
@@ -5061,7 +5164,7 @@ var generateDirectFetch = function generateDirectFetch(authClient, _ref) {
             });
           case 6:
             response = _context.sent;
-            return _context.abrupt("return", makeIdxState$1(authClient, _Object$assign({}, response), toPersist, true));
+            return _context.abrupt("return", authClient.idx.makeIdxResponse(_Object$assign({}, response), toPersist, true));
           case 10:
             _context.prev = 10;
             _context.t0 = _context["catch"](3);
@@ -5074,7 +5177,7 @@ var generateDirectFetch = function generateDirectFetch(authClient, _ref) {
             _response = _context.t0.xhr;
             payload = _response.responseJSON || JSON.parse(_response.responseText);
             wwwAuthHeader = _response.headers['WWW-Authenticate'] || _response.headers['www-authenticate'];
-            idxResponse = makeIdxState$1(authClient, _Object$assign({}, payload), toPersist, false);
+            idxResponse = authClient.idx.makeIdxResponse(_Object$assign({}, payload), toPersist, false);
             if (_response.status === 401 && wwwAuthHeader === 'Oktadevicejwt realm="Okta Device"') {
               idxResponse.stepUp = true;
             }
@@ -5301,9 +5404,7 @@ function validateVersionConfig(version) {
   }
   parsersForVersion(version);
 }
-function makeIdxState(authClient, rawIdxResponse) {
-  var toPersist = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
-  var requestDidSucceed = arguments.length > 3 ? arguments[3] : undefined;
+function makeIdxState(authClient, rawIdxResponse, toPersist, requestDidSucceed) {
   var _a;
   var version = (_a = rawIdxResponse === null || rawIdxResponse === void 0 ? void 0 : rawIdxResponse.version) !== null && _a !== void 0 ? _a : IDX_API_VERSION;
   validateVersionConfig(version);
@@ -7156,52 +7257,6 @@ function hasValidInputValue(input, values) {
   return fn(input, values, false);
 }
 
-function canProceed(authClient) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var meta = getSavedTransactionMeta(authClient, options);
-  return !!(meta || options.stateHandle);
-}
-function proceed(_x) {
-  return _proceed.apply(this, arguments);
-}
-function _proceed() {
-  _proceed = _asyncToGenerator( _regeneratorRuntime.mark(function _callee(authClient) {
-    var options,
-        flow,
-        state,
-        meta,
-        _args = arguments;
-    return _regeneratorRuntime.wrap(function _callee$(_context) {
-      while (1) {
-        switch (_context.prev = _context.next) {
-          case 0:
-            options = _args.length > 1 && _args[1] !== undefined ? _args[1] : {};
-            if (canProceed(authClient, options)) {
-              _context.next = 3;
-              break;
-            }
-            throw new AuthSdkError('Unable to proceed: saved transaction could not be loaded');
-          case 3:
-            flow = options.flow, state = options.state;
-            if (!flow) {
-              meta = getSavedTransactionMeta(authClient, {
-                state: state
-              });
-              flow = meta === null || meta === void 0 ? void 0 : meta.flow;
-            }
-            return _context.abrupt("return", run(authClient, _Object$assign(_Object$assign({}, options), {
-              flow: flow
-            })));
-          case 6:
-          case "end":
-            return _context.stop();
-        }
-      }
-    }, _callee);
-  }));
-  return _proceed.apply(this, arguments);
-}
-
 function _createSuper$1(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$1(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = _Reflect$construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 function _isNativeReflectConstruct$1() { if (typeof Reflect === "undefined" || !_Reflect$construct) return false; if (_Reflect$construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(_Reflect$construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var GenericRemediator = function (_Remediator) {
@@ -7260,7 +7315,7 @@ var GenericRemediator = function (_Remediator) {
                 while (1) {
                   switch (_context3.prev = _context3.next) {
                     case 0:
-                      return _context3.abrupt("return", proceed(authClient, _Object$assign({
+                      return _context3.abrupt("return", authClient.idx.proceed(_Object$assign({
                         step: name
                       }, params)));
                     case 1:
@@ -7477,7 +7532,7 @@ function getAvailableSteps(authClient, idxResponse, useGenericRemediator) {
             while (1) {
               switch (_context10.prev = _context10.next) {
                 case 0:
-                  return _context10.abrupt("return", proceed(authClient, {
+                  return _context10.abrupt("return", authClient.idx.proceed({
                     actions: [{
                       name: name,
                       params: params
@@ -7863,7 +7918,7 @@ function _remediate() {
             options = _Object$assign(_Object$assign({}, options), {
               step: undefined
             });
-            if (!(options.useGenericRemediator && !idxResponse.interactionCode)) {
+            if (!(options.useGenericRemediator && !idxResponse.interactionCode && !isTerminalResponse(idxResponse))) {
               _context4.next = 65;
               break;
             }
@@ -7980,7 +8035,7 @@ function getFlowSpecification(oktaAuth) {
 }
 
 function initializeValues(options) {
-  var knownOptions = ['flow', 'remediators', 'actions', 'withCredentials', 'step', 'shouldProceedWithEmailAuthenticator'];
+  var knownOptions = ['flow', 'remediators', 'actions', 'withCredentials', 'step', 'useGenericRemediator', 'exchangeCodeForTokens', 'shouldProceedWithEmailAuthenticator'];
   var values = _Object$assign({}, options);
   knownOptions.forEach(function (option) {
     delete values[option];
@@ -7988,13 +8043,13 @@ function initializeValues(options) {
   return values;
 }
 function initializeData(authClient, data) {
-  var _a;
   var options = data.options;
-  var flow = options.flow,
-      withCredentials = options.withCredentials,
-      remediators = options.remediators,
-      actions = options.actions,
-      useGenericRemediator = options.useGenericRemediator;
+  options = _Object$assign(_Object$assign({}, authClient.options.idx), options);
+  var _options = options,
+      flow = _options.flow,
+      withCredentials = _options.withCredentials,
+      remediators = _options.remediators,
+      actions = _options.actions;
   var status = IdxStatus.PENDING;
   flow = flow || authClient.idx.getFlow() || 'default';
   if (flow) {
@@ -8004,14 +8059,12 @@ function initializeData(authClient, data) {
     remediators = remediators || flowSpec.remediators;
     actions = actions || flowSpec.actions;
   }
-  useGenericRemediator = useGenericRemediator || ((_a = authClient.options.idx) === null || _a === void 0 ? void 0 : _a.useGenericRemediator) || false;
   return _Object$assign(_Object$assign({}, data), {
     options: _Object$assign(_Object$assign({}, options), {
       flow: flow,
       withCredentials: withCredentials,
       remediators: remediators,
-      actions: actions,
-      useGenericRemediator: useGenericRemediator
+      actions: actions
     }),
     status: status
   });
@@ -8520,6 +8573,52 @@ function _handleEmailVerifyCallback() {
   return _handleEmailVerifyCallback.apply(this, arguments);
 }
 
+function canProceed(authClient) {
+  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  var meta = getSavedTransactionMeta(authClient, options);
+  return !!(meta || options.stateHandle);
+}
+function proceed(_x) {
+  return _proceed.apply(this, arguments);
+}
+function _proceed() {
+  _proceed = _asyncToGenerator( _regeneratorRuntime.mark(function _callee(authClient) {
+    var options,
+        flow,
+        state,
+        meta,
+        _args = arguments;
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            options = _args.length > 1 && _args[1] !== undefined ? _args[1] : {};
+            if (canProceed(authClient, options)) {
+              _context.next = 3;
+              break;
+            }
+            throw new AuthSdkError('Unable to proceed: saved transaction could not be loaded');
+          case 3:
+            flow = options.flow, state = options.state;
+            if (!flow) {
+              meta = getSavedTransactionMeta(authClient, {
+                state: state
+              });
+              flow = meta === null || meta === void 0 ? void 0 : meta.flow;
+            }
+            return _context.abrupt("return", run(authClient, _Object$assign(_Object$assign({}, options), {
+              flow: flow
+            })));
+          case 6:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee);
+  }));
+  return _proceed.apply(this, arguments);
+}
+
 function poll(_x) {
   return _poll.apply(this, arguments);
 }
@@ -8808,7 +8907,7 @@ function _unlockAccount() {
 var OktaUserAgent = function () {
   function OktaUserAgent() {
     _classCallCheck(this, OktaUserAgent);
-    this.environments = ["okta-auth-js/".concat("6.5.2")];
+    this.environments = ["okta-auth-js/".concat("6.6.1")];
   }
   _createClass(OktaUserAgent, [{
     key: "addEnvironment",
@@ -8826,7 +8925,7 @@ var OktaUserAgent = function () {
   }, {
     key: "getVersion",
     value: function getVersion() {
-      return "6.5.2";
+      return "6.6.1";
     }
   }, {
     key: "maybeAddNodeEnvironment",
@@ -8861,7 +8960,13 @@ var OktaAuth = function () {
           return storage.get(name);
         }
       }),
-      introspect: introspectAuthn.bind(null, this)
+      introspect: introspectAuthn.bind(null, this),
+      createTransaction: function createTransaction(res) {
+        return new AuthTransaction(_this, res);
+      },
+      postToTransaction: function postToTransaction$1(url, args, options) {
+        return postToTransaction(_this, url, args, options);
+      }
     };
     this.pkce = {
       DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,
@@ -8927,24 +9032,21 @@ var OktaAuth = function () {
       renew: renewToken.bind(null, this),
       renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),
       renewTokens: renewTokens.bind(null, this),
-      getUserInfo: getUserInfo.bind(null, this),
+      getUserInfo: function getUserInfo$1(accessTokenObject, idTokenObject) {
+        return getUserInfo(_this, accessTokenObject, idTokenObject);
+      },
       verify: verifyToken.bind(null, this),
       isLoginRedirect: isLoginRedirect.bind(null, this)
     };
-    var syncMethods = [
-    'decode', 'isLoginRedirect',
-    'getWithRedirect', 'parseFromUrl'];
-    _Object$keys(this.token).forEach(function (key) {
-      if (_indexOfInstanceProperty(syncMethods).call(syncMethods, key) >= 0) {
-        return;
-      }
-      var method = _this.token[key];
-      _this.token[key] = PromiseQueue.prototype.push.bind(_this._tokenQueue, method, null);
+    var toWrap = ['getWithoutPrompt', 'getWithPopup', 'revoke', 'renew', 'renewTokensWithRefresh', 'renewTokens'];
+    toWrap.forEach(function (key) {
+      _this.token[key] = useQueue(_this.token[key]);
     });
     var boundStartTransaction = startTransaction.bind(null, this);
     this.idx = {
       interact: interact.bind(null, this),
       introspect: introspect.bind(null, this),
+      makeIdxResponse: makeIdxState.bind(null, this),
       authenticate: authenticate.bind(null, this),
       register: register.bind(null, this),
       start: boundStartTransaction,
@@ -8986,19 +9088,53 @@ var OktaAuth = function () {
   }
   _createClass(OktaAuth, [{
     key: "start",
-    value: function start() {
-      this.tokenManager.start();
-      if (!this.token.isLoginRedirect()) {
-        this.authStateManager.updateAuthState();
+    value: function () {
+      var _start = _asyncToGenerator( _regeneratorRuntime.mark(function _callee() {
+        return _regeneratorRuntime.wrap(function _callee$(_context) {
+          while (1) {
+            switch (_context.prev = _context.next) {
+              case 0:
+                this.tokenManager.start();
+                if (!this.token.isLoginRedirect()) {
+                  this.authStateManager.updateAuthState();
+                }
+                _context.next = 4;
+                return this.serviceManager.start();
+              case 4:
+              case "end":
+                return _context.stop();
+            }
+          }
+        }, _callee, this);
+      }));
+      function start() {
+        return _start.apply(this, arguments);
       }
-      this.serviceManager.start();
-    }
+      return start;
+    }()
   }, {
     key: "stop",
-    value: function stop() {
-      this.tokenManager.stop();
-      this.serviceManager.stop();
-    }
+    value: function () {
+      var _stop = _asyncToGenerator( _regeneratorRuntime.mark(function _callee2() {
+        return _regeneratorRuntime.wrap(function _callee2$(_context2) {
+          while (1) {
+            switch (_context2.prev = _context2.next) {
+              case 0:
+                this.tokenManager.stop();
+                _context2.next = 3;
+                return this.serviceManager.stop();
+              case 3:
+              case "end":
+                return _context2.stop();
+            }
+          }
+        }, _callee2, this);
+      }));
+      function stop() {
+        return _stop.apply(this, arguments);
+      }
+      return stop;
+    }()
   }, {
     key: "setHeaders",
     value: function setHeaders(headers) {
@@ -9007,18 +9143,18 @@ var OktaAuth = function () {
   }, {
     key: "signIn",
     value: function () {
-      var _signIn = _asyncToGenerator( _regeneratorRuntime.mark(function _callee(opts) {
-        return _regeneratorRuntime.wrap(function _callee$(_context) {
+      var _signIn = _asyncToGenerator( _regeneratorRuntime.mark(function _callee3(opts) {
+        return _regeneratorRuntime.wrap(function _callee3$(_context3) {
           while (1) {
-            switch (_context.prev = _context.next) {
+            switch (_context3.prev = _context3.next) {
               case 0:
-                return _context.abrupt("return", this.signInWithCredentials(opts));
+                return _context3.abrupt("return", this.signInWithCredentials(opts));
               case 1:
               case "end":
-                return _context.stop();
+                return _context3.stop();
             }
           }
-        }, _callee, this);
+        }, _callee3, this);
       }));
       function signIn(_x) {
         return _signIn.apply(this, arguments);
@@ -9028,12 +9164,12 @@ var OktaAuth = function () {
   }, {
     key: "signInWithCredentials",
     value: function () {
-      var _signInWithCredentials = _asyncToGenerator( _regeneratorRuntime.mark(function _callee2(opts) {
+      var _signInWithCredentials = _asyncToGenerator( _regeneratorRuntime.mark(function _callee4(opts) {
         var _this2 = this;
         var _postToTransaction;
-        return _regeneratorRuntime.wrap(function _callee2$(_context2) {
+        return _regeneratorRuntime.wrap(function _callee4$(_context4) {
           while (1) {
-            switch (_context2.prev = _context2.next) {
+            switch (_context4.prev = _context4.next) {
               case 0:
                 opts = clone(opts || {});
                 _postToTransaction = function _postToTransaction(options) {
@@ -9041,12 +9177,12 @@ var OktaAuth = function () {
                   return postToTransaction(_this2, '/api/v1/authn', opts, options);
                 };
                 if (opts.sendFingerprint) {
-                  _context2.next = 4;
+                  _context4.next = 4;
                   break;
                 }
-                return _context2.abrupt("return", _postToTransaction());
+                return _context4.abrupt("return", _postToTransaction());
               case 4:
-                return _context2.abrupt("return", this.fingerprint().then(function (fingerprint) {
+                return _context4.abrupt("return", this.fingerprint().then(function (fingerprint) {
                   return _postToTransaction({
                     headers: {
                       'X-Device-Fingerprint': fingerprint
@@ -9055,10 +9191,10 @@ var OktaAuth = function () {
                 }));
               case 5:
               case "end":
-                return _context2.stop();
+                return _context4.stop();
             }
           }
-        }, _callee2, this);
+        }, _callee4, this);
       }));
       function signInWithCredentials(_x2) {
         return _signInWithCredentials.apply(this, arguments);
@@ -9068,44 +9204,44 @@ var OktaAuth = function () {
   }, {
     key: "signInWithRedirect",
     value: function () {
-      var _signInWithRedirect = _asyncToGenerator( _regeneratorRuntime.mark(function _callee3() {
+      var _signInWithRedirect = _asyncToGenerator( _regeneratorRuntime.mark(function _callee5() {
         var opts,
             originalUri,
             additionalParams,
             params,
-            _args3 = arguments;
-        return _regeneratorRuntime.wrap(function _callee3$(_context3) {
+            _args5 = arguments;
+        return _regeneratorRuntime.wrap(function _callee5$(_context5) {
           while (1) {
-            switch (_context3.prev = _context3.next) {
+            switch (_context5.prev = _context5.next) {
               case 0:
-                opts = _args3.length > 0 && _args3[0] !== undefined ? _args3[0] : {};
+                opts = _args5.length > 0 && _args5[0] !== undefined ? _args5[0] : {};
                 originalUri = opts.originalUri, additionalParams = __rest(opts, ["originalUri"]);
                 if (!this._pending.handleLogin) {
-                  _context3.next = 4;
+                  _context5.next = 4;
                   break;
                 }
-                return _context3.abrupt("return");
+                return _context5.abrupt("return");
               case 4:
                 this._pending.handleLogin = true;
-                _context3.prev = 5;
+                _context5.prev = 5;
                 if (originalUri) {
                   this.setOriginalUri(originalUri);
                 }
                 params = _Object$assign({
                   scopes: this.options.scopes || ['openid', 'email', 'profile']
                 }, additionalParams);
-                _context3.next = 10;
+                _context5.next = 10;
                 return this.token.getWithRedirect(params);
               case 10:
-                _context3.prev = 10;
+                _context5.prev = 10;
                 this._pending.handleLogin = false;
-                return _context3.finish(10);
+                return _context5.finish(10);
               case 13:
               case "end":
-                return _context3.stop();
+                return _context5.stop();
             }
           }
-        }, _callee3, this, [[5,, 10, 13]]);
+        }, _callee5, this, [[5,, 10, 13]]);
       }));
       function signInWithRedirect() {
         return _signInWithRedirect.apply(this, arguments);
@@ -9117,18 +9253,18 @@ var OktaAuth = function () {
     value: function closeSession() {
       var _this3 = this;
       return this.session.close()
-      .then( _asyncToGenerator( _regeneratorRuntime.mark(function _callee4() {
-        return _regeneratorRuntime.wrap(function _callee4$(_context4) {
+      .then( _asyncToGenerator( _regeneratorRuntime.mark(function _callee6() {
+        return _regeneratorRuntime.wrap(function _callee6$(_context6) {
           while (1) {
-            switch (_context4.prev = _context4.next) {
+            switch (_context6.prev = _context6.next) {
               case 0:
                 _this3.tokenManager.clear();
               case 1:
               case "end":
-                return _context4.stop();
+                return _context6.stop();
             }
           }
-        }, _callee4);
+        }, _callee6);
       }))).catch(function (e) {
         if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {
           return null;
@@ -9139,36 +9275,36 @@ var OktaAuth = function () {
   }, {
     key: "revokeAccessToken",
     value: function () {
-      var _revokeAccessToken = _asyncToGenerator( _regeneratorRuntime.mark(function _callee5(accessToken) {
+      var _revokeAccessToken = _asyncToGenerator( _regeneratorRuntime.mark(function _callee7(accessToken) {
         var accessTokenKey;
-        return _regeneratorRuntime.wrap(function _callee5$(_context5) {
+        return _regeneratorRuntime.wrap(function _callee7$(_context7) {
           while (1) {
-            switch (_context5.prev = _context5.next) {
+            switch (_context7.prev = _context7.next) {
               case 0:
                 if (accessToken) {
-                  _context5.next = 6;
+                  _context7.next = 6;
                   break;
                 }
-                _context5.next = 3;
+                _context7.next = 3;
                 return this.tokenManager.getTokens();
               case 3:
-                accessToken = _context5.sent.accessToken;
+                accessToken = _context7.sent.accessToken;
                 accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');
                 this.tokenManager.remove(accessTokenKey);
               case 6:
                 if (accessToken) {
-                  _context5.next = 8;
+                  _context7.next = 8;
                   break;
                 }
-                return _context5.abrupt("return", _Promise.resolve(null));
+                return _context7.abrupt("return", _Promise.resolve(null));
               case 8:
-                return _context5.abrupt("return", this.token.revoke(accessToken));
+                return _context7.abrupt("return", this.token.revoke(accessToken));
               case 9:
               case "end":
-                return _context5.stop();
+                return _context7.stop();
             }
           }
-        }, _callee5, this);
+        }, _callee7, this);
       }));
       function revokeAccessToken(_x3) {
         return _revokeAccessToken.apply(this, arguments);
@@ -9178,36 +9314,36 @@ var OktaAuth = function () {
   }, {
     key: "revokeRefreshToken",
     value: function () {
-      var _revokeRefreshToken = _asyncToGenerator( _regeneratorRuntime.mark(function _callee6(refreshToken) {
+      var _revokeRefreshToken = _asyncToGenerator( _regeneratorRuntime.mark(function _callee8(refreshToken) {
         var refreshTokenKey;
-        return _regeneratorRuntime.wrap(function _callee6$(_context6) {
+        return _regeneratorRuntime.wrap(function _callee8$(_context8) {
           while (1) {
-            switch (_context6.prev = _context6.next) {
+            switch (_context8.prev = _context8.next) {
               case 0:
                 if (refreshToken) {
-                  _context6.next = 6;
+                  _context8.next = 6;
                   break;
                 }
-                _context6.next = 3;
+                _context8.next = 3;
                 return this.tokenManager.getTokens();
               case 3:
-                refreshToken = _context6.sent.refreshToken;
+                refreshToken = _context8.sent.refreshToken;
                 refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');
                 this.tokenManager.remove(refreshTokenKey);
               case 6:
                 if (refreshToken) {
-                  _context6.next = 8;
+                  _context8.next = 8;
                   break;
                 }
-                return _context6.abrupt("return", _Promise.resolve(null));
+                return _context8.abrupt("return", _Promise.resolve(null));
               case 8:
-                return _context6.abrupt("return", this.token.revoke(refreshToken));
+                return _context8.abrupt("return", this.token.revoke(refreshToken));
               case 9:
               case "end":
-                return _context6.stop();
+                return _context8.stop();
             }
           }
-        }, _callee6, this);
+        }, _callee8, this);
       }));
       function revokeRefreshToken(_x4) {
         return _revokeRefreshToken.apply(this, arguments);
@@ -9244,11 +9380,11 @@ var OktaAuth = function () {
   }, {
     key: "signOut",
     value: function () {
-      var _signOut = _asyncToGenerator( _regeneratorRuntime.mark(function _callee7(options) {
+      var _signOut = _asyncToGenerator( _regeneratorRuntime.mark(function _callee9(options) {
         var defaultUri, currentUri, postLogoutRedirectUri, accessToken, refreshToken, revokeAccessToken, revokeRefreshToken, logoutUri;
-        return _regeneratorRuntime.wrap(function _callee7$(_context7) {
+        return _regeneratorRuntime.wrap(function _callee9$(_context9) {
           while (1) {
-            switch (_context7.prev = _context7.next) {
+            switch (_context9.prev = _context9.next) {
               case 0:
                 options = _Object$assign({}, options);
                 defaultUri = window.location.origin;
@@ -9268,27 +9404,27 @@ var OktaAuth = function () {
                   options.idToken = this.tokenManager.getTokensSync().idToken;
                 }
                 if (!(revokeRefreshToken && refreshToken)) {
-                  _context7.next = 14;
+                  _context9.next = 14;
                   break;
                 }
-                _context7.next = 14;
+                _context9.next = 14;
                 return this.revokeRefreshToken(refreshToken);
               case 14:
                 if (!(revokeAccessToken && accessToken)) {
-                  _context7.next = 17;
+                  _context9.next = 17;
                   break;
                 }
-                _context7.next = 17;
+                _context9.next = 17;
                 return this.revokeAccessToken(accessToken);
               case 17:
                 logoutUri = this.getSignOutRedirectUrl(_Object$assign(_Object$assign({}, options), {
                   postLogoutRedirectUri: postLogoutRedirectUri
                 }));
                 if (logoutUri) {
-                  _context7.next = 22;
+                  _context9.next = 22;
                   break;
                 }
-                return _context7.abrupt("return", this.closeSession()
+                return _context9.abrupt("return", this.closeSession()
                 .
                 then(function () {
                   if (postLogoutRedirectUri === currentUri) {
@@ -9306,10 +9442,10 @@ var OktaAuth = function () {
                 window.location.assign(logoutUri);
               case 24:
               case "end":
-                return _context7.stop();
+                return _context9.stop();
             }
           }
-        }, _callee7, this);
+        }, _callee9, this);
       }));
       function signOut(_x5) {
         return _signOut.apply(this, arguments);
@@ -9330,7 +9466,7 @@ var OktaAuth = function () {
   }, {
     key: "isAuthenticated",
     value: function () {
-      var _isAuthenticated = _asyncToGenerator( _regeneratorRuntime.mark(function _callee8() {
+      var _isAuthenticated = _asyncToGenerator( _regeneratorRuntime.mark(function _callee10() {
         var options,
             _this$tokenManager$ge,
             autoRenew,
@@ -9341,37 +9477,37 @@ var OktaAuth = function () {
             accessToken,
             _this$tokenManager$ge3,
             idToken,
-            _args8 = arguments;
-        return _regeneratorRuntime.wrap(function _callee8$(_context8) {
+            _args10 = arguments;
+        return _regeneratorRuntime.wrap(function _callee10$(_context10) {
           while (1) {
-            switch (_context8.prev = _context8.next) {
+            switch (_context10.prev = _context10.next) {
               case 0:
-                options = _args8.length > 0 && _args8[0] !== undefined ? _args8[0] : {};
+                options = _args10.length > 0 && _args10[0] !== undefined ? _args10[0] : {};
                 _this$tokenManager$ge = this.tokenManager.getOptions(), autoRenew = _this$tokenManager$ge.autoRenew, autoRemove = _this$tokenManager$ge.autoRemove;
                 shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;
                 shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;
                 _this$tokenManager$ge2 = this.tokenManager.getTokensSync(), accessToken = _this$tokenManager$ge2.accessToken;
                 if (!(accessToken && this.tokenManager.hasExpired(accessToken))) {
-                  _context8.next = 19;
+                  _context10.next = 19;
                   break;
                 }
                 accessToken = undefined;
                 if (!shouldRenew) {
-                  _context8.next = 18;
+                  _context10.next = 18;
                   break;
                 }
-                _context8.prev = 8;
-                _context8.next = 11;
+                _context10.prev = 8;
+                _context10.next = 11;
                 return this.tokenManager.renew('accessToken');
               case 11:
-                accessToken = _context8.sent;
-                _context8.next = 16;
+                accessToken = _context10.sent;
+                _context10.next = 16;
                 break;
               case 14:
-                _context8.prev = 14;
-                _context8.t0 = _context8["catch"](8);
+                _context10.prev = 14;
+                _context10.t0 = _context10["catch"](8);
               case 16:
-                _context8.next = 19;
+                _context10.next = 19;
                 break;
               case 18:
                 if (shouldRemove) {
@@ -9380,39 +9516,39 @@ var OktaAuth = function () {
               case 19:
                 _this$tokenManager$ge3 = this.tokenManager.getTokensSync(), idToken = _this$tokenManager$ge3.idToken;
                 if (!(idToken && this.tokenManager.hasExpired(idToken))) {
-                  _context8.next = 34;
+                  _context10.next = 34;
                   break;
                 }
                 idToken = undefined;
                 if (!shouldRenew) {
-                  _context8.next = 33;
+                  _context10.next = 33;
                   break;
                 }
-                _context8.prev = 23;
-                _context8.next = 26;
+                _context10.prev = 23;
+                _context10.next = 26;
                 return this.tokenManager.renew('idToken');
               case 26:
-                idToken = _context8.sent;
-                _context8.next = 31;
+                idToken = _context10.sent;
+                _context10.next = 31;
                 break;
               case 29:
-                _context8.prev = 29;
-                _context8.t1 = _context8["catch"](23);
+                _context10.prev = 29;
+                _context10.t1 = _context10["catch"](23);
               case 31:
-                _context8.next = 34;
+                _context10.next = 34;
                 break;
               case 33:
                 if (shouldRemove) {
                   this.tokenManager.remove('idToken');
                 }
               case 34:
-                return _context8.abrupt("return", !!(accessToken && idToken));
+                return _context10.abrupt("return", !!(accessToken && idToken));
               case 35:
               case "end":
-                return _context8.stop();
+                return _context10.stop();
             }
           }
-        }, _callee8, this, [[8, 14], [23, 29]]);
+        }, _callee10, this, [[8, 14], [23, 29]]);
       }));
       function isAuthenticated() {
         return _isAuthenticated.apply(this, arguments);
@@ -9422,20 +9558,20 @@ var OktaAuth = function () {
   }, {
     key: "getUser",
     value: function () {
-      var _getUser = _asyncToGenerator( _regeneratorRuntime.mark(function _callee9() {
+      var _getUser = _asyncToGenerator( _regeneratorRuntime.mark(function _callee11() {
         var _this$tokenManager$ge4, idToken, accessToken;
-        return _regeneratorRuntime.wrap(function _callee9$(_context9) {
+        return _regeneratorRuntime.wrap(function _callee11$(_context11) {
           while (1) {
-            switch (_context9.prev = _context9.next) {
+            switch (_context11.prev = _context11.next) {
               case 0:
                 _this$tokenManager$ge4 = this.tokenManager.getTokensSync(), idToken = _this$tokenManager$ge4.idToken, accessToken = _this$tokenManager$ge4.accessToken;
-                return _context9.abrupt("return", this.token.getUserInfo(accessToken, idToken));
+                return _context11.abrupt("return", this.token.getUserInfo(accessToken, idToken));
               case 2:
               case "end":
-                return _context9.stop();
+                return _context11.stop();
             }
           }
-        }, _callee9, this);
+        }, _callee11, this);
       }));
       function getUser() {
         return _getUser.apply(this, arguments);
@@ -9466,24 +9602,24 @@ var OktaAuth = function () {
   }, {
     key: "storeTokensFromRedirect",
     value: function () {
-      var _storeTokensFromRedirect = _asyncToGenerator( _regeneratorRuntime.mark(function _callee10() {
+      var _storeTokensFromRedirect = _asyncToGenerator( _regeneratorRuntime.mark(function _callee12() {
         var _yield$this$token$par, tokens;
-        return _regeneratorRuntime.wrap(function _callee10$(_context10) {
+        return _regeneratorRuntime.wrap(function _callee12$(_context12) {
           while (1) {
-            switch (_context10.prev = _context10.next) {
+            switch (_context12.prev = _context12.next) {
               case 0:
-                _context10.next = 2;
+                _context12.next = 2;
                 return this.token.parseFromUrl();
               case 2:
-                _yield$this$token$par = _context10.sent;
+                _yield$this$token$par = _context12.sent;
                 tokens = _yield$this$token$par.tokens;
                 this.tokenManager.setTokens(tokens);
               case 5:
               case "end":
-                return _context10.stop();
+                return _context12.stop();
             }
           }
-        }, _callee10, this);
+        }, _callee12, this);
       }));
       function storeTokensFromRedirect() {
         return _storeTokensFromRedirect.apply(this, arguments);
@@ -9534,64 +9670,64 @@ var OktaAuth = function () {
   }, {
     key: "handleLoginRedirect",
     value: function () {
-      var _handleLoginRedirect = _asyncToGenerator( _regeneratorRuntime.mark(function _callee11(tokens, originalUri) {
+      var _handleLoginRedirect = _asyncToGenerator( _regeneratorRuntime.mark(function _callee13(tokens, originalUri) {
         var state, oAuthResponse, restoreOriginalUri;
-        return _regeneratorRuntime.wrap(function _callee11$(_context11) {
+        return _regeneratorRuntime.wrap(function _callee13$(_context13) {
           while (1) {
-            switch (_context11.prev = _context11.next) {
+            switch (_context13.prev = _context13.next) {
               case 0:
                 state = this.options.state;
                 if (!tokens) {
-                  _context11.next = 6;
+                  _context13.next = 6;
                   break;
                 }
                 this.tokenManager.setTokens(tokens);
                 originalUri = originalUri || this.getOriginalUri(this.options.state);
-                _context11.next = 25;
+                _context13.next = 25;
                 break;
               case 6:
                 if (!this.isLoginRedirect()) {
-                  _context11.next = 24;
+                  _context13.next = 24;
                   break;
                 }
-                _context11.prev = 7;
-                _context11.next = 10;
+                _context13.prev = 7;
+                _context13.next = 10;
                 return parseOAuthResponseFromUrl(this, {});
               case 10:
-                oAuthResponse = _context11.sent;
+                oAuthResponse = _context13.sent;
                 state = oAuthResponse.state;
                 originalUri = originalUri || this.getOriginalUri(state);
-                _context11.next = 15;
+                _context13.next = 15;
                 return this.storeTokensFromRedirect();
               case 15:
-                _context11.next = 22;
+                _context13.next = 22;
                 break;
               case 17:
-                _context11.prev = 17;
-                _context11.t0 = _context11["catch"](7);
-                _context11.next = 21;
+                _context13.prev = 17;
+                _context13.t0 = _context13["catch"](7);
+                _context13.next = 21;
                 return this.authStateManager.updateAuthState();
               case 21:
-                throw _context11.t0;
+                throw _context13.t0;
               case 22:
-                _context11.next = 25;
+                _context13.next = 25;
                 break;
               case 24:
-                return _context11.abrupt("return");
+                return _context13.abrupt("return");
               case 25:
-                _context11.next = 27;
+                _context13.next = 27;
                 return this.authStateManager.updateAuthState();
               case 27:
                 this.removeOriginalUri(state);
                 restoreOriginalUri = this.options.restoreOriginalUri;
                 if (!restoreOriginalUri) {
-                  _context11.next = 34;
+                  _context13.next = 34;
                   break;
                 }
-                _context11.next = 32;
+                _context13.next = 32;
                 return restoreOriginalUri(this, originalUri);
               case 32:
-                _context11.next = 35;
+                _context13.next = 35;
                 break;
               case 34:
                 if (originalUri) {
@@ -9599,10 +9735,10 @@ var OktaAuth = function () {
                 }
               case 35:
               case "end":
-                return _context11.stop();
+                return _context13.stop();
             }
           }
-        }, _callee11, this, [[7, 17]]);
+        }, _callee13, this, [[7, 17]]);
       }));
       function handleLoginRedirect(_x6, _x7) {
         return _handleLoginRedirect.apply(this, arguments);
@@ -9619,8 +9755,8 @@ var OktaAuth = function () {
     value: function hasResponseType(responseType) {
       var hasResponseType = false;
       if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
-        var _context12;
-        hasResponseType = _indexOfInstanceProperty(_context12 = this.options.responseType).call(_context12, responseType) >= 0;
+        var _context14;
+        hasResponseType = _indexOfInstanceProperty(_context14 = this.options.responseType).call(_context14, responseType) >= 0;
       } else {
         hasResponseType = this.options.responseType === responseType;
       }
@@ -9654,29 +9790,29 @@ var OktaAuth = function () {
   }, {
     key: "invokeApiMethod",
     value: function () {
-      var _invokeApiMethod = _asyncToGenerator( _regeneratorRuntime.mark(function _callee12(options) {
+      var _invokeApiMethod = _asyncToGenerator( _regeneratorRuntime.mark(function _callee14(options) {
         var accessToken;
-        return _regeneratorRuntime.wrap(function _callee12$(_context13) {
+        return _regeneratorRuntime.wrap(function _callee14$(_context15) {
           while (1) {
-            switch (_context13.prev = _context13.next) {
+            switch (_context15.prev = _context15.next) {
               case 0:
                 if (options.accessToken) {
-                  _context13.next = 5;
+                  _context15.next = 5;
                   break;
                 }
-                _context13.next = 3;
+                _context15.next = 3;
                 return this.tokenManager.getTokens();
               case 3:
-                accessToken = _context13.sent.accessToken;
+                accessToken = _context15.sent.accessToken;
                 options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
               case 5:
-                return _context13.abrupt("return", httpRequest(this, options));
+                return _context15.abrupt("return", httpRequest(this, options));
               case 6:
               case "end":
-                return _context13.stop();
+                return _context15.stop();
             }
           }
-        }, _callee12, this);
+        }, _callee14, this);
       }));
       function invokeApiMethod(_x8) {
         return _invokeApiMethod.apply(this, arguments);
@@ -9694,5 +9830,5 @@ _Object$assign(OktaAuth, {
   constants: constants
 });
 
-export { ACCESS_TOKEN_STORAGE_KEY, AuthApiError, AuthPollStopError, AuthSdkError, AuthStateManager, AuthTransaction, AuthenticatorKey, CACHE_STORAGE_NAME, DEFAULT_CACHE_DURATION, DEFAULT_CODE_CHALLENGE_METHOD, DEFAULT_MAX_CLOCK_SKEW, DEFAULT_POLLING_DELAY, EVENT_ADDED, EVENT_ERROR, EVENT_EXPIRED, EVENT_REMOVED, EVENT_RENEWED, IDX_API_VERSION, IDX_RESPONSE_STORAGE_NAME, ID_TOKEN_STORAGE_KEY, INITIAL_AUTH_STATE, IdxFeature, IdxStatus, MAX_VERIFIER_LENGTH, MIN_VERIFIER_LENGTH, OAuthError, ORIGINAL_URI_STORAGE_NAME, OktaAuth, PKCE_STORAGE_NAME, REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME, REFERRER_PATH_STORAGE_KEY, REFRESH_TOKEN_STORAGE_KEY, SHARED_TRANSACTION_STORAGE_NAME, STATE_TOKEN_KEY_NAME, StorageManager, TOKEN_STORAGE_NAME, TRANSACTION_STORAGE_NAME, TokenManager, addListener, addPostMessageListener, addStateToken, assertPKCESupport, authenticate, bind, buildAuthorizeParams, canProceed, cancel, clearTransactionMeta, clone, convertTokenParamsToOAuthParams, createOAuthMeta, createTransactionMeta, crypto$1 as crypto, decodeToken, delay, deprecate, deprecateWrap, exchangeCodeForTokens, extend, find, genRandomString, generateNonce, generateState, getConsole, getDefaultTokenParams, getHashOrSearch, getKey, getLink, getNativeConsole, getOAuthBaseUrl, getOAuthDomain, getOAuthUrls, getPollFn, getSavedTransactionMeta, getStateToken, getToken, getTransactionMeta, getUserInfo, getWellKnown, getWithPopup, getWithRedirect, getWithoutPrompt, handleEmailVerifyCallback, handleInteractionCodeRedirect, handleOAuthResponse, hasAuthorizationCode, hasErrorInUrl, hasInteractionCode, hasSavedInteractionHandle, hasTokensInHash, interact, introspect, introspectAuthn, isAbsoluteUrl, isAccessToken, isAuthApiError, isAuthenticator, isAuthorizationCodeError, isCodeFlow, isCustomAuthTransactionMeta, isEmailVerifyCallback, isEmailVerifyCallbackError, isFunction, isIDToken, isIdxTransactionMeta, isInteractionRequired, isInteractionRequiredError, isLoginRedirect, isNumber, isOAuthTransactionMeta, isObject, isPKCETransactionMeta, isPromise, isRedirectUri, isRefreshToken, isRefreshTokenError, isSameRefreshToken, isString, isToken, isTransactionMeta, isTransactionMetaValid, isTransactionMetaValidForFlow, isTransactionMetaValidForOptions, isoToUTCString, loadFrame, loadPopup, omit, parseEmailVerifyCallback, parseFromUrl, PKCE as pkce, poll, postRefreshToken, postToTokenEndpoint, postToTransaction, preparePKCE, prepareTokenParams, proceed, recoverPassword, register, removeListener, removeNils, removeTrailingSlash, renewToken, renewTokens, renewTokensWithRefresh, resumeTransaction, revokeToken, saveTransactionMeta, startTransaction, toAbsoluteUrl, toQueryString, toRelativeUrl, transactionExists, transactionStatus, transactionStep, unlockAccount, urlParamsToObject, validateClaims, validateCodeChallengeMethod, validateToken, verifyToken, warn };
+export { ACCESS_TOKEN_STORAGE_KEY, AuthApiError, AuthPollStopError, AuthSdkError, AuthStateManager, AuthTransaction, AuthenticatorKey, CACHE_STORAGE_NAME, DEFAULT_CACHE_DURATION, DEFAULT_CODE_CHALLENGE_METHOD, DEFAULT_MAX_CLOCK_SKEW, DEFAULT_POLLING_DELAY, EVENT_ADDED, EVENT_ERROR, EVENT_EXPIRED, EVENT_REMOVED, EVENT_RENEWED, IDX_API_VERSION, IDX_RESPONSE_STORAGE_NAME, ID_TOKEN_STORAGE_KEY, INITIAL_AUTH_STATE, IdxFeature, IdxStatus, MAX_VERIFIER_LENGTH, MIN_VERIFIER_LENGTH, OAuthError, ORIGINAL_URI_STORAGE_NAME, OktaAuth, PKCE_STORAGE_NAME, REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME, REFERRER_PATH_STORAGE_KEY, REFRESH_TOKEN_STORAGE_KEY, SHARED_TRANSACTION_STORAGE_NAME, STATE_TOKEN_KEY_NAME, StorageManager, TOKEN_STORAGE_NAME, TRANSACTION_STORAGE_NAME, TokenManager, addListener, addPostMessageListener, addStateToken, assertPKCESupport, authenticate, bind, buildAuthorizeParams, canProceed, cancel, clearTransactionMeta, clone, convertTokenParamsToOAuthParams, createOAuthMeta, createTransactionMeta, crypto$1 as crypto, decodeToken, delay, deprecate, deprecateWrap, exchangeCodeForTokens, extend, find, genRandomString, generateNonce, generateState, getConsole, getDefaultTokenParams, getHashOrSearch, getKey, getLink, getNativeConsole, getOAuthBaseUrl, getOAuthDomain, getOAuthUrls, getPollFn, getSavedTransactionMeta, getStateToken, getToken, getTransactionMeta, getUserInfo, getWellKnown, getWithPopup, getWithRedirect, getWithoutPrompt, handleEmailVerifyCallback, handleInteractionCodeRedirect, handleOAuthResponse, hasAuthorizationCode, hasErrorInUrl, hasInteractionCode, hasSavedInteractionHandle, hasTokensInHash, interact, introspect, introspectAuthn, isAbsoluteUrl, isAccessToken, isAuthApiError, isAuthenticator, isAuthorizationCodeError, isCodeFlow, isCustomAuthTransactionMeta, isEmailVerifyCallback, isEmailVerifyCallbackError, isFunction, isIDToken, isIdxTransactionMeta, isInteractionRequired, isInteractionRequiredError, isLoginRedirect, isNumber, isOAuthError, isOAuthTransactionMeta, isObject, isPKCETransactionMeta, isPromise, isRedirectUri, isRefreshToken, isRefreshTokenError, isRefreshTokenInvalidError, isSameRefreshToken, isString, isToken, isTransactionMeta, isTransactionMetaValid, isTransactionMetaValidForFlow, isTransactionMetaValidForOptions, isoToUTCString, loadFrame, loadPopup, omit, parseEmailVerifyCallback, parseFromUrl, PKCE as pkce, poll, postRefreshToken, postToTokenEndpoint, postToTransaction, preparePKCE, prepareTokenParams, proceed, recoverPassword, register, removeListener, removeNils, removeTrailingSlash, renewToken, renewTokens, renewTokensWithRefresh, resumeTransaction, revokeToken, saveTransactionMeta, startTransaction, toAbsoluteUrl, toQueryString, toRelativeUrl, transactionExists, transactionStatus, transactionStep, unlockAccount, urlParamsToObject, validateClaims, validateCodeChallengeMethod, validateToken, verifyToken, warn };
 //# sourceMappingURL=esm.browser.js.map