@okta/okta-auth-js 6.6.1 → 6.7.1

package/cjs/myaccount/types.js

@@ -0,0 +1,64 @@
+"use strict";
+
+Object.defineProperty(exports, "EmailTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.EmailTransaction;
+  }
+});
+Object.defineProperty(exports, "EmailStatusTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.EmailStatusTransaction;
+  }
+});
+Object.defineProperty(exports, "EmailChallengeTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.EmailChallengeTransaction;
+  }
+});
+Object.defineProperty(exports, "PhoneTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.PhoneTransaction;
+  }
+});
+Object.defineProperty(exports, "ProfileTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.ProfileTransaction;
+  }
+});
+Object.defineProperty(exports, "ProfileSchemaTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.ProfileSchemaTransaction;
+  }
+});
+Object.defineProperty(exports, "BaseTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.BaseTransaction;
+  }
+});
+exports.Status = exports.EmailRole = void 0;
+
+var _transactions = require("./transactions");
+
+let EmailRole;
+exports.EmailRole = EmailRole;
+
+(function (EmailRole) {
+  EmailRole["PRIMARY"] = "PRIMARY";
+  EmailRole["SECONDARY"] = "SECONDARY";
+})(EmailRole || (exports.EmailRole = EmailRole = {}));
+
+let Status;
+exports.Status = Status;
+
+(function (Status) {
+  Status["VERIFIED"] = "VERIFIED";
+  Status["UNVERIFIED"] = "UNVERIFIED";
+})(Status || (exports.Status = Status = {}));
+//# sourceMappingURL=types.js.map

package/cjs/myaccount/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","names":["EmailRole","Status"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import { OktaAuthInterface } from '../types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;IAUYA,S;;;WAAAA,S;EAAAA,S;EAAAA,S;GAAAA,S,yBAAAA,S;;IAKAC,M;;;WAAAA,M;EAAAA,M;EAAAA,M;GAAAA,M,sBAAAA,M"}

package/cjs/oidc/decodeToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/decodeToken.ts"],"names":["decodeToken","token","jwt","split","decodedToken","header","JSON","parse","payload","signature","e","AuthSdkError"],"mappings":";;;;AAYA;;AAEA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKO,SAASA,WAAT,CAAqBC,KAArB,EAA+C;AACpD,MAAIC,GAAG,GAAGD,KAAK,CAACE,KAAN,CAAY,GAAZ,CAAV;AACA,MAAIC,YAAJ;;AAEA,MAAI;AACFA,IAAAA,YAAY,GAAG;AACbC,MAAAA,MAAM,EAAEC,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CADK;AAEbM,MAAAA,OAAO,EAAEF,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CAFI;AAGbO,MAAAA,SAAS,EAAEP,GAAG,CAAC,CAAD;AAHD,KAAf;AAKD,GAND,CAME,OAAOQ,CAAP,EAAU;AACV,UAAM,IAAIC,oBAAJ,CAAiB,iBAAjB,CAAN;AACD;;AAED,SAAOP,YAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from '../types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n  var jwt = token.split('.');\n  var decodedToken: JWTObject;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(base64UrlToString(jwt[0])),\n      payload: JSON.parse(base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n"],"file":"decodeToken.js"}
+{"version":3,"file":"decodeToken.js","names":["decodeToken","token","jwt","split","decodedToken","header","JSON","parse","payload","signature","e","AuthSdkError"],"sources":["../../../lib/oidc/decodeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from '../types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n  var jwt = token.split('.');\n  var decodedToken: JWTObject;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(base64UrlToString(jwt[0])),\n      payload: JSON.parse(base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n"],"mappings":";;;;AAYA;;AAEA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKO,SAASA,WAAT,CAAqBC,KAArB,EAA+C;EACpD,IAAIC,GAAG,GAAGD,KAAK,CAACE,KAAN,CAAY,GAAZ,CAAV;EACA,IAAIC,YAAJ;;EAEA,IAAI;IACFA,YAAY,GAAG;MACbC,MAAM,EAAEC,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CADK;MAEbM,OAAO,EAAEF,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CAFI;MAGbO,SAAS,EAAEP,GAAG,CAAC,CAAD;IAHD,CAAf;EAKD,CAND,CAME,OAAOQ,CAAP,EAAU;IACV,MAAM,IAAIC,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,OAAOP,YAAP;AACD"}

package/cjs/oidc/endpoints/authorize.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"mappings":";;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;AAAA;;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,oBAASF,WAAW,CAACG,YAArB,KAAsC,iCAAAH,WAAW,CAACG,YAAZ,iBAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAID,oBAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIE,WAAwB,GAAG;AAC7B,iBAAaJ,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACK,aAFD;AAG7B,6BAAyBL,WAAW,CAACM,mBAHR;AAI7B,eAAWN,WAAW,CAACO,OAJM;AAK7B,WAAOP,WAAW,CAACQ,GALU;AAM7B,iBAAaR,WAAW,CAACS,QANI;AAO7B,kBAAcT,WAAW,CAACU,SAPG;AAQ7B,eAAWV,WAAW,CAACW,MARM;AAS7B,aAASX,WAAW,CAACY,KATQ;AAU7B,cAAUZ,WAAW,CAACa,MAVO;AAW7B,oBAAgBb,WAAW,CAACc,WAXC;AAY7B,qBAAiBd,WAAW,CAACe,YAZA;AAa7B,qBAAiBf,WAAW,CAACG,YAbA;AAc7B,oBAAgBH,WAAW,CAACgB,YAdC;AAe7B,aAAShB,WAAW,CAACiB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAG,sBAAWA,WAAX,CAAd;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAI,kCAAAtB,WAAW,CAACG,YAAZ,kBAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACF,kCAAAH,WAAW,CAACuB,MAAZ,kBAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;AAC9C,UAAM,IAAIrB,oBAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLE,IAAAA,WAAW,CAACoB,KAAZ,GAAoBxB,WAAW,CAACuB,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8BzB,WAA9B,EAAwD;AAC7D,MAAI0B,gBAAgB,GAAG3B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAO,yBAAc,EACnB,GAAG0B,gBADgB;AAEnB,QAAI1B,WAAW,CAAC2B,WAAZ,IAA2B,EAAE,GAAG3B,WAAW,CAAC2B;AAAjB,KAA/B;AAFmB,GAAd,CAAP;AAID","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n  // Quick validation\n  if (!tokenParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthParams: OAuthParams = {\n    'client_id': tokenParams.clientId,\n    'code_challenge': tokenParams.codeChallenge,\n    'code_challenge_method': tokenParams.codeChallengeMethod,\n    'display': tokenParams.display,\n    'idp': tokenParams.idp,\n    'idp_scope': tokenParams.idpScope,\n    'login_hint': tokenParams.loginHint,\n    'max_age': tokenParams.maxAge,\n    'nonce': tokenParams.nonce,\n    'prompt': tokenParams.prompt,\n    'redirect_uri': tokenParams.redirectUri,\n    'response_mode': tokenParams.responseMode,\n    'response_type': tokenParams.responseType,\n    'sessionToken': tokenParams.sessionToken,\n    'state': tokenParams.state,\n  };\n  oauthParams = removeNils(oauthParams) as OAuthParams;\n\n  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthParams[mayBeArray])) {\n      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n    tokenParams.scopes!.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthParams.scope = tokenParams.scopes!.join(' ');\n  }\n\n  return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n  return toQueryString({ \n    ...oauthQueryParams, \n    ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n  });\n}\n"],"file":"authorize.js"}
+{"version":3,"file":"authorize.js","names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n  // Quick validation\n  if (!tokenParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthParams: OAuthParams = {\n    'client_id': tokenParams.clientId,\n    'code_challenge': tokenParams.codeChallenge,\n    'code_challenge_method': tokenParams.codeChallengeMethod,\n    'display': tokenParams.display,\n    'idp': tokenParams.idp,\n    'idp_scope': tokenParams.idpScope,\n    'login_hint': tokenParams.loginHint,\n    'max_age': tokenParams.maxAge,\n    'nonce': tokenParams.nonce,\n    'prompt': tokenParams.prompt,\n    'redirect_uri': tokenParams.redirectUri,\n    'response_mode': tokenParams.responseMode,\n    'response_type': tokenParams.responseType,\n    'sessionToken': tokenParams.sessionToken,\n    'state': tokenParams.state,\n  };\n  oauthParams = removeNils(oauthParams) as OAuthParams;\n\n  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthParams[mayBeArray])) {\n      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n    tokenParams.scopes!.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthParams.scope = tokenParams.scopes!.join(' ');\n  }\n\n  return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n  return toQueryString({ \n    ...oauthQueryParams, \n    ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n  });\n}\n"],"mappings":";;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;EAAA;;EACxE;EACA,IAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;IACzB,MAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;EACD;;EAED,IAAI,oBAASF,WAAW,CAACG,YAArB,KAAsC,iCAAAH,WAAW,CAACG,YAAZ,iBAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;IACtF,MAAM,IAAID,oBAAJ,CAAiB,0DAAjB,CAAN;EACD,CARuE,CAUxE;;;EACA,IAAIE,WAAwB,GAAG;IAC7B,aAAaJ,WAAW,CAACC,QADI;IAE7B,kBAAkBD,WAAW,CAACK,aAFD;IAG7B,yBAAyBL,WAAW,CAACM,mBAHR;IAI7B,WAAWN,WAAW,CAACO,OAJM;IAK7B,OAAOP,WAAW,CAACQ,GALU;IAM7B,aAAaR,WAAW,CAACS,QANI;IAO7B,cAAcT,WAAW,CAACU,SAPG;IAQ7B,WAAWV,WAAW,CAACW,MARM;IAS7B,SAASX,WAAW,CAACY,KATQ;IAU7B,UAAUZ,WAAW,CAACa,MAVO;IAW7B,gBAAgBb,WAAW,CAACc,WAXC;IAY7B,iBAAiBd,WAAW,CAACe,YAZA;IAa7B,iBAAiBf,WAAW,CAACG,YAbA;IAc7B,gBAAgBH,WAAW,CAACgB,YAdC;IAe7B,SAAShB,WAAW,CAACiB;EAfQ,CAA/B;EAiBAb,WAAW,GAAG,sBAAWA,WAAX,CAAd;EAEA,CAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;IAC3D,IAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;MAC1Cf,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;IACD;EACF,CAJD;;EAMA,IAAI,kCAAAtB,WAAW,CAACG,YAAZ,kBAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACF,kCAAAH,WAAW,CAACuB,MAAZ,kBAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;IAC9C,MAAM,IAAIrB,oBAAJ,CAAiB,mFAAjB,CAAN;EACD,CAHD,MAGO;IACLE,WAAW,CAACoB,KAAZ,GAAoBxB,WAAW,CAACuB,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;EACD;;EAED,OAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8BzB,WAA9B,EAAwD;EAC7D,IAAI0B,gBAAgB,GAAG3B,+BAA+B,CAACC,WAAD,CAAtD;EACA,OAAO,yBAAc,EACnB,GAAG0B,gBADgB;IAEnB,IAAI1B,WAAW,CAAC2B,WAAZ,IAA2B,EAAE,GAAG3B,WAAW,CAAC2B;IAAjB,CAA/B;EAFmB,CAAd,CAAP;AAID"}

package/cjs/oidc/endpoints/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/index.ts"],"names":[],"mappings":";;;;AAaA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"file":"index.js"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/endpoints/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"mappings":";;;;AAaA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/cjs/oidc/endpoints/token.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AAAA;;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYP,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CACLZ,GADK,EAELR,OAFK,EAGLqB,YAHK,EAImB;AAAA;;AACxB,SAAO,uBAAYb,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAE,oDAAe;AACnBG,MAAAA,SAAS,EAAEtB,OAAO,CAACC,QADA;AACU;AAC7BsB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHH,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, OktaAuthHttpInterface, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(\n  sdk: OktaAuthHttpInterface,\n  options: TokenParams,\n  refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}"],"file":"token.js"}
+{"version":3,"file":"token.js","names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"sources":["../../../../lib/oidc/endpoints/token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, OktaAuthHttpInterface, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(\n  sdk: OktaAuthHttpInterface,\n  options: TokenParams,\n  refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;EAC7C;EACA,IAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;IACrB,MAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;IACxB,MAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;IAC1D,MAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;IACzB,MAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;EACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;EAAA;;EACtD;EACA,IAAIS,MAAmB,GAAG,sBAAW;IACnC,aAAaT,OAAO,CAACC,QADc;IAEnC,gBAAgBD,OAAO,CAACG,WAFW;IAGnC,cAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;IAInC,iBAAiBL,OAAO,CAACM;EAJU,CAAX,CAA1B;;EAOA,IAAIN,OAAO,CAACK,eAAZ,EAA6B;IAC3BI,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;EACD,CAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;IACpCK,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;EACD;;EAED,MAAM;IAAEO;EAAF,IAAmBH,GAAG,CAACR,OAA7B;;EACA,IAAIW,YAAJ,EAAkB;IAChBF,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;EACD,CAlBqD,CAoBtD;;;EACA,OAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;EACvGd,eAAe,CAACC,OAAD,CAAf;EACA,IAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;EAEA,MAAMe,OAAO,GAAG;IACd,gBAAgB;EADF,CAAhB;EAIA,OAAO,uBAAYP,GAAZ,EAAiB;IACtBQ,GAAG,EAAEH,IAAI,CAACI,QADY;IAEtBC,MAAM,EAAE,MAFc;IAGtBC,IAAI,EAAEL,IAHgB;IAItBC;EAJsB,CAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CACLZ,GADK,EAELR,OAFK,EAGLqB,YAHK,EAImB;EAAA;;EACxB,OAAO,uBAAYb,GAAZ,EAAiB;IACtBQ,GAAG,EAAEK,YAAY,CAACJ,QADI;IAEtBC,MAAM,EAAE,MAFc;IAGtBH,OAAO,EAAE;MACP,gBAAgB;IADT,CAHa;IAOtBI,IAAI,EAAE,oDAAe;MACnBG,SAAS,EAAEtB,OAAO,CAACC,QADA;MACU;MAC7BsB,UAAU,EAAE,eAFO;MAEU;MAC7BC,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;MAInBC,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;IAJvB,CAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;MAC9B;MACA,OAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;IACD,CARK,EAQHH,IARG,CAQE,GARF;EAPgB,CAAjB,CAAP;AAiBD"}

package/cjs/oidc/endpoints/well-known.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,MAAlD,EAA+F;AACpG,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAA4CC,MAA5C,EAA4DK,GAA5D,EAA0F;AAC/F,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;AACjDf,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;AACvBjB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAIkB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOIDCInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOIDCInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthOIDCInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"file":"well-known.js"}
+{"version":3,"file":"well-known.js","names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOIDCInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOIDCInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthOIDCInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,MAAlD,EAA+F;EACpG,IAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;EACA,OAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;IACnEE,aAAa,EAAE;EADoD,CAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAA4CC,MAA5C,EAA4DK,GAA5D,EAA0F;EAC/F,IAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;EAEA,OAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;IACxB,IAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;IACA,IAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;IACA,IAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;IACA,IAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;MAChE,IAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;QACjDf,GAAG,EAAEA;MAD4C,CAAnC,CAAhB;;MAIA,IAAIc,SAAJ,EAAe;QACb,OAAOA,SAAP;MACD;IACF,CAduB,CAgBxB;;;IACAb,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;IACA,OAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;MACvBT,aAAa,EAAE;IADQ,CAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;MAClB,IAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;QACvBjB,GAAG,EAAEA;MADkB,CAAf,CAAV;;MAIA,IAAIkB,GAAJ,EAAS;QACP,OAAOA,GAAP;MACD;;MAED,MAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;IACD,CAbM,CAAP;EAcD,CAnCM,CAAP;AAoCD"}

package/cjs/oidc/exchangeCodeForTokens.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2DC,WAA3D,EAAqFC,IAArF,EAAgI;AACrIA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADqI,CAErI;;AACAA,EAAAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJE,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFT,WATJ;AAWA,MAAIU,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;AAAA;;AAEjC;AACA;AACA;AACA,UAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;AACrD,QAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCM,MAAAA,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCV,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJK,OAzBI,CAyBI,MAAM;AACblB,IAAAA,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOIDCInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"file":"exchangeCodeForTokens.js"}
+{"version":3,"file":"exchangeCodeForTokens.js","names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOIDCInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2DC,WAA3D,EAAqFC,IAArF,EAAgI;EACrIA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADqI,CAErI;;EACAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;EAEA,MAAM;IACJE,iBADI;IAEJC,eAFI;IAGJC,YAHI;IAIJC,QAJI;IAKJC,WALI;IAMJC,MANI;IAOJC,eAPI;IAQJC;EARI,IASFT,WATJ;EAWA,IAAIU,eAAe,GAAG;IACpBL,QADoB;IAEpBC,WAFoB;IAGpBJ,iBAHoB;IAIpBC,eAJoB;IAKpBC;EALoB,CAAtB;EAQA,OAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;IAAA;;IAEjC;IACA;IACA;IACA,MAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;IACrD,IAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;MACpCM,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;IAChC;;IACD,MAAMC,qBAAkC,GAAG;MACzCV,QADyC;MAEzCC,WAFyC;MAGzCC,MAHyC;MAIzCM,YAJyC;MAKzCL;IALyC,CAA3C;IAOA,OAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;MACjC;MACAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;MACAU,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;MACA,OAAOG,QAAP;IACD,CANI,CAAP;EAOD,CAxBI,EAyBJK,OAzBI,CAyBI,MAAM;IACblB,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;EACD,CA3BI,CAAP;AA4BD"}

package/cjs/oidc/getToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA8CC,OAA9C,EAAkF;AACvF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CALuF,CAOvF;AACA;;AACA,QAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxB,2BAAcN,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;AACtB,2BAAcP,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;AACAS,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIc,QAAJ;;AACA,QAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DU,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CU,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AAAA;;AACpC,qCAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAIpB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;AACnBiB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACb,GAAD,CAAP;AACD,WAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;AACtCtC,YAAAA,WAAW,CAAC0C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOIDCInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOIDCInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}
+{"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOIDCInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOIDCInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA8CC,OAA9C,EAAkF;EACvF,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAGA,OAAO,IAAI,EAArB,CALuF,CAOvF;EACA;;EACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;EACAL,OAAO,CAACK,WAAR,GAAsBC,SAAtB;EAEA,OAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MADkB;MAE1BC,YAAY,EAAE,mBAFY;MAG1BC,OAAO,EAAE;IAHiB,CAA5B;IAMA,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IADQ,CAAnB;;IAIA,IAAIZ,OAAO,CAACc,YAAZ,EAA0B;MACxB,qBAAcN,WAAd,EAA2BC,qBAA3B;IACD,CAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;MACtB,qBAAcP,WAAd,EAA2BK,YAA3B;IACD,CAjBuC,CAmBxC;;;IACA,IAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;IACAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;IACAS,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;IACAL,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;IACA,IAAIc,QAAJ;;IACA,IAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;MAC5DU,QAAQ,GAAG,QAAX;IACD,CAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;MAC1CU,QAAQ,GAAG,OAAX;IACD,CAFM,MAEA;MACLA,QAAQ,GAAG,UAAX;IACD,CArCuC,CAuCxC;;;IACA,QAAQA,QAAR;MACE,KAAK,QAAL;QACE,IAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;QACA,IAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;QACA,OAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;UACnB,OAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;QACD,CAHI,EAIJU,OAJI,CAII,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;YAAA;;YACpC,yBAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;UACD;QACF,CARI,CAAP;;MAUF,KAAK,OAAL;QACE,IAAIQ,YAAJ,CADF,CACoB;QAElB;QACA;;QACA,IAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;UACpD,IAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;YAC/C,MAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;UACD;;UACD8B,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;QACD,CAVH,CAYE;QACA;;;QACA,IAAIpB,WAAJ,EAAiB;UACfA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;QACD,CAhBH,CAkBE;;;QACA,IAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;UACxD,IAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;cACtCC,aAAa,CAACH,WAAD,CAAb;cACAtC,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;YACD;UACF,CAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;UACA8B,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;YACnBiB,aAAa,CAACH,WAAD,CAAb;YACAD,OAAO,CAACb,GAAD,CAAP;UACD,CAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;YACpBF,aAAa,CAACH,WAAD,CAAb;YACAtC,MAAM,CAAC2C,GAAD,CAAN;UACD,CARH;QASD,CAlBkB,CAAnB;QAoBA,OAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;UACnB,OAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;QACD,CAHI,EAIJU,OAJI,CAII,YAAY;UACnB,IAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;YACtCtC,WAAW,CAAC0C,KAAZ;UACD;QACF,CARI,CAAP;;MAUF;QACE,MAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;IAhEJ;EAkED,CA3GI,CAAP;AA4GD"}

package/cjs/oidc/getUserInfo.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;AACxB;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBN,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from '../types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"file":"getUserInfo.js"}
+{"version":3,"file":"getUserInfo.js","names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"sources":["../../../lib/oidc/getUserInfo.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from '../types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;EACxB;EACA,IAAI,CAACD,iBAAL,EAAwB;IACtBA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;EACD;;EACD,IAAI,CAACH,aAAL,EAAoB;IAClBA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;EACD;;EAED,IAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;IAC3D,OAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;EACD;;EAED,IAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;IAC/C,OAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;EACD;;EAED,OAAO,uBAAYR,GAAZ,EAAiB;IACtBS,GAAG,EAAER,iBAAiB,CAACS,WADD;IAEtBC,MAAM,EAAE,KAFc;IAGtBN,WAAW,EAAEJ,iBAAiB,CAACI;EAHT,CAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;IAChB;IACA,IAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;MAC7C,OAAOD,QAAP;IACD;;IACD,OAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;EACD,CAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;IACpB,IAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;MACjE,IAAIC,kBAAJ;;MACA,IAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;QACjGF,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;MACD,CAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;QAChDH,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;MACD;;MACD,IAAIH,kBAAJ,EAAwB;QACtB,IAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;QACA,IAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;QACA,IAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;QACA,IAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;QACA,IAAIC,KAAK,IAAIC,gBAAb,EAA+B;UAC7BX,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;QACD;MACF;IACF;;IACD,MAAMX,GAAN;EACD,CA/BI,CAAP;AAgCD"}

package/cjs/oidc/getWithPopup.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,OAAlD,EAAgG;AACrG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHoG,CAKrG;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBM,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBF,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
+{"version":3,"file":"getWithPopup.js","names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"sources":["../../../lib/oidc/getWithPopup.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,OAAlD,EAAgG;EACrG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;EACD,CAHoG,CAKrG;EACA;EACA;;;EACA,MAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;EACAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;EACA,qBAAcA,OAAd,EAAuB;IACrBM,OAAO,EAAE,OADY;IAErBC,YAAY,EAAE,mBAFO;IAGrBF;EAHqB,CAAvB;EAKA,OAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD"}

package/cjs/oidc/getWithRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA2DC,OAA3D,EAAiG;AACtG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAN,EAAAA,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAb,EAAAA,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOIDCInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}
+{"version":3,"file":"getWithRedirect.js","names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"sources":["../../../lib/oidc/getWithRedirect.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOIDCInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA2DC,OAA3D,EAAiG;EACtG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;EAEA,MAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;EACA,MAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;EACA,MAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;EACAN,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;IAAEM,KAAK,EAAE;EAAT,CAAlC;;EACAb,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD"}

package/cjs/oidc/getWithoutPrompt.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAsDC,OAAtD,EAAoG;AACzG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBK,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}
+{"version":3,"file":"getWithoutPrompt.js","names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAsDC,OAAtD,EAAoG;EACzG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;EACA,qBAAcA,OAAd,EAAuB;IACrBK,MAAM,EAAE,MADa;IAErBC,YAAY,EAAE,mBAFO;IAGrBC,OAAO,EAAE;EAHY,CAAvB;EAKA,OAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD"}

package/cjs/oidc/handleOAuthResponse.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","tokens"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;AACnC,UAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;AACxB,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;AACA;;AACA,MAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;AAC9C,WAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgC,qBAAc,EAAd,EAAkBP,WAAlB,EAA+B;AACpEQ,MAAAA,iBAAiB,EAAEf,GAAG,CAACW,IAD6C;AAEpEK,MAAAA,eAAe,EAAEhB,GAAG,CAACY;AAF+C,KAA/B,CAAhC,EAGHJ,IAHG,CAAP;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;AAEA,MAAIU,YAAY,GAAGV,WAAW,CAACU,YAAZ,IAA4B,EAA/C;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIpB,GAAG,CAACqB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGpB,GAAG,CAACqB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG,iBAAMb,WAAW,CAACa,MAAlB,CAAT;AACD;;AACD,MAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1BwB,CA4BxB;;AACAxB,EAAAA,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;AAEA,MAAIiB,SAAS,GAAG,EAAhB;AACA,MAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;AACA,MAAIC,SAAS,GAAG3B,GAAG,CAAC4B,UAApB;AACA,MAAIC,WAAW,GAAG7B,GAAG,CAAC8B,YAAtB;AACA,MAAIC,OAAO,GAAG/B,GAAG,CAACgC,QAAlB;AACA,MAAIC,YAAY,GAAGjC,GAAG,CAACkC,aAAvB;AACA,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIN,WAAJ,EAAiB;AACf,QAAIU,SAAS,GAAGjC,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBX,WAAjB,CAAhB;AACAL,IAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,MAAAA,WAAW,EAAEA,WADS;AAEtBY,MAAAA,MAAM,EAAEF,SAAS,CAACG,OAFI;AAGtBC,MAAAA,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,MAAAA,SAAS,EAAEA,SAJW;AAKtBP,MAAAA,MAAM,EAAEA,MALc;AAMtByB,MAAAA,YAAY,EAAErC,IAAI,CAACqC,YANG;AAOtBC,MAAAA,WAAW,EAAEtC,IAAI,CAACsC;AAPI,KAAxB;AASD;;AAED,MAAIb,YAAJ,EAAkB;AAChBT,IAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,MAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAU,MAAAA,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;AAKvBf,MAAAA,MAAM,EAAEA,MALe;AAMvB2B,MAAAA,QAAQ,EAAEvC,IAAI,CAACuC,QANQ;AAOvBF,MAAAA,YAAY,EAAErC,IAAI,CAACqC,YAPI;AAQvBG,MAAAA,MAAM,EAAExC,IAAI,CAACwC;AARU,KAAzB;AAUD;;AAED,MAAIjB,OAAJ,EAAa;AACX,QAAIkB,KAAK,GAAG3C,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBT,OAAjB,CAAZ;AACA,QAAImB,UAAmB,GAAG;AACxBnB,MAAAA,OAAO,EAAEA,OADe;AAExBU,MAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,MAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;AAGkC;AAC1Df,MAAAA,MAAM,EAAEA,MAJgB;AAKxByB,MAAAA,YAAY,EAAErC,IAAI,CAACqC,YALK;AAMxBG,MAAAA,MAAM,EAAExC,IAAI,CAACwC,MANW;AAOxBzB,MAAAA,QAAQ,EAAEA;AAPc,KAA1B;AAUA,QAAI8B,gBAAmC,GAAG;AACxC9B,MAAAA,QAAQ,EAAEA,QAD8B;AAExCyB,MAAAA,MAAM,EAAExC,IAAI,CAACwC,MAF2B;AAGxCM,MAAAA,KAAK,EAAE/C,WAAW,CAAC+C,KAHqB;AAIxCzB,MAAAA,WAAW,EAAEA;AAJ2B,KAA1C;;AAOA,QAAItB,WAAW,CAACgD,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,MAAAA,gBAAgB,CAACE,eAAjB,GAAmChD,WAAW,CAACgD,eAA/C;AACD;;AAED,UAAM,8BAAYjD,GAAZ,EAAiB4C,UAAjB,EAA6BG,gBAA7B,CAAN;AACA7B,IAAAA,SAAS,CAACO,OAAV,GAAoBmB,UAApB;AACD,GA1FuB,CA4FxB;;;AACA,MAAI,sBAAAjC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACO,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,UAAM,IAAIzB,oBAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,MAAI,sBAAAa,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACO,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,UAAM,IAAI3B,oBAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,SAAO;AACLqD,IAAAA,MAAM,EAAEjC,SADH;AAELrB,IAAAA,KAAK,EAAEH,GAAG,CAACG,KAFN;AAGLQ,IAAAA,IAAI,EAAEX,GAAG,CAACW;AAHL,GAAP;AAMD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthOIDCInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from '../types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  var tokenDict = {} as Tokens;\n  var expiresIn = res.expires_in;\n  var tokenType = res.token_type;\n  var accessToken = res.access_token;\n  var idToken = res.id_token;\n  var refreshToken = res.refresh_token;\n  var now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    var accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    var idJwt = sdk.token.decode(idToken);\n    var idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    var validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code\n  };\n  \n}"],"file":"handleOAuthResponse.js"}
+{"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthOIDCInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from '../types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  var tokenDict = {} as Tokens;\n  var expiresIn = res.expires_in;\n  var tokenType = res.token_type;\n  var accessToken = res.access_token;\n  var idToken = res.id_token;\n  var refreshToken = res.refresh_token;\n  var now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    var accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    var idJwt = sdk.token.decode(idToken);\n    var idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    var validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code\n  };\n  \n}"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;EACtE,IAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;IAC5C,MAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;EACD;;EAED,IAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;IACnC,MAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;EACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;EACxB,IAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;EACA;;EACA,IAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;IAC9C,OAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgC,qBAAc,EAAd,EAAkBP,WAAlB,EAA+B;MACpEQ,iBAAiB,EAAEf,GAAG,CAACW,IAD6C;MAEpEK,eAAe,EAAEhB,GAAG,CAACY;IAF+C,CAA/B,CAAhC,EAGHJ,IAHG,CAAP;EAID;;EAEDD,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;EACAE,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;EAEA,IAAIU,YAAY,GAAGV,WAAW,CAACU,YAAZ,IAA4B,EAA/C;;EACA,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;IAChCA,YAAY,GAAG,CAACA,YAAD,CAAf;EACD;;EAED,IAAIG,MAAJ;;EACA,IAAIpB,GAAG,CAACqB,KAAR,EAAe;IACbD,MAAM,GAAGpB,GAAG,CAACqB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;EACD,CAFD,MAEO;IACLF,MAAM,GAAG,iBAAMb,WAAW,CAACa,MAAlB,CAAT;EACD;;EACD,IAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1BwB,CA4BxB;;EACAxB,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;EAEA,IAAIiB,SAAS,GAAG,EAAhB;EACA,IAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;EACA,IAAIC,SAAS,GAAG3B,GAAG,CAAC4B,UAApB;EACA,IAAIC,WAAW,GAAG7B,GAAG,CAAC8B,YAAtB;EACA,IAAIC,OAAO,GAAG/B,GAAG,CAACgC,QAAlB;EACA,IAAIC,YAAY,GAAGjC,GAAG,CAACkC,aAAvB;EACA,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIN,WAAJ,EAAiB;IACf,IAAIU,SAAS,GAAGjC,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBX,WAAjB,CAAhB;IACAL,SAAS,CAACK,WAAV,GAAwB;MACtBA,WAAW,EAAEA,WADS;MAEtBY,MAAM,EAAEF,SAAS,CAACG,OAFI;MAGtBC,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;MAItBR,SAAS,EAAEA,SAJW;MAKtBP,MAAM,EAAEA,MALc;MAMtByB,YAAY,EAAErC,IAAI,CAACqC,YANG;MAOtBC,WAAW,EAAEtC,IAAI,CAACsC;IAPI,CAAxB;EASD;;EAED,IAAIb,YAAJ,EAAkB;IAChBT,SAAS,CAACS,YAAV,GAAyB;MACvBA,YAAY,EAAEA,YADS;MAEvB;MACA;MACAU,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;MAKvBf,MAAM,EAAEA,MALe;MAMvB2B,QAAQ,EAAEvC,IAAI,CAACuC,QANQ;MAOvBF,YAAY,EAAErC,IAAI,CAACqC,YAPI;MAQvBG,MAAM,EAAExC,IAAI,CAACwC;IARU,CAAzB;EAUD;;EAED,IAAIjB,OAAJ,EAAa;IACX,IAAIkB,KAAK,GAAG3C,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBT,OAAjB,CAAZ;IACA,IAAImB,UAAmB,GAAG;MACxBnB,OAAO,EAAEA,OADe;MAExBU,MAAM,EAAEQ,KAAK,CAACP,OAFU;MAGxBC,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;MAGkC;MAC1Df,MAAM,EAAEA,MAJgB;MAKxByB,YAAY,EAAErC,IAAI,CAACqC,YALK;MAMxBG,MAAM,EAAExC,IAAI,CAACwC,MANW;MAOxBzB,QAAQ,EAAEA;IAPc,CAA1B;IAUA,IAAI8B,gBAAmC,GAAG;MACxC9B,QAAQ,EAAEA,QAD8B;MAExCyB,MAAM,EAAExC,IAAI,CAACwC,MAF2B;MAGxCM,KAAK,EAAE/C,WAAW,CAAC+C,KAHqB;MAIxCzB,WAAW,EAAEA;IAJ2B,CAA1C;;IAOA,IAAItB,WAAW,CAACgD,eAAZ,KAAgCC,SAApC,EAA+C;MAC7CH,gBAAgB,CAACE,eAAjB,GAAmChD,WAAW,CAACgD,eAA/C;IACD;;IAED,MAAM,8BAAYjD,GAAZ,EAAiB4C,UAAjB,EAA6BG,gBAA7B,CAAN;IACA7B,SAAS,CAACO,OAAV,GAAoBmB,UAApB;EACD,CA1FuB,CA4FxB;;;EACA,IAAI,sBAAAjC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACO,SAAS,CAACK,WAAvD,EAAoE;IAClE;IACA,MAAM,IAAIzB,oBAAJ,CAAiB,+GAAjB,CAAN;EACD;;EACD,IAAI,sBAAAa,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACO,SAAS,CAACO,OAA1D,EAAmE;IACjE;IACA,MAAM,IAAI3B,oBAAJ,CAAiB,8GAAjB,CAAN;EACD;;EAED,OAAO;IACLqD,MAAM,EAAEjC,SADH;IAELrB,KAAK,EAAEH,GAAG,CAACG,KAFN;IAGLQ,IAAI,EAAEX,GAAG,CAACW;EAHL,CAAP;AAMD"}

package/cjs/oidc/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './endpoints';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\n"],"file":"index.js"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../lib/oidc/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './endpoints';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA"}

package/cjs/oidc/parseFromUrl.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","catch","err","clear","then"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAO,6BAAkBF,QAAlB,CAAP;AACD;;AAEM,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,QAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;AACtGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,IAAAA,KAAK,EAAE,IADwD;AAE/Db,IAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DS,IAAAA;AAH+D,GAA5B,CAArC;;AAKA,MAAI,CAACC,WAAL,EAAkB;AAChB,WAAO,iBAAQI,MAAR,CAAe,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMS,IAAgB,GAAGL,WAAW,CAACK,IAArC;AACA,SAAOL,WAAW,CAACK,IAAnB;;AAEA,MAAI,CAAChB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAI,IAAAA,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,SAAO,8CAAoBjB,GAApB,EAAyB4B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;AACZ,QAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;AACpCnC,MAAAA,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;AAC3BT,QAAAA;AAD2B,OAA7B;AAGD;;AACD,UAAMQ,GAAN;AACD,GARI,EASJE,IATI,CASCX,GAAG,IAAI;AACX1B,IAAAA,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;AAC3BT,MAAAA;AAD2B,KAA7B;AAGA,WAAOD,GAAP;AACD,GAdI,CAAP;AAgBD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"file":"parseFromUrl.js"}
+{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","catch","err","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,qBAASA,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEI,GAAG,EAAEJ;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;EACA,IAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIc,QAAJ;;EAEA,IAAIH,YAAY,KAAK,OAArB,EAA8B;IAC5BG,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLU,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACS,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,6BAAkBF,QAAlB,CAAP;AACD;;AAEM,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,qBAASA,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEI,GAAG,EAAEJ;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DC,KAAK,EAAE,IADwD;IAE/Db,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;IAG/DS;EAH+D,CAA5B,CAArC;;EAKA,IAAI,CAACC,WAAL,EAAkB;IAChB,OAAO,iBAAQI,MAAR,CAAe,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;EACD;;EACD,MAAMS,IAAgB,GAAGL,WAAW,CAACK,IAArC;EACA,OAAOL,WAAW,CAACK,IAAnB;;EAEA,IAAI,CAAChB,OAAO,CAACI,GAAb,EAAkB;IAChB;IACAI,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,8CAAoBjB,GAApB,EAAyB4B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;MACpCnC,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;QAC3BT;MAD2B,CAA7B;IAGD;;IACD,MAAMQ,GAAN;EACD,CARI,EASJE,IATI,CASCX,GAAG,IAAI;IACX1B,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;MAC3BT;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}

package/cjs/oidc/renewToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;AACrG,MAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;AAC9CT,IAAAA,sBAAsB;AACvB;;AAED,MAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;AACA,MAAIP,MAAM,CAACQ,YAAX,EAAyB;AACvBR,IAAAA,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;AACzCK,MAAAA,MAAM,EAAEJ,KAAK,CAACI;AAD2B,KAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;AAGA,WAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;AACD;;AAED,MAAIU,YAAJ;;AACA,MAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;AACpBF,IAAAA,YAAY,GAAG,MAAf;AACD,GAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;AAC/BK,IAAAA,YAAY,GAAG,OAAf;AACD,GAFM,MAEA;AACLA,IAAAA,YAAY,GAAG,UAAf;AACD;;AAED,QAAM;AAAED,IAAAA,MAAF;AAAUI,IAAAA,YAAV;AAAwBC,IAAAA,WAAxB;AAAqCC,IAAAA;AAArC,MAAgDV,KAAtD;AACA,SAAO,wCAAiBD,GAAjB,EAAsB;AAC3BM,IAAAA,YAD2B;AAE3BD,IAAAA,MAF2B;AAG3BI,IAAAA,YAH2B;AAI3BC,IAAAA,WAJ2B;AAK3BC,IAAAA;AAL2B,GAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;AACnB,WAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;AACD,GATI,CAAP;AAUD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"file":"renewToken.js"}
+{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,sBAAUD,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACC,OAAd;EACD;;EACD,IAAI,0BAAcF,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACE,WAAd;EACD;;EACDN,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;EACrG,IAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;IAC9CT,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIP,MAAM,CAACQ,YAAX,EAAyB;IACvBR,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;MACzCK,MAAM,EAAEJ,KAAK,CAACI;IAD2B,CAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;IAGA,OAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;EACD;;EAED,IAAIU,YAAJ;;EACA,IAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;IAC/BK,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDV,KAAtD;EACA,OAAO,wCAAiBD,GAAjB,EAAsB;IAC3BM,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}

package/cjs/oidc/renewTokens.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","then","res"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;AAC7E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,MAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,WAAO,oDAAuBL,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;AACD;;AAED,MAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,UAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;AACA,MAAI,CAACA,YAAL,EAAmB;AACjB,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;AACA,QAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB6E,CAuB7E;;AACAX,EAAAA,OAAO,GAAG,qBAAc;AACtBQ,IAAAA,MADsB;AAEtBC,IAAAA,YAFsB;AAGtBC,IAAAA,WAHsB;AAItBC,IAAAA;AAJsB,GAAd,EAKPX,OALO,CAAV;;AAOA,MAAID,GAAG,CAACC,OAAJ,CAAYY,IAAhB,EAAsB;AACpBZ,IAAAA,OAAO,CAACa,YAAR,GAAuB,MAAvB;AACD,GAFD,MAEO;AACL,UAAM;AAAEA,MAAAA;AAAF,QAAmB,iCAAsBd,GAAtB,CAAzB;AACAC,IAAAA,OAAO,CAACa,YAAR,GAAuBA,YAAvB;AACD;;AAED,SAAO,wCAAiBd,GAAjB,EAAsBC,OAAtB,EACJc,IADI,CACCC,GAAG,IAAIA,GAAG,CAACd,MADZ,CAAP;AAGD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"file":"renewTokens.js"}
+{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,oDAAuBL,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB6E,CAuB7E;;EACAX,OAAO,GAAG,qBAAc;IACtBQ,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPX,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYY,IAAhB,EAAsB;IACpBZ,OAAO,CAACa,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,iCAAsBd,GAAtB,CAAzB;IACAC,OAAO,CAACa,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,wCAAiBd,GAAjB,EAAsBC,OAAtB,EACJc,IADI,CACCC,GAAG,IAAIA,GAAG,CAACd,MADZ,CAAP;AAGD"}

package/cjs/oidc/renewTokensWithRefresh.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken","err","removeRefreshToken"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;AACjB,QAAM;AAAEC,IAAAA;AAAF,MAAeH,GAAG,CAACI,OAAzB;;AACA,MAAI,CAACD,QAAL,EAAe;AACb,UAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;AACD;;AAED,MAAI;AACF,UAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;AACnEE,MAAAA;AADmE,KAA/B,CAAtC;AAGA,UAAMI,aAAa,GAAG,MAAM,6BAAiBP,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;AACA,UAAMM,IAAI,GAAG,yBAAaR,GAAb,EAAkBC,WAAlB,CAAb;AACA,UAAM;AAAEQ,MAAAA;AAAF,QAAa,MAAM,8CAAoBT,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DC,IAA1D,CAAzB,CANE,CAQF;;AACA,UAAM;AAAEE,MAAAA;AAAF,QAAmBD,MAAzB;;AACA,QAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCR,kBAAjC,CAArB,EAA2E;AACzEF,MAAAA,GAAG,CAACW,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;AACD;;AAED,WAAOD,MAAP;AACD,GAfD,CAgBA,OAAOI,GAAP,EAAY;AACV,QAAI,yCAA2BA,GAA3B,CAAJ,EAAqC;AACnC;AACAb,MAAAA,GAAG,CAACW,YAAJ,CAAiBG,kBAAjB;AACD;;AACD,UAAMD,GAAN;AACD;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"file":"renewTokensWithRefresh.js"}
+{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken","err","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMI,aAAa,GAAG,MAAM,6BAAiBP,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMM,IAAI,GAAG,yBAAaR,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEQ;IAAF,IAAa,MAAM,8CAAoBT,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DC,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEE;IAAF,IAAmBD,MAAzB;;IACA,IAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCR,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACW,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;IACD;;IAED,OAAOD,MAAP;EACD,CAfD,CAgBA,OAAOI,GAAP,EAAY;IACV,IAAI,yCAA2BA,GAA3B,CAAJ,EAAqC;MACnC;MACAb,GAAG,CAACW,YAAJ,CAAiBG,kBAAjB;IACD;;IACD,MAAMD,GAAN;EACD;AACF"}

package/cjs/oidc/revokeToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;AAAA;;AACjG,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,GAdgG,CAejG;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,wDAAc;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,kBAIF,CAJE,CAAX;AAKA,MAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;AAChCG,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOIDCInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"file":"revokeToken.js"}
+{"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOIDCInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;EAAA;;EACjG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdgG,CAejG;;;EACA,IAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;EACA,IAAIC,IAAI,GAAG,wDAAc;IACvB;IACAC,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,kBAIF,CAJE,CAAX;EAKA,IAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;EACA,OAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;IAChCG,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWD;IAFrB;EADuB,CAA3B,CAAP;AAMD"}