@okta/okta-auth-js 6.6.1 → 6.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +28 -1
- package/README.md +20 -5
- package/cjs/AuthStateManager.js +6 -6
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +17 -7
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/OktaUserAgent.js.map +1 -1
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/SavedObject.js +6 -0
- package/cjs/SavedObject.js.map +1 -1
- package/cjs/ServiceManager.js +44 -68
- package/cjs/ServiceManager.js.map +1 -1
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +63 -65
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +13 -3
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/cdnEntry.js +52 -0
- package/cjs/cdnEntry.js.map +1 -0
- package/cjs/clock.js.map +1 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/crypto/base64.js.map +1 -1
- package/cjs/crypto/browser.js.map +1 -1
- package/cjs/crypto/index.js.map +1 -1
- package/cjs/crypto/node.js.map +1 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/crypto/verifyToken.js.map +1 -1
- package/cjs/crypto/webauthn.js.map +1 -1
- package/cjs/crypto/webcrypto.js.map +1 -1
- package/cjs/errors/AuthApiError.js +5 -1
- package/cjs/errors/AuthApiError.js.map +1 -1
- package/cjs/errors/AuthPollStopError.js.map +1 -1
- package/cjs/errors/AuthSdkError.js.map +1 -1
- package/cjs/errors/CustomError.js.map +1 -1
- package/cjs/errors/OAuthError.js.map +1 -1
- package/cjs/errors/index.js.map +1 -1
- package/cjs/features.js.map +1 -1
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/headers.js.map +1 -1
- package/cjs/http/index.js.map +1 -1
- package/cjs/http/request.js +14 -1
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js.map +1 -1
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/index.js.map +1 -1
- package/cjs/idx/authenticator/util.js.map +1 -1
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js.map +1 -1
- package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -1
- package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
- package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
- package/cjs/idx/flow/RemediationFlow.js.map +1 -1
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/idxState/index.js.map +1 -1
- package/cjs/idx/idxState/v1/actionParser.js.map +1 -1
- package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
- package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
- package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
- package/cjs/idx/idxState/v1/parsers.js.map +1 -1
- package/cjs/idx/idxState/v1/remediationParser.js.map +1 -1
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js.map +1 -1
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +7 -11
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
- package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js +25 -12
- package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js.map +1 -1
- package/cjs/idx/remediators/GenericRemediator/index.js.map +1 -1
- package/cjs/idx/remediators/GenericRemediator/util.js +20 -6
- package/cjs/idx/remediators/GenericRemediator/util.js.map +1 -1
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/RedirectIdp.js.map +1 -1
- package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +1 -1
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/FlowIdentifier.js.map +1 -1
- package/cjs/idx/types/api.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/types/options.js.map +1 -1
- package/cjs/idx/unlockAccount.js.map +1 -1
- package/cjs/idx/util.js +55 -26
- package/cjs/idx/util.js.map +1 -1
- package/cjs/index.js.map +1 -1
- package/cjs/myaccount/api.js +43 -0
- package/cjs/myaccount/api.js.map +1 -0
- package/cjs/myaccount/emailApi.js +144 -0
- package/cjs/myaccount/emailApi.js.map +1 -0
- package/cjs/myaccount/index.js +30 -0
- package/cjs/myaccount/index.js.map +1 -0
- package/cjs/myaccount/phoneApi.js +123 -0
- package/cjs/myaccount/phoneApi.js.map +1 -0
- package/cjs/myaccount/profileApi.js +58 -0
- package/cjs/myaccount/profileApi.js.map +1 -0
- package/cjs/myaccount/request.js +168 -0
- package/cjs/myaccount/request.js.map +1 -0
- package/cjs/myaccount/transactions/Base.js +38 -0
- package/cjs/myaccount/transactions/Base.js.map +1 -0
- package/cjs/myaccount/transactions/EmailChallengeTransaction.js +58 -0
- package/cjs/myaccount/transactions/EmailChallengeTransaction.js.map +1 -0
- package/cjs/myaccount/transactions/EmailStatusTransaction.js +32 -0
- package/cjs/myaccount/transactions/EmailStatusTransaction.js.map +1 -0
- package/cjs/myaccount/transactions/EmailTransaction.js +94 -0
- package/cjs/myaccount/transactions/EmailTransaction.js.map +1 -0
- package/cjs/myaccount/transactions/PhoneTransaction.js +78 -0
- package/cjs/myaccount/transactions/PhoneTransaction.js.map +1 -0
- package/cjs/myaccount/transactions/ProfileSchemaTransaction.js +19 -0
- package/cjs/myaccount/transactions/ProfileSchemaTransaction.js.map +1 -0
- package/cjs/myaccount/transactions/ProfileTransaction.js +26 -0
- package/cjs/myaccount/transactions/ProfileTransaction.js.map +1 -0
- package/cjs/myaccount/transactions/index.js +61 -0
- package/cjs/myaccount/transactions/index.js.map +1 -0
- package/cjs/myaccount/types.js +64 -0
- package/cjs/myaccount/types.js.map +1 -0
- package/cjs/oidc/decodeToken.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/index.js.map +1 -1
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/endpoints/well-known.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getUserInfo.js.map +1 -1
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/getWithoutPrompt.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/index.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
- package/cjs/oidc/util/errors.js.map +1 -1
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js.map +1 -1
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/refreshToken.js.map +1 -1
- package/cjs/oidc/util/urlParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/util/validateToken.js.map +1 -1
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options/browser.js.map +1 -1
- package/cjs/options/index.js +3 -1
- package/cjs/options/index.js.map +1 -1
- package/cjs/options/node.js.map +1 -1
- package/cjs/server/serverStorage.js +2 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/AutoRenewService.js +7 -7
- package/cjs/services/AutoRenewService.js.map +1 -1
- package/cjs/services/LeaderElectionService.js +103 -0
- package/cjs/services/LeaderElectionService.js.map +1 -0
- package/cjs/services/SyncStorageService.js +121 -39
- package/cjs/services/SyncStorageService.js.map +1 -1
- package/cjs/services/index.js +13 -0
- package/cjs/services/index.js.map +1 -1
- package/cjs/session.js.map +1 -1
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/TransactionState.js.map +1 -1
- package/cjs/tx/api.js.map +1 -1
- package/cjs/tx/index.js.map +1 -1
- package/cjs/tx/poll.js.map +1 -1
- package/cjs/tx/util.js.map +1 -1
- package/cjs/types/AuthState.js.map +1 -1
- package/cjs/types/Cookies.js.map +1 -1
- package/cjs/types/EventEmitter.js.map +1 -1
- package/cjs/types/JWT.js.map +1 -1
- package/cjs/types/OAuth.js.map +1 -1
- package/cjs/types/OktaAuthOptions.js.map +1 -1
- package/cjs/types/Service.js.map +1 -1
- package/cjs/types/Storage.js.map +1 -1
- package/cjs/types/Token.js.map +1 -1
- package/cjs/types/TokenManager.js +16 -0
- package/cjs/types/TokenManager.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/types/UserClaims.js.map +1 -1
- package/cjs/types/api.js.map +1 -1
- package/cjs/types/http.js.map +1 -1
- package/cjs/types/index.js +13 -0
- package/cjs/types/index.js.map +1 -1
- package/cjs/util/console.js +2 -1
- package/cjs/util/console.js.map +1 -1
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/misc.js +8 -0
- package/cjs/util/misc.js.map +1 -1
- package/cjs/util/object.js.map +1 -1
- package/cjs/util/sharedStorage.js.map +1 -1
- package/cjs/util/types.js.map +1 -1
- package/cjs/util/url.js.map +1 -1
- package/dist/myaccount.umd.js +3 -0
- package/dist/myaccount.umd.js.LICENSE.txt +12 -0
- package/dist/myaccount.umd.js.map +1 -0
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +1 -1
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/browser/AuthStateManager.js +161 -0
- package/esm/browser/AuthStateManager.js.map +1 -0
- package/esm/browser/OktaAuth.js +560 -0
- package/esm/browser/OktaAuth.js.map +1 -0
- package/esm/browser/OktaUserAgent.js +39 -0
- package/esm/browser/OktaUserAgent.js.map +1 -0
- package/esm/browser/PromiseQueue.js +65 -0
- package/esm/browser/PromiseQueue.js.map +1 -0
- package/esm/browser/SavedObject.js +81 -0
- package/esm/browser/SavedObject.js.map +1 -0
- package/esm/browser/ServiceManager.js +115 -0
- package/esm/browser/ServiceManager.js.map +1 -0
- package/esm/browser/StorageManager.js +148 -0
- package/esm/browser/StorageManager.js.map +1 -0
- package/esm/browser/TokenManager.js +386 -0
- package/esm/browser/TokenManager.js.map +1 -0
- package/esm/browser/TransactionManager.js +244 -0
- package/esm/browser/TransactionManager.js.map +1 -0
- package/esm/browser/_virtual/_tslib.js +41 -0
- package/esm/browser/_virtual/_tslib.js.map +1 -0
- package/esm/browser/browser/browserStorage.js +216 -0
- package/esm/browser/browser/browserStorage.js.map +1 -0
- package/esm/browser/browser/fingerprint.js +69 -0
- package/esm/browser/browser/fingerprint.js.map +1 -0
- package/esm/browser/builderUtil.js +39 -0
- package/esm/browser/builderUtil.js.map +1 -0
- package/esm/browser/clock.js +28 -0
- package/esm/browser/clock.js.map +1 -0
- package/esm/browser/constants.js +37 -0
- package/esm/browser/constants.js.map +1 -0
- package/esm/browser/crypto/base64.js +66 -0
- package/esm/browser/crypto/base64.js.map +1 -0
- package/esm/browser/crypto/browser.js +18 -0
- package/esm/browser/crypto/browser.js.map +1 -0
- package/esm/browser/crypto/index.js +17 -0
- package/esm/browser/crypto/index.js.map +1 -0
- package/esm/browser/crypto/oidcHash.js +28 -0
- package/esm/browser/crypto/oidcHash.js.map +1 -0
- package/esm/browser/crypto/verifyToken.js +38 -0
- package/esm/browser/crypto/verifyToken.js.map +1 -0
- package/esm/browser/crypto/webauthn.js +79 -0
- package/esm/browser/crypto/webauthn.js.map +1 -0
- package/esm/browser/errors/AuthApiError.js +35 -0
- package/esm/browser/errors/AuthApiError.js.map +1 -0
- package/esm/browser/errors/AuthPollStopError.js +23 -0
- package/esm/browser/errors/AuthPollStopError.js.map +1 -0
- package/esm/browser/errors/AuthSdkError.js +31 -0
- package/esm/browser/errors/AuthSdkError.js.map +1 -0
- package/esm/browser/errors/CustomError.js +21 -0
- package/esm/browser/errors/CustomError.js.map +1 -0
- package/esm/browser/errors/OAuthError.js +27 -0
- package/esm/browser/errors/OAuthError.js.map +1 -0
- package/esm/browser/errors/index.js +26 -0
- package/esm/browser/errors/index.js.map +1 -0
- package/esm/browser/features.js +67 -0
- package/esm/browser/features.js.map +1 -0
- package/esm/browser/fetch/fetchRequest.js +90 -0
- package/esm/browser/fetch/fetchRequest.js.map +1 -0
- package/esm/browser/http/headers.js +19 -0
- package/esm/browser/http/headers.js.map +1 -0
- package/esm/browser/http/request.js +133 -0
- package/esm/browser/http/request.js.map +1 -0
- package/esm/browser/idx/authenticate.js +25 -0
- package/esm/browser/idx/authenticate.js.map +1 -0
- package/esm/browser/idx/authenticator/Authenticator.js +20 -0
- package/esm/browser/idx/authenticator/Authenticator.js.map +1 -0
- package/esm/browser/idx/authenticator/OktaPassword.js +33 -0
- package/esm/browser/idx/authenticator/OktaPassword.js.map +1 -0
- package/esm/browser/idx/authenticator/OktaVerifyTotp.js +26 -0
- package/esm/browser/idx/authenticator/OktaVerifyTotp.js.map +1 -0
- package/esm/browser/idx/authenticator/SecurityQuestionEnrollment.js +45 -0
- package/esm/browser/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -0
- package/esm/browser/idx/authenticator/SecurityQuestionVerification.js +42 -0
- package/esm/browser/idx/authenticator/SecurityQuestionVerification.js.map +1 -0
- package/esm/browser/idx/authenticator/VerificationCodeAuthenticator.js +33 -0
- package/esm/browser/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -0
- package/esm/browser/idx/authenticator/WebauthnEnrollment.js +41 -0
- package/esm/browser/idx/authenticator/WebauthnEnrollment.js.map +1 -0
- package/esm/browser/idx/authenticator/WebauthnVerification.js +43 -0
- package/esm/browser/idx/authenticator/WebauthnVerification.js.map +1 -0
- package/esm/browser/idx/authenticator/getAuthenticator.js +51 -0
- package/esm/browser/idx/authenticator/getAuthenticator.js.map +1 -0
- package/esm/browser/idx/authenticator/util.js +55 -0
- package/esm/browser/idx/authenticator/util.js.map +1 -0
- package/esm/browser/idx/cancel.js +42 -0
- package/esm/browser/idx/cancel.js.map +1 -0
- package/esm/browser/idx/emailVerify.js +46 -0
- package/esm/browser/idx/emailVerify.js.map +1 -0
- package/esm/browser/idx/flow/AccountUnlockFlow.js +43 -0
- package/esm/browser/idx/flow/AccountUnlockFlow.js.map +1 -0
- package/esm/browser/idx/flow/AuthenticationFlow.js +49 -0
- package/esm/browser/idx/flow/AuthenticationFlow.js.map +1 -0
- package/esm/browser/idx/flow/FlowSpecification.js +56 -0
- package/esm/browser/idx/flow/FlowSpecification.js.map +1 -0
- package/esm/browser/idx/flow/PasswordRecoveryFlow.js +47 -0
- package/esm/browser/idx/flow/PasswordRecoveryFlow.js.map +1 -0
- package/esm/browser/idx/flow/RegistrationFlow.js +46 -0
- package/esm/browser/idx/flow/RegistrationFlow.js.map +1 -0
- package/esm/browser/idx/handleInteractionCodeRedirect.js +41 -0
- package/esm/browser/idx/handleInteractionCodeRedirect.js.map +1 -0
- package/esm/browser/idx/idxState/index.js +46 -0
- package/esm/browser/idx/idxState/index.js.map +1 -0
- package/esm/browser/idx/idxState/v1/actionParser.js +53 -0
- package/esm/browser/idx/idxState/v1/actionParser.js.map +1 -0
- package/esm/browser/idx/idxState/v1/generateIdxAction.js +65 -0
- package/esm/browser/idx/idxState/v1/generateIdxAction.js.map +1 -0
- package/esm/browser/idx/idxState/v1/idxResponseParser.js +95 -0
- package/esm/browser/idx/idxState/v1/idxResponseParser.js.map +1 -0
- package/esm/browser/idx/idxState/v1/makeIdxState.js +46 -0
- package/esm/browser/idx/idxState/v1/makeIdxState.js.map +1 -0
- package/esm/browser/idx/idxState/v1/parsers.js +20 -0
- package/esm/browser/idx/idxState/v1/parsers.js.map +1 -0
- package/esm/browser/idx/idxState/v1/remediationParser.js +25 -0
- package/esm/browser/idx/idxState/v1/remediationParser.js.map +1 -0
- package/esm/browser/idx/interact.js +62 -0
- package/esm/browser/idx/interact.js.map +1 -0
- package/esm/browser/idx/introspect.js +68 -0
- package/esm/browser/idx/introspect.js.map +1 -0
- package/esm/browser/idx/poll.js +52 -0
- package/esm/browser/idx/poll.js.map +1 -0
- package/esm/browser/idx/proceed.js +34 -0
- package/esm/browser/idx/proceed.js.map +1 -0
- package/esm/browser/idx/recoverPassword.js +41 -0
- package/esm/browser/idx/recoverPassword.js.map +1 -0
- package/esm/browser/idx/register.js +36 -0
- package/esm/browser/idx/register.js.map +1 -0
- package/esm/browser/idx/remediate.js +134 -0
- package/esm/browser/idx/remediate.js.map +1 -0
- package/esm/browser/idx/remediators/AuthenticatorEnrollmentData.js +48 -0
- package/esm/browser/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -0
- package/esm/browser/idx/remediators/AuthenticatorVerificationData.js +71 -0
- package/esm/browser/idx/remediators/AuthenticatorVerificationData.js.map +1 -0
- package/esm/browser/idx/remediators/Base/AuthenticatorData.js +82 -0
- package/esm/browser/idx/remediators/Base/AuthenticatorData.js.map +1 -0
- package/esm/browser/idx/remediators/Base/Remediator.js +177 -0
- package/esm/browser/idx/remediators/Base/Remediator.js.map +1 -0
- package/esm/browser/idx/remediators/Base/SelectAuthenticator.js +90 -0
- package/esm/browser/idx/remediators/Base/SelectAuthenticator.js.map +1 -0
- package/esm/browser/idx/remediators/Base/VerifyAuthenticator.js +44 -0
- package/esm/browser/idx/remediators/Base/VerifyAuthenticator.js.map +1 -0
- package/esm/browser/idx/remediators/ChallengeAuthenticator.js +20 -0
- package/esm/browser/idx/remediators/ChallengeAuthenticator.js.map +1 -0
- package/esm/browser/idx/remediators/ChallengePoll.js +23 -0
- package/esm/browser/idx/remediators/ChallengePoll.js.map +1 -0
- package/esm/browser/idx/remediators/EnrollAuthenticator.js +20 -0
- package/esm/browser/idx/remediators/EnrollAuthenticator.js.map +1 -0
- package/esm/browser/idx/remediators/EnrollPoll.js +38 -0
- package/esm/browser/idx/remediators/EnrollPoll.js.map +1 -0
- package/esm/browser/idx/remediators/EnrollProfile.js +52 -0
- package/esm/browser/idx/remediators/EnrollProfile.js.map +1 -0
- package/esm/browser/idx/remediators/EnrollmentChannelData.js +49 -0
- package/esm/browser/idx/remediators/EnrollmentChannelData.js.map +1 -0
- package/esm/browser/idx/remediators/GenericRemediator/GenericRemediator.js +60 -0
- package/esm/browser/idx/remediators/GenericRemediator/GenericRemediator.js.map +1 -0
- package/esm/browser/idx/remediators/GenericRemediator/util.js +50 -0
- package/esm/browser/idx/remediators/GenericRemediator/util.js.map +1 -0
- package/esm/browser/idx/remediators/Identify.js +40 -0
- package/esm/browser/idx/remediators/Identify.js.map +1 -0
- package/esm/browser/idx/remediators/ReEnrollAuthenticator.js +34 -0
- package/esm/browser/idx/remediators/ReEnrollAuthenticator.js.map +1 -0
- package/esm/browser/idx/remediators/RedirectIdp.js +32 -0
- package/esm/browser/idx/remediators/RedirectIdp.js.map +1 -0
- package/esm/browser/idx/remediators/ResetAuthenticator.js +20 -0
- package/esm/browser/idx/remediators/ResetAuthenticator.js.map +1 -0
- package/esm/browser/idx/remediators/SelectAuthenticatorAuthenticate.js +35 -0
- package/esm/browser/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -0
- package/esm/browser/idx/remediators/SelectAuthenticatorEnroll.js +20 -0
- package/esm/browser/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -0
- package/esm/browser/idx/remediators/SelectAuthenticatorUnlockAccount.js +44 -0
- package/esm/browser/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
- package/esm/browser/idx/remediators/SelectEnrollProfile.js +23 -0
- package/esm/browser/idx/remediators/SelectEnrollProfile.js.map +1 -0
- package/esm/browser/idx/remediators/SelectEnrollmentChannel.js +50 -0
- package/esm/browser/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
- package/esm/browser/idx/remediators/Skip.js +23 -0
- package/esm/browser/idx/remediators/Skip.js.map +1 -0
- package/esm/browser/idx/remediators/index.js +33 -0
- package/esm/browser/idx/remediators/index.js.map +1 -0
- package/esm/browser/idx/remediators/util.js +34 -0
- package/esm/browser/idx/remediators/util.js.map +1 -0
- package/esm/browser/idx/run.js +245 -0
- package/esm/browser/idx/run.js.map +1 -0
- package/esm/browser/idx/startTransaction.js +21 -0
- package/esm/browser/idx/startTransaction.js.map +1 -0
- package/esm/browser/idx/transactionMeta.js +110 -0
- package/esm/browser/idx/transactionMeta.js.map +1 -0
- package/esm/browser/idx/types/api.js +43 -0
- package/esm/browser/idx/types/api.js.map +1 -0
- package/esm/browser/idx/types/idx-js.js +21 -0
- package/esm/browser/idx/types/idx-js.js.map +1 -0
- package/esm/browser/idx/unlockAccount.js +32 -0
- package/esm/browser/idx/unlockAccount.js.map +1 -0
- package/esm/browser/idx/util.js +223 -0
- package/esm/browser/idx/util.js.map +1 -0
- package/esm/browser/index.js +91 -0
- package/esm/browser/index.js.map +1 -0
- package/esm/browser/myaccount/emailApi.js +86 -0
- package/esm/browser/myaccount/emailApi.js.map +1 -0
- package/esm/browser/myaccount/myaccount/index.js +24 -0
- package/esm/browser/myaccount/myaccount/index.js.map +1 -0
- package/esm/browser/myaccount/phoneApi.js +76 -0
- package/esm/browser/myaccount/phoneApi.js.map +1 -0
- package/esm/browser/myaccount/profileApi.js +46 -0
- package/esm/browser/myaccount/profileApi.js.map +1 -0
- package/esm/browser/myaccount/request.js +121 -0
- package/esm/browser/myaccount/request.js.map +1 -0
- package/esm/browser/myaccount/transactions/Base.js +32 -0
- package/esm/browser/myaccount/transactions/Base.js.map +1 -0
- package/esm/browser/myaccount/transactions/EmailChallengeTransaction.js +48 -0
- package/esm/browser/myaccount/transactions/EmailChallengeTransaction.js.map +1 -0
- package/esm/browser/myaccount/transactions/EmailStatusTransaction.js +28 -0
- package/esm/browser/myaccount/transactions/EmailStatusTransaction.js.map +1 -0
- package/esm/browser/myaccount/transactions/EmailTransaction.js +81 -0
- package/esm/browser/myaccount/transactions/EmailTransaction.js.map +1 -0
- package/esm/browser/myaccount/transactions/PhoneTransaction.js +67 -0
- package/esm/browser/myaccount/transactions/PhoneTransaction.js.map +1 -0
- package/esm/browser/myaccount/transactions/ProfileSchemaTransaction.js +23 -0
- package/esm/browser/myaccount/transactions/ProfileSchemaTransaction.js.map +1 -0
- package/esm/browser/myaccount/transactions/ProfileTransaction.js +26 -0
- package/esm/browser/myaccount/transactions/ProfileTransaction.js.map +1 -0
- package/esm/browser/myaccount/types.js +25 -0
- package/esm/browser/myaccount/types.js.map +1 -0
- package/esm/browser/oidc/decodeToken.js +33 -0
- package/esm/browser/oidc/decodeToken.js.map +1 -0
- package/esm/browser/oidc/endpoints/authorize.js +63 -0
- package/esm/browser/oidc/endpoints/authorize.js.map +1 -0
- package/esm/browser/oidc/endpoints/token.js +83 -0
- package/esm/browser/oidc/endpoints/token.js.map +1 -0
- package/esm/browser/oidc/endpoints/well-known.js +55 -0
- package/esm/browser/oidc/endpoints/well-known.js.map +1 -0
- package/esm/browser/oidc/exchangeCodeForTokens.js +58 -0
- package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -0
- package/esm/browser/oidc/getToken.js +117 -0
- package/esm/browser/oidc/getToken.js.map +1 -0
- package/esm/browser/oidc/getUserInfo.js +69 -0
- package/esm/browser/oidc/getUserInfo.js.map +1 -0
- package/esm/browser/oidc/getWithPopup.js +35 -0
- package/esm/browser/oidc/getWithPopup.js.map +1 -0
- package/esm/browser/oidc/getWithRedirect.js +34 -0
- package/esm/browser/oidc/getWithRedirect.js.map +1 -0
- package/esm/browser/oidc/getWithoutPrompt.js +31 -0
- package/esm/browser/oidc/getWithoutPrompt.js.map +1 -0
- package/esm/browser/oidc/handleOAuthResponse.js +119 -0
- package/esm/browser/oidc/handleOAuthResponse.js.map +1 -0
- package/esm/browser/oidc/parseFromUrl.js +116 -0
- package/esm/browser/oidc/parseFromUrl.js.map +1 -0
- package/esm/browser/oidc/renewToken.js +67 -0
- package/esm/browser/oidc/renewToken.js.map +1 -0
- package/esm/browser/oidc/renewTokens.js +58 -0
- package/esm/browser/oidc/renewTokens.js.map +1 -0
- package/esm/browser/oidc/renewTokensWithRefresh.js +47 -0
- package/esm/browser/oidc/renewTokensWithRefresh.js.map +1 -0
- package/esm/browser/oidc/revokeToken.js +49 -0
- package/esm/browser/oidc/revokeToken.js.map +1 -0
- package/esm/browser/oidc/util/browser.js +69 -0
- package/esm/browser/oidc/util/browser.js.map +1 -0
- package/esm/browser/oidc/util/defaultTokenParams.js +34 -0
- package/esm/browser/oidc/util/defaultTokenParams.js.map +1 -0
- package/esm/browser/oidc/util/errors.js +38 -0
- package/esm/browser/oidc/util/errors.js.map +1 -0
- package/esm/browser/oidc/util/loginRedirect.js +66 -0
- package/esm/browser/oidc/util/loginRedirect.js.map +1 -0
- package/esm/browser/oidc/util/oauth.js +65 -0
- package/esm/browser/oidc/util/oauth.js.map +1 -0
- package/esm/browser/oidc/util/oauthMeta.js +38 -0
- package/esm/browser/oidc/util/oauthMeta.js.map +1 -0
- package/esm/browser/oidc/util/pkce.js +48 -0
- package/esm/browser/oidc/util/pkce.js.map +1 -0
- package/esm/browser/oidc/util/prepareTokenParams.js +65 -0
- package/esm/browser/oidc/util/prepareTokenParams.js.map +1 -0
- package/esm/browser/oidc/util/refreshToken.js +33 -0
- package/esm/browser/oidc/util/refreshToken.js.map +1 -0
- package/esm/browser/oidc/util/urlParams.js +43 -0
- package/esm/browser/oidc/util/urlParams.js.map +1 -0
- package/esm/browser/oidc/util/validateClaims.js +48 -0
- package/esm/browser/oidc/util/validateClaims.js.map +1 -0
- package/esm/browser/oidc/util/validateToken.js +34 -0
- package/esm/browser/oidc/util/validateToken.js.map +1 -0
- package/esm/browser/oidc/verifyToken.js +54 -0
- package/esm/browser/oidc/verifyToken.js.map +1 -0
- package/esm/browser/options/browser.js +77 -0
- package/esm/browser/options/browser.js.map +1 -0
- package/esm/browser/options/index.js +85 -0
- package/esm/browser/options/index.js.map +1 -0
- package/esm/browser/services/AutoRenewService.js +77 -0
- package/esm/browser/services/AutoRenewService.js.map +1 -0
- package/esm/browser/services/LeaderElectionService.js +74 -0
- package/esm/browser/services/LeaderElectionService.js.map +1 -0
- package/esm/browser/services/SyncStorageService.js +130 -0
- package/esm/browser/services/SyncStorageService.js.map +1 -0
- package/esm/browser/session.js +66 -0
- package/esm/browser/session.js.map +1 -0
- package/esm/browser/tx/AuthTransaction.js +174 -0
- package/esm/browser/tx/AuthTransaction.js.map +1 -0
- package/esm/browser/tx/api.js +72 -0
- package/esm/browser/tx/api.js.map +1 -0
- package/esm/browser/tx/poll.js +117 -0
- package/esm/browser/tx/poll.js.map +1 -0
- package/esm/browser/tx/util.js +26 -0
- package/esm/browser/tx/util.js.map +1 -0
- package/esm/browser/types/Token.js +32 -0
- package/esm/browser/types/Token.js.map +1 -0
- package/esm/browser/types/TokenManager.js +21 -0
- package/esm/browser/types/TokenManager.js.map +1 -0
- package/esm/browser/types/Transaction.js +52 -0
- package/esm/browser/types/Transaction.js.map +1 -0
- package/esm/browser/util/console.js +50 -0
- package/esm/browser/util/console.js.map +1 -0
- package/esm/browser/util/misc.js +39 -0
- package/esm/browser/util/misc.js.map +1 -0
- package/esm/browser/util/object.js +98 -0
- package/esm/browser/util/object.js.map +1 -0
- package/esm/browser/util/sharedStorage.js +56 -0
- package/esm/browser/util/sharedStorage.js.map +1 -0
- package/esm/browser/util/types.js +30 -0
- package/esm/browser/util/types.js.map +1 -0
- package/esm/browser/util/url.js +57 -0
- package/esm/browser/util/url.js.map +1 -0
- package/esm/node/AuthStateManager.js +161 -0
- package/esm/node/AuthStateManager.js.map +1 -0
- package/esm/node/OktaAuth.js +560 -0
- package/esm/node/OktaAuth.js.map +1 -0
- package/esm/node/OktaUserAgent.js +39 -0
- package/esm/node/OktaUserAgent.js.map +1 -0
- package/esm/node/PromiseQueue.js +65 -0
- package/esm/node/PromiseQueue.js.map +1 -0
- package/esm/node/SavedObject.js +81 -0
- package/esm/node/SavedObject.js.map +1 -0
- package/esm/node/ServiceManager.js +115 -0
- package/esm/node/ServiceManager.js.map +1 -0
- package/esm/node/StorageManager.js +148 -0
- package/esm/node/StorageManager.js.map +1 -0
- package/esm/node/TokenManager.js +387 -0
- package/esm/node/TokenManager.js.map +1 -0
- package/esm/node/TransactionManager.js +244 -0
- package/esm/node/TransactionManager.js.map +1 -0
- package/esm/node/_virtual/_tslib.js +41 -0
- package/esm/node/_virtual/_tslib.js.map +1 -0
- package/esm/node/browser/browserStorage.js +216 -0
- package/esm/node/browser/browserStorage.js.map +1 -0
- package/esm/node/browser/fingerprint.js +70 -0
- package/esm/node/browser/fingerprint.js.map +1 -0
- package/esm/node/builderUtil.js +39 -0
- package/esm/node/builderUtil.js.map +1 -0
- package/esm/node/clock.js +28 -0
- package/esm/node/clock.js.map +1 -0
- package/esm/node/constants.js +37 -0
- package/esm/node/constants.js.map +1 -0
- package/esm/node/crypto/base64.js +66 -0
- package/esm/node/crypto/base64.js.map +1 -0
- package/esm/node/crypto/index.js +17 -0
- package/esm/node/crypto/index.js.map +1 -0
- package/esm/node/crypto/node.js +48 -0
- package/esm/node/crypto/node.js.map +1 -0
- package/esm/node/crypto/oidcHash.js +28 -0
- package/esm/node/crypto/oidcHash.js.map +1 -0
- package/esm/node/crypto/verifyToken.js +38 -0
- package/esm/node/crypto/verifyToken.js.map +1 -0
- package/esm/node/crypto/webauthn.js +79 -0
- package/esm/node/crypto/webauthn.js.map +1 -0
- package/esm/node/errors/AuthApiError.js +35 -0
- package/esm/node/errors/AuthApiError.js.map +1 -0
- package/esm/node/errors/AuthPollStopError.js +23 -0
- package/esm/node/errors/AuthPollStopError.js.map +1 -0
- package/esm/node/errors/AuthSdkError.js +31 -0
- package/esm/node/errors/AuthSdkError.js.map +1 -0
- package/esm/node/errors/CustomError.js +21 -0
- package/esm/node/errors/CustomError.js.map +1 -0
- package/esm/node/errors/OAuthError.js +27 -0
- package/esm/node/errors/OAuthError.js.map +1 -0
- package/esm/node/errors/index.js +26 -0
- package/esm/node/errors/index.js.map +1 -0
- package/esm/node/features.js +67 -0
- package/esm/node/features.js.map +1 -0
- package/esm/node/fetch/fetchRequest.js +90 -0
- package/esm/node/fetch/fetchRequest.js.map +1 -0
- package/esm/node/http/headers.js +19 -0
- package/esm/node/http/headers.js.map +1 -0
- package/esm/node/http/request.js +133 -0
- package/esm/node/http/request.js.map +1 -0
- package/esm/node/idx/authenticate.js +25 -0
- package/esm/node/idx/authenticate.js.map +1 -0
- package/esm/node/idx/authenticator/Authenticator.js +20 -0
- package/esm/node/idx/authenticator/Authenticator.js.map +1 -0
- package/esm/node/idx/authenticator/OktaPassword.js +33 -0
- package/esm/node/idx/authenticator/OktaPassword.js.map +1 -0
- package/esm/node/idx/authenticator/OktaVerifyTotp.js +26 -0
- package/esm/node/idx/authenticator/OktaVerifyTotp.js.map +1 -0
- package/esm/node/idx/authenticator/SecurityQuestionEnrollment.js +45 -0
- package/esm/node/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -0
- package/esm/node/idx/authenticator/SecurityQuestionVerification.js +42 -0
- package/esm/node/idx/authenticator/SecurityQuestionVerification.js.map +1 -0
- package/esm/node/idx/authenticator/VerificationCodeAuthenticator.js +33 -0
- package/esm/node/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -0
- package/esm/node/idx/authenticator/WebauthnEnrollment.js +41 -0
- package/esm/node/idx/authenticator/WebauthnEnrollment.js.map +1 -0
- package/esm/node/idx/authenticator/WebauthnVerification.js +43 -0
- package/esm/node/idx/authenticator/WebauthnVerification.js.map +1 -0
- package/esm/node/idx/authenticator/getAuthenticator.js +51 -0
- package/esm/node/idx/authenticator/getAuthenticator.js.map +1 -0
- package/esm/node/idx/authenticator/util.js +55 -0
- package/esm/node/idx/authenticator/util.js.map +1 -0
- package/esm/node/idx/cancel.js +42 -0
- package/esm/node/idx/cancel.js.map +1 -0
- package/esm/node/idx/emailVerify.js +46 -0
- package/esm/node/idx/emailVerify.js.map +1 -0
- package/esm/node/idx/flow/AccountUnlockFlow.js +43 -0
- package/esm/node/idx/flow/AccountUnlockFlow.js.map +1 -0
- package/esm/node/idx/flow/AuthenticationFlow.js +49 -0
- package/esm/node/idx/flow/AuthenticationFlow.js.map +1 -0
- package/esm/node/idx/flow/FlowSpecification.js +56 -0
- package/esm/node/idx/flow/FlowSpecification.js.map +1 -0
- package/esm/node/idx/flow/PasswordRecoveryFlow.js +47 -0
- package/esm/node/idx/flow/PasswordRecoveryFlow.js.map +1 -0
- package/esm/node/idx/flow/RegistrationFlow.js +46 -0
- package/esm/node/idx/flow/RegistrationFlow.js.map +1 -0
- package/esm/node/idx/handleInteractionCodeRedirect.js +41 -0
- package/esm/node/idx/handleInteractionCodeRedirect.js.map +1 -0
- package/esm/node/idx/idxState/index.js +46 -0
- package/esm/node/idx/idxState/index.js.map +1 -0
- package/esm/node/idx/idxState/v1/actionParser.js +53 -0
- package/esm/node/idx/idxState/v1/actionParser.js.map +1 -0
- package/esm/node/idx/idxState/v1/generateIdxAction.js +65 -0
- package/esm/node/idx/idxState/v1/generateIdxAction.js.map +1 -0
- package/esm/node/idx/idxState/v1/idxResponseParser.js +95 -0
- package/esm/node/idx/idxState/v1/idxResponseParser.js.map +1 -0
- package/esm/node/idx/idxState/v1/makeIdxState.js +46 -0
- package/esm/node/idx/idxState/v1/makeIdxState.js.map +1 -0
- package/esm/node/idx/idxState/v1/parsers.js +20 -0
- package/esm/node/idx/idxState/v1/parsers.js.map +1 -0
- package/esm/node/idx/idxState/v1/remediationParser.js +25 -0
- package/esm/node/idx/idxState/v1/remediationParser.js.map +1 -0
- package/esm/node/idx/interact.js +63 -0
- package/esm/node/idx/interact.js.map +1 -0
- package/esm/node/idx/introspect.js +69 -0
- package/esm/node/idx/introspect.js.map +1 -0
- package/esm/node/idx/poll.js +52 -0
- package/esm/node/idx/poll.js.map +1 -0
- package/esm/node/idx/proceed.js +34 -0
- package/esm/node/idx/proceed.js.map +1 -0
- package/esm/node/idx/recoverPassword.js +41 -0
- package/esm/node/idx/recoverPassword.js.map +1 -0
- package/esm/node/idx/register.js +36 -0
- package/esm/node/idx/register.js.map +1 -0
- package/esm/node/idx/remediate.js +134 -0
- package/esm/node/idx/remediate.js.map +1 -0
- package/esm/node/idx/remediators/AuthenticatorEnrollmentData.js +48 -0
- package/esm/node/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -0
- package/esm/node/idx/remediators/AuthenticatorVerificationData.js +71 -0
- package/esm/node/idx/remediators/AuthenticatorVerificationData.js.map +1 -0
- package/esm/node/idx/remediators/Base/AuthenticatorData.js +82 -0
- package/esm/node/idx/remediators/Base/AuthenticatorData.js.map +1 -0
- package/esm/node/idx/remediators/Base/Remediator.js +177 -0
- package/esm/node/idx/remediators/Base/Remediator.js.map +1 -0
- package/esm/node/idx/remediators/Base/SelectAuthenticator.js +90 -0
- package/esm/node/idx/remediators/Base/SelectAuthenticator.js.map +1 -0
- package/esm/node/idx/remediators/Base/VerifyAuthenticator.js +44 -0
- package/esm/node/idx/remediators/Base/VerifyAuthenticator.js.map +1 -0
- package/esm/node/idx/remediators/ChallengeAuthenticator.js +20 -0
- package/esm/node/idx/remediators/ChallengeAuthenticator.js.map +1 -0
- package/esm/node/idx/remediators/ChallengePoll.js +23 -0
- package/esm/node/idx/remediators/ChallengePoll.js.map +1 -0
- package/esm/node/idx/remediators/EnrollAuthenticator.js +20 -0
- package/esm/node/idx/remediators/EnrollAuthenticator.js.map +1 -0
- package/esm/node/idx/remediators/EnrollPoll.js +38 -0
- package/esm/node/idx/remediators/EnrollPoll.js.map +1 -0
- package/esm/node/idx/remediators/EnrollProfile.js +52 -0
- package/esm/node/idx/remediators/EnrollProfile.js.map +1 -0
- package/esm/node/idx/remediators/EnrollmentChannelData.js +49 -0
- package/esm/node/idx/remediators/EnrollmentChannelData.js.map +1 -0
- package/esm/node/idx/remediators/GenericRemediator/GenericRemediator.js +60 -0
- package/esm/node/idx/remediators/GenericRemediator/GenericRemediator.js.map +1 -0
- package/esm/node/idx/remediators/GenericRemediator/util.js +50 -0
- package/esm/node/idx/remediators/GenericRemediator/util.js.map +1 -0
- package/esm/node/idx/remediators/Identify.js +40 -0
- package/esm/node/idx/remediators/Identify.js.map +1 -0
- package/esm/node/idx/remediators/ReEnrollAuthenticator.js +34 -0
- package/esm/node/idx/remediators/ReEnrollAuthenticator.js.map +1 -0
- package/esm/node/idx/remediators/RedirectIdp.js +32 -0
- package/esm/node/idx/remediators/RedirectIdp.js.map +1 -0
- package/esm/node/idx/remediators/ResetAuthenticator.js +20 -0
- package/esm/node/idx/remediators/ResetAuthenticator.js.map +1 -0
- package/esm/node/idx/remediators/SelectAuthenticatorAuthenticate.js +35 -0
- package/esm/node/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -0
- package/esm/node/idx/remediators/SelectAuthenticatorEnroll.js +20 -0
- package/esm/node/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -0
- package/esm/node/idx/remediators/SelectAuthenticatorUnlockAccount.js +44 -0
- package/esm/node/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
- package/esm/node/idx/remediators/SelectEnrollProfile.js +23 -0
- package/esm/node/idx/remediators/SelectEnrollProfile.js.map +1 -0
- package/esm/node/idx/remediators/SelectEnrollmentChannel.js +50 -0
- package/esm/node/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
- package/esm/node/idx/remediators/Skip.js +23 -0
- package/esm/node/idx/remediators/Skip.js.map +1 -0
- package/esm/node/idx/remediators/index.js +33 -0
- package/esm/node/idx/remediators/index.js.map +1 -0
- package/esm/node/idx/remediators/util.js +34 -0
- package/esm/node/idx/remediators/util.js.map +1 -0
- package/esm/node/idx/run.js +245 -0
- package/esm/node/idx/run.js.map +1 -0
- package/esm/node/idx/startTransaction.js +21 -0
- package/esm/node/idx/startTransaction.js.map +1 -0
- package/esm/node/idx/transactionMeta.js +111 -0
- package/esm/node/idx/transactionMeta.js.map +1 -0
- package/esm/node/idx/types/api.js +43 -0
- package/esm/node/idx/types/api.js.map +1 -0
- package/esm/node/idx/types/idx-js.js +21 -0
- package/esm/node/idx/types/idx-js.js.map +1 -0
- package/esm/node/idx/unlockAccount.js +32 -0
- package/esm/node/idx/unlockAccount.js.map +1 -0
- package/esm/node/idx/util.js +223 -0
- package/esm/node/idx/util.js.map +1 -0
- package/esm/node/index.js +91 -0
- package/esm/node/index.js.map +1 -0
- package/esm/node/myaccount/emailApi.js +86 -0
- package/esm/node/myaccount/emailApi.js.map +1 -0
- package/esm/node/myaccount/myaccount/index.js +24 -0
- package/esm/node/myaccount/myaccount/index.js.map +1 -0
- package/esm/node/myaccount/phoneApi.js +76 -0
- package/esm/node/myaccount/phoneApi.js.map +1 -0
- package/esm/node/myaccount/profileApi.js +46 -0
- package/esm/node/myaccount/profileApi.js.map +1 -0
- package/esm/node/myaccount/request.js +121 -0
- package/esm/node/myaccount/request.js.map +1 -0
- package/esm/node/myaccount/transactions/Base.js +32 -0
- package/esm/node/myaccount/transactions/Base.js.map +1 -0
- package/esm/node/myaccount/transactions/EmailChallengeTransaction.js +48 -0
- package/esm/node/myaccount/transactions/EmailChallengeTransaction.js.map +1 -0
- package/esm/node/myaccount/transactions/EmailStatusTransaction.js +28 -0
- package/esm/node/myaccount/transactions/EmailStatusTransaction.js.map +1 -0
- package/esm/node/myaccount/transactions/EmailTransaction.js +81 -0
- package/esm/node/myaccount/transactions/EmailTransaction.js.map +1 -0
- package/esm/node/myaccount/transactions/PhoneTransaction.js +67 -0
- package/esm/node/myaccount/transactions/PhoneTransaction.js.map +1 -0
- package/esm/node/myaccount/transactions/ProfileSchemaTransaction.js +23 -0
- package/esm/node/myaccount/transactions/ProfileSchemaTransaction.js.map +1 -0
- package/esm/node/myaccount/transactions/ProfileTransaction.js +26 -0
- package/esm/node/myaccount/transactions/ProfileTransaction.js.map +1 -0
- package/esm/node/myaccount/types.js +25 -0
- package/esm/node/myaccount/types.js.map +1 -0
- package/esm/node/oidc/decodeToken.js +34 -0
- package/esm/node/oidc/decodeToken.js.map +1 -0
- package/esm/node/oidc/endpoints/authorize.js +63 -0
- package/esm/node/oidc/endpoints/authorize.js.map +1 -0
- package/esm/node/oidc/endpoints/token.js +83 -0
- package/esm/node/oidc/endpoints/token.js.map +1 -0
- package/esm/node/oidc/endpoints/well-known.js +55 -0
- package/esm/node/oidc/endpoints/well-known.js.map +1 -0
- package/esm/node/oidc/exchangeCodeForTokens.js +59 -0
- package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -0
- package/esm/node/oidc/getToken.js +118 -0
- package/esm/node/oidc/getToken.js.map +1 -0
- package/esm/node/oidc/getUserInfo.js +69 -0
- package/esm/node/oidc/getUserInfo.js.map +1 -0
- package/esm/node/oidc/getWithPopup.js +36 -0
- package/esm/node/oidc/getWithPopup.js.map +1 -0
- package/esm/node/oidc/getWithRedirect.js +35 -0
- package/esm/node/oidc/getWithRedirect.js.map +1 -0
- package/esm/node/oidc/getWithoutPrompt.js +31 -0
- package/esm/node/oidc/getWithoutPrompt.js.map +1 -0
- package/esm/node/oidc/handleOAuthResponse.js +120 -0
- package/esm/node/oidc/handleOAuthResponse.js.map +1 -0
- package/esm/node/oidc/parseFromUrl.js +117 -0
- package/esm/node/oidc/parseFromUrl.js.map +1 -0
- package/esm/node/oidc/renewToken.js +67 -0
- package/esm/node/oidc/renewToken.js.map +1 -0
- package/esm/node/oidc/renewTokens.js +59 -0
- package/esm/node/oidc/renewTokens.js.map +1 -0
- package/esm/node/oidc/renewTokensWithRefresh.js +47 -0
- package/esm/node/oidc/renewTokensWithRefresh.js.map +1 -0
- package/esm/node/oidc/revokeToken.js +49 -0
- package/esm/node/oidc/revokeToken.js.map +1 -0
- package/esm/node/oidc/util/browser.js +69 -0
- package/esm/node/oidc/util/browser.js.map +1 -0
- package/esm/node/oidc/util/defaultTokenParams.js +34 -0
- package/esm/node/oidc/util/defaultTokenParams.js.map +1 -0
- package/esm/node/oidc/util/errors.js +38 -0
- package/esm/node/oidc/util/errors.js.map +1 -0
- package/esm/node/oidc/util/loginRedirect.js +66 -0
- package/esm/node/oidc/util/loginRedirect.js.map +1 -0
- package/esm/node/oidc/util/oauth.js +65 -0
- package/esm/node/oidc/util/oauth.js.map +1 -0
- package/esm/node/oidc/util/oauthMeta.js +38 -0
- package/esm/node/oidc/util/oauthMeta.js.map +1 -0
- package/esm/node/oidc/util/pkce.js +48 -0
- package/esm/node/oidc/util/pkce.js.map +1 -0
- package/esm/node/oidc/util/prepareTokenParams.js +65 -0
- package/esm/node/oidc/util/prepareTokenParams.js.map +1 -0
- package/esm/node/oidc/util/refreshToken.js +33 -0
- package/esm/node/oidc/util/refreshToken.js.map +1 -0
- package/esm/node/oidc/util/urlParams.js +43 -0
- package/esm/node/oidc/util/urlParams.js.map +1 -0
- package/esm/node/oidc/util/validateClaims.js +48 -0
- package/esm/node/oidc/util/validateClaims.js.map +1 -0
- package/esm/node/oidc/util/validateToken.js +34 -0
- package/esm/node/oidc/util/validateToken.js.map +1 -0
- package/esm/node/oidc/verifyToken.js +55 -0
- package/esm/node/oidc/verifyToken.js.map +1 -0
- package/esm/node/options/index.js +85 -0
- package/esm/node/options/index.js.map +1 -0
- package/esm/node/options/node.js +41 -0
- package/esm/node/options/node.js.map +1 -0
- package/esm/node/server/serverStorage.js +82 -0
- package/esm/node/server/serverStorage.js.map +1 -0
- package/esm/node/services/AutoRenewService.js +77 -0
- package/esm/node/services/AutoRenewService.js.map +1 -0
- package/esm/node/services/LeaderElectionService.js +74 -0
- package/esm/node/services/LeaderElectionService.js.map +1 -0
- package/esm/node/services/SyncStorageService.js +130 -0
- package/esm/node/services/SyncStorageService.js.map +1 -0
- package/esm/node/session.js +66 -0
- package/esm/node/session.js.map +1 -0
- package/esm/node/tx/AuthTransaction.js +174 -0
- package/esm/node/tx/AuthTransaction.js.map +1 -0
- package/esm/node/tx/api.js +72 -0
- package/esm/node/tx/api.js.map +1 -0
- package/esm/node/tx/poll.js +117 -0
- package/esm/node/tx/poll.js.map +1 -0
- package/esm/node/tx/util.js +26 -0
- package/esm/node/tx/util.js.map +1 -0
- package/esm/node/types/Token.js +32 -0
- package/esm/node/types/Token.js.map +1 -0
- package/esm/node/types/TokenManager.js +21 -0
- package/esm/node/types/TokenManager.js.map +1 -0
- package/esm/node/types/Transaction.js +52 -0
- package/esm/node/types/Transaction.js.map +1 -0
- package/esm/node/util/console.js +50 -0
- package/esm/node/util/console.js.map +1 -0
- package/esm/node/util/misc.js +39 -0
- package/esm/node/util/misc.js.map +1 -0
- package/esm/node/util/object.js +98 -0
- package/esm/node/util/object.js.map +1 -0
- package/esm/node/util/sharedStorage.js +56 -0
- package/esm/node/util/sharedStorage.js.map +1 -0
- package/esm/node/util/types.js +30 -0
- package/esm/node/util/types.js.map +1 -0
- package/esm/node/util/url.js +57 -0
- package/esm/node/util/url.js.map +1 -0
- package/esm/package.json +3 -0
- package/lib/SavedObject.d.ts +1 -0
- package/lib/ServiceManager.d.ts +1 -7
- package/lib/TokenManager.d.ts +12 -10
- package/lib/cdnEntry.d.ts +18 -0
- package/lib/errors/AuthApiError.d.ts +2 -1
- package/lib/idx/idxState/v1/idxResponseParser.d.ts +2 -2
- package/lib/idx/types/idx-js.d.ts +12 -0
- package/lib/idx/util.d.ts +3 -3
- package/lib/myaccount/api.d.ts +14 -0
- package/lib/myaccount/emailApi.d.ts +29 -0
- package/lib/myaccount/index.d.ts +13 -0
- package/lib/myaccount/phoneApi.d.ts +25 -0
- package/lib/myaccount/profileApi.d.ts +13 -0
- package/lib/myaccount/request.d.ts +29 -0
- package/lib/myaccount/transactions/Base.d.ts +15 -0
- package/lib/myaccount/transactions/EmailChallengeTransaction.d.ts +12 -0
- package/lib/myaccount/transactions/EmailStatusTransaction.d.ts +9 -0
- package/lib/myaccount/transactions/EmailTransaction.d.ts +15 -0
- package/lib/myaccount/transactions/PhoneTransaction.d.ts +12 -0
- package/lib/myaccount/transactions/ProfileSchemaTransaction.d.ts +5 -0
- package/lib/myaccount/transactions/ProfileTransaction.d.ts +7 -0
- package/lib/myaccount/transactions/index.d.ts +7 -0
- package/lib/myaccount/types.d.ts +55 -0
- package/lib/services/AutoRenewService.d.ts +2 -2
- package/lib/services/LeaderElectionService.d.ts +33 -0
- package/lib/services/SyncStorageService.d.ts +17 -5
- package/lib/services/index.d.ts +1 -0
- package/lib/types/JWT.d.ts +4 -1
- package/lib/types/OktaAuthOptions.d.ts +4 -2
- package/lib/types/Service.d.ts +7 -4
- package/lib/types/Storage.d.ts +2 -0
- package/lib/types/TokenManager.d.ts +20 -4
- package/lib/types/api.d.ts +2 -1
- package/lib/types/index.d.ts +1 -0
- package/lib/util/misc.d.ts +1 -0
- package/package.json +42 -18
- package/polyfill/index.js +7 -0
- package/esm/esm.browser.js +0 -9834
- package/esm/esm.browser.js.map +0 -1
- package/esm/esm.node.mjs +0 -9932
- package/esm/esm.node.mjs.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"browser.js","names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"sources":["../../../../lib/oidc/util/browser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOptionsInterface } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthOptionsInterface, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"mappings":";;;;;;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;EACjD,IAAIF,WAAW,CAACG,gBAAhB,EAAkC;IAChCH,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;EACD,CAFD,MAEO;IACLF,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;EACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;EACpD,IAAIF,WAAW,CAACM,mBAAhB,EAAqC;IACnCN,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;EACD,CAFD,MAEO;IACLF,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;EACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;EAC7B,IAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;EACAF,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;EACAJ,MAAM,CAACD,GAAP,GAAaA,GAAb;EAEA,OAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;EACtC,IAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;EACA,IAAIC,UAAU,GAAG,gDACf,0CADF;EAEA,OAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAA+DC,OAA/D,EAAwEC,KAAxE,EAA+E;EACpF,IAAIC,eAAJ;EACA,IAAIC,SAAJ;EACA,IAAIC,oBAAoB,GAAG,qBAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;IAEhEJ,eAAe,GAAG,SAASA,eAAT,CAAyBK,CAAzB,EAA4B;MAC5C,IAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOP,KAAP,KAAiBA,KAAhC,EAAuC;QACrC;QACA;MACD,CAJ2C,CAM5C;MACA;MACA;MACA;;;MACA,IAAIM,CAAC,CAACE,MAAF,KAAaV,GAAG,CAACW,eAAJ,EAAjB,EAAwC;QACtC,OAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;MACD;;MACDN,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;IACD,CAdD;;IAgBAnC,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;IAEAC,SAAS,GAAGS,UAAU,CAAC,YAAY;MACjCN,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;IACD,CAFqB,EAEnBX,OAAO,IAAI,MAFQ,CAAtB;EAGD,CAvB0B,CAA3B;EAyBA,OAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;IACnBC,YAAY,CAACX,SAAD,CAAZ;IACAxB,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;EACD,CAJI,CAAP;AAKD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOptionsInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOptionsInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n ignoreSignature\n });\n}"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2E;EAChF,MAAM;IACJC,IADI;IAEJC,QAFI;IAGJC,WAHI;IAIJC,YAJI;IAKJC,YALI;IAMJC,MANI;IAOJC,KAPI;IAQJC;EARI,IASFR,GAAG,CAACS,OATR;EAUA,MAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;EACA,OAAO,sBAAW;IAChBb,IADgB;IAEhBC,QAFgB;IAGhBC,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;IAIhBN,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;IAKhBC,YALgB;IAMhBE,KAAK,EAAEA,KAAK,IAAI,2BANA;IAOhBQ,KAAK,EAAE,2BAPS;IAQhBT,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;IAShBE;EATgB,CAAX,CAAP;AAWD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOptionsInterface } from '../../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOptionsInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;EACvD,IAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;IAC/B,OAAO,KAAP;EACD;;EACD,MAAMC,UAAU,GAAGF,KAAnB;EACA,OAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAAiEL,KAAjE,EAA+E;EACpF,IAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;IACjC,OAAO,KAAP;EACD;;EACD,MAAMK,YAAY,GAAGN,KAArB,CAJoF,CAKpF;;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;EACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;EACA,OAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD;;AAEM,SAASY,0BAAT,CAAoCZ,KAApC,EAA6D;EAClE;EACA,OAAO,0BAAaA,KAAb,KACLA,KAAK,CAACG,SAAN,KAAoB,eADf,IAELH,KAAK,CAACa,YAAN,KAAuB,0CAFzB;AAGD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/util/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"mappings":";;;;;;;;;;;;;;;;AAcA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAEA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOptionsInterface, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOptionsInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOptionsInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOptionsInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;EACrD,OAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;EAClE,OAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;EAChE,OAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;EAC3D,OAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4E;EACjF,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;EACA,IAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;IACnC,OAAO,KAAP;EACD;;EACD,OAAO,sBAAAJ,GAAG,MAAH,CAAAA,GAAG,EAASE,UAAU,CAACE,WAApB,CAAH,KAAwC,CAA/C;AACD;;AAEM,SAASC,UAAT,CAAoBF,OAApB,EAA8C;EACnD,OAAOA,OAAO,CAACG,IAAR,IAAgBH,OAAO,CAACI,YAAR,KAAyB,MAAzC,IAAmDJ,OAAO,CAACK,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBN,OAAzB,EAAmD;EACxD,IAAIO,QAAQ,GAAGL,UAAU,CAACF,OAAD,CAAzB;EACA,IAAIQ,QAAQ,GAAGD,QAAQ,IAAIP,OAAO,CAACK,YAAR,KAAyB,UAApD;EACA,OAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBpB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASsB,eAAT,CAA0Bd,GAA1B,EAAyD;EAC9D;EACA,IAAI,CAACF,aAAa,CAACa,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBf,GAAvB,CAAlB,EAA8C;IAC5C,OAAO,KAAP;EACD,CAJ6D,CAM9D;;;EACA,IAAIS,QAAQ,GAAGL,UAAU,CAACJ,GAAG,CAACE,OAAL,CAAzB;EACA,IAAIP,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAAlC;;EAEA,IAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;IAC/B,OAAO,IAAP;EACD;;EAED,IAAIc,QAAJ,EAAc;IACZ,IAAIO,OAAO,GAAItB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;IACA,OAAOqB,OAAP;EACD,CAjB6D,CAmB9D;;;EACA,OAAOzB,eAAe,CAACoB,MAAM,CAACC,QAAP,CAAgBpB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASyB,qBAAT,CAAgCjB,GAAhC,EAA+DL,YAA/D,EAAsF;EAC3F,IAAI,CAACA,YAAL,EAAmB;IAAE;IACnB;IACA,IAAI,CAACmB,eAAe,CAACd,GAAD,CAApB,EAA0B;MACxB,OAAO,KAAP;IACD;;IAEDL,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAA9B;EACD;;EACD,OAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"oauth.js","names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOptionsInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAAkDC,OAAmB,GAAG,EAAxE,EAA4E;EAC1E,MAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAwDC,OAAmB,GAAG,EAA9E,EAAkF;EACvF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAuDC,OAAmB,GAAG,EAA7E,EAAiF;EACtF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAAqDC,OAArD,EAAuF;EAC5F,IAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDV,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4F,CAM5F;;EACA,IAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;EACA,IAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;EACA,IAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;EACA,IAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;EACA,IAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;EAEA,IAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;EAEAW,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;EACAS,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;EACAU,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EACAW,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLF,MAAM,EAAEA,MADH;IAELU,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOptionsInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthOptionsInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMI,SAA+B,GAAG;IACtCH,MADsC;IAEtCE,IAFsC;IAGtCE,QAAQ,EAAEL,WAAW,CAACK,QAHgB;IAItCC,WAAW,EAAEN,WAAW,CAACM,WAJa;IAKtCC,YAAY,EAAEP,WAAW,CAACO,YALY;IAMtCC,YAAY,EAAER,WAAW,CAACQ,YANY;IAOtCC,MAAM,EAAET,WAAW,CAACS,MAPkB;IAQtCC,KAAK,EAAEV,WAAW,CAACU,KARmB;IAStCC,KAAK,EAAEX,WAAW,CAACW,KATmB;IAUtCC,eAAe,EAAEZ,WAAW,CAACY;EAVS,CAAxC;;EAaA,IAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEf,WAAW,CAACe,YAFU;IAGpCC,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;IAIpCC,aAAa,EAAEjB,WAAW,CAACiB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,kBAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;EAAA;;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;EACD;;EACD,OAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;EACvD,IAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;EACA,OAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbC,6BAA6B,EAA7BA,wCADa;EAEbnB,gBAFa;EAGbM;AAHa,C"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthFeaturesInterface, OktaAuthOIDCInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthFeaturesInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOIDCInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthOIDCInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAA2D;EAChE,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAuEQ,mBAAvE,EAAqG;EAC1G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF0G,CAI1G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;EACA,IAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAI,sBAAAC,OAAO,MAAP,CAAAA,OAAO,EAASJ,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeK,WAAf,CACLb,GADK,EAELc,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFR;EAHE,IAIAM,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIhB,GAAG,CAACS,OAAJ,CAAYO,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBjB,iBAAiB,CAACC,GAAD,CAAjB;IACAe,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDP,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAM,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZR;EALY,CAAd;EAQA,OAAOM,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLrB,GADK,EAELc,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,+CAAsBtB,GAAtB,CAAjB;EACAc,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACS,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,WAAP;EACD;;EAED,OAAOD,WAAW,CAACb,GAAD,EAAMc,WAAN,CAAlB;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n if (!isAuthApiError(err)) {\n return false;\n }\n\n if (!err.xhr || !err.xhr.responseJSON) {\n return false;\n }\n\n const { responseJSON } = err.xhr;\n if (responseJSON.error === 'invalid_grant') {\n return true;\n }\n\n return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,4BAAeA,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACC,GAAL,IAAY,CAACD,GAAG,CAACC,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBF,GAAG,CAACC,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"urlParams.js","names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"sources":["../../../../lib/oidc/util/urlParams.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n // Predefine regexs for parsing hash\n var plus2space = /\\+/g;\n var paramSplit = /([^&=]+)=?([^&]*)/g;\n var fragment = hashOrSearch || '';\n\n // Some hash based routers will automatically add a / character after the hash\n if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n fragment = fragment.substring(2);\n }\n\n // Remove the leading # or ?\n if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n fragment = fragment.substring(1);\n }\n\n\n var obj = {};\n\n // Loop until we have no more params\n var param;\n while (true) { // eslint-disable-line no-constant-condition\n param = paramSplit.exec(fragment);\n if (!param) { break; }\n\n var key = param[1];\n var value = param[2];\n\n // id_token should remain base64url encoded\n if (key === 'id_token' || key === 'access_token' || key === 'code') {\n obj[key] = value;\n } else {\n obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n }\n }\n return obj;\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;EACtD;EACA,IAAIC,UAAU,GAAG,KAAjB;EACA,IAAIC,UAAU,GAAG,oBAAjB;EACA,IAAIC,QAAQ,GAAGH,YAAY,IAAI,EAA/B,CAJsD,CAMtD;;EACA,IAAIG,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;IAC5DD,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;EACD,CATqD,CAWtD;;;EACA,IAAIF,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;IAC5DD,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;EACD;;EAGD,IAAIC,GAAG,GAAG,EAAV,CAjBsD,CAmBtD;;EACA,IAAIC,KAAJ;;EACA,OAAO,IAAP,EAAa;IAAE;IACbA,KAAK,GAAGL,UAAU,CAACM,IAAX,CAAgBL,QAAhB,CAAR;;IACA,IAAI,CAACI,KAAL,EAAY;MAAE;IAAQ;;IAEtB,IAAIE,GAAG,GAAGF,KAAK,CAAC,CAAD,CAAf;IACA,IAAIG,KAAK,GAAGH,KAAK,CAAC,CAAD,CAAjB,CALW,CAOX;;IACA,IAAIE,GAAG,KAAK,UAAR,IAAsBA,GAAG,KAAK,cAA9B,IAAgDA,GAAG,KAAK,MAA5D,EAAoE;MAClEH,GAAG,CAACG,GAAD,CAAH,GAAWC,KAAX;IACD,CAFD,MAEO;MACLJ,GAAG,CAACG,GAAD,CAAH,GAAWE,kBAAkB,CAACD,KAAK,CAACE,OAAN,CAAcX,UAAd,EAA0B,GAA1B,CAAD,CAA7B;IACD;EACF;;EACD,OAAOK,GAAP;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuthOptionsInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAuDC,MAAvD,EAA2EC,gBAA3E,EAAgH;EACrH,IAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;EACA,IAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;EACA,IAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;EAEA,IAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;IAC3B,MAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;EACD;;EAED,IAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;IACnC,MAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;EACD;;EAED,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;IACtB,MAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;EAED;;EAED,IAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;IACtB,MAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;EAED;;EAED,IAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;IAC7B,MAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,IAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;IAC/B,IAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;MACnD,MAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;IACD;;IAED,IAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;MACnD,MAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;IACD;EACF;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"validateToken.js","names":["validateToken","token","type","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n throw new AuthSdkError(\n 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n );\n }\n \n if (type === 'accessToken' && !isAccessToken(token)) {\n throw new AuthSdkError('invalid accessToken');\n } \n if (type === 'idToken' && !isIDToken(token)) {\n throw new AuthSdkError('invalid idToken');\n }\n\n if (type === 'refreshToken' && !isRefreshToken(token)) {\n throw new AuthSdkError('invalid refreshToken');\n }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,sBAAUD,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAAtB,IAA8C,CAAC,2BAAeA,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIE,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAID,IAAI,KAAK,aAAT,IAA0B,CAAC,0BAAcD,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIE,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAID,IAAI,KAAK,SAAT,IAAsB,CAAC,sBAAUD,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIE,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAID,IAAI,KAAK,cAAT,IAA2B,CAAC,2BAAeD,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIE,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","configuredIssuer","issuer","options","validationOptions","clientId","ignoreSignature","payload","features","isTokenVerifySupported","key","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOIDCInterface, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOIDCInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n var jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n var validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAAuEC,gBAAvE,EAA8H;EACnI,IAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;IAC5B,MAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;EACD,CAHkI,CAKnI;;;EACA,IAAIC,GAAG,GAAG,8BAAYJ,KAAK,CAACE,OAAlB,CAAV,CANmI,CAQnI;EACA;;EACA,MAAMG,gBAAgB,GAAG,CAAAJ,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEK,MAAlB,KAA4BP,GAAG,CAACQ,OAAJ,CAAYD,MAAjE;EACA,MAAM;IAAEA;EAAF,IAAa,MAAM,6BAAaP,GAAb,EAAkBM,gBAAlB,CAAzB;EAEA,IAAIG,iBAAoC,GAAG,qBAAc;IACvD;IACAC,QAAQ,EAAEV,GAAG,CAACQ,OAAJ,CAAYE,QAFiC;IAGvDC,eAAe,EAAEX,GAAG,CAACQ,OAAJ,CAAYG;EAH0B,CAAd,EAIxCT,gBAJwC,EAItB;IACnB;IACAK;EAFmB,CAJsB,CAA3C,CAbmI,CAsBnI;;EACA,0BAAeP,GAAf,EAAoBK,GAAG,CAACO,OAAxB,EAAiCH,iBAAjC,EAvBmI,CAyBnI;EACA;;EACA,IAAIA,iBAAiB,CAACE,eAAlB,IAAqC,IAArC,IAA6C,CAACX,GAAG,CAACa,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;IACvF,OAAOb,KAAP;EACD,CA7BkI,CA+BnI;;;EACA,MAAMc,GAAG,GAAG,MAAM,uBAAOf,GAAP,EAAYC,KAAK,CAACM,MAAlB,EAA0BF,GAAG,CAACW,MAAJ,CAAWC,GAArC,CAAlB;EACA,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAACpB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCY,GAArC,CAApB;;EACA,IAAI,CAACG,KAAL,EAAY;IACV,MAAM,IAAId,oBAAJ,CAAiB,kCAAjB,CAAN;EACD;;EACD,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACkB,WAArC,IAAoDnB,KAAK,CAACoB,MAAN,CAAaC,OAArE,EAA8E;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsBtB,gBAAgB,CAACkB,WAAvC,CAAnB;;IACA,IAAIG,IAAI,KAAKtB,KAAK,CAACoB,MAAN,CAAaC,OAA1B,EAAmC;MACjC,MAAM,IAAIlB,oBAAJ,CAAiB,gCAAjB,CAAN;IACD;EACF;;EACD,OAAOH,KAAP;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"browser.js","names":["getStorage","storageUtil","browserStorage","inMemoryStore","STORAGE_MANAGER_OPTIONS","token","storageTypes","cache","transaction","enableSharedStorage","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite"],"sources":["../../../lib/options/browser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\nimport { StorageManagerOptions, OktaAuthOptions, StorageUtil } from '../types';\nimport { warn } from '../util';\n\nimport { default as browserStorage } from '../browser/browserStorage';\n\nexport function getStorage(): StorageUtil {\n const storageUtil = Object.assign({}, browserStorage, {\n inMemoryStore: {} // create unique storage for this instance\n });\n return storageUtil;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nexport const enableSharedStorage = true;\n\nexport function getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n"],"mappings":";;;;;;;;;;AAcA;;AAEA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAMO,SAASA,UAAT,GAAmC;EACxC,MAAMC,WAAW,GAAG,qBAAc,EAAd,EAAkBC,uBAAlB,EAAkC;IACpDC,aAAa,EAAE,EADqC,CAClC;;EADkC,CAAlC,CAApB;EAGA,OAAOF,WAAP;AACD;;AAEM,MAAMG,uBAA8C,GAAG;EAC5DC,KAAK,EAAE;IACLC,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;EADT,CADqD;EAQ5DC,KAAK,EAAE;IACLD,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;EADT,CARqD;EAe5DE,WAAW,EAAE;IACXF,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;EADH,CAf+C;EAsB5D,sBAAsB;IACpBA,YAAY,EAAE,CACZ,cADY;EADM,CAtBsC;EA2B5D,gBAAgB;IACdA,YAAY,EAAE,CACZ,cADY;EADA;AA3B4C,CAAvD;;AAkCA,MAAMG,mBAAmB,GAAG,IAA5B;;;AAEA,SAASC,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;EAC9E;EACA;EACA;EACA,IAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;EACA,IAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;IAChDF,cAAc,CAACE,MAAf,GAAwBH,OAAxB;EACD;;EACD,IAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;IAClDH,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;EACD,CAV6E,CAY9E;;;EACA,IAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;IACrC;IACA,gBACE,oEACA,4DADA,GAEA,gEAHF;IAKAC,cAAc,CAACE,MAAf,GAAwB,KAAxB;EACD,CArB6E,CAuB9E;EACA;;;EACA,IAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;IAChEF,cAAc,CAACG,QAAf,GAA0B,KAA1B;EACD;;EAED,OAAOH,cAAP;AACD"}
|
package/cjs/options/index.js
CHANGED
|
@@ -73,6 +73,7 @@ function buildOptions(args = {}) {
|
|
|
73
73
|
useInteractionCodeFlow: args.useInteractionCodeFlow,
|
|
74
74
|
// Internal options
|
|
75
75
|
httpRequestClient: args.httpRequestClient,
|
|
76
|
+
httpRequestInterceptors: args.httpRequestInterceptors,
|
|
76
77
|
transformErrorXHR: args.transformErrorXHR,
|
|
77
78
|
transformAuthState: args.transformAuthState,
|
|
78
79
|
restoreOriginalUri: args.restoreOriginalUri,
|
|
@@ -97,7 +98,8 @@ function buildOptions(args = {}) {
|
|
|
97
98
|
// Give the developer the ability to disable token signature validation.
|
|
98
99
|
ignoreSignature: !!args.ignoreSignature,
|
|
99
100
|
// Server-side web applications
|
|
100
|
-
clientSecret: args.clientSecret
|
|
101
|
+
clientSecret: args.clientSecret,
|
|
102
|
+
setLocation: args.setLocation
|
|
101
103
|
});
|
|
102
104
|
}
|
|
103
105
|
//# sourceMappingURL=index.js.map
|
package/cjs/options/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"index.js","names":["getDefaultOptions","options","devMode","httpRequestClient","fetchRequest","storageUtil","storageManager","STORAGE_MANAGER_OPTIONS","transactionManager","enableSharedStorage","mergeOptions","args","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","httpRequestInterceptors","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","cookies","flow","codeChallenge","codeChallengeMethod","recoveryToken","activationToken","idx","useGenericRemediator","exchangeCodeForTokens","ignoreSignature","clientSecret","setLocation"],"sources":["../../../lib/options/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { removeTrailingSlash, removeNils } from '../util';\nimport { assertValidConfig } from '../builderUtil';\nimport { OktaAuthOptions } from '../types';\n\nimport fetchRequest from '../fetch/fetchRequest';\nimport { getStorage, STORAGE_MANAGER_OPTIONS, enableSharedStorage, getCookieSettings } from './node';\nimport { isHTTPS } from '../features';\n\nexport function getDefaultOptions(): OktaAuthOptions {\n\n \n const options = {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil: getStorage(),\n storageManager: STORAGE_MANAGER_OPTIONS,\n transactionManager: {\n enableSharedStorage\n }\n };\n return options;\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager),\n transactionManager: Object.assign({}, options.transactionManager, args.transactionManager),\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n httpRequestInterceptors: args.httpRequestInterceptors,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n transactionManager: args.transactionManager,\n cookies: getCookieSettings(args, isHTTPS()),\n flow: args.flow,\n codeChallenge: args.codeChallenge,\n codeChallengeMethod: args.codeChallengeMethod,\n recoveryToken: args.recoveryToken,\n activationToken: args.activationToken,\n // BETA WARNING: configs in this section are subject to change without a breaking change notice\n idx: {\n useGenericRemediator: !!args.idx?.useGenericRemediator, // false by default\n exchangeCodeForTokens: args.idx?.exchangeCodeForTokens !== false // true by default\n },\n\n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret,\n setLocation: args.setLocation\n });\n}\n"],"mappings":";;;;;;;;;AAYA;;AACA;;AAGA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAUO,SAASA,iBAAT,GAA8C;EAGnD,MAAMC,OAAO,GAAG;IACdC,OAAO,EAAE,KADK;IAEdC,iBAAiB,EAAEC,qBAFL;IAGdC,WAAW,EAAE,uBAHC;IAIdC,cAAc,EAAEC,6BAJF;IAKdC,kBAAkB,EAAE;MAClBC,mBAAmB,EAAnBA;IADkB;EALN,CAAhB;EASA,OAAOR,OAAP;AACD;;AAED,SAASS,YAAT,CAAsBT,OAAtB,EAA+BU,IAA/B,EAAsD;EACpD,OAAO,qBAAc,EAAd,EAAkBV,OAAlB,EAA2B,sBAAWU,IAAX,CAA3B,EAA6C;IAClDL,cAAc,EAAE,qBAAc,EAAd,EAAkBL,OAAO,CAACK,cAA1B,EAA0CK,IAAI,CAACL,cAA/C,CADkC;IAElDE,kBAAkB,EAAE,qBAAc,EAAd,EAAkBP,OAAO,CAACO,kBAA1B,EAA8CG,IAAI,CAACH,kBAAnD;EAF8B,CAA7C,CAAP;AAID;;AAEM,SAASI,YAAT,CAAsBD,IAAqB,GAAG,EAA9C,EAAmE;EAAA;;EACxE,oCAAkBA,IAAlB;EACAA,IAAI,GAAGD,YAAY,CAACV,iBAAiB,EAAlB,EAAsBW,IAAtB,CAAnB;EACA,OAAO,sBAAW;IAChB;IACAE,MAAM,EAAE,+BAAoBF,IAAI,CAACE,MAAzB,CAFQ;IAGhBC,QAAQ,EAAE,+BAAoBH,IAAI,CAACG,QAAzB,CAHM;IAIhBC,YAAY,EAAE,+BAAoBJ,IAAI,CAACI,YAAzB,CAJE;IAKhBC,WAAW,EAAE,+BAAoBL,IAAI,CAACK,WAAzB,CALG;IAMhBC,SAAS,EAAE,+BAAoBN,IAAI,CAACM,SAAzB,CANK;IAOhBC,SAAS,EAAE,+BAAoBP,IAAI,CAACO,SAAzB,CAPK;IAQhBC,QAAQ,EAAER,IAAI,CAACQ,QARC;IAShBC,WAAW,EAAET,IAAI,CAACS,WATF;IAUhBC,KAAK,EAAEV,IAAI,CAACU,KAVI;IAWhBC,MAAM,EAAEX,IAAI,CAACW,MAXG;IAYhBC,qBAAqB,EAAEZ,IAAI,CAACY,qBAZZ;IAahBC,YAAY,EAAEb,IAAI,CAACa,YAbH;IAchBC,YAAY,EAAEd,IAAI,CAACc,YAdH;IAehBC,IAAI,EAAEf,IAAI,CAACe,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;IAe0B;IAC1CC,sBAAsB,EAAEhB,IAAI,CAACgB,sBAhBb;IAkBhB;IACAxB,iBAAiB,EAAEQ,IAAI,CAACR,iBAnBR;IAoBhByB,uBAAuB,EAAEjB,IAAI,CAACiB,uBApBd;IAqBhBC,iBAAiB,EAAElB,IAAI,CAACkB,iBArBR;IAsBhBC,kBAAkB,EAAEnB,IAAI,CAACmB,kBAtBT;IAuBhBC,kBAAkB,EAAEpB,IAAI,CAACoB,kBAvBT;IAwBhB1B,WAAW,EAAEM,IAAI,CAACN,WAxBF;IAyBhB2B,OAAO,EAAErB,IAAI,CAACqB,OAzBE;IA0BhB9B,OAAO,EAAE,CAAC,CAACS,IAAI,CAACT,OA1BA;IA2BhBI,cAAc,EAAEK,IAAI,CAACL,cA3BL;IA4BhBE,kBAAkB,EAAEG,IAAI,CAACH,kBA5BT;IA6BhByB,OAAO,EAAE,6BAAkBtB,IAAlB,EAAwB,wBAAxB,CA7BO;IA8BhBuB,IAAI,EAAEvB,IAAI,CAACuB,IA9BK;IA+BhBC,aAAa,EAAExB,IAAI,CAACwB,aA/BJ;IAgChBC,mBAAmB,EAAEzB,IAAI,CAACyB,mBAhCV;IAiChBC,aAAa,EAAE1B,IAAI,CAAC0B,aAjCJ;IAkChBC,eAAe,EAAE3B,IAAI,CAAC2B,eAlCN;IAmChB;IACAC,GAAG,EAAE;MACHC,oBAAoB,EAAE,CAAC,eAAC7B,IAAI,CAAC4B,GAAN,sCAAC,UAAUC,oBAAX,CADpB;MACqD;MACxDC,qBAAqB,EAAE,eAAA9B,IAAI,CAAC4B,GAAL,0DAAUE,qBAAV,MAAoC,KAFxD,CAE8D;;IAF9D,CApCW;IAyChB;IACAC,eAAe,EAAE,CAAC,CAAC/B,IAAI,CAAC+B,eA1CR;IA4ChB;IACAC,YAAY,EAAEhC,IAAI,CAACgC,YA7CH;IA8ChBC,WAAW,EAAEjC,IAAI,CAACiC;EA9CF,CAAX,CAAP;AAgDD"}
|
package/cjs/options/node.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"node.js","names":["getStorage","storage","STORAGE_MANAGER_OPTIONS","token","storageTypes","cache","transaction","enableSharedStorage","getCookieSettings","args","isHTTPS","cookies"],"sources":["../../../lib/options/node.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageManagerOptions, OktaAuthOptions, StorageUtil } from '../types';\n\nimport { default as storage } from '../server/serverStorage';\n\nexport function getStorage(): StorageUtil {\n return storage;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nexport const enableSharedStorage = false;\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars, no-unused-vars\nexport function getCookieSettings(args: OktaAuthOptions = {}, isHTTPS?: boolean) {\n return args.cookies;\n}\n"],"mappings":";;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,UAAT,GAAmC;EACxC,OAAOC,sBAAP;AACD;;AAEM,MAAMC,uBAA8C,GAAG;EAC5DC,KAAK,EAAE;IACLC,YAAY,EAAE,CACZ,QADY;EADT,CADqD;EAM5DC,KAAK,EAAE;IACLD,YAAY,EAAE,CACZ,QADY;EADT,CANqD;EAW5DE,WAAW,EAAE;IACXF,YAAY,EAAE,CACZ,QADY;EADH;AAX+C,CAAvD;;AAkBA,MAAMG,mBAAmB,GAAG,KAA5B,C,CAEP;;;;AACO,SAASC,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAA0E;EAC/E,OAAOD,IAAI,CAACE,OAAZ;AACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"serverStorage.js","names":["sharedStorage","NodeCache","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getHttpCache","getItem","setItem","key","isSharedStorage"],"sources":["../../../lib/server/serverStorage.ts"],"sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport NodeCache from 'node-cache';\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\n// eslint-disable-next-line import/no-commonjs\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n nodeCache: any; // NodeCache\n \n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n }\n\n set(name: string, value: string, expiresAt: string): string {\n // eslint-disable-next-line no-extra-boolean-cast\n if (!!(Date.parse(expiresAt))) {\n // Time to expiration in seconds\n var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n this.nodeCache.set(name, value, ttl);\n } else {\n this.nodeCache.set(name, value);\n }\n\n return this.get(name);\n }\n\n get(name): string {\n return this.nodeCache.get(name);\n }\n\n delete(name) {\n return this.nodeCache.del(name);\n }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n nodeCache: any; // NodeCache\n storage: Cookies;\n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n this.storage = new ServerCookies(nodeCache);\n }\n\n testStorageType(storageType: StorageType): boolean {\n var supported = false;\n switch (storageType) {\n case 'memory':\n supported = true;\n break;\n default:\n break;\n }\n return supported;\n }\n\n getStorageByType(storageType: StorageType): SimpleStorage {\n let storageProvider;\n switch (storageType) {\n case 'memory':\n storageProvider = this.getStorage();\n break;\n default:\n throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n break;\n }\n return storageProvider;\n }\n\n findStorageType(): StorageType {\n return 'memory';\n }\n\n // will be removed in next version. OKTA-362589\n getHttpCache() {\n return null; // stubbed in server.js\n }\n\n // shared in-memory using node cache\n getStorage(): SimpleStorage {\n return {\n getItem: this.nodeCache.get,\n setItem: (key, value) => {\n this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n },\n isSharedStorage: () => true\n };\n }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"mappings":";;;;;;AAgBA;;AAEA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AAIA;AAEA;AACA,MAAMA,aAAa,GAAG,OAAOC,kBAAP,KAAqB,UAArB,GAAkC,IAAIA,kBAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMC,aAAN,CAAuC;EACrB;EAEhBC,WAAW,CAACC,SAAD,EAAY;IACrB,KAAKA,SAAL,GAAiBA,SAAjB;EACD;;EAEDC,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;IAC1D;IACA,IAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;MAC7B;MACA,IAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;MACA,KAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;IACD,CAJD,MAIO;MACL,KAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;IACD;;IAED,OAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;EACD;;EAEDO,GAAG,CAACP,IAAD,EAAe;IAChB,OAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;EACD;;EAEDQ,MAAM,CAACR,IAAD,EAAO;IACX,OAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;EACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;EACzB;EAEhBb,WAAW,CAACC,SAAD,EAAY;IACrB,KAAKA,SAAL,GAAiBA,SAAjB;IACA,KAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;EACD;;EAEDc,eAAe,CAACC,WAAD,EAAoC;IACjD,IAAIC,SAAS,GAAG,KAAhB;;IACA,QAAQD,WAAR;MACE,KAAK,QAAL;QACEC,SAAS,GAAG,IAAZ;QACA;;MACF;QACE;IALJ;;IAOA,OAAOA,SAAP;EACD;;EAEDC,gBAAgB,CAACF,WAAD,EAA0C;IACxD,IAAIG,eAAJ;;IACA,QAAQH,WAAR;MACE,KAAK,QAAL;QACEG,eAAe,GAAG,KAAKC,UAAL,EAAlB;QACA;;MACF;QACE,MAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;QACA;IANJ;;IAQA,OAAOG,eAAP;EACD;;EAEDG,eAAe,GAAgB;IAC7B,OAAO,QAAP;EACD,CAnCwC,CAqCzC;;;EACAC,YAAY,GAAG;IACb,OAAO,IAAP,CADa,CACA;EACd,CAxCwC,CA0CzC;;;EACAH,UAAU,GAAkB;IAC1B,OAAO;MACLI,OAAO,EAAE,KAAKvB,SAAL,CAAeS,GADnB;MAELe,OAAO,EAAE,CAACC,GAAD,EAAMtB,KAAN,KAAgB;QACvB,KAAKH,SAAL,CAAeC,GAAf,CAAmBwB,GAAnB,EAAwBtB,KAAxB,EAA+B,0BAA/B;MACD,CAJI;MAKLuB,eAAe,EAAE,MAAM;IALlB,CAAP;EAOD;;AAnDwC;;eAsD5B,IAAId,aAAJ,CAAkBhB,aAAlB,C"}
|
|
@@ -6,10 +6,10 @@ exports.AutoRenewService = void 0;
|
|
|
6
6
|
|
|
7
7
|
var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs3/helpers/defineProperty"));
|
|
8
8
|
|
|
9
|
-
var _TokenManager = require("../TokenManager");
|
|
10
|
-
|
|
11
9
|
var _errors = require("../errors");
|
|
12
10
|
|
|
11
|
+
var _types = require("../types");
|
|
12
|
+
|
|
13
13
|
var _features = require("../features");
|
|
14
14
|
|
|
15
15
|
/*!
|
|
@@ -68,17 +68,17 @@ class AutoRenewService {
|
|
|
68
68
|
return !!this.options.autoRenew || !!this.options.autoRemove;
|
|
69
69
|
}
|
|
70
70
|
|
|
71
|
-
start() {
|
|
71
|
+
async start() {
|
|
72
72
|
if (this.canStart()) {
|
|
73
|
-
this.stop();
|
|
74
|
-
this.tokenManager.on(
|
|
73
|
+
await this.stop();
|
|
74
|
+
this.tokenManager.on(_types.EVENT_EXPIRED, this.onTokenExpiredHandler);
|
|
75
75
|
this.started = true;
|
|
76
76
|
}
|
|
77
77
|
}
|
|
78
78
|
|
|
79
|
-
stop() {
|
|
79
|
+
async stop() {
|
|
80
80
|
if (this.started) {
|
|
81
|
-
this.tokenManager.off(
|
|
81
|
+
this.tokenManager.off(_types.EVENT_EXPIRED, this.onTokenExpiredHandler);
|
|
82
82
|
this.renewTimeQueue = [];
|
|
83
83
|
this.started = false;
|
|
84
84
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"file":"AutoRenewService.js","names":["AutoRenewService","constructor","tokenManager","options","renewTimeQueue","onTokenExpiredHandler","bind","shouldThrottleRenew","res","push","Date","now","length","firstTime","shift","lastTime","requiresLeadership","syncStorage","key","autoRenew","error","AuthSdkError","emitError","renew","catch","autoRemove","remove","canStart","start","stop","on","EVENT_EXPIRED","started","off","isStarted"],"sources":["../../../lib/services/AutoRenewService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { TokenManager } from '../TokenManager';\nimport { AuthSdkError } from '../errors';\nimport { ServiceInterface, ServiceManagerOptions, EVENT_EXPIRED } from '../types';\nimport { isBrowser } from '../features';\n\nexport class AutoRenewService implements ServiceInterface {\n private tokenManager: TokenManager;\n private options: ServiceManagerOptions;\n private renewTimeQueue: Array<number>;\n private started = false;\n\n constructor(tokenManager: TokenManager, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.renewTimeQueue = [];\n this.onTokenExpiredHandler = this.onTokenExpiredHandler.bind(this);\n }\n \n private shouldThrottleRenew(): boolean {\n let res = false;\n this.renewTimeQueue.push(Date.now());\n if (this.renewTimeQueue.length >= 10) {\n // get and remove first item from queue\n const firstTime = this.renewTimeQueue.shift() as number;\n const lastTime = this.renewTimeQueue[this.renewTimeQueue.length - 1];\n res = (lastTime - firstTime) < 30 * 1000;\n }\n return res;\n }\n\n requiresLeadership() {\n // If tokens sync storage is enabled, handle tokens expiration only in 1 leader tab\n return !!this.options.syncStorage && isBrowser();\n }\n\n private onTokenExpiredHandler(key: string) {\n if (this.options.autoRenew) {\n if (this.shouldThrottleRenew()) {\n const error = new AuthSdkError('Too many token renew requests');\n this.tokenManager.emitError(error);\n } else {\n this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n }\n } else if (this.options.autoRemove) {\n this.tokenManager.remove(key);\n }\n }\n\n canStart() {\n return (!!this.options.autoRenew || !!this.options.autoRemove);\n }\n\n async start() {\n if (this.canStart()) {\n await this.stop();\n this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n this.renewTimeQueue = [];\n this.started = false;\n }\n }\n\n isStarted() {\n return this.started;\n }\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,MAAMA,gBAAN,CAAmD;EAMxDC,WAAW,CAACC,YAAD,EAA6BC,OAA8B,GAAG,EAA9D,EAAkE;IAAA,+CAF3D,KAE2D;IAC3E,KAAKD,YAAL,GAAoBA,YAApB;IACA,KAAKC,OAAL,GAAeA,OAAf;IACA,KAAKC,cAAL,GAAsB,EAAtB;IACA,KAAKC,qBAAL,GAA6B,KAAKA,qBAAL,CAA2BC,IAA3B,CAAgC,IAAhC,CAA7B;EACD;;EAEOC,mBAAmB,GAAY;IACrC,IAAIC,GAAG,GAAG,KAAV;IACA,KAAKJ,cAAL,CAAoBK,IAApB,CAAyBC,IAAI,CAACC,GAAL,EAAzB;;IACA,IAAI,KAAKP,cAAL,CAAoBQ,MAApB,IAA8B,EAAlC,EAAsC;MACpC;MACA,MAAMC,SAAS,GAAG,KAAKT,cAAL,CAAoBU,KAApB,EAAlB;MACA,MAAMC,QAAQ,GAAG,KAAKX,cAAL,CAAoB,KAAKA,cAAL,CAAoBQ,MAApB,GAA6B,CAAjD,CAAjB;MACAJ,GAAG,GAAIO,QAAQ,GAAGF,SAAZ,GAAyB,KAAK,IAApC;IACD;;IACD,OAAOL,GAAP;EACD;;EAEDQ,kBAAkB,GAAG;IACnB;IACA,OAAO,CAAC,CAAC,KAAKb,OAAL,CAAac,WAAf,IAA8B,0BAArC;EACD;;EAEOZ,qBAAqB,CAACa,GAAD,EAAc;IACzC,IAAI,KAAKf,OAAL,CAAagB,SAAjB,EAA4B;MAC1B,IAAI,KAAKZ,mBAAL,EAAJ,EAAgC;QAC9B,MAAMa,KAAK,GAAG,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAd;QACA,KAAKnB,YAAL,CAAkBoB,SAAlB,CAA4BF,KAA5B;MACD,CAHD,MAGO;QACL,KAAKlB,YAAL,CAAkBqB,KAAlB,CAAwBL,GAAxB,EAA6BM,KAA7B,CAAmC,MAAM,CAAE,CAA3C,EADK,CACyC;MAC/C;IACF,CAPD,MAOO,IAAI,KAAKrB,OAAL,CAAasB,UAAjB,EAA6B;MAClC,KAAKvB,YAAL,CAAkBwB,MAAlB,CAAyBR,GAAzB;IACD;EACF;;EAEDS,QAAQ,GAAG;IACT,OAAQ,CAAC,CAAC,KAAKxB,OAAL,CAAagB,SAAf,IAA4B,CAAC,CAAC,KAAKhB,OAAL,CAAasB,UAAnD;EACD;;EAEU,MAALG,KAAK,GAAG;IACZ,IAAI,KAAKD,QAAL,EAAJ,EAAqB;MACnB,MAAM,KAAKE,IAAL,EAAN;MACA,KAAK3B,YAAL,CAAkB4B,EAAlB,CAAqBC,oBAArB,EAAoC,KAAK1B,qBAAzC;MACA,KAAK2B,OAAL,GAAe,IAAf;IACD;EACF;;EAES,MAAJH,IAAI,GAAG;IACX,IAAI,KAAKG,OAAT,EAAkB;MAChB,KAAK9B,YAAL,CAAkB+B,GAAlB,CAAsBF,oBAAtB,EAAqC,KAAK1B,qBAA1C;MACA,KAAKD,cAAL,GAAsB,EAAtB;MACA,KAAK4B,OAAL,GAAe,KAAf;IACD;EACF;;EAEDE,SAAS,GAAG;IACV,OAAO,KAAKF,OAAZ;EACD;;AAjEuD"}
|