@okta/okta-auth-js 6.6.1 → 6.7.1

package/esm/browser/OktaAuth.js

@@ -0,0 +1,560 @@
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * 
+ * See the License for the specific language governing permissions and limitations under the License.
+ */
+
+import { __rest } from './_virtual/_tslib.js';
+import * as constants from './constants.js';
+import { DEFAULT_MAX_CLOCK_SKEW, REFERRER_PATH_STORAGE_KEY } from './constants.js';
+import { transactionStatus, resumeTransaction, transactionExists, introspectAuthn, postToTransaction } from './tx/api.js';
+import { AuthTransaction } from './tx/AuthTransaction.js';
+import { setRequestHeader } from './http/headers.js';
+import { get, httpRequest } from './http/request.js';
+import { clone } from './util/object.js';
+import { toAbsoluteUrl, toQueryString } from './util/url.js';
+import PKCE from './oidc/util/pkce.js';
+import { closeSession, sessionExists, getSession, refreshSession, setCookieAndRedirect } from './session.js';
+import { getOAuthUrls } from './oidc/util/oauth.js';
+import * as features from './features.js';
+import { isBrowser } from './features.js';
+import { isInteractionRequiredError } from './oidc/util/errors.js';
+import { isLoginRedirect, isInteractionRequired } from './oidc/util/loginRedirect.js';
+import { prepareTokenParams } from './oidc/util/prepareTokenParams.js';
+import './idx/types/api.js';
+import './myaccount/types.js';
+import { decodeToken } from './oidc/decodeToken.js';
+import { revokeToken } from './oidc/revokeToken.js';
+import { renewToken } from './oidc/renewToken.js';
+import { renewTokensWithRefresh } from './oidc/renewTokensWithRefresh.js';
+import { renewTokens } from './oidc/renewTokens.js';
+import { verifyToken } from './oidc/verifyToken.js';
+import { getUserInfo } from './oidc/getUserInfo.js';
+import { exchangeCodeForTokens } from './oidc/exchangeCodeForTokens.js';
+import { getWithoutPrompt } from './oidc/getWithoutPrompt.js';
+import { getWithPopup } from './oidc/getWithPopup.js';
+import { getWithRedirect } from './oidc/getWithRedirect.js';
+import { parseFromUrl, parseOAuthResponseFromUrl } from './oidc/parseFromUrl.js';
+import * as index from './crypto/index.js';
+import * as webauthn from './crypto/webauthn.js';
+import storageUtil from './browser/browserStorage.js';
+import { TokenManager } from './TokenManager.js';
+import { ServiceManager } from './ServiceManager.js';
+import PromiseQueue from './PromiseQueue.js';
+import fingerprint from './browser/fingerprint.js';
+import { AuthStateManager } from './AuthStateManager.js';
+import { StorageManager } from './StorageManager.js';
+import TransactionManager from './TransactionManager.js';
+import { buildOptions } from './options/index.js';
+import { authenticate } from './idx/authenticate.js';
+import { cancel } from './idx/cancel.js';
+import { handleEmailVerifyCallback, isEmailVerifyCallback, parseEmailVerifyCallback, isEmailVerifyCallbackError } from './idx/emailVerify.js';
+import { interact } from './idx/interact.js';
+import { introspect } from './idx/introspect.js';
+import { poll } from './idx/poll.js';
+import { proceed, canProceed } from './idx/proceed.js';
+import { register } from './idx/register.js';
+import { recoverPassword } from './idx/recoverPassword.js';
+import { handleInteractionCodeRedirect } from './idx/handleInteractionCodeRedirect.js';
+import { startTransaction } from './idx/startTransaction.js';
+import { unlockAccount } from './idx/unlockAccount.js';
+import { getSavedTransactionMeta, createTransactionMeta, getTransactionMeta, saveTransactionMeta, clearTransactionMeta, isTransactionMetaValid } from './idx/transactionMeta.js';
+import { OktaUserAgent } from './OktaUserAgent.js';
+import Emitter from 'tiny-emitter';
+import { makeIdxState } from './idx/idxState/index.js';
+
+class OktaAuth {
+    constructor(args) {
+        this.features = features;
+        const options = this.options = buildOptions(args);
+        this.storageManager = new StorageManager(options.storageManager, options.cookies, options.storageUtil);
+        this.transactionManager = new TransactionManager(Object.assign({
+            storageManager: this.storageManager,
+        }, options.transactionManager));
+        this._oktaUserAgent = new OktaUserAgent();
+        this.tx = {
+            status: transactionStatus.bind(null, this),
+            resume: resumeTransaction.bind(null, this),
+            exists: Object.assign(transactionExists.bind(null, this), {
+                _get: (name) => {
+                    const storage = options.storageUtil.storage;
+                    return storage.get(name);
+                }
+            }),
+            introspect: introspectAuthn.bind(null, this),
+            createTransaction: (res) => {
+                return new AuthTransaction(this, res);
+            },
+            postToTransaction: (url, args, options) => {
+                return postToTransaction(this, url, args, options);
+            }
+        };
+        this.pkce = {
+            DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,
+            generateVerifier: PKCE.generateVerifier,
+            computeChallenge: PKCE.computeChallenge
+        };
+        Object.assign(this.options.storageUtil || {}, {
+            getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),
+            getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),
+        });
+        this._pending = { handleLogin: false };
+        if (isBrowser()) {
+            this.options = Object.assign(this.options, {
+                redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin),
+            });
+        }
+        if (!args.maxClockSkew && args.maxClockSkew !== 0) {
+            this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;
+        }
+        else {
+            this.options.maxClockSkew = args.maxClockSkew;
+        }
+        this.options.ignoreLifetime = !!args.ignoreLifetime;
+        this.session = {
+            close: closeSession.bind(null, this),
+            exists: sessionExists.bind(null, this),
+            get: getSession.bind(null, this),
+            refresh: refreshSession.bind(null, this),
+            setCookieAndRedirect: setCookieAndRedirect.bind(null, this)
+        };
+        this._tokenQueue = new PromiseQueue();
+        const useQueue = (method) => {
+            return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);
+        };
+        const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this));
+        const getWithRedirectApi = Object.assign(getWithRedirectFn, {
+            _setLocation: function (url) {
+                if (options.setLocation) {
+                    options.setLocation(url);
+                }
+                else {
+                    window.location = url;
+                }
+            }
+        });
+        const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this));
+        const parseFromUrlApi = Object.assign(parseFromUrlFn, {
+            _getHistory: function () {
+                return window.history;
+            },
+            _getLocation: function () {
+                return window.location;
+            },
+            _getDocument: function () {
+                return window.document;
+            }
+        });
+        this.token = {
+            prepareTokenParams: prepareTokenParams.bind(null, this),
+            exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),
+            getWithoutPrompt: getWithoutPrompt.bind(null, this),
+            getWithPopup: getWithPopup.bind(null, this),
+            getWithRedirect: getWithRedirectApi,
+            parseFromUrl: parseFromUrlApi,
+            decode: decodeToken,
+            revoke: revokeToken.bind(null, this),
+            renew: renewToken.bind(null, this),
+            renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),
+            renewTokens: renewTokens.bind(null, this),
+            getUserInfo: (accessTokenObject, idTokenObject) => {
+                return getUserInfo(this, accessTokenObject, idTokenObject);
+            },
+            verify: verifyToken.bind(null, this),
+            isLoginRedirect: isLoginRedirect.bind(null, this)
+        };
+        const toWrap = [
+            'getWithoutPrompt',
+            'getWithPopup',
+            'revoke',
+            'renew',
+            'renewTokensWithRefresh',
+            'renewTokens'
+        ];
+        toWrap.forEach(key => {
+            this.token[key] = useQueue(this.token[key]);
+        });
+        const boundStartTransaction = startTransaction.bind(null, this);
+        this.idx = {
+            interact: interact.bind(null, this),
+            introspect: introspect.bind(null, this),
+            makeIdxResponse: makeIdxState.bind(null, this),
+            authenticate: authenticate.bind(null, this),
+            register: register.bind(null, this),
+            start: boundStartTransaction,
+            startTransaction: boundStartTransaction,
+            poll: poll.bind(null, this),
+            proceed: proceed.bind(null, this),
+            cancel: cancel.bind(null, this),
+            recoverPassword: recoverPassword.bind(null, this),
+            handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),
+            isInteractionRequired: isInteractionRequired.bind(null, this),
+            isInteractionRequiredError,
+            handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),
+            isEmailVerifyCallback,
+            parseEmailVerifyCallback,
+            isEmailVerifyCallbackError,
+            getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),
+            createTransactionMeta: createTransactionMeta.bind(null, this),
+            getTransactionMeta: getTransactionMeta.bind(null, this),
+            saveTransactionMeta: saveTransactionMeta.bind(null, this),
+            clearTransactionMeta: clearTransactionMeta.bind(null, this),
+            isTransactionMetaValid,
+            setFlow: (flow) => {
+                this.options.flow = flow;
+            },
+            getFlow: () => {
+                return this.options.flow;
+            },
+            canProceed: canProceed.bind(null, this),
+            unlockAccount: unlockAccount.bind(null, this),
+        };
+        this.http = {
+            setRequestHeader: setRequestHeader.bind(null, this)
+        };
+        this.fingerprint = fingerprint.bind(null, this);
+        this.emitter = new Emitter();
+        this.tokenManager = new TokenManager(this, args.tokenManager);
+        this.authStateManager = new AuthStateManager(this);
+        if (!this.tokenManager.hasSharedStorage()) {
+            args.services = Object.assign(Object.assign({}, args.services), { syncStorage: false });
+        }
+        this.serviceManager = new ServiceManager(this, args.services);
+    }
+    async start() {
+        await this.serviceManager.start();
+        this.tokenManager.start();
+        if (!this.token.isLoginRedirect()) {
+            await this.authStateManager.updateAuthState();
+        }
+    }
+    async stop() {
+        this.tokenManager.stop();
+        await this.serviceManager.stop();
+    }
+    setHeaders(headers) {
+        this.options.headers = Object.assign({}, this.options.headers, headers);
+    }
+    async signIn(opts) {
+        return this.signInWithCredentials(opts);
+    }
+    async signInWithCredentials(opts) {
+        opts = clone(opts || {});
+        const _postToTransaction = (options) => {
+            delete opts.sendFingerprint;
+            return postToTransaction(this, '/api/v1/authn', opts, options);
+        };
+        if (!opts.sendFingerprint) {
+            return _postToTransaction();
+        }
+        return this.fingerprint()
+            .then(function (fingerprint) {
+            return _postToTransaction({
+                headers: {
+                    'X-Device-Fingerprint': fingerprint
+                }
+            });
+        });
+    }
+    async signInWithRedirect(opts = {}) {
+        const { originalUri } = opts, additionalParams = __rest(opts, ["originalUri"]);
+        if (this._pending.handleLogin) {
+            return;
+        }
+        this._pending.handleLogin = true;
+        try {
+            if (originalUri) {
+                this.setOriginalUri(originalUri);
+            }
+            const params = Object.assign({
+                scopes: this.options.scopes || ['openid', 'email', 'profile']
+            }, additionalParams);
+            await this.token.getWithRedirect(params);
+        }
+        finally {
+            this._pending.handleLogin = false;
+        }
+    }
+    closeSession() {
+        return this.session.close()
+            .then(async () => {
+            this.tokenManager.clear();
+        })
+            .catch(function (e) {
+            if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {
+                return null;
+            }
+            throw e;
+        });
+    }
+    async revokeAccessToken(accessToken) {
+        if (!accessToken) {
+            accessToken = (await this.tokenManager.getTokens()).accessToken;
+            const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');
+            this.tokenManager.remove(accessTokenKey);
+        }
+        if (!accessToken) {
+            return Promise.resolve(null);
+        }
+        return this.token.revoke(accessToken);
+    }
+    async revokeRefreshToken(refreshToken) {
+        if (!refreshToken) {
+            refreshToken = (await this.tokenManager.getTokens()).refreshToken;
+            const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');
+            this.tokenManager.remove(refreshTokenKey);
+        }
+        if (!refreshToken) {
+            return Promise.resolve(null);
+        }
+        return this.token.revoke(refreshToken);
+    }
+    getSignOutRedirectUrl(options = {}) {
+        let { idToken, postLogoutRedirectUri, state, } = options;
+        if (!idToken) {
+            idToken = this.tokenManager.getTokensSync().idToken;
+        }
+        if (!idToken) {
+            return '';
+        }
+        if (!postLogoutRedirectUri) {
+            postLogoutRedirectUri = this.options.postLogoutRedirectUri;
+        }
+        const logoutUrl = getOAuthUrls(this).logoutUrl;
+        const idTokenHint = idToken.idToken;
+        let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);
+        if (postLogoutRedirectUri) {
+            logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);
+        }
+        if (state) {
+            logoutUri += '&state=' + encodeURIComponent(state);
+        }
+        return logoutUri;
+    }
+    async signOut(options) {
+        options = Object.assign({}, options);
+        var defaultUri = window.location.origin;
+        var currentUri = window.location.href;
+        var postLogoutRedirectUri = options.postLogoutRedirectUri
+            || this.options.postLogoutRedirectUri
+            || defaultUri;
+        var accessToken = options.accessToken;
+        var refreshToken = options.refreshToken;
+        var revokeAccessToken = options.revokeAccessToken !== false;
+        var revokeRefreshToken = options.revokeRefreshToken !== false;
+        if (revokeRefreshToken && typeof refreshToken === 'undefined') {
+            refreshToken = this.tokenManager.getTokensSync().refreshToken;
+        }
+        if (revokeAccessToken && typeof accessToken === 'undefined') {
+            accessToken = this.tokenManager.getTokensSync().accessToken;
+        }
+        if (!options.idToken) {
+            options.idToken = this.tokenManager.getTokensSync().idToken;
+        }
+        if (revokeRefreshToken && refreshToken) {
+            await this.revokeRefreshToken(refreshToken);
+        }
+        if (revokeAccessToken && accessToken) {
+            await this.revokeAccessToken(accessToken);
+        }
+        const logoutUri = this.getSignOutRedirectUrl(Object.assign(Object.assign({}, options), { postLogoutRedirectUri }));
+        if (!logoutUri) {
+            return this.closeSession()
+                .then(function () {
+                if (postLogoutRedirectUri === currentUri) {
+                    window.location.reload();
+                }
+                else {
+                    window.location.assign(postLogoutRedirectUri);
+                }
+            });
+        }
+        else {
+            if (options.clearTokensBeforeRedirect) {
+                this.tokenManager.clear();
+            }
+            else {
+                this.tokenManager.addPendingRemoveFlags();
+            }
+            window.location.assign(logoutUri);
+        }
+    }
+    webfinger(opts) {
+        var url = '/.well-known/webfinger' + toQueryString(opts);
+        var options = {
+            headers: {
+                'Accept': 'application/jrd+json'
+            }
+        };
+        return get(this, url, options);
+    }
+    async isAuthenticated(options = {}) {
+        const { autoRenew, autoRemove } = this.tokenManager.getOptions();
+        const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;
+        const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;
+        let { accessToken } = this.tokenManager.getTokensSync();
+        if (accessToken && this.tokenManager.hasExpired(accessToken)) {
+            accessToken = undefined;
+            if (shouldRenew) {
+                try {
+                    accessToken = await this.tokenManager.renew('accessToken');
+                }
+                catch (_a) {
+                }
+            }
+            else if (shouldRemove) {
+                this.tokenManager.remove('accessToken');
+            }
+        }
+        let { idToken } = this.tokenManager.getTokensSync();
+        if (idToken && this.tokenManager.hasExpired(idToken)) {
+            idToken = undefined;
+            if (shouldRenew) {
+                try {
+                    idToken = await this.tokenManager.renew('idToken');
+                }
+                catch (_b) {
+                }
+            }
+            else if (shouldRemove) {
+                this.tokenManager.remove('idToken');
+            }
+        }
+        return !!(accessToken && idToken);
+    }
+    async getUser() {
+        const { idToken, accessToken } = this.tokenManager.getTokensSync();
+        return this.token.getUserInfo(accessToken, idToken);
+    }
+    getIdToken() {
+        const { idToken } = this.tokenManager.getTokensSync();
+        return idToken ? idToken.idToken : undefined;
+    }
+    getAccessToken() {
+        const { accessToken } = this.tokenManager.getTokensSync();
+        return accessToken ? accessToken.accessToken : undefined;
+    }
+    getRefreshToken() {
+        const { refreshToken } = this.tokenManager.getTokensSync();
+        return refreshToken ? refreshToken.refreshToken : undefined;
+    }
+    async storeTokensFromRedirect() {
+        const { tokens } = await this.token.parseFromUrl();
+        this.tokenManager.setTokens(tokens);
+    }
+    setOriginalUri(originalUri, state) {
+        const sessionStorage = storageUtil.getSessionStorage();
+        sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);
+        state = state || this.options.state;
+        if (state) {
+            const sharedStorage = this.storageManager.getOriginalUriStorage();
+            sharedStorage.setItem(state, originalUri);
+        }
+    }
+    getOriginalUri(state) {
+        state = state || this.options.state;
+        if (state) {
+            const sharedStorage = this.storageManager.getOriginalUriStorage();
+            const originalUri = sharedStorage.getItem(state);
+            if (originalUri) {
+                return originalUri;
+            }
+        }
+        const storage = storageUtil.getSessionStorage();
+        return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;
+    }
+    removeOriginalUri(state) {
+        const storage = storageUtil.getSessionStorage();
+        storage.removeItem(REFERRER_PATH_STORAGE_KEY);
+        state = state || this.options.state;
+        if (state) {
+            const sharedStorage = this.storageManager.getOriginalUriStorage();
+            sharedStorage.removeItem && sharedStorage.removeItem(state);
+        }
+    }
+    isLoginRedirect() {
+        return isLoginRedirect(this);
+    }
+    async handleLoginRedirect(tokens, originalUri) {
+        let state = this.options.state;
+        if (tokens) {
+            this.tokenManager.setTokens(tokens);
+            originalUri = originalUri || this.getOriginalUri(this.options.state);
+        }
+        else if (this.isLoginRedirect()) {
+            try {
+                const oAuthResponse = await parseOAuthResponseFromUrl(this, {});
+                state = oAuthResponse.state;
+                originalUri = originalUri || this.getOriginalUri(state);
+                await this.storeTokensFromRedirect();
+            }
+            catch (e) {
+                await this.authStateManager.updateAuthState();
+                throw e;
+            }
+        }
+        else {
+            return;
+        }
+        await this.authStateManager.updateAuthState();
+        this.removeOriginalUri(state);
+        const { restoreOriginalUri } = this.options;
+        if (restoreOriginalUri) {
+            await restoreOriginalUri(this, originalUri);
+        }
+        else if (originalUri) {
+            window.location.replace(originalUri);
+        }
+    }
+    isPKCE() {
+        return !!this.options.pkce;
+    }
+    hasResponseType(responseType) {
+        let hasResponseType = false;
+        if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
+            hasResponseType = this.options.responseType.indexOf(responseType) >= 0;
+        }
+        else {
+            hasResponseType = this.options.responseType === responseType;
+        }
+        return hasResponseType;
+    }
+    isAuthorizationCodeFlow() {
+        return this.hasResponseType('code');
+    }
+    getIssuerOrigin() {
+        return this.options.issuer.split('/oauth2/')[0];
+    }
+    forgotPassword(opts) {
+        return postToTransaction(this, '/api/v1/authn/recovery/password', opts);
+    }
+    unlockAccount(opts) {
+        return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);
+    }
+    verifyRecoveryToken(opts) {
+        return postToTransaction(this, '/api/v1/authn/recovery/token', opts);
+    }
+    async invokeApiMethod(options) {
+        if (!options.accessToken) {
+            const accessToken = (await this.tokenManager.getTokens()).accessToken;
+            options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
+        }
+        return httpRequest(this, options);
+    }
+}
+OktaAuth.features = features;
+OktaAuth.crypto = index;
+OktaAuth.webauthn = webauthn;
+OktaAuth.features = OktaAuth.prototype.features = features;
+Object.assign(OktaAuth, {
+    constants
+});
+
+export { OktaAuth as default };
+//# sourceMappingURL=OktaAuth.js.map