@okta/okta-auth-js 6.6.2 → 6.7.0

package/cjs/myaccount/transactions/PhoneTransaction.js

@@ -0,0 +1,78 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
+exports.default = void 0;
+
+var _Base = _interopRequireDefault(require("./Base"));
+
+var _request = require("../request");
+
+class PhoneTransaction extends _Base.default {
+  // eslint-disable-next-line no-use-before-define
+  constructor(oktaAuth, options) {
+    super(oktaAuth, options);
+    const {
+      res,
+      accessToken
+    } = options; // assign required fields from res
+
+    const {
+      id,
+      profile,
+      status,
+      _links
+    } = res;
+    this.id = id;
+    this.profile = profile;
+    this.status = status; // assign transformed fns to transaction
+
+    this.get = async () => {
+      const fn = (0, _request.generateRequestFnFromLinks)({
+        oktaAuth,
+        accessToken,
+        methodName: 'get',
+        links: _links,
+        transactionClassName: 'PhoneTransaction'
+      });
+      return await fn();
+    };
+
+    this.delete = async () => {
+      const fn = (0, _request.generateRequestFnFromLinks)({
+        oktaAuth,
+        accessToken,
+        methodName: 'delete',
+        links: _links
+      });
+      return await fn();
+    };
+
+    this.challenge = async payload => {
+      const fn = (0, _request.generateRequestFnFromLinks)({
+        oktaAuth,
+        accessToken,
+        methodName: 'challenge',
+        links: _links
+      });
+      return await fn(payload);
+    };
+
+    if (_links.verify) {
+      this.verify = async payload => {
+        const fn = (0, _request.generateRequestFnFromLinks)({
+          oktaAuth,
+          accessToken,
+          methodName: 'verify',
+          links: _links
+        });
+        return await fn(payload);
+      };
+    }
+  }
+
+}
+
+exports.default = PhoneTransaction;
+module.exports = exports.default;
+//# sourceMappingURL=PhoneTransaction.js.map

package/cjs/myaccount/transactions/PhoneTransaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PhoneTransaction.js","names":["PhoneTransaction","BaseTransaction","constructor","oktaAuth","options","res","accessToken","id","profile","status","_links","get","fn","methodName","links","transactionClassName","delete","challenge","payload","verify"],"sources":["../../../../lib/myaccount/transactions/PhoneTransaction.ts"],"sourcesContent":["import { ChallengePhonePayload, PhoneProfile, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PhoneTransaction extends BaseTransaction {\n  id: string;\n  profile: PhoneProfile;\n  status: Status;\n\n  // eslint-disable-next-line no-use-before-define\n  get: () => Promise<PhoneTransaction>;\n  delete: () => Promise<BaseTransaction>;\n  challenge: (payload: ChallengePhonePayload) => Promise<BaseTransaction>;\n  verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { res, accessToken } = options;\n    // assign required fields from res\n    const { id, profile, status, _links } = res;\n    this.id = id;\n    this.profile = profile;\n    this.status = status;\n\n    // assign transformed fns to transaction\n    this.get = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'get', \n        links: _links,\n        transactionClassName: 'PhoneTransaction'\n      });\n      return await fn() as PhoneTransaction;\n    };\n    this.delete = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'delete', \n        links: _links \n      });\n      return await fn() as BaseTransaction;\n    };\n    this.challenge = async (payload) => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'challenge', \n        links: _links \n      });\n      return await fn(payload) as BaseTransaction;\n    };\n    if (_links.verify) {\n      this.verify = async (payload) => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'verify', \n          links: _links \n        });\n        return await fn(payload) as BaseTransaction;\n      } ;\n    }\n  }\n}\n"],"mappings":";;;;;;AACA;;AACA;;AAEe,MAAMA,gBAAN,SAA+BC,aAA/B,CAA+C;EAK5D;EAMAC,WAAW,CAACC,QAAD,EAAWC,OAAX,EAAoB;IAC7B,MAAMD,QAAN,EAAgBC,OAAhB;IAEA,MAAM;MAAEC,GAAF;MAAOC;IAAP,IAAuBF,OAA7B,CAH6B,CAI7B;;IACA,MAAM;MAAEG,EAAF;MAAMC,OAAN;MAAeC,MAAf;MAAuBC;IAAvB,IAAkCL,GAAxC;IACA,KAAKE,EAAL,GAAUA,EAAV;IACA,KAAKC,OAAL,GAAeA,OAAf;IACA,KAAKC,MAAL,GAAcA,MAAd,CAR6B,CAU7B;;IACA,KAAKE,GAAL,GAAW,YAAY;MACrB,MAAMC,EAAE,GAAG,yCAA2B;QACpCT,QADoC;QAEpCG,WAFoC;QAGpCO,UAAU,EAAE,KAHwB;QAIpCC,KAAK,EAAEJ,MAJ6B;QAKpCK,oBAAoB,EAAE;MALc,CAA3B,CAAX;MAOA,OAAO,MAAMH,EAAE,EAAf;IACD,CATD;;IAUA,KAAKI,MAAL,GAAc,YAAY;MACxB,MAAMJ,EAAE,GAAG,yCAA2B;QACpCT,QADoC;QAEpCG,WAFoC;QAGpCO,UAAU,EAAE,QAHwB;QAIpCC,KAAK,EAAEJ;MAJ6B,CAA3B,CAAX;MAMA,OAAO,MAAME,EAAE,EAAf;IACD,CARD;;IASA,KAAKK,SAAL,GAAiB,MAAOC,OAAP,IAAmB;MAClC,MAAMN,EAAE,GAAG,yCAA2B;QACpCT,QADoC;QAEpCG,WAFoC;QAGpCO,UAAU,EAAE,WAHwB;QAIpCC,KAAK,EAAEJ;MAJ6B,CAA3B,CAAX;MAMA,OAAO,MAAME,EAAE,CAACM,OAAD,CAAf;IACD,CARD;;IASA,IAAIR,MAAM,CAACS,MAAX,EAAmB;MACjB,KAAKA,MAAL,GAAc,MAAOD,OAAP,IAAmB;QAC/B,MAAMN,EAAE,GAAG,yCAA2B;UACpCT,QADoC;UAEpCG,WAFoC;UAGpCO,UAAU,EAAE,QAHwB;UAIpCC,KAAK,EAAEJ;QAJ6B,CAA3B,CAAX;QAMA,OAAO,MAAME,EAAE,CAACM,OAAD,CAAf;MACD,CARD;IASD;EACF;;AA7D2D"}

package/cjs/myaccount/transactions/ProfileSchemaTransaction.js

@@ -0,0 +1,19 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
+exports.default = void 0;
+
+var _Base = _interopRequireDefault(require("./Base"));
+
+class ProfileSchemaTransaction extends _Base.default {
+  constructor(oktaAuth, options) {
+    super(oktaAuth, options);
+    this.properties = options.res.properties;
+  }
+
+}
+
+exports.default = ProfileSchemaTransaction;
+module.exports = exports.default;
+//# sourceMappingURL=ProfileSchemaTransaction.js.map

package/cjs/myaccount/transactions/ProfileSchemaTransaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProfileSchemaTransaction.js","names":["ProfileSchemaTransaction","BaseTransaction","constructor","oktaAuth","options","properties","res"],"sources":["../../../../lib/myaccount/transactions/ProfileSchemaTransaction.ts"],"sourcesContent":["import BaseTransaction from './Base';\n\nexport default class ProfileSchemaTransaction extends BaseTransaction {\n  properties: Record<string, object>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    this.properties = options.res.properties;\n  }\n}\n"],"mappings":";;;;;;AAAA;;AAEe,MAAMA,wBAAN,SAAuCC,aAAvC,CAAuD;EAGpEC,WAAW,CAACC,QAAD,EAAWC,OAAX,EAAoB;IAC7B,MAAMD,QAAN,EAAgBC,OAAhB;IAEA,KAAKC,UAAL,GAAkBD,OAAO,CAACE,GAAR,CAAYD,UAA9B;EACD;;AAPmE"}

package/cjs/myaccount/transactions/ProfileTransaction.js

@@ -0,0 +1,26 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
+exports.default = void 0;
+
+var _Base = _interopRequireDefault(require("./Base"));
+
+class ProfileTransaction extends _Base.default {
+  constructor(oktaAuth, options) {
+    super(oktaAuth, options);
+    const {
+      createdAt,
+      modifiedAt,
+      profile
+    } = options.res;
+    this.createdAt = createdAt;
+    this.modifiedAt = modifiedAt;
+    this.profile = profile;
+  }
+
+}
+
+exports.default = ProfileTransaction;
+module.exports = exports.default;
+//# sourceMappingURL=ProfileTransaction.js.map

package/cjs/myaccount/transactions/ProfileTransaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProfileTransaction.js","names":["ProfileTransaction","BaseTransaction","constructor","oktaAuth","options","createdAt","modifiedAt","profile","res"],"sources":["../../../../lib/myaccount/transactions/ProfileTransaction.ts"],"sourcesContent":["import BaseTransaction from './Base';\n\nexport default class ProfileTransaction extends BaseTransaction {\n  createdAt: string;\n  modifiedAt: string;\n  profile: Record<string, string>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { createdAt, modifiedAt, profile } = options.res;\n    this.createdAt = createdAt;\n    this.modifiedAt = modifiedAt;\n    this.profile = profile;\n  }\n}\n"],"mappings":";;;;;;AAAA;;AAEe,MAAMA,kBAAN,SAAiCC,aAAjC,CAAiD;EAK9DC,WAAW,CAACC,QAAD,EAAWC,OAAX,EAAoB;IAC7B,MAAMD,QAAN,EAAgBC,OAAhB;IAEA,MAAM;MAAEC,SAAF;MAAaC,UAAb;MAAyBC;IAAzB,IAAqCH,OAAO,CAACI,GAAnD;IACA,KAAKH,SAAL,GAAiBA,SAAjB;IACA,KAAKC,UAAL,GAAkBA,UAAlB;IACA,KAAKC,OAAL,GAAeA,OAAf;EACD;;AAZ6D"}

package/cjs/myaccount/transactions/index.js

@@ -0,0 +1,61 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
+Object.defineProperty(exports, "ProfileTransaction", {
+  enumerable: true,
+  get: function () {
+    return _ProfileTransaction.default;
+  }
+});
+Object.defineProperty(exports, "ProfileSchemaTransaction", {
+  enumerable: true,
+  get: function () {
+    return _ProfileSchemaTransaction.default;
+  }
+});
+Object.defineProperty(exports, "EmailTransaction", {
+  enumerable: true,
+  get: function () {
+    return _EmailTransaction.default;
+  }
+});
+Object.defineProperty(exports, "EmailStatusTransaction", {
+  enumerable: true,
+  get: function () {
+    return _EmailStatusTransaction.default;
+  }
+});
+Object.defineProperty(exports, "EmailChallengeTransaction", {
+  enumerable: true,
+  get: function () {
+    return _EmailChallengeTransaction.default;
+  }
+});
+Object.defineProperty(exports, "PhoneTransaction", {
+  enumerable: true,
+  get: function () {
+    return _PhoneTransaction.default;
+  }
+});
+Object.defineProperty(exports, "BaseTransaction", {
+  enumerable: true,
+  get: function () {
+    return _Base.default;
+  }
+});
+
+var _ProfileTransaction = _interopRequireDefault(require("./ProfileTransaction"));
+
+var _ProfileSchemaTransaction = _interopRequireDefault(require("./ProfileSchemaTransaction"));
+
+var _EmailTransaction = _interopRequireDefault(require("./EmailTransaction"));
+
+var _EmailStatusTransaction = _interopRequireDefault(require("./EmailStatusTransaction"));
+
+var _EmailChallengeTransaction = _interopRequireDefault(require("./EmailChallengeTransaction"));
+
+var _PhoneTransaction = _interopRequireDefault(require("./PhoneTransaction"));
+
+var _Base = _interopRequireDefault(require("./Base"));
+//# sourceMappingURL=index.js.map

package/cjs/myaccount/transactions/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/myaccount/transactions/index.ts"],"sourcesContent":["export { default as ProfileTransaction } from './ProfileTransaction';\nexport { default as ProfileSchemaTransaction } from './ProfileSchemaTransaction';\nexport { default as EmailTransaction } from './EmailTransaction';\nexport { default as EmailStatusTransaction } from './EmailStatusTransaction';\nexport { default as EmailChallengeTransaction } from './EmailChallengeTransaction';\nexport { default as PhoneTransaction } from './PhoneTransaction';\nexport { default as BaseTransaction } from './Base';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA"}

package/cjs/myaccount/types.js

@@ -0,0 +1,64 @@
+"use strict";
+
+Object.defineProperty(exports, "EmailTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.EmailTransaction;
+  }
+});
+Object.defineProperty(exports, "EmailStatusTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.EmailStatusTransaction;
+  }
+});
+Object.defineProperty(exports, "EmailChallengeTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.EmailChallengeTransaction;
+  }
+});
+Object.defineProperty(exports, "PhoneTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.PhoneTransaction;
+  }
+});
+Object.defineProperty(exports, "ProfileTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.ProfileTransaction;
+  }
+});
+Object.defineProperty(exports, "ProfileSchemaTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.ProfileSchemaTransaction;
+  }
+});
+Object.defineProperty(exports, "BaseTransaction", {
+  enumerable: true,
+  get: function () {
+    return _transactions.BaseTransaction;
+  }
+});
+exports.Status = exports.EmailRole = void 0;
+
+var _transactions = require("./transactions");
+
+let EmailRole;
+exports.EmailRole = EmailRole;
+
+(function (EmailRole) {
+  EmailRole["PRIMARY"] = "PRIMARY";
+  EmailRole["SECONDARY"] = "SECONDARY";
+})(EmailRole || (exports.EmailRole = EmailRole = {}));
+
+let Status;
+exports.Status = Status;
+
+(function (Status) {
+  Status["VERIFIED"] = "VERIFIED";
+  Status["UNVERIFIED"] = "UNVERIFIED";
+})(Status || (exports.Status = Status = {}));
+//# sourceMappingURL=types.js.map

package/cjs/myaccount/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","names":["EmailRole","Status"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import { OktaAuthInterface } from '../types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;IAUYA,S;;;WAAAA,S;EAAAA,S;EAAAA,S;GAAAA,S,yBAAAA,S;;IAKAC,M;;;WAAAA,M;EAAAA,M;EAAAA,M;GAAAA,M,sBAAAA,M"}

package/cjs/oidc/decodeToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/decodeToken.ts"],"names":["decodeToken","token","jwt","split","decodedToken","header","JSON","parse","payload","signature","e","AuthSdkError"],"mappings":";;;;AAYA;;AAEA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKO,SAASA,WAAT,CAAqBC,KAArB,EAA+C;AACpD,MAAIC,GAAG,GAAGD,KAAK,CAACE,KAAN,CAAY,GAAZ,CAAV;AACA,MAAIC,YAAJ;;AAEA,MAAI;AACFA,IAAAA,YAAY,GAAG;AACbC,MAAAA,MAAM,EAAEC,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CADK;AAEbM,MAAAA,OAAO,EAAEF,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CAFI;AAGbO,MAAAA,SAAS,EAAEP,GAAG,CAAC,CAAD;AAHD,KAAf;AAKD,GAND,CAME,OAAOQ,CAAP,EAAU;AACV,UAAM,IAAIC,oBAAJ,CAAiB,iBAAjB,CAAN;AACD;;AAED,SAAOP,YAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from '../types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n  var jwt = token.split('.');\n  var decodedToken: JWTObject;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(base64UrlToString(jwt[0])),\n      payload: JSON.parse(base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n"],"file":"decodeToken.js"}
+{"version":3,"file":"decodeToken.js","names":["decodeToken","token","jwt","split","decodedToken","header","JSON","parse","payload","signature","e","AuthSdkError"],"sources":["../../../lib/oidc/decodeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from '../types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n  var jwt = token.split('.');\n  var decodedToken: JWTObject;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(base64UrlToString(jwt[0])),\n      payload: JSON.parse(base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n"],"mappings":";;;;AAYA;;AAEA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKO,SAASA,WAAT,CAAqBC,KAArB,EAA+C;EACpD,IAAIC,GAAG,GAAGD,KAAK,CAACE,KAAN,CAAY,GAAZ,CAAV;EACA,IAAIC,YAAJ;;EAEA,IAAI;IACFA,YAAY,GAAG;MACbC,MAAM,EAAEC,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CADK;MAEbM,OAAO,EAAEF,IAAI,CAACC,KAAL,CAAW,+BAAkBL,GAAG,CAAC,CAAD,CAArB,CAAX,CAFI;MAGbO,SAAS,EAAEP,GAAG,CAAC,CAAD;IAHD,CAAf;EAKD,CAND,CAME,OAAOQ,CAAP,EAAU;IACV,MAAM,IAAIC,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,OAAOP,YAAP;AACD"}

package/cjs/oidc/endpoints/authorize.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"mappings":";;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;AAAA;;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,oBAASF,WAAW,CAACG,YAArB,KAAsC,iCAAAH,WAAW,CAACG,YAAZ,iBAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAID,oBAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIE,WAAwB,GAAG;AAC7B,iBAAaJ,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACK,aAFD;AAG7B,6BAAyBL,WAAW,CAACM,mBAHR;AAI7B,eAAWN,WAAW,CAACO,OAJM;AAK7B,WAAOP,WAAW,CAACQ,GALU;AAM7B,iBAAaR,WAAW,CAACS,QANI;AAO7B,kBAAcT,WAAW,CAACU,SAPG;AAQ7B,eAAWV,WAAW,CAACW,MARM;AAS7B,aAASX,WAAW,CAACY,KATQ;AAU7B,cAAUZ,WAAW,CAACa,MAVO;AAW7B,oBAAgBb,WAAW,CAACc,WAXC;AAY7B,qBAAiBd,WAAW,CAACe,YAZA;AAa7B,qBAAiBf,WAAW,CAACG,YAbA;AAc7B,oBAAgBH,WAAW,CAACgB,YAdC;AAe7B,aAAShB,WAAW,CAACiB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAG,sBAAWA,WAAX,CAAd;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAI,kCAAAtB,WAAW,CAACG,YAAZ,kBAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACF,kCAAAH,WAAW,CAACuB,MAAZ,kBAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;AAC9C,UAAM,IAAIrB,oBAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLE,IAAAA,WAAW,CAACoB,KAAZ,GAAoBxB,WAAW,CAACuB,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8BzB,WAA9B,EAAwD;AAC7D,MAAI0B,gBAAgB,GAAG3B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAO,yBAAc,EACnB,GAAG0B,gBADgB;AAEnB,QAAI1B,WAAW,CAAC2B,WAAZ,IAA2B,EAAE,GAAG3B,WAAW,CAAC2B;AAAjB,KAA/B;AAFmB,GAAd,CAAP;AAID","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n  // Quick validation\n  if (!tokenParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthParams: OAuthParams = {\n    'client_id': tokenParams.clientId,\n    'code_challenge': tokenParams.codeChallenge,\n    'code_challenge_method': tokenParams.codeChallengeMethod,\n    'display': tokenParams.display,\n    'idp': tokenParams.idp,\n    'idp_scope': tokenParams.idpScope,\n    'login_hint': tokenParams.loginHint,\n    'max_age': tokenParams.maxAge,\n    'nonce': tokenParams.nonce,\n    'prompt': tokenParams.prompt,\n    'redirect_uri': tokenParams.redirectUri,\n    'response_mode': tokenParams.responseMode,\n    'response_type': tokenParams.responseType,\n    'sessionToken': tokenParams.sessionToken,\n    'state': tokenParams.state,\n  };\n  oauthParams = removeNils(oauthParams) as OAuthParams;\n\n  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthParams[mayBeArray])) {\n      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n    tokenParams.scopes!.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthParams.scope = tokenParams.scopes!.join(' ');\n  }\n\n  return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n  return toQueryString({ \n    ...oauthQueryParams, \n    ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n  });\n}\n"],"file":"authorize.js"}
+{"version":3,"file":"authorize.js","names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n  // Quick validation\n  if (!tokenParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthParams: OAuthParams = {\n    'client_id': tokenParams.clientId,\n    'code_challenge': tokenParams.codeChallenge,\n    'code_challenge_method': tokenParams.codeChallengeMethod,\n    'display': tokenParams.display,\n    'idp': tokenParams.idp,\n    'idp_scope': tokenParams.idpScope,\n    'login_hint': tokenParams.loginHint,\n    'max_age': tokenParams.maxAge,\n    'nonce': tokenParams.nonce,\n    'prompt': tokenParams.prompt,\n    'redirect_uri': tokenParams.redirectUri,\n    'response_mode': tokenParams.responseMode,\n    'response_type': tokenParams.responseType,\n    'sessionToken': tokenParams.sessionToken,\n    'state': tokenParams.state,\n  };\n  oauthParams = removeNils(oauthParams) as OAuthParams;\n\n  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthParams[mayBeArray])) {\n      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n    tokenParams.scopes!.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthParams.scope = tokenParams.scopes!.join(' ');\n  }\n\n  return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n  return toQueryString({ \n    ...oauthQueryParams, \n    ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n  });\n}\n"],"mappings":";;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;EAAA;;EACxE;EACA,IAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;IACzB,MAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;EACD;;EAED,IAAI,oBAASF,WAAW,CAACG,YAArB,KAAsC,iCAAAH,WAAW,CAACG,YAAZ,iBAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;IACtF,MAAM,IAAID,oBAAJ,CAAiB,0DAAjB,CAAN;EACD,CARuE,CAUxE;;;EACA,IAAIE,WAAwB,GAAG;IAC7B,aAAaJ,WAAW,CAACC,QADI;IAE7B,kBAAkBD,WAAW,CAACK,aAFD;IAG7B,yBAAyBL,WAAW,CAACM,mBAHR;IAI7B,WAAWN,WAAW,CAACO,OAJM;IAK7B,OAAOP,WAAW,CAACQ,GALU;IAM7B,aAAaR,WAAW,CAACS,QANI;IAO7B,cAAcT,WAAW,CAACU,SAPG;IAQ7B,WAAWV,WAAW,CAACW,MARM;IAS7B,SAASX,WAAW,CAACY,KATQ;IAU7B,UAAUZ,WAAW,CAACa,MAVO;IAW7B,gBAAgBb,WAAW,CAACc,WAXC;IAY7B,iBAAiBd,WAAW,CAACe,YAZA;IAa7B,iBAAiBf,WAAW,CAACG,YAbA;IAc7B,gBAAgBH,WAAW,CAACgB,YAdC;IAe7B,SAAShB,WAAW,CAACiB;EAfQ,CAA/B;EAiBAb,WAAW,GAAG,sBAAWA,WAAX,CAAd;EAEA,CAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;IAC3D,IAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;MAC1Cf,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;IACD;EACF,CAJD;;EAMA,IAAI,kCAAAtB,WAAW,CAACG,YAAZ,kBAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACF,kCAAAH,WAAW,CAACuB,MAAZ,kBAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;IAC9C,MAAM,IAAIrB,oBAAJ,CAAiB,mFAAjB,CAAN;EACD,CAHD,MAGO;IACLE,WAAW,CAACoB,KAAZ,GAAoBxB,WAAW,CAACuB,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;EACD;;EAED,OAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8BzB,WAA9B,EAAwD;EAC7D,IAAI0B,gBAAgB,GAAG3B,+BAA+B,CAACC,WAAD,CAAtD;EACA,OAAO,yBAAc,EACnB,GAAG0B,gBADgB;IAEnB,IAAI1B,WAAW,CAAC2B,WAAZ,IAA2B,EAAE,GAAG3B,WAAW,CAAC2B;IAAjB,CAA/B;EAFmB,CAAd,CAAP;AAID"}

package/cjs/oidc/endpoints/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/index.ts"],"names":[],"mappings":";;;;AAaA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"file":"index.js"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/endpoints/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"mappings":";;;;AAaA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/cjs/oidc/endpoints/token.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AAAA;;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYP,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CACLZ,GADK,EAELR,OAFK,EAGLqB,YAHK,EAImB;AAAA;;AACxB,SAAO,uBAAYb,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAE,oDAAe;AACnBG,MAAAA,SAAS,EAAEtB,OAAO,CAACC,QADA;AACU;AAC7BsB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHH,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, OktaAuthHttpInterface, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(\n  sdk: OktaAuthHttpInterface,\n  options: TokenParams,\n  refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}"],"file":"token.js"}
+{"version":3,"file":"token.js","names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"sources":["../../../../lib/oidc/endpoints/token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, OktaAuthHttpInterface, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(\n  sdk: OktaAuthHttpInterface,\n  options: TokenParams,\n  refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;EAC7C;EACA,IAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;IACrB,MAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;IACxB,MAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;IAC1D,MAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;IACzB,MAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;EACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;EAAA;;EACtD;EACA,IAAIS,MAAmB,GAAG,sBAAW;IACnC,aAAaT,OAAO,CAACC,QADc;IAEnC,gBAAgBD,OAAO,CAACG,WAFW;IAGnC,cAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;IAInC,iBAAiBL,OAAO,CAACM;EAJU,CAAX,CAA1B;;EAOA,IAAIN,OAAO,CAACK,eAAZ,EAA6B;IAC3BI,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;EACD,CAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;IACpCK,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;EACD;;EAED,MAAM;IAAEO;EAAF,IAAmBH,GAAG,CAACR,OAA7B;;EACA,IAAIW,YAAJ,EAAkB;IAChBF,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;EACD,CAlBqD,CAoBtD;;;EACA,OAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;EACvGd,eAAe,CAACC,OAAD,CAAf;EACA,IAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;EAEA,MAAMe,OAAO,GAAG;IACd,gBAAgB;EADF,CAAhB;EAIA,OAAO,uBAAYP,GAAZ,EAAiB;IACtBQ,GAAG,EAAEH,IAAI,CAACI,QADY;IAEtBC,MAAM,EAAE,MAFc;IAGtBC,IAAI,EAAEL,IAHgB;IAItBC;EAJsB,CAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CACLZ,GADK,EAELR,OAFK,EAGLqB,YAHK,EAImB;EAAA;;EACxB,OAAO,uBAAYb,GAAZ,EAAiB;IACtBQ,GAAG,EAAEK,YAAY,CAACJ,QADI;IAEtBC,MAAM,EAAE,MAFc;IAGtBH,OAAO,EAAE;MACP,gBAAgB;IADT,CAHa;IAOtBI,IAAI,EAAE,oDAAe;MACnBG,SAAS,EAAEtB,OAAO,CAACC,QADA;MACU;MAC7BsB,UAAU,EAAE,eAFO;MAEU;MAC7BC,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;MAInBC,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;IAJvB,CAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;MAC9B;MACA,OAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;IACD,CARK,EAQHH,IARG,CAQE,GARF;EAPgB,CAAjB,CAAP;AAiBD"}

package/cjs/oidc/endpoints/well-known.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,MAAlD,EAA+F;AACpG,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAA4CC,MAA5C,EAA4DK,GAA5D,EAA0F;AAC/F,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;AACjDf,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;AACvBjB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAIkB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOIDCInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOIDCInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthOIDCInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"file":"well-known.js"}
+{"version":3,"file":"well-known.js","names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOIDCInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOIDCInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthOIDCInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,MAAlD,EAA+F;EACpG,IAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;EACA,OAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;IACnEE,aAAa,EAAE;EADoD,CAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAA4CC,MAA5C,EAA4DK,GAA5D,EAA0F;EAC/F,IAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;EAEA,OAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;IACxB,IAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;IACA,IAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;IACA,IAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;IACA,IAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;MAChE,IAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;QACjDf,GAAG,EAAEA;MAD4C,CAAnC,CAAhB;;MAIA,IAAIc,SAAJ,EAAe;QACb,OAAOA,SAAP;MACD;IACF,CAduB,CAgBxB;;;IACAb,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;IACA,OAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;MACvBT,aAAa,EAAE;IADQ,CAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;MAClB,IAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;QACvBjB,GAAG,EAAEA;MADkB,CAAf,CAAV;;MAIA,IAAIkB,GAAJ,EAAS;QACP,OAAOA,GAAP;MACD;;MAED,MAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;IACD,CAbM,CAAP;EAcD,CAnCM,CAAP;AAoCD"}

package/cjs/oidc/exchangeCodeForTokens.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2DC,WAA3D,EAAqFC,IAArF,EAAgI;AACrIA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADqI,CAErI;;AACAA,EAAAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJE,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFT,WATJ;AAWA,MAAIU,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;AAAA;;AAEjC;AACA;AACA;AACA,UAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;AACrD,QAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCM,MAAAA,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCV,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJK,OAzBI,CAyBI,MAAM;AACblB,IAAAA,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOIDCInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"file":"exchangeCodeForTokens.js"}
+{"version":3,"file":"exchangeCodeForTokens.js","names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOIDCInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2DC,WAA3D,EAAqFC,IAArF,EAAgI;EACrIA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADqI,CAErI;;EACAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;EAEA,MAAM;IACJE,iBADI;IAEJC,eAFI;IAGJC,YAHI;IAIJC,QAJI;IAKJC,WALI;IAMJC,MANI;IAOJC,eAPI;IAQJC;EARI,IASFT,WATJ;EAWA,IAAIU,eAAe,GAAG;IACpBL,QADoB;IAEpBC,WAFoB;IAGpBJ,iBAHoB;IAIpBC,eAJoB;IAKpBC;EALoB,CAAtB;EAQA,OAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;IAAA;;IAEjC;IACA;IACA;IACA,MAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;IACrD,IAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;MACpCM,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;IAChC;;IACD,MAAMC,qBAAkC,GAAG;MACzCV,QADyC;MAEzCC,WAFyC;MAGzCC,MAHyC;MAIzCM,YAJyC;MAKzCL;IALyC,CAA3C;IAOA,OAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;MACjC;MACAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;MACAU,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;MACA,OAAOG,QAAP;IACD,CANI,CAAP;EAOD,CAxBI,EAyBJK,OAzBI,CAyBI,MAAM;IACblB,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;EACD,CA3BI,CAAP;AA4BD"}

package/cjs/oidc/getToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA8CC,OAA9C,EAAkF;AACvF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CALuF,CAOvF;AACA;;AACA,QAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxB,2BAAcN,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;AACtB,2BAAcP,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;AACAS,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIc,QAAJ;;AACA,QAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DU,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CU,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AAAA;;AACpC,qCAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAIpB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;AACnBiB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACb,GAAD,CAAP;AACD,WAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;AACtCtC,YAAAA,WAAW,CAAC0C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOIDCInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOIDCInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}
+{"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOIDCInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOIDCInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA8CC,OAA9C,EAAkF;EACvF,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAGA,OAAO,IAAI,EAArB,CALuF,CAOvF;EACA;;EACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;EACAL,OAAO,CAACK,WAAR,GAAsBC,SAAtB;EAEA,OAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MADkB;MAE1BC,YAAY,EAAE,mBAFY;MAG1BC,OAAO,EAAE;IAHiB,CAA5B;IAMA,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IADQ,CAAnB;;IAIA,IAAIZ,OAAO,CAACc,YAAZ,EAA0B;MACxB,qBAAcN,WAAd,EAA2BC,qBAA3B;IACD,CAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;MACtB,qBAAcP,WAAd,EAA2BK,YAA3B;IACD,CAjBuC,CAmBxC;;;IACA,IAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;IACAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;IACAS,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;IACAL,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;IACA,IAAIc,QAAJ;;IACA,IAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;MAC5DU,QAAQ,GAAG,QAAX;IACD,CAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;MAC1CU,QAAQ,GAAG,OAAX;IACD,CAFM,MAEA;MACLA,QAAQ,GAAG,UAAX;IACD,CArCuC,CAuCxC;;;IACA,QAAQA,QAAR;MACE,KAAK,QAAL;QACE,IAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;QACA,IAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;QACA,OAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;UACnB,OAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;QACD,CAHI,EAIJU,OAJI,CAII,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;YAAA;;YACpC,yBAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;UACD;QACF,CARI,CAAP;;MAUF,KAAK,OAAL;QACE,IAAIQ,YAAJ,CADF,CACoB;QAElB;QACA;;QACA,IAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;UACpD,IAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;YAC/C,MAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;UACD;;UACD8B,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;QACD,CAVH,CAYE;QACA;;;QACA,IAAIpB,WAAJ,EAAiB;UACfA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;QACD,CAhBH,CAkBE;;;QACA,IAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;UACxD,IAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;cACtCC,aAAa,CAACH,WAAD,CAAb;cACAtC,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;YACD;UACF,CAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;UACA8B,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;YACnBiB,aAAa,CAACH,WAAD,CAAb;YACAD,OAAO,CAACb,GAAD,CAAP;UACD,CAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;YACpBF,aAAa,CAACH,WAAD,CAAb;YACAtC,MAAM,CAAC2C,GAAD,CAAN;UACD,CARH;QASD,CAlBkB,CAAnB;QAoBA,OAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;UACnB,OAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;QACD,CAHI,EAIJU,OAJI,CAII,YAAY;UACnB,IAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;YACtCtC,WAAW,CAAC0C,KAAZ;UACD;QACF,CARI,CAAP;;MAUF;QACE,MAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;IAhEJ;EAkED,CA3GI,CAAP;AA4GD"}

package/cjs/oidc/getUserInfo.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;AACxB;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBN,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from '../types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"file":"getUserInfo.js"}
+{"version":3,"file":"getUserInfo.js","names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"sources":["../../../lib/oidc/getUserInfo.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from '../types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;EACxB;EACA,IAAI,CAACD,iBAAL,EAAwB;IACtBA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;EACD;;EACD,IAAI,CAACH,aAAL,EAAoB;IAClBA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;EACD;;EAED,IAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;IAC3D,OAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;EACD;;EAED,IAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;IAC/C,OAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;EACD;;EAED,OAAO,uBAAYR,GAAZ,EAAiB;IACtBS,GAAG,EAAER,iBAAiB,CAACS,WADD;IAEtBC,MAAM,EAAE,KAFc;IAGtBN,WAAW,EAAEJ,iBAAiB,CAACI;EAHT,CAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;IAChB;IACA,IAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;MAC7C,OAAOD,QAAP;IACD;;IACD,OAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;EACD,CAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;IACpB,IAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;MACjE,IAAIC,kBAAJ;;MACA,IAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;QACjGF,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;MACD,CAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;QAChDH,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;MACD;;MACD,IAAIH,kBAAJ,EAAwB;QACtB,IAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;QACA,IAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;QACA,IAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;QACA,IAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;QACA,IAAIC,KAAK,IAAIC,gBAAb,EAA+B;UAC7BX,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;QACD;MACF;IACF;;IACD,MAAMX,GAAN;EACD,CA/BI,CAAP;AAgCD"}

package/cjs/oidc/getWithPopup.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,OAAlD,EAAgG;AACrG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHoG,CAKrG;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBM,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBF,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
+{"version":3,"file":"getWithPopup.js","names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"sources":["../../../lib/oidc/getWithPopup.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,OAAlD,EAAgG;EACrG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;EACD,CAHoG,CAKrG;EACA;EACA;;;EACA,MAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;EACAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;EACA,qBAAcA,OAAd,EAAuB;IACrBM,OAAO,EAAE,OADY;IAErBC,YAAY,EAAE,mBAFO;IAGrBF;EAHqB,CAAvB;EAKA,OAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD"}

package/cjs/oidc/getWithRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA2DC,OAA3D,EAAiG;AACtG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAN,EAAAA,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAb,EAAAA,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOIDCInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}
+{"version":3,"file":"getWithRedirect.js","names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"sources":["../../../lib/oidc/getWithRedirect.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOIDCInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA2DC,OAA3D,EAAiG;EACtG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;EAEA,MAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;EACA,MAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;EACA,MAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;EACAN,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;IAAEM,KAAK,EAAE;EAAT,CAAlC;;EACAb,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD"}

package/cjs/oidc/getWithoutPrompt.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAsDC,OAAtD,EAAoG;AACzG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBK,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}
+{"version":3,"file":"getWithoutPrompt.js","names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAsDC,OAAtD,EAAoG;EACzG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;EACA,qBAAcA,OAAd,EAAuB;IACrBK,MAAM,EAAE,MADa;IAErBC,YAAY,EAAE,mBAFO;IAGrBC,OAAO,EAAE;EAHY,CAAvB;EAKA,OAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD"}