@okta/okta-auth-js 6.7.5 → 6.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/CHANGELOG.md +28 -1
  2. package/README.md +3 -2
  3. package/cjs/AuthStateManager.js +1 -1
  4. package/cjs/AuthStateManager.js.map +1 -1
  5. package/cjs/OktaAuth.js +1 -8
  6. package/cjs/OktaAuth.js.map +1 -1
  7. package/cjs/OktaUserAgent.js +2 -2
  8. package/cjs/OktaUserAgent.js.map +1 -1
  9. package/cjs/PromiseQueue.js.map +1 -1
  10. package/cjs/SavedObject.js +4 -1
  11. package/cjs/SavedObject.js.map +1 -1
  12. package/cjs/ServiceManager.js.map +1 -1
  13. package/cjs/StorageManager.js.map +1 -1
  14. package/cjs/TokenManager.js +2 -1
  15. package/cjs/TokenManager.js.map +1 -1
  16. package/cjs/TransactionManager.js.map +1 -1
  17. package/cjs/browser/browserStorage.js +3 -0
  18. package/cjs/browser/browserStorage.js.map +1 -1
  19. package/cjs/browser/fingerprint.js.map +1 -1
  20. package/cjs/constants.js +1 -1
  21. package/cjs/crypto/base64.js +4 -4
  22. package/cjs/crypto/base64.js.map +1 -1
  23. package/cjs/crypto/oidcHash.js.map +1 -1
  24. package/cjs/crypto/verifyToken.js.map +1 -1
  25. package/cjs/crypto/webauthn.js +1 -1
  26. package/cjs/crypto/webauthn.js.map +1 -1
  27. package/cjs/errors/index.js +2 -2
  28. package/cjs/features.js +6 -6
  29. package/cjs/features.js.map +1 -1
  30. package/cjs/http/request.js +1 -1
  31. package/cjs/http/request.js.map +1 -1
  32. package/cjs/idx/authenticate.js.map +1 -1
  33. package/cjs/idx/authenticator/OktaPassword.js +5 -4
  34. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  35. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  36. package/cjs/idx/authenticator/util.js +1 -1
  37. package/cjs/idx/authenticator/util.js.map +1 -1
  38. package/cjs/idx/cancel.js.map +1 -1
  39. package/cjs/idx/emailVerify.js +3 -3
  40. package/cjs/idx/emailVerify.js.map +1 -1
  41. package/cjs/idx/idxState/index.js +1 -1
  42. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  43. package/cjs/idx/idxState/v1/idxResponseParser.js +1 -1
  44. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  45. package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
  46. package/cjs/idx/idxState/v1/remediationParser.js.map +1 -1
  47. package/cjs/idx/index.js +24 -24
  48. package/cjs/idx/interact.js.map +1 -1
  49. package/cjs/idx/introspect.js.map +1 -1
  50. package/cjs/idx/poll.js.map +1 -1
  51. package/cjs/idx/proceed.js.map +1 -1
  52. package/cjs/idx/recoverPassword.js.map +1 -1
  53. package/cjs/idx/register.js.map +1 -1
  54. package/cjs/idx/remediate.js.map +1 -1
  55. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
  56. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  57. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  58. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  59. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  60. package/cjs/idx/remediators/EnrollProfile.js +46 -4
  61. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  62. package/cjs/idx/remediators/GenericRemediator/util.js +1 -1
  63. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  64. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  65. package/cjs/idx/remediators/util.js +1 -1
  66. package/cjs/idx/run.js.map +1 -1
  67. package/cjs/idx/startTransaction.js.map +1 -1
  68. package/cjs/idx/transactionMeta.js +3 -3
  69. package/cjs/idx/transactionMeta.js.map +1 -1
  70. package/cjs/idx/types/api.js +1 -1
  71. package/cjs/idx/types/idx-js.js +1 -1
  72. package/cjs/idx/types/idx-js.js.map +1 -1
  73. package/cjs/idx/unlockAccount.js.map +1 -1
  74. package/cjs/idx/util.js +25 -17
  75. package/cjs/idx/util.js.map +1 -1
  76. package/cjs/myaccount/emailApi.js +1 -1
  77. package/cjs/myaccount/emailApi.js.map +1 -1
  78. package/cjs/myaccount/phoneApi.js +1 -1
  79. package/cjs/myaccount/phoneApi.js.map +1 -1
  80. package/cjs/myaccount/profileApi.js +1 -1
  81. package/cjs/myaccount/profileApi.js.map +1 -1
  82. package/cjs/myaccount/request.js +1 -1
  83. package/cjs/myaccount/request.js.map +1 -1
  84. package/cjs/myaccount/transactions/EmailChallengeTransaction.js.map +1 -1
  85. package/cjs/myaccount/transactions/EmailTransaction.js.map +1 -1
  86. package/cjs/myaccount/transactions/PhoneTransaction.js.map +1 -1
  87. package/cjs/myaccount/transactions/index.js +14 -14
  88. package/cjs/myaccount/types.js +14 -13
  89. package/cjs/myaccount/types.js.map +1 -1
  90. package/cjs/oidc/decodeToken.js.map +1 -1
  91. package/cjs/oidc/endpoints/authorize.js +1 -1
  92. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  93. package/cjs/oidc/endpoints/token.js +1 -1
  94. package/cjs/oidc/endpoints/token.js.map +1 -1
  95. package/cjs/oidc/endpoints/well-known.js +1 -1
  96. package/cjs/oidc/endpoints/well-known.js.map +1 -1
  97. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  98. package/cjs/oidc/getToken.js.map +1 -1
  99. package/cjs/oidc/getUserInfo.js.map +1 -1
  100. package/cjs/oidc/getWithPopup.js.map +1 -1
  101. package/cjs/oidc/getWithRedirect.js.map +1 -1
  102. package/cjs/oidc/getWithoutPrompt.js.map +1 -1
  103. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  104. package/cjs/oidc/index.js +24 -24
  105. package/cjs/oidc/parseFromUrl.js +2 -2
  106. package/cjs/oidc/parseFromUrl.js.map +1 -1
  107. package/cjs/oidc/renewToken.js.map +1 -1
  108. package/cjs/oidc/renewTokens.js.map +1 -1
  109. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  110. package/cjs/oidc/revokeToken.js.map +1 -1
  111. package/cjs/oidc/util/browser.js +2 -2
  112. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  113. package/cjs/oidc/util/errors.js +1 -1
  114. package/cjs/oidc/util/errors.js.map +1 -1
  115. package/cjs/oidc/util/loginRedirect.js +5 -5
  116. package/cjs/oidc/util/oauth.js +1 -1
  117. package/cjs/oidc/util/oauth.js.map +1 -1
  118. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  119. package/cjs/oidc/util/pkce.js.map +1 -1
  120. package/cjs/oidc/util/prepareTokenParams.js +1 -1
  121. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  122. package/cjs/oidc/util/refreshToken.js +1 -1
  123. package/cjs/oidc/util/refreshToken.js.map +1 -1
  124. package/cjs/oidc/util/validateToken.js.map +1 -1
  125. package/cjs/oidc/verifyToken.js.map +1 -1
  126. package/cjs/options/browser.js +2 -2
  127. package/cjs/options/browser.js.map +1 -1
  128. package/cjs/options/index.js +1 -1
  129. package/cjs/options/index.js.map +1 -1
  130. package/cjs/options/node.js +2 -2
  131. package/cjs/server/serverStorage.js +1 -0
  132. package/cjs/server/serverStorage.js.map +1 -1
  133. package/cjs/services/AutoRenewService.js.map +1 -1
  134. package/cjs/services/LeaderElectionService.js.map +1 -1
  135. package/cjs/services/SyncStorageService.js +4 -1
  136. package/cjs/services/SyncStorageService.js.map +1 -1
  137. package/cjs/session.js +2 -2
  138. package/cjs/session.js.map +1 -1
  139. package/cjs/tx/AuthTransaction.js.map +1 -1
  140. package/cjs/tx/api.js +4 -4
  141. package/cjs/tx/api.js.map +1 -1
  142. package/cjs/tx/poll.js.map +1 -1
  143. package/cjs/types/Storage.js.map +1 -1
  144. package/cjs/types/Token.js +1 -1
  145. package/cjs/types/TokenManager.js +1 -1
  146. package/cjs/types/Transaction.js +2 -2
  147. package/cjs/util/console.js +3 -3
  148. package/cjs/util/index.js +13 -0
  149. package/cjs/util/index.js.map +1 -1
  150. package/cjs/util/misc.js +2 -2
  151. package/cjs/util/object.js +3 -3
  152. package/cjs/util/sharedStorage.js +2 -2
  153. package/cjs/util/sharedStorage.js.map +1 -1
  154. package/cjs/util/storage.js +29 -0
  155. package/cjs/util/storage.js.map +1 -0
  156. package/cjs/util/types.js +3 -3
  157. package/cjs/util/url.js +3 -3
  158. package/cjs/util/url.js.map +1 -1
  159. package/dist/myaccount.umd.js +1 -1
  160. package/dist/myaccount.umd.js.map +1 -1
  161. package/dist/okta-auth-js.min.js +1 -1
  162. package/dist/okta-auth-js.min.js.map +1 -1
  163. package/dist/okta-auth-js.polyfill.js +1 -1
  164. package/dist/okta-auth-js.polyfill.js.map +1 -1
  165. package/dist/okta-auth-js.umd.js +1 -1
  166. package/dist/okta-auth-js.umd.js.map +1 -1
  167. package/esm/browser/OktaAuth.js +0 -3
  168. package/esm/browser/OktaAuth.js.map +1 -1
  169. package/esm/browser/OktaUserAgent.js +2 -2
  170. package/esm/browser/SavedObject.js +2 -1
  171. package/esm/browser/SavedObject.js.map +1 -1
  172. package/esm/browser/TokenManager.js.map +1 -1
  173. package/esm/browser/browser/browserStorage.js.map +1 -1
  174. package/esm/browser/idx/authenticator/OktaPassword.js +4 -4
  175. package/esm/browser/idx/authenticator/OktaPassword.js.map +1 -1
  176. package/esm/browser/idx/remediators/Base/Remediator.js.map +1 -1
  177. package/esm/browser/idx/remediators/EnrollProfile.js +26 -0
  178. package/esm/browser/idx/remediators/EnrollProfile.js.map +1 -1
  179. package/esm/browser/idx/types/idx-js.js.map +1 -1
  180. package/esm/browser/idx/util.js +10 -3
  181. package/esm/browser/idx/util.js.map +1 -1
  182. package/esm/browser/index.js +1 -0
  183. package/esm/browser/index.js.map +1 -1
  184. package/esm/browser/services/SyncStorageService.js +1 -1
  185. package/esm/browser/services/SyncStorageService.js.map +1 -1
  186. package/esm/browser/util/storage.js +26 -0
  187. package/esm/browser/util/storage.js.map +1 -0
  188. package/esm/browser/util/url.js +1 -1
  189. package/esm/browser/util/url.js.map +1 -1
  190. package/esm/node/OktaAuth.js +0 -3
  191. package/esm/node/OktaAuth.js.map +1 -1
  192. package/esm/node/OktaUserAgent.js +2 -2
  193. package/esm/node/SavedObject.js +2 -1
  194. package/esm/node/SavedObject.js.map +1 -1
  195. package/esm/node/TokenManager.js.map +1 -1
  196. package/esm/node/browser/browserStorage.js.map +1 -1
  197. package/esm/node/idx/authenticator/OktaPassword.js +4 -4
  198. package/esm/node/idx/authenticator/OktaPassword.js.map +1 -1
  199. package/esm/node/idx/remediators/Base/Remediator.js.map +1 -1
  200. package/esm/node/idx/remediators/EnrollProfile.js +26 -0
  201. package/esm/node/idx/remediators/EnrollProfile.js.map +1 -1
  202. package/esm/node/idx/types/idx-js.js.map +1 -1
  203. package/esm/node/idx/util.js +10 -3
  204. package/esm/node/idx/util.js.map +1 -1
  205. package/esm/node/index.js +1 -0
  206. package/esm/node/index.js.map +1 -1
  207. package/esm/node/server/serverStorage.js.map +1 -1
  208. package/esm/node/services/SyncStorageService.js +1 -1
  209. package/esm/node/services/SyncStorageService.js.map +1 -1
  210. package/esm/node/util/storage.js +26 -0
  211. package/esm/node/util/storage.js.map +1 -0
  212. package/esm/node/util/url.js +1 -1
  213. package/esm/node/util/url.js.map +1 -1
  214. package/esm/package.json +1 -1
  215. package/lib/idx/authenticator/OktaPassword.d.ts +1 -0
  216. package/lib/idx/remediators/EnrollProfile.d.ts +11 -0
  217. package/lib/idx/types/idx-js.d.ts +4 -0
  218. package/lib/util/index.d.ts +1 -0
  219. package/lib/util/storage.d.ts +12 -0
  220. package/package.json +15 -26
package/cjs/oidc/handleOAuthResponse.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOIDCInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from '../types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n var pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n var responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType)) {\n responseType = [responseType];\n }\n\n var scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n var clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n var tokenDict = {} as Tokens;\n var expiresIn = res.expires_in;\n var tokenType = res.token_type;\n var accessToken = res.access_token;\n var idToken = res.id_token;\n var refreshToken = res.refresh_token;\n var now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n var accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n }\n\n if (idToken) {\n var idJwt = sdk.token.decode(idToken);\n var idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n var validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code\n };\n \n}"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;EACtE,IAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;IAC5C,MAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;EACD;;EAED,IAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;IACnC,MAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;EACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;EACxB,IAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;EACA;;EACA,IAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;IAC9C,OAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgC,qBAAc,EAAd,EAAkBP,WAAlB,EAA+B;MACpEQ,iBAAiB,EAAEf,GAAG,CAACW,IAD6C;MAEpEK,eAAe,EAAEhB,GAAG,CAACY;IAF+C,CAA/B,CAAhC,EAGHJ,IAHG,CAAP;EAID;;EAEDD,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;EACAE,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;EAEA,IAAIU,YAAY,GAAGV,WAAW,CAACU,YAAZ,IAA4B,EAA/C;;EACA,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;IAChCA,YAAY,GAAG,CAACA,YAAD,CAAf;EACD;;EAED,IAAIG,MAAJ;;EACA,IAAIpB,GAAG,CAACqB,KAAR,EAAe;IACbD,MAAM,GAAGpB,GAAG,CAACqB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;EACD,CAFD,MAEO;IACLF,MAAM,GAAG,iBAAMb,WAAW,CAACa,MAAlB,CAAT;EACD;;EACD,IAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1BwB,CA4BxB;;EACAxB,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;EAEA,IAAIiB,SAAS,GAAG,EAAhB;EACA,IAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;EACA,IAAIC,SAAS,GAAG3B,GAAG,CAAC4B,UAApB;EACA,IAAIC,WAAW,GAAG7B,GAAG,CAAC8B,YAAtB;EACA,IAAIC,OAAO,GAAG/B,GAAG,CAACgC,QAAlB;EACA,IAAIC,YAAY,GAAGjC,GAAG,CAACkC,aAAvB;EACA,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIN,WAAJ,EAAiB;IACf,IAAIU,SAAS,GAAGjC,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBX,WAAjB,CAAhB;IACAL,SAAS,CAACK,WAAV,GAAwB;MACtBA,WAAW,EAAEA,WADS;MAEtBY,MAAM,EAAEF,SAAS,CAACG,OAFI;MAGtBC,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;MAItBR,SAAS,EAAEA,SAJW;MAKtBP,MAAM,EAAEA,MALc;MAMtByB,YAAY,EAAErC,IAAI,CAACqC,YANG;MAOtBC,WAAW,EAAEtC,IAAI,CAACsC;IAPI,CAAxB;EASD;;EAED,IAAIb,YAAJ,EAAkB;IAChBT,SAAS,CAACS,YAAV,GAAyB;MACvBA,YAAY,EAAEA,YADS;MAEvB;MACA;MACAU,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;MAKvBf,MAAM,EAAEA,MALe;MAMvB2B,QAAQ,EAAEvC,IAAI,CAACuC,QANQ;MAOvBF,YAAY,EAAErC,IAAI,CAACqC,YAPI;MAQvBG,MAAM,EAAExC,IAAI,CAACwC;IARU,CAAzB;EAUD;;EAED,IAAIjB,OAAJ,EAAa;IACX,IAAIkB,KAAK,GAAG3C,GAAG,CAACO,KAAJ,CAAU2B,MAAV,CAAiBT,OAAjB,CAAZ;IACA,IAAImB,UAAmB,GAAG;MACxBnB,OAAO,EAAEA,OADe;MAExBU,MAAM,EAAEQ,KAAK,CAACP,OAFU;MAGxBC,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;MAGkC;MAC1Df,MAAM,EAAEA,MAJgB;MAKxByB,YAAY,EAAErC,IAAI,CAACqC,YALK;MAMxBG,MAAM,EAAExC,IAAI,CAACwC,MANW;MAOxBzB,QAAQ,EAAEA;IAPc,CAA1B;IAUA,IAAI8B,gBAAmC,GAAG;MACxC9B,QAAQ,EAAEA,QAD8B;MAExCyB,MAAM,EAAExC,IAAI,CAACwC,MAF2B;MAGxCM,KAAK,EAAE/C,WAAW,CAAC+C,KAHqB;MAIxCzB,WAAW,EAAEA;IAJ2B,CAA1C;;IAOA,IAAItB,WAAW,CAACgD,eAAZ,KAAgCC,SAApC,EAA+C;MAC7CH,gBAAgB,CAACE,eAAjB,GAAmChD,WAAW,CAACgD,eAA/C;IACD;;IAED,MAAM,8BAAYjD,GAAZ,EAAiB4C,UAAjB,EAA6BG,gBAA7B,CAAN;IACA7B,SAAS,CAACO,OAAV,GAAoBmB,UAApB;EACD,CA1FuB,CA4FxB;;;EACA,IAAI,sBAAAjC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACO,SAAS,CAACK,WAAvD,EAAoE;IAClE;IACA,MAAM,IAAIzB,oBAAJ,CAAiB,+GAAjB,CAAN;EACD;;EACD,IAAI,sBAAAa,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACO,SAAS,CAACO,OAA1D,EAAmE;IACjE;IACA,MAAM,IAAI3B,oBAAJ,CAAiB,8GAAjB,CAAN;EACD;;EAED,OAAO;IACLqD,MAAM,EAAEjC,SADH;IAELrB,KAAK,EAAEH,GAAG,CAACG,KAFN;IAGLQ,IAAI,EAAEX,GAAG,CAACW;EAHL,CAAP;AAMD"}
1
+ {"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","authorizationCode","interactionCode","getDefaultTokenParams","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","verifyToken","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOIDCInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from '../types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n var pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n var responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType)) {\n responseType = [responseType];\n }\n\n var scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n var clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n var tokenDict = {} as Tokens;\n var expiresIn = res.expires_in;\n var tokenType = res.token_type;\n var accessToken = res.access_token;\n var idToken = res.id_token;\n var refreshToken = res.refresh_token;\n var now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n var accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n }\n\n if (idToken) {\n var idJwt = sdk.token.decode(idToken);\n var idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n var validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code\n };\n \n}"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;EACtE,IAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;IAC5C,MAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;EACD;;EAED,IAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;IACnC,MAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;EACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;EACxB,IAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;EACA;;EACA,IAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;IAC9C,OAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgC,qBAAc,EAAd,EAAkBP,WAAlB,EAA+B;MACpEQ,iBAAiB,EAAEf,GAAG,CAACW,IAD6C;MAEpEK,eAAe,EAAEhB,GAAG,CAACY;IAF+C,CAA/B,CAAhC,EAGHJ,IAHG,CAAP;EAID;;EAEDD,WAAW,GAAGA,WAAW,IAAI,IAAAU,4BAAA,EAAsBX,GAAtB,CAA7B;EACAE,IAAI,GAAGA,IAAI,IAAI,IAAAU,mBAAA,EAAaZ,GAAb,EAAkBC,WAAlB,CAAf;EAEA,IAAIY,YAAY,GAAGZ,WAAW,CAACY,YAAZ,IAA4B,EAA/C;;EACA,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;IAChCA,YAAY,GAAG,CAACA,YAAD,CAAf;EACD;;EAED,IAAIG,MAAJ;;EACA,IAAItB,GAAG,CAACuB,KAAR,EAAe;IACbD,MAAM,GAAGtB,GAAG,CAACuB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;EACD,CAFD,MAEO;IACLF,MAAM,GAAG,IAAAG,WAAA,EAAMlB,WAAW,CAACe,MAAlB,CAAT;EACD;;EACD,IAAII,QAAQ,GAAGnB,WAAW,CAACmB,QAAZ,IAAwBpB,GAAG,CAACI,OAAJ,CAAYgB,QAAnD,CA1BwB,CA4BxB;;EACA3B,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;EAEA,IAAIoB,SAAS,GAAG,EAAhB;EACA,IAAIC,SAAS,GAAG5B,GAAG,CAAC6B,UAApB;EACA,IAAIC,SAAS,GAAG9B,GAAG,CAAC+B,UAApB;EACA,IAAIC,WAAW,GAAGhC,GAAG,CAACiC,YAAtB;EACA,IAAIC,OAAO,GAAGlC,GAAG,CAACmC,QAAlB;EACA,IAAIC,YAAY,GAAGpC,GAAG,CAACqC,aAAvB;EACA,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIN,WAAJ,EAAiB;IACf,IAAIU,SAAS,GAAGpC,GAAG,CAACO,KAAJ,CAAU8B,MAAV,CAAiBX,WAAjB,CAAhB;IACAL,SAAS,CAACK,WAAV,GAAwB;MACtBA,WAAW,EAAEA,WADS;MAEtBY,MAAM,EAAEF,SAAS,CAACG,OAFI;MAGtBC,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;MAItBR,SAAS,EAAEA,SAJW;MAKtBR,MAAM,EAAEA,MALc;MAMtB0B,YAAY,EAAExC,IAAI,CAACwC,YANG;MAOtBC,WAAW,EAAEzC,IAAI,CAACyC;IAPI,CAAxB;EASD;;EAED,IAAIb,YAAJ,EAAkB;IAChBT,SAAS,CAACS,YAAV,GAAyB;MACvBA,YAAY,EAAEA,YADS;MAEvB;MACA;MACAU,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;MAKvBhB,MAAM,EAAEA,MALe;MAMvB4B,QAAQ,EAAE1C,IAAI,CAAC0C,QANQ;MAOvBF,YAAY,EAAExC,IAAI,CAACwC,YAPI;MAQvBG,MAAM,EAAE3C,IAAI,CAAC2C;IARU,CAAzB;EAUD;;EAED,IAAIjB,OAAJ,EAAa;IACX,IAAIkB,KAAK,GAAG9C,GAAG,CAACO,KAAJ,CAAU8B,MAAV,CAAiBT,OAAjB,CAAZ;IACA,IAAImB,UAAmB,GAAG;MACxBnB,OAAO,EAAEA,OADe;MAExBU,MAAM,EAAEQ,KAAK,CAACP,OAFU;MAGxBC,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;MAGkC;MAC1DhB,MAAM,EAAEA,MAJgB;MAKxB0B,YAAY,EAAExC,IAAI,CAACwC,YALK;MAMxBG,MAAM,EAAE3C,IAAI,CAAC2C,MANW;MAOxBzB,QAAQ,EAAEA;IAPc,CAA1B;IAUA,IAAI8B,gBAAmC,GAAG;MACxC9B,QAAQ,EAAEA,QAD8B;MAExCyB,MAAM,EAAE3C,IAAI,CAAC2C,MAF2B;MAGxCM,KAAK,EAAElD,WAAW,CAACkD,KAHqB;MAIxCzB,WAAW,EAAEA;IAJ2B,CAA1C;;IAOA,IAAIzB,WAAW,CAACmD,eAAZ,KAAgCC,SAApC,EAA+C;MAC7CH,gBAAgB,CAACE,eAAjB,GAAmCnD,WAAW,CAACmD,eAA/C;IACD;;IAED,MAAM,IAAAE,wBAAA,EAAYtD,GAAZ,EAAiB+C,UAAjB,EAA6BG,gBAA7B,CAAN;IACA7B,SAAS,CAACO,OAAV,GAAoBmB,UAApB;EACD,CA1FuB,CA4FxB;;;EACA,IAAI,sBAAAlC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACQ,SAAS,CAACK,WAAvD,EAAoE;IAClE;IACA,MAAM,IAAI5B,oBAAJ,CAAiB,+GAAjB,CAAN;EACD;;EACD,IAAI,sBAAAe,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACQ,SAAS,CAACO,OAA1D,EAAmE;IACjE;IACA,MAAM,IAAI9B,oBAAJ,CAAiB,8GAAjB,CAAN;EACD;;EAED,OAAO;IACLyD,MAAM,EAAElC,SADH;IAELxB,KAAK,EAAEH,GAAG,CAACG,KAFN;IAGLQ,IAAI,EAAEX,GAAG,CAACW;EAHL,CAAP;AAMD"}
package/cjs/oidc/index.js CHANGED
@@ -24,40 +24,40 @@ Object.defineProperty(exports, "decodeToken", {
24
24
  return _decodeToken.decodeToken;
25
25
  }
26
26
  });
27
- Object.defineProperty(exports, "revokeToken", {
27
+ Object.defineProperty(exports, "exchangeCodeForTokens", {
28
28
  enumerable: true,
29
29
  get: function () {
30
- return _revokeToken.revokeToken;
30
+ return _exchangeCodeForTokens.exchangeCodeForTokens;
31
31
  }
32
32
  });
33
- Object.defineProperty(exports, "renewToken", {
33
+ Object.defineProperty(exports, "getToken", {
34
34
  enumerable: true,
35
35
  get: function () {
36
- return _renewToken.renewToken;
36
+ return _getToken.getToken;
37
37
  }
38
38
  });
39
- Object.defineProperty(exports, "renewTokensWithRefresh", {
39
+ Object.defineProperty(exports, "getUserInfo", {
40
40
  enumerable: true,
41
41
  get: function () {
42
- return _renewTokensWithRefresh.renewTokensWithRefresh;
42
+ return _getUserInfo.getUserInfo;
43
43
  }
44
44
  });
45
- Object.defineProperty(exports, "renewTokens", {
45
+ Object.defineProperty(exports, "getWithPopup", {
46
46
  enumerable: true,
47
47
  get: function () {
48
- return _renewTokens.renewTokens;
48
+ return _getWithPopup.getWithPopup;
49
49
  }
50
50
  });
51
- Object.defineProperty(exports, "verifyToken", {
51
+ Object.defineProperty(exports, "getWithRedirect", {
52
52
  enumerable: true,
53
53
  get: function () {
54
- return _verifyToken.verifyToken;
54
+ return _getWithRedirect.getWithRedirect;
55
55
  }
56
56
  });
57
- Object.defineProperty(exports, "getUserInfo", {
57
+ Object.defineProperty(exports, "getWithoutPrompt", {
58
58
  enumerable: true,
59
59
  get: function () {
60
- return _getUserInfo.getUserInfo;
60
+ return _getWithoutPrompt.getWithoutPrompt;
61
61
  }
62
62
  });
63
63
  Object.defineProperty(exports, "handleOAuthResponse", {
@@ -66,40 +66,40 @@ Object.defineProperty(exports, "handleOAuthResponse", {
66
66
  return _handleOAuthResponse.handleOAuthResponse;
67
67
  }
68
68
  });
69
- Object.defineProperty(exports, "exchangeCodeForTokens", {
69
+ Object.defineProperty(exports, "parseFromUrl", {
70
70
  enumerable: true,
71
71
  get: function () {
72
- return _exchangeCodeForTokens.exchangeCodeForTokens;
72
+ return _parseFromUrl.parseFromUrl;
73
73
  }
74
74
  });
75
- Object.defineProperty(exports, "getToken", {
75
+ Object.defineProperty(exports, "renewToken", {
76
76
  enumerable: true,
77
77
  get: function () {
78
- return _getToken.getToken;
78
+ return _renewToken.renewToken;
79
79
  }
80
80
  });
81
- Object.defineProperty(exports, "getWithoutPrompt", {
81
+ Object.defineProperty(exports, "renewTokens", {
82
82
  enumerable: true,
83
83
  get: function () {
84
- return _getWithoutPrompt.getWithoutPrompt;
84
+ return _renewTokens.renewTokens;
85
85
  }
86
86
  });
87
- Object.defineProperty(exports, "getWithPopup", {
87
+ Object.defineProperty(exports, "renewTokensWithRefresh", {
88
88
  enumerable: true,
89
89
  get: function () {
90
- return _getWithPopup.getWithPopup;
90
+ return _renewTokensWithRefresh.renewTokensWithRefresh;
91
91
  }
92
92
  });
93
- Object.defineProperty(exports, "getWithRedirect", {
93
+ Object.defineProperty(exports, "revokeToken", {
94
94
  enumerable: true,
95
95
  get: function () {
96
- return _getWithRedirect.getWithRedirect;
96
+ return _revokeToken.revokeToken;
97
97
  }
98
98
  });
99
- Object.defineProperty(exports, "parseFromUrl", {
99
+ Object.defineProperty(exports, "verifyToken", {
100
100
  enumerable: true,
101
101
  get: function () {
102
- return _parseFromUrl.parseFromUrl;
102
+ return _verifyToken.verifyToken;
103
103
  }
104
104
  });
105
105
 
package/cjs/oidc/parseFromUrl.js CHANGED
@@ -2,10 +2,10 @@
2
2
 
3
3
  var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
4
 
5
- exports.getResponseMode = getResponseMode;
6
- exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
7
5
  exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
6
+ exports.getResponseMode = getResponseMode;
8
7
  exports.parseFromUrl = parseFromUrl;
8
+ exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
9
9
 
10
10
  var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
11
11
 
package/cjs/oidc/parseFromUrl.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","catch","err","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,qBAASA,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEI,GAAG,EAAEJ;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;EACA,IAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIc,QAAJ;;EAEA,IAAIH,YAAY,KAAK,OAArB,EAA8B;IAC5BG,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLU,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACS,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,6BAAkBF,QAAlB,CAAP;AACD;;AAEM,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,qBAASA,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEI,GAAG,EAAEJ;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DC,KAAK,EAAE,IADwD;IAE/Db,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;IAG/DS;EAH+D,CAA5B,CAArC;;EAKA,IAAI,CAACC,WAAL,EAAkB;IAChB,OAAO,iBAAQI,MAAR,CAAe,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;EACD;;EACD,MAAMS,IAAgB,GAAGL,WAAW,CAACK,IAArC;EACA,OAAOL,WAAW,CAACK,IAAnB;;EAEA,IAAI,CAAChB,OAAO,CAACI,GAAb,EAAkB;IAChB;IACAI,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,8CAAoBjB,GAApB,EAAyB4B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;MACpCnC,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;QAC3BT;MAD2B,CAA7B;IAGD;;IACD,MAAMQ,GAAN;EACD,CARI,EASJE,IATI,CASCX,GAAG,IAAI;IACX1B,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;MAC3BT;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}
1
+ {"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","isString","url","paramStr","substring","AuthSdkError","urlParamsToObject","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","handleOAuthResponse","catch","err","isInteractionRequiredError","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAIK,GAAG,GAAGL,OAAO,CAACK,GAAlB;EACA,IAAIH,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIe,QAAJ;;EAEA,IAAIJ,YAAY,KAAK,OAArB,EAA8B;IAC5BI,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCf,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLW,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCf,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACU,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,IAAAC,uBAAA,EAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC3B,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMW,GAAkB,GAAGR,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMY,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG9B,GAAG,CAAC+B,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DC,KAAK,EAAE,IADwD;IAE/Df,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;IAG/DW;EAH+D,CAA5B,CAArC;;EAKA,IAAI,CAACC,WAAL,EAAkB;IAChB,OAAO,iBAAQI,MAAR,CAAe,IAAIT,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;EACD;;EACD,MAAMU,IAAgB,GAAGL,WAAW,CAACK,IAArC;EACA,OAAOL,WAAW,CAACK,IAAnB;;EAEA,IAAI,CAAClB,OAAO,CAACK,GAAb,EAAkB;IAChB;IACAK,yBAAyB,CAAC3B,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,IAAAmB,wCAAA,EAAoBpC,GAApB,EAAyB8B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJE,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,IAAAC,gCAAA,EAA2BD,GAA3B,CAAL,EAAsC;MACpCtC,GAAG,CAAC+B,kBAAJ,CAAuBS,KAAvB,CAA6B;QAC3BX;MAD2B,CAA7B;IAGD;;IACD,MAAMS,GAAN;EACD,CARI,EASJG,IATI,CASCb,GAAG,IAAI;IACX5B,GAAG,CAAC+B,kBAAJ,CAAuBS,KAAvB,CAA6B;MAC3BX;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}
package/cjs/oidc/renewToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,sBAAUD,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACC,OAAd;EACD;;EACD,IAAI,0BAAcF,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACE,WAAd;EACD;;EACDN,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;EACrG,IAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;IAC9CT,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIP,MAAM,CAACQ,YAAX,EAAyB;IACvBR,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;MACzCK,MAAM,EAAEJ,KAAK,CAACI;IAD2B,CAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;IAGA,OAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;EACD;;EAED,IAAIU,YAAJ;;EACA,IAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;IAC/BK,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDV,KAAtD;EACA,OAAO,wCAAiBD,GAAjB,EAAsB;IAC3BM,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}
1
+ {"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,IAAAC,gBAAA,EAAUF,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACE,OAAd;EACD;;EACD,IAAI,IAAAC,oBAAA,EAAcJ,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACI,WAAd;EACD;;EACDR,sBAAsB;AACvB,C,CAED;;;AACO,eAAeS,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;EACrG,IAAI,CAAC,IAAAN,gBAAA,EAAUM,KAAV,CAAD,IAAqB,CAAC,IAAAJ,oBAAA,EAAcI,KAAd,CAA1B,EAAgD;IAC9CX,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIT,MAAM,CAACU,YAAX,EAAyB;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAA,EAAuBL,GAAvB,EAA4B;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAD2B,CAA5B,EAEZZ,MAAM,CAACU,YAFK,CAAf;IAGA,OAAOZ,cAAc,CAACS,KAAD,EAAQP,MAAR,CAArB;EACD;;EAED,IAAIa,YAAJ;;EACA,IAAIP,GAAG,CAACQ,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,IAAAV,oBAAA,EAAcI,KAAd,CAAJ,EAA0B;IAC/BM,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDX,KAAtD;EACA,OAAO,IAAAY,kCAAA,EAAiBb,GAAjB,EAAsB;IAC3BO,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJE,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOvB,cAAc,CAACS,KAAD,EAAQc,GAAG,CAACrB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}
package/cjs/oidc/renewTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,oDAAuBL,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB6E,CAuB7E;;EACAX,OAAO,GAAG,qBAAc;IACtBQ,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPX,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYY,IAAhB,EAAsB;IACpBZ,OAAO,CAACa,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,iCAAsBd,GAAtB,CAAzB;IACAC,OAAO,CAACa,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,wCAAiBd,GAAjB,EAAsBC,OAAtB,EACJc,IADI,CACCC,GAAG,IAAIA,GAAG,CAACd,MADZ,CAAP;AAGD"}
1
+ {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,IAAAC,8CAAA,EAAuBN,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACK,WAAR,IAAuB,CAACL,MAAM,CAACM,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BZ,GAAG,CAACC,OAAJ,CAAYW,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBb,GAAG,CAACC,OAAJ,CAAYY,MAA7C,CArB6E,CAuB7E;;EACAZ,OAAO,GAAG,qBAAc;IACtBS,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPZ,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;IACpBb,OAAO,CAACc,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,IAAAC,2BAAA,EAAsBhB,GAAtB,CAAzB;IACAC,OAAO,CAACc,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,IAAAE,kCAAA,EAAiBjB,GAAjB,EAAsBC,OAAtB,EACJiB,IADI,CACCC,GAAG,IAAIA,GAAG,CAACjB,MADZ,CAAP;AAGD"}
package/cjs/oidc/renewTokensWithRefresh.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken","err","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n try {\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n clientId,\n });\n const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n }\n catch (err) {\n if (isRefreshTokenInvalidError(err)) {\n // if the refresh token is invalid, remove it from storage\n sdk.tokenManager.removeRefreshToken();\n }\n throw err;\n }\n}\n"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMI,aAAa,GAAG,MAAM,6BAAiBP,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMM,IAAI,GAAG,yBAAaR,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEQ;IAAF,IAAa,MAAM,8CAAoBT,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DC,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEE;IAAF,IAAmBD,MAAzB;;IACA,IAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCR,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACW,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;IACD;;IAED,OAAOD,MAAP;EACD,CAfD,CAgBA,OAAOI,GAAP,EAAY;IACV,IAAI,yCAA2BA,GAA3B,CAAJ,EAAqC;MACnC;MACAb,GAAG,CAACW,YAAJ,CAAiBG,kBAAjB;IACD;;IACD,MAAMD,GAAN;EACD;AACF"}
1
+ {"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n try {\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n clientId,\n });\n const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n }\n catch (err) {\n if (isRefreshTokenInvalidError(err)) {\n // if the refresh token is invalid, remove it from storage\n sdk.tokenManager.removeRefreshToken();\n }\n throw err;\n }\n}\n"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMI,aAAa,GAAG,MAAM,IAAAC,uBAAA,EAAiBR,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMO,IAAI,GAAG,IAAAC,mBAAA,EAAaV,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEU;IAAF,IAAa,MAAM,IAAAC,wCAAA,EAAoBZ,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DE,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEI;IAAF,IAAmBF,MAAzB;;IACA,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAA,EAAmBD,YAAnB,EAAiCX,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACe,YAAJ,CAAiBC,kBAAjB,CAAoCH,YAApC;IACD;;IAED,OAAOF,MAAP;EACD,CAfD,CAgBA,OAAOM,GAAP,EAAY;IACV,IAAI,IAAAC,mCAAA,EAA2BD,GAA3B,CAAJ,EAAqC;MACnC;MACAjB,GAAG,CAACe,YAAJ,CAAiBI,kBAAjB;IACD;;IACD,MAAMF,GAAN;EACD;AACF"}
package/cjs/oidc/revokeToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthOIDCInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;EAAA;;EACjG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdgG,CAejG;;;EACA,IAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;EACA,IAAIC,IAAI,GAAG,wDAAc;IACvB;IACAC,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,kBAIF,CAJE,CAAX;EAKA,IAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;EACA,OAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;IAChCG,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWD;IAFrB;EADuB,CAA3B,CAAP;AAMD"}
1
+ {"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","getOAuthUrls","args","toQueryString","token_type_hint","creds","btoa","post","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthOIDCInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;EAAA;;EACjG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdgG,CAejG;;;EACA,IAAII,SAAS,GAAG,IAAAC,mBAAA,EAAaT,GAAb,EAAkBQ,SAAlC;EACA,IAAIE,IAAI,GAAG,mCAAAC,mBAAA,EAAc;IACvB;IACAC,eAAe,EAAET,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,kBAIF,CAJE,CAAX;EAKA,IAAIW,KAAK,GAAGN,YAAY,GAAG,IAAAO,YAAA,EAAM,GAAET,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,IAAAO,YAAA,EAAKT,QAAL,CAAjE;EACA,OAAO,IAAAU,UAAA,EAAKf,GAAL,EAAUQ,SAAV,EAAqBE,IAArB,EAA2B;IAChCM,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWH;IAFrB;EADuB,CAA3B,CAAP;AAMD"}
package/cjs/oidc/util/browser.js CHANGED
@@ -3,10 +3,10 @@
3
3
  var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
4
 
5
5
  exports.addListener = addListener;
6
- exports.removeListener = removeListener;
6
+ exports.addPostMessageListener = addPostMessageListener;
7
7
  exports.loadFrame = loadFrame;
8
8
  exports.loadPopup = loadPopup;
9
- exports.addPostMessageListener = addPostMessageListener;
9
+ exports.removeListener = removeListener;
10
10
 
11
11
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
12
12
 
package/cjs/oidc/util/defaultTokenParams.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOptionsInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOptionsInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n ignoreSignature\n });\n}"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2E;EAChF,MAAM;IACJC,IADI;IAEJC,QAFI;IAGJC,WAHI;IAIJC,YAJI;IAKJC,YALI;IAMJC,MANI;IAOJC,KAPI;IAQJC;EARI,IASFR,GAAG,CAACS,OATR;EAUA,MAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;EACA,OAAO,sBAAW;IAChBb,IADgB;IAEhBC,QAFgB;IAGhBC,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;IAIhBN,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;IAKhBC,YALgB;IAMhBE,KAAK,EAAEA,KAAK,IAAI,2BANA;IAOhBQ,KAAK,EAAE,2BAPS;IAQhBT,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;IAShBE;EATgB,CAAX,CAAP;AAWD"}
1
+ {"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","isBrowser","window","location","href","undefined","removeNils","generateState","nonce","generateNonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOptionsInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOptionsInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n ignoreSignature\n });\n}"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2E;EAChF,MAAM;IACJC,IADI;IAEJC,QAFI;IAGJC,WAHI;IAIJC,YAJI;IAKJC,YALI;IAMJC,MANI;IAOJC,KAPI;IAQJC;EARI,IASFR,GAAG,CAACS,OATR;EAUA,MAAMC,kBAAkB,GAAG,IAAAC,mBAAA,MAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;EACA,OAAO,IAAAC,gBAAA,EAAW;IAChBf,IADgB;IAEhBC,QAFgB;IAGhBC,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;IAIhBN,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;IAKhBC,YALgB;IAMhBE,KAAK,EAAEA,KAAK,IAAI,IAAAU,oBAAA,GANA;IAOhBC,KAAK,EAAE,IAAAC,oBAAA,GAPS;IAQhBb,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;IAShBE;EATgB,CAAX,CAAP;AAWD"}
package/cjs/oidc/util/errors.js CHANGED
@@ -1,7 +1,7 @@
1
1
  "use strict";
2
2
 
3
- exports.isInteractionRequiredError = isInteractionRequiredError;
4
3
  exports.isAuthorizationCodeError = isAuthorizationCodeError;
4
+ exports.isInteractionRequiredError = isInteractionRequiredError;
5
5
  exports.isRefreshTokenInvalidError = isRefreshTokenInvalidError;
6
6
 
7
7
  var _errors = require("../../errors");
package/cjs/oidc/util/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOptionsInterface } from '../../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOptionsInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;EACvD,IAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;IAC/B,OAAO,KAAP;EACD;;EACD,MAAMC,UAAU,GAAGF,KAAnB;EACA,OAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAAiEL,KAAjE,EAA+E;EACpF,IAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;IACjC,OAAO,KAAP;EACD;;EACD,MAAMK,YAAY,GAAGN,KAArB,CAJoF,CAKpF;;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;EACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;EACA,OAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD;;AAEM,SAASY,0BAAT,CAAoCZ,KAApC,EAA6D;EAClE;EACA,OAAO,0BAAaA,KAAb,KACLA,KAAK,CAACG,SAAN,KAAoB,eADf,IAELH,KAAK,CAACa,YAAN,KAAuB,0CAFzB;AAGD"}
1
+ {"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOptionsInterface } from '../../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOptionsInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;EACvD,IAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;IAC/B,OAAO,KAAP;EACD;;EACD,MAAMC,UAAU,GAAGF,KAAnB;EACA,OAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAAiEL,KAAjE,EAA+E;EACpF,IAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;IACjC,OAAO,KAAP;EACD;;EACD,MAAMK,YAAY,GAAGN,KAArB,CAJoF,CAKpF;;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;EACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;EACA,OAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD;;AAEM,SAASY,0BAAT,CAAoCZ,KAApC,EAA6D;EAClE;EACA,OAAO,IAAAa,oBAAA,EAAab,KAAb,KACLA,KAAK,CAACG,SAAN,KAAoB,eADf,IAELH,KAAK,CAACc,YAAN,KAAuB,0CAFzB;AAGD"}
package/cjs/oidc/util/loginRedirect.js CHANGED
@@ -2,15 +2,15 @@
2
2
 
3
3
  var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
4
 
5
- exports.hasTokensInHash = hasTokensInHash;
5
+ exports.getHashOrSearch = getHashOrSearch;
6
6
  exports.hasAuthorizationCode = hasAuthorizationCode;
7
- exports.hasInteractionCode = hasInteractionCode;
8
7
  exports.hasErrorInUrl = hasErrorInUrl;
9
- exports.isRedirectUri = isRedirectUri;
8
+ exports.hasInteractionCode = hasInteractionCode;
9
+ exports.hasTokensInHash = hasTokensInHash;
10
10
  exports.isCodeFlow = isCodeFlow;
11
- exports.getHashOrSearch = getHashOrSearch;
12
- exports.isLoginRedirect = isLoginRedirect;
13
11
  exports.isInteractionRequired = isInteractionRequired;
12
+ exports.isLoginRedirect = isLoginRedirect;
13
+ exports.isRedirectUri = isRedirectUri;
14
14
 
15
15
  var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
16
16
 
package/cjs/oidc/util/oauth.js CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
4
 
5
- exports.generateState = generateState;
6
5
  exports.generateNonce = generateNonce;
6
+ exports.generateState = generateState;
7
7
  exports.getOAuthBaseUrl = getOAuthBaseUrl;
8
8
  exports.getOAuthDomain = getOAuthDomain;
9
9
  exports.getOAuthUrls = getOAuthUrls;
package/cjs/oidc/util/oauth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth.js","names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOptionsInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAAkDC,OAAmB,GAAG,EAAxE,EAA4E;EAC1E,MAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAwDC,OAAmB,GAAG,EAA9E,EAAkF;EACvF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAuDC,OAAmB,GAAG,EAA7E,EAAiF;EACtF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAAqDC,OAArD,EAAuF;EAC5F,IAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDV,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4F,CAM5F;;EACA,IAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;EACA,IAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;EACA,IAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;EACA,IAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;EACA,IAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;EAEA,IAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;EAEAW,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;EACAS,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;EACAU,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EACAW,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLF,MAAM,EAAEA,MADH;IAELU,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}
1
+ {"version":3,"file":"oauth.js","names":["generateState","genRandomString","generateNonce","getIssuer","sdk","options","issuer","removeTrailingSlash","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOptionsInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,IAAAC,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,IAAAD,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAED,SAASE,SAAT,CAAmBC,GAAnB,EAAkDC,OAAmB,GAAG,EAAxE,EAA4E;EAC1E,MAAMC,MAAM,GAAG,IAAAC,yBAAA,EAAoBF,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASE,eAAT,CAAyBJ,GAAzB,EAAwDC,OAAmB,GAAG,EAA9E,EAAkF;EACvF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMI,OAAO,GAAG,sBAAAH,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOG,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBN,GAAxB,EAAuDC,OAAmB,GAAG,EAA7E,EAAiF;EACtF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBT,GAAtB,EAAqDC,OAArD,EAAuF;EAC5F,IAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDX,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4F,CAM5F;;EACA,IAAIY,YAAY,GAAG,IAAAV,yBAAA,EAAoBF,OAAO,CAACY,YAA5B,KAA6Cb,GAAG,CAACC,OAAJ,CAAYY,YAA5E;EACA,IAAIX,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIa,WAAW,GAAG,IAAAX,yBAAA,EAAoBF,OAAO,CAACa,WAA5B,KAA4Cd,GAAG,CAACC,OAAJ,CAAYa,WAA1E;EACA,IAAIC,QAAQ,GAAG,IAAAZ,yBAAA,EAAoBF,OAAO,CAACc,QAA5B,KAAyCf,GAAG,CAACC,OAAJ,CAAYc,QAApE;EACA,IAAIC,SAAS,GAAG,IAAAb,yBAAA,EAAoBF,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;EACA,IAAIC,SAAS,GAAG,IAAAd,yBAAA,EAAoBF,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;EAEA,IAAIZ,OAAO,GAAGD,eAAe,CAACJ,GAAD,EAAMC,OAAN,CAA7B;EAEAY,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;EACAS,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;EACAU,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EACAW,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLH,MAAM,EAAEA,MADH;IAELW,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}
package/cjs/oidc/util/oauthMeta.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOptionsInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthOptionsInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMI,SAA+B,GAAG;IACtCH,MADsC;IAEtCE,IAFsC;IAGtCE,QAAQ,EAAEL,WAAW,CAACK,QAHgB;IAItCC,WAAW,EAAEN,WAAW,CAACM,WAJa;IAKtCC,YAAY,EAAEP,WAAW,CAACO,YALY;IAMtCC,YAAY,EAAER,WAAW,CAACQ,YANY;IAOtCC,MAAM,EAAET,WAAW,CAACS,MAPkB;IAQtCC,KAAK,EAAEV,WAAW,CAACU,KARmB;IAStCC,KAAK,EAAEX,WAAW,CAACW,KATmB;IAUtCC,eAAe,EAAEZ,WAAW,CAACY;EAVS,CAAxC;;EAaA,IAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEf,WAAW,CAACe,YAFU;IAGpCC,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;IAIpCC,aAAa,EAAEjB,WAAW,CAACiB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}
1
+ {"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","getOAuthUrls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOptionsInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthOptionsInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,IAAAC,mBAAA,EAAaL,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMK,SAA+B,GAAG;IACtCJ,MADsC;IAEtCE,IAFsC;IAGtCG,QAAQ,EAAEN,WAAW,CAACM,QAHgB;IAItCC,WAAW,EAAEP,WAAW,CAACO,WAJa;IAKtCC,YAAY,EAAER,WAAW,CAACQ,YALY;IAMtCC,YAAY,EAAET,WAAW,CAACS,YANY;IAOtCC,MAAM,EAAEV,WAAW,CAACU,MAPkB;IAQtCC,KAAK,EAAEX,WAAW,CAACW,KARmB;IAStCC,KAAK,EAAEZ,WAAW,CAACY,KATmB;IAUtCC,eAAe,EAAEb,WAAW,CAACa;EAVS,CAAxC;;EAaA,IAAIb,WAAW,CAACc,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEhB,WAAW,CAACgB,YAFU;IAGpCC,mBAAmB,EAAEjB,WAAW,CAACiB,mBAHG;IAIpCC,aAAa,EAAElB,WAAW,CAACkB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}
package/cjs/oidc/util/pkce.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,kBAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;EAAA;;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;EACD;;EACD,OAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;EACvD,IAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;EACA,OAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbC,6BAA6B,EAA7BA,wCADa;EAEbnB,gBAFa;EAGbM;AAHa,C"}
1
+ {"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","stringToBase64Url","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,iBAAA,CAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;EAAA;;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,8BAAA,GAAsBD,QAAQ,CAACX,MAAhC,CAArC;EACD;;EACD,OAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;EACvD,IAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;EACA,OAAOF,iBAAA,CAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,IAAAC,yBAAA,EAAkBL,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbE,6BAA6B,EAA7BA,wCADa;EAEbpB,gBAFa;EAGbM;AAHa,C"}
package/cjs/oidc/util/prepareTokenParams.js CHANGED
@@ -3,9 +3,9 @@
3
3
  var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
4
 
5
5
  exports.assertPKCESupport = assertPKCESupport;
6
- exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
7
6
  exports.preparePKCE = preparePKCE;
8
7
  exports.prepareTokenParams = prepareTokenParams;
8
+ exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
9
9
 
10
10
  var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
11
11
 
package/cjs/oidc/util/prepareTokenParams.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthFeaturesInterface, OktaAuthOIDCInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthFeaturesInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOIDCInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthOIDCInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAA2D;EAChE,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAuEQ,mBAAvE,EAAqG;EAC1G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF0G,CAI1G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;EACA,IAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAI,sBAAAC,OAAO,MAAP,CAAAA,OAAO,EAASJ,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeK,WAAf,CACLb,GADK,EAELc,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFR;EAHE,IAIAM,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIhB,GAAG,CAACS,OAAJ,CAAYO,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBjB,iBAAiB,CAACC,GAAD,CAAjB;IACAe,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDP,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAM,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZR;EALY,CAAd;EAQA,OAAOM,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLrB,GADK,EAELc,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,+CAAsBtB,GAAtB,CAAjB;EACAc,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACS,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,WAAP;EACD;;EAED,OAAOD,WAAW,CAACb,GAAD,EAAMc,WAAN,CAAlB;AACD"}
1
+ {"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","getWellKnown","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","getDefaultTokenParams","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthFeaturesInterface, OktaAuthOIDCInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthFeaturesInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOIDCInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthOIDCInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthOIDCInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAA2D;EAChE,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAuEQ,mBAAvE,EAAqG;EAC1G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF0G,CAI1G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,uBAAA,EAAaZ,GAAb,CAAhC;EACA,IAAIa,OAAO,GAAGF,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAI,sBAAAE,OAAO,MAAP,CAAAA,OAAO,EAASL,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeM,WAAf,CACLd,GADK,EAELe,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFT;EAHE,IAIAO,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIjB,GAAG,CAACS,OAAJ,CAAYQ,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBlB,iBAAiB,CAACC,GAAD,CAAjB;IACAgB,YAAY,GAAGA,YAAY,IAAIE,aAAA,CAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,aAAA,CAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDR,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAO,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZT;EALY,CAAd;EAQA,OAAOO,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLtB,GADK,EAELe,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,IAAAC,yCAAA,EAAsBxB,GAAtB,CAAjB;EACAe,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACU,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOV,WAAP;EACD;;EAED,OAAOD,WAAW,CAACd,GAAD,EAAMe,WAAN,CAAlB;AACD"}
package/cjs/oidc/util/refreshToken.js CHANGED
@@ -1,7 +1,7 @@
1
1
  "use strict";
2
2
 
3
- exports.isSameRefreshToken = isSameRefreshToken;
4
3
  exports.isRefreshTokenError = isRefreshTokenError;
4
+ exports.isSameRefreshToken = isSameRefreshToken;
5
5
 
6
6
  var _errors = require("../../errors");
7
7
 
package/cjs/oidc/util/refreshToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n if (!isAuthApiError(err)) {\n return false;\n }\n\n if (!err.xhr || !err.xhr.responseJSON) {\n return false;\n }\n\n const { responseJSON } = err.xhr;\n if (responseJSON.error === 'invalid_grant') {\n return true;\n }\n\n return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,4BAAeA,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACC,GAAL,IAAY,CAACD,GAAG,CAACC,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBF,GAAG,CAACC,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}
1
+ {"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","isAuthApiError","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n if (!isAuthApiError(err)) {\n return false;\n }\n\n if (!err.xhr || !err.xhr.responseJSON) {\n return false;\n }\n\n const { responseJSON } = err.xhr;\n if (responseJSON.error === 'invalid_grant') {\n return true;\n }\n\n return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,IAAAC,sBAAA,EAAeD,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACE,GAAL,IAAY,CAACF,GAAG,CAACE,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBH,GAAG,CAACE,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}
package/cjs/oidc/util/validateToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"validateToken.js","names":["validateToken","token","type","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n throw new AuthSdkError(\n 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n );\n }\n \n if (type === 'accessToken' && !isAccessToken(token)) {\n throw new AuthSdkError('invalid accessToken');\n } \n if (type === 'idToken' && !isIDToken(token)) {\n throw new AuthSdkError('invalid idToken');\n }\n\n if (type === 'refreshToken' && !isRefreshToken(token)) {\n throw new AuthSdkError('invalid refreshToken');\n }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,sBAAUD,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAAtB,IAA8C,CAAC,2BAAeA,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIE,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAID,IAAI,KAAK,aAAT,IAA0B,CAAC,0BAAcD,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIE,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAID,IAAI,KAAK,SAAT,IAAsB,CAAC,sBAAUD,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIE,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAID,IAAI,KAAK,cAAT,IAA2B,CAAC,2BAAeD,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIE,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}
1
+ {"version":3,"file":"validateToken.js","names":["validateToken","token","type","isIDToken","isAccessToken","isRefreshToken","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n throw new AuthSdkError(\n 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n );\n }\n \n if (type === 'accessToken' && !isAccessToken(token)) {\n throw new AuthSdkError('invalid accessToken');\n } \n if (type === 'idToken' && !isIDToken(token)) {\n throw new AuthSdkError('invalid idToken');\n }\n\n if (type === 'refreshToken' && !isRefreshToken(token)) {\n throw new AuthSdkError('invalid refreshToken');\n }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAAD,IAAqB,CAAC,IAAAG,oBAAA,EAAcH,KAAd,CAAtB,IAA8C,CAAC,IAAAI,qBAAA,EAAeJ,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIK,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAIJ,IAAI,KAAK,aAAT,IAA0B,CAAC,IAAAE,oBAAA,EAAcH,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIK,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAIJ,IAAI,KAAK,SAAT,IAAsB,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIK,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAIJ,IAAI,KAAK,cAAT,IAA2B,CAAC,IAAAG,qBAAA,EAAeJ,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}