@okta/okta-auth-js 6.7.7 → 6.8.1

package/cjs/oidc/index.js

@@ -24,40 +24,40 @@ Object.defineProperty(exports, "decodeToken", {
     return _decodeToken.decodeToken;
   }
 });
-Object.defineProperty(exports, "revokeToken", {
+Object.defineProperty(exports, "exchangeCodeForTokens", {
   enumerable: true,
   get: function () {
-    return _revokeToken.revokeToken;
+    return _exchangeCodeForTokens.exchangeCodeForTokens;
   }
 });
-Object.defineProperty(exports, "renewToken", {
+Object.defineProperty(exports, "getToken", {
   enumerable: true,
   get: function () {
-    return _renewToken.renewToken;
+    return _getToken.getToken;
   }
 });
-Object.defineProperty(exports, "renewTokensWithRefresh", {
+Object.defineProperty(exports, "getUserInfo", {
   enumerable: true,
   get: function () {
-    return _renewTokensWithRefresh.renewTokensWithRefresh;
+    return _getUserInfo.getUserInfo;
   }
 });
-Object.defineProperty(exports, "renewTokens", {
+Object.defineProperty(exports, "getWithPopup", {
   enumerable: true,
   get: function () {
-    return _renewTokens.renewTokens;
+    return _getWithPopup.getWithPopup;
   }
 });
-Object.defineProperty(exports, "verifyToken", {
+Object.defineProperty(exports, "getWithRedirect", {
   enumerable: true,
   get: function () {
-    return _verifyToken.verifyToken;
+    return _getWithRedirect.getWithRedirect;
   }
 });
-Object.defineProperty(exports, "getUserInfo", {
+Object.defineProperty(exports, "getWithoutPrompt", {
   enumerable: true,
   get: function () {
-    return _getUserInfo.getUserInfo;
+    return _getWithoutPrompt.getWithoutPrompt;
   }
 });
 Object.defineProperty(exports, "handleOAuthResponse", {
@@ -66,40 +66,40 @@ Object.defineProperty(exports, "handleOAuthResponse", {
     return _handleOAuthResponse.handleOAuthResponse;
   }
 });
-Object.defineProperty(exports, "exchangeCodeForTokens", {
+Object.defineProperty(exports, "parseFromUrl", {
   enumerable: true,
   get: function () {
-    return _exchangeCodeForTokens.exchangeCodeForTokens;
+    return _parseFromUrl.parseFromUrl;
   }
 });
-Object.defineProperty(exports, "getToken", {
+Object.defineProperty(exports, "renewToken", {
   enumerable: true,
   get: function () {
-    return _getToken.getToken;
+    return _renewToken.renewToken;
   }
 });
-Object.defineProperty(exports, "getWithoutPrompt", {
+Object.defineProperty(exports, "renewTokens", {
   enumerable: true,
   get: function () {
-    return _getWithoutPrompt.getWithoutPrompt;
+    return _renewTokens.renewTokens;
   }
 });
-Object.defineProperty(exports, "getWithPopup", {
+Object.defineProperty(exports, "renewTokensWithRefresh", {
   enumerable: true,
   get: function () {
-    return _getWithPopup.getWithPopup;
+    return _renewTokensWithRefresh.renewTokensWithRefresh;
   }
 });
-Object.defineProperty(exports, "getWithRedirect", {
+Object.defineProperty(exports, "revokeToken", {
   enumerable: true,
   get: function () {
-    return _getWithRedirect.getWithRedirect;
+    return _revokeToken.revokeToken;
   }
 });
-Object.defineProperty(exports, "parseFromUrl", {
+Object.defineProperty(exports, "verifyToken", {
   enumerable: true,
   get: function () {
-    return _parseFromUrl.parseFromUrl;
+    return _verifyToken.verifyToken;
   }
 });
 

package/cjs/oidc/parseFromUrl.js

@@ -2,10 +2,10 @@
 
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
-exports.getResponseMode = getResponseMode;
-exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
 exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
+exports.getResponseMode = getResponseMode;
 exports.parseFromUrl = parseFromUrl;
+exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
 
 var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
 

package/cjs/oidc/parseFromUrl.js.map

@@ -1 +1 @@
-{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","catch","err","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,qBAASA,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEI,GAAG,EAAEJ;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;EACA,IAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIc,QAAJ;;EAEA,IAAIH,YAAY,KAAK,OAArB,EAA8B;IAC5BG,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLU,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACS,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,6BAAkBF,QAAlB,CAAP;AACD;;AAEM,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,qBAASA,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEI,GAAG,EAAEJ;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DC,KAAK,EAAE,IADwD;IAE/Db,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;IAG/DS;EAH+D,CAA5B,CAArC;;EAKA,IAAI,CAACC,WAAL,EAAkB;IAChB,OAAO,iBAAQI,MAAR,CAAe,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;EACD;;EACD,MAAMS,IAAgB,GAAGL,WAAW,CAACK,IAArC;EACA,OAAOL,WAAW,CAACK,IAAnB;;EAEA,IAAI,CAAChB,OAAO,CAACI,GAAb,EAAkB;IAChB;IACAI,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,8CAAoBjB,GAApB,EAAyB4B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;MACpCnC,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;QAC3BT;MAD2B,CAA7B;IAGD;;IACD,MAAMQ,GAAN;EACD,CARI,EASJE,IATI,CASCX,GAAG,IAAI;IACX1B,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;MAC3BT;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}
+{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","isString","url","paramStr","substring","AuthSdkError","urlParamsToObject","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","handleOAuthResponse","catch","err","isInteractionRequiredError","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAIK,GAAG,GAAGL,OAAO,CAACK,GAAlB;EACA,IAAIH,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIe,QAAJ;;EAEA,IAAIJ,YAAY,KAAK,OAArB,EAA8B;IAC5BI,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCf,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLW,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCf,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACU,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,IAAAC,uBAAA,EAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC3B,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMW,GAAkB,GAAGR,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMY,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG9B,GAAG,CAAC+B,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DC,KAAK,EAAE,IADwD;IAE/Df,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;IAG/DW;EAH+D,CAA5B,CAArC;;EAKA,IAAI,CAACC,WAAL,EAAkB;IAChB,OAAO,iBAAQI,MAAR,CAAe,IAAIT,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;EACD;;EACD,MAAMU,IAAgB,GAAGL,WAAW,CAACK,IAArC;EACA,OAAOL,WAAW,CAACK,IAAnB;;EAEA,IAAI,CAAClB,OAAO,CAACK,GAAb,EAAkB;IAChB;IACAK,yBAAyB,CAAC3B,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,IAAAmB,wCAAA,EAAoBpC,GAApB,EAAyB8B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJE,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,IAAAC,gCAAA,EAA2BD,GAA3B,CAAL,EAAsC;MACpCtC,GAAG,CAAC+B,kBAAJ,CAAuBS,KAAvB,CAA6B;QAC3BX;MAD2B,CAA7B;IAGD;;IACD,MAAMS,GAAN;EACD,CARI,EASJG,IATI,CASCb,GAAG,IAAI;IACX5B,GAAG,CAAC+B,kBAAJ,CAAuBS,KAAvB,CAA6B;MAC3BX;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}

package/cjs/oidc/renewToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,sBAAUD,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACC,OAAd;EACD;;EACD,IAAI,0BAAcF,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACE,WAAd;EACD;;EACDN,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;EACrG,IAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;IAC9CT,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIP,MAAM,CAACQ,YAAX,EAAyB;IACvBR,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;MACzCK,MAAM,EAAEJ,KAAK,CAACI;IAD2B,CAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;IAGA,OAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;EACD;;EAED,IAAIU,YAAJ;;EACA,IAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;IAC/BK,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDV,KAAtD;EACA,OAAO,wCAAiBD,GAAjB,EAAsB;IAC3BM,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}
+{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,IAAAC,gBAAA,EAAUF,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACE,OAAd;EACD;;EACD,IAAI,IAAAC,oBAAA,EAAcJ,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACI,WAAd;EACD;;EACDR,sBAAsB;AACvB,C,CAED;;;AACO,eAAeS,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;EACrG,IAAI,CAAC,IAAAN,gBAAA,EAAUM,KAAV,CAAD,IAAqB,CAAC,IAAAJ,oBAAA,EAAcI,KAAd,CAA1B,EAAgD;IAC9CX,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIT,MAAM,CAACU,YAAX,EAAyB;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAA,EAAuBL,GAAvB,EAA4B;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAD2B,CAA5B,EAEZZ,MAAM,CAACU,YAFK,CAAf;IAGA,OAAOZ,cAAc,CAACS,KAAD,EAAQP,MAAR,CAArB;EACD;;EAED,IAAIa,YAAJ;;EACA,IAAIP,GAAG,CAACQ,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,IAAAV,oBAAA,EAAcI,KAAd,CAAJ,EAA0B;IAC/BM,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDX,KAAtD;EACA,OAAO,IAAAY,kCAAA,EAAiBb,GAAjB,EAAsB;IAC3BO,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJE,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOvB,cAAc,CAACS,KAAD,EAAQc,GAAG,CAACrB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}

package/cjs/oidc/renewTokens.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,oDAAuBL,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB6E,CAuB7E;;EACAX,OAAO,GAAG,qBAAc;IACtBQ,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPX,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYY,IAAhB,EAAsB;IACpBZ,OAAO,CAACa,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,iCAAsBd,GAAtB,CAAzB;IACAC,OAAO,CAACa,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,wCAAiBd,GAAjB,EAAsBC,OAAtB,EACJc,IADI,CACCC,GAAG,IAAIA,GAAG,CAACd,MADZ,CAAP;AAGD"}
+{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,IAAAC,8CAAA,EAAuBN,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACK,WAAR,IAAuB,CAACL,MAAM,CAACM,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BZ,GAAG,CAACC,OAAJ,CAAYW,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBb,GAAG,CAACC,OAAJ,CAAYY,MAA7C,CArB6E,CAuB7E;;EACAZ,OAAO,GAAG,qBAAc;IACtBS,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPZ,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;IACpBb,OAAO,CAACc,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,IAAAC,2BAAA,EAAsBhB,GAAtB,CAAzB;IACAC,OAAO,CAACc,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,IAAAE,kCAAA,EAAiBjB,GAAjB,EAAsBC,OAAtB,EACJiB,IADI,CACCC,GAAG,IAAIA,GAAG,CAACjB,MADZ,CAAP;AAGD"}

package/cjs/oidc/renewTokensWithRefresh.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken","err","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMI,aAAa,GAAG,MAAM,6BAAiBP,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMM,IAAI,GAAG,yBAAaR,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEQ;IAAF,IAAa,MAAM,8CAAoBT,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DC,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEE;IAAF,IAAmBD,MAAzB;;IACA,IAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCR,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACW,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;IACD;;IAED,OAAOD,MAAP;EACD,CAfD,CAgBA,OAAOI,GAAP,EAAY;IACV,IAAI,yCAA2BA,GAA3B,CAAJ,EAAqC;MACnC;MACAb,GAAG,CAACW,YAAJ,CAAiBG,kBAAjB;IACD;;IACD,MAAMD,GAAN;EACD;AACF"}
+{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMI,aAAa,GAAG,MAAM,IAAAC,uBAAA,EAAiBR,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMO,IAAI,GAAG,IAAAC,mBAAA,EAAaV,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEU;IAAF,IAAa,MAAM,IAAAC,wCAAA,EAAoBZ,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DE,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEI;IAAF,IAAmBF,MAAzB;;IACA,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAA,EAAmBD,YAAnB,EAAiCX,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACe,YAAJ,CAAiBC,kBAAjB,CAAoCH,YAApC;IACD;;IAED,OAAOF,MAAP;EACD,CAfD,CAgBA,OAAOM,GAAP,EAAY;IACV,IAAI,IAAAC,mCAAA,EAA2BD,GAA3B,CAAJ,EAAqC;MACnC;MACAjB,GAAG,CAACe,YAAJ,CAAiBI,kBAAjB;IACD;;IACD,MAAMF,GAAN;EACD;AACF"}

package/cjs/oidc/revokeToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOIDCInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;EAAA;;EACjG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdgG,CAejG;;;EACA,IAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;EACA,IAAIC,IAAI,GAAG,wDAAc;IACvB;IACAC,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,kBAIF,CAJE,CAAX;EAKA,IAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;EACA,OAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;IAChCG,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWD;IAFrB;EADuB,CAA3B,CAAP;AAMD"}
+{"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","getOAuthUrls","args","toQueryString","token_type_hint","creds","btoa","post","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOIDCInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;EAAA;;EACjG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdgG,CAejG;;;EACA,IAAII,SAAS,GAAG,IAAAC,mBAAA,EAAaT,GAAb,EAAkBQ,SAAlC;EACA,IAAIE,IAAI,GAAG,mCAAAC,mBAAA,EAAc;IACvB;IACAC,eAAe,EAAET,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,kBAIF,CAJE,CAAX;EAKA,IAAIW,KAAK,GAAGN,YAAY,GAAG,IAAAO,YAAA,EAAM,GAAET,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,IAAAO,YAAA,EAAKT,QAAL,CAAjE;EACA,OAAO,IAAAU,UAAA,EAAKf,GAAL,EAAUQ,SAAV,EAAqBE,IAArB,EAA2B;IAChCM,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWH;IAFrB;EADuB,CAA3B,CAAP;AAMD"}

package/cjs/oidc/util/browser.js

@@ -3,10 +3,10 @@
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 exports.addListener = addListener;
-exports.removeListener = removeListener;
+exports.addPostMessageListener = addPostMessageListener;
 exports.loadFrame = loadFrame;
 exports.loadPopup = loadPopup;
-exports.addPostMessageListener = addPostMessageListener;
+exports.removeListener = removeListener;
 
 var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
 

package/cjs/oidc/util/defaultTokenParams.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOptionsInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOptionsInterface): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    ignoreSignature\n  });\n}"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2E;EAChF,MAAM;IACJC,IADI;IAEJC,QAFI;IAGJC,WAHI;IAIJC,YAJI;IAKJC,YALI;IAMJC,MANI;IAOJC,KAPI;IAQJC;EARI,IASFR,GAAG,CAACS,OATR;EAUA,MAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;EACA,OAAO,sBAAW;IAChBb,IADgB;IAEhBC,QAFgB;IAGhBC,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;IAIhBN,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;IAKhBC,YALgB;IAMhBE,KAAK,EAAEA,KAAK,IAAI,2BANA;IAOhBQ,KAAK,EAAE,2BAPS;IAQhBT,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;IAShBE;EATgB,CAAX,CAAP;AAWD"}
+{"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","isBrowser","window","location","href","undefined","removeNils","generateState","nonce","generateNonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOptionsInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOptionsInterface): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    ignoreSignature\n  });\n}"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2E;EAChF,MAAM;IACJC,IADI;IAEJC,QAFI;IAGJC,WAHI;IAIJC,YAJI;IAKJC,YALI;IAMJC,MANI;IAOJC,KAPI;IAQJC;EARI,IASFR,GAAG,CAACS,OATR;EAUA,MAAMC,kBAAkB,GAAG,IAAAC,mBAAA,MAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;EACA,OAAO,IAAAC,gBAAA,EAAW;IAChBf,IADgB;IAEhBC,QAFgB;IAGhBC,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;IAIhBN,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;IAKhBC,YALgB;IAMhBE,KAAK,EAAEA,KAAK,IAAI,IAAAU,oBAAA,GANA;IAOhBC,KAAK,EAAE,IAAAC,oBAAA,GAPS;IAQhBb,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;IAShBE;EATgB,CAAX,CAAP;AAWD"}

package/cjs/oidc/util/errors.js

@@ -1,7 +1,7 @@
 "use strict";
 
-exports.isInteractionRequiredError = isInteractionRequiredError;
 exports.isAuthorizationCodeError = isAuthorizationCodeError;
+exports.isInteractionRequiredError = isInteractionRequiredError;
 exports.isRefreshTokenInvalidError = isRefreshTokenInvalidError;
 
 var _errors = require("../../errors");

package/cjs/oidc/util/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOptionsInterface } from '../../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOptionsInterface, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n  // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n  return isOAuthError(error) &&\n    error.errorCode === 'invalid_grant' &&\n    error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;EACvD,IAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;IAC/B,OAAO,KAAP;EACD;;EACD,MAAMC,UAAU,GAAGF,KAAnB;EACA,OAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAAiEL,KAAjE,EAA+E;EACpF,IAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;IACjC,OAAO,KAAP;EACD;;EACD,MAAMK,YAAY,GAAGN,KAArB,CAJoF,CAKpF;;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;EACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;EACA,OAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD;;AAEM,SAASY,0BAAT,CAAoCZ,KAApC,EAA6D;EAClE;EACA,OAAO,0BAAaA,KAAb,KACLA,KAAK,CAACG,SAAN,KAAoB,eADf,IAELH,KAAK,CAACa,YAAN,KAAuB,0CAFzB;AAGD"}
+{"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOptionsInterface } from '../../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOptionsInterface, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n  // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n  return isOAuthError(error) &&\n    error.errorCode === 'invalid_grant' &&\n    error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;EACvD,IAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;IAC/B,OAAO,KAAP;EACD;;EACD,MAAMC,UAAU,GAAGF,KAAnB;EACA,OAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAAiEL,KAAjE,EAA+E;EACpF,IAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;IACjC,OAAO,KAAP;EACD;;EACD,MAAMK,YAAY,GAAGN,KAArB,CAJoF,CAKpF;;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;EACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;EACA,OAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD;;AAEM,SAASY,0BAAT,CAAoCZ,KAApC,EAA6D;EAClE;EACA,OAAO,IAAAa,oBAAA,EAAab,KAAb,KACLA,KAAK,CAACG,SAAN,KAAoB,eADf,IAELH,KAAK,CAACc,YAAN,KAAuB,0CAFzB;AAGD"}

package/cjs/oidc/util/loginRedirect.js

@@ -2,15 +2,15 @@
 
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
-exports.hasTokensInHash = hasTokensInHash;
+exports.getHashOrSearch = getHashOrSearch;
 exports.hasAuthorizationCode = hasAuthorizationCode;
-exports.hasInteractionCode = hasInteractionCode;
 exports.hasErrorInUrl = hasErrorInUrl;
-exports.isRedirectUri = isRedirectUri;
+exports.hasInteractionCode = hasInteractionCode;
+exports.hasTokensInHash = hasTokensInHash;
 exports.isCodeFlow = isCodeFlow;
-exports.getHashOrSearch = getHashOrSearch;
-exports.isLoginRedirect = isLoginRedirect;
 exports.isInteractionRequired = isInteractionRequired;
+exports.isLoginRedirect = isLoginRedirect;
+exports.isRedirectUri = isRedirectUri;
 
 var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
 

package/cjs/oidc/util/oauth.js

@@ -2,8 +2,8 @@
 
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
-exports.generateState = generateState;
 exports.generateNonce = generateNonce;
+exports.generateState = generateState;
 exports.getOAuthBaseUrl = getOAuthBaseUrl;
 exports.getOAuthDomain = getOAuthDomain;
 exports.getOAuthUrls = getOAuthUrls;

package/cjs/oidc/util/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOptionsInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAAkDC,OAAmB,GAAG,EAAxE,EAA4E;EAC1E,MAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAwDC,OAAmB,GAAG,EAA9E,EAAkF;EACvF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAuDC,OAAmB,GAAG,EAA7E,EAAiF;EACtF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAAqDC,OAArD,EAAuF;EAC5F,IAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDV,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4F,CAM5F;;EACA,IAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;EACA,IAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;EACA,IAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;EACA,IAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;EACA,IAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;EAEA,IAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;EAEAW,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;EACAS,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;EACAU,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EACAW,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLF,MAAM,EAAEA,MADH;IAELU,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}
+{"version":3,"file":"oauth.js","names":["generateState","genRandomString","generateNonce","getIssuer","sdk","options","issuer","removeTrailingSlash","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOptionsInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,IAAAC,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,IAAAD,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAED,SAASE,SAAT,CAAmBC,GAAnB,EAAkDC,OAAmB,GAAG,EAAxE,EAA4E;EAC1E,MAAMC,MAAM,GAAG,IAAAC,yBAAA,EAAoBF,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASE,eAAT,CAAyBJ,GAAzB,EAAwDC,OAAmB,GAAG,EAA9E,EAAkF;EACvF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMI,OAAO,GAAG,sBAAAH,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOG,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBN,GAAxB,EAAuDC,OAAmB,GAAG,EAA7E,EAAiF;EACtF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBT,GAAtB,EAAqDC,OAArD,EAAuF;EAC5F,IAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDX,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4F,CAM5F;;EACA,IAAIY,YAAY,GAAG,IAAAV,yBAAA,EAAoBF,OAAO,CAACY,YAA5B,KAA6Cb,GAAG,CAACC,OAAJ,CAAYY,YAA5E;EACA,IAAIX,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIa,WAAW,GAAG,IAAAX,yBAAA,EAAoBF,OAAO,CAACa,WAA5B,KAA4Cd,GAAG,CAACC,OAAJ,CAAYa,WAA1E;EACA,IAAIC,QAAQ,GAAG,IAAAZ,yBAAA,EAAoBF,OAAO,CAACc,QAA5B,KAAyCf,GAAG,CAACC,OAAJ,CAAYc,QAApE;EACA,IAAIC,SAAS,GAAG,IAAAb,yBAAA,EAAoBF,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;EACA,IAAIC,SAAS,GAAG,IAAAd,yBAAA,EAAoBF,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;EAEA,IAAIZ,OAAO,GAAGD,eAAe,CAACJ,GAAD,EAAMC,OAAN,CAA7B;EAEAY,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;EACAS,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;EACAU,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EACAW,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLH,MAAM,EAAEA,MADH;IAELW,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}

package/cjs/oidc/util/oauthMeta.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOptionsInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOptionsInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMI,SAA+B,GAAG;IACtCH,MADsC;IAEtCE,IAFsC;IAGtCE,QAAQ,EAAEL,WAAW,CAACK,QAHgB;IAItCC,WAAW,EAAEN,WAAW,CAACM,WAJa;IAKtCC,YAAY,EAAEP,WAAW,CAACO,YALY;IAMtCC,YAAY,EAAER,WAAW,CAACQ,YANY;IAOtCC,MAAM,EAAET,WAAW,CAACS,MAPkB;IAQtCC,KAAK,EAAEV,WAAW,CAACU,KARmB;IAStCC,KAAK,EAAEX,WAAW,CAACW,KATmB;IAUtCC,eAAe,EAAEZ,WAAW,CAACY;EAVS,CAAxC;;EAaA,IAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEf,WAAW,CAACe,YAFU;IAGpCC,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;IAIpCC,aAAa,EAAEjB,WAAW,CAACiB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}
+{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","getOAuthUrls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOptionsInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOptionsInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,IAAAC,mBAAA,EAAaL,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMK,SAA+B,GAAG;IACtCJ,MADsC;IAEtCE,IAFsC;IAGtCG,QAAQ,EAAEN,WAAW,CAACM,QAHgB;IAItCC,WAAW,EAAEP,WAAW,CAACO,WAJa;IAKtCC,YAAY,EAAER,WAAW,CAACQ,YALY;IAMtCC,YAAY,EAAET,WAAW,CAACS,YANY;IAOtCC,MAAM,EAAEV,WAAW,CAACU,MAPkB;IAQtCC,KAAK,EAAEX,WAAW,CAACW,KARmB;IAStCC,KAAK,EAAEZ,WAAW,CAACY,KATmB;IAUtCC,eAAe,EAAEb,WAAW,CAACa;EAVS,CAAxC;;EAaA,IAAIb,WAAW,CAACc,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEhB,WAAW,CAACgB,YAFU;IAGpCC,mBAAmB,EAAEjB,WAAW,CAACiB,mBAHG;IAIpCC,aAAa,EAAElB,WAAW,CAACkB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}

package/cjs/oidc/util/pkce.js.map

@@ -1 +1 @@
-{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,kBAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;EAAA;;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;EACD;;EACD,OAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;EACvD,IAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;EACA,OAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbC,6BAA6B,EAA7BA,wCADa;EAEbnB,gBAFa;EAGbM;AAHa,C"}
+{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","stringToBase64Url","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,iBAAA,CAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;EAAA;;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,8BAAA,GAAsBD,QAAQ,CAACX,MAAhC,CAArC;EACD;;EACD,OAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;EACvD,IAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;EACA,OAAOF,iBAAA,CAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,IAAAC,yBAAA,EAAkBL,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbE,6BAA6B,EAA7BA,wCADa;EAEbpB,gBAFa;EAGbM;AAHa,C"}

package/cjs/oidc/util/prepareTokenParams.js

@@ -3,9 +3,9 @@
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 exports.assertPKCESupport = assertPKCESupport;
-exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
 exports.preparePKCE = preparePKCE;
 exports.prepareTokenParams = prepareTokenParams;
+exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
 
 var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
 

package/cjs/oidc/util/prepareTokenParams.js.map

@@ -1 +1 @@
-{"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthFeaturesInterface, OktaAuthOIDCInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthFeaturesInterface) {\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    throw new AuthSdkError(errorMessage);\n  }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOIDCInterface, codeChallengeMethod?: string) {\n  // set default code challenge method, if none provided\n  codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n  // validate against .well-known/openid-configuration\n  const wellKnownResponse = await getWellKnown(sdk);\n  var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n  if (methods.indexOf(codeChallengeMethod) === -1) {\n    throw new AuthSdkError('Invalid code_challenge_method');\n  }\n  return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n  sdk: OktaAuthOIDCInterface, \n  tokenParams: TokenParams\n): Promise<TokenParams> {\n  let {\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  } = tokenParams;\n\n  // PKCE calculations can be avoided by passing a codeChallenge\n  codeChallenge = codeChallenge || sdk.options.codeChallenge;\n  if (!codeChallenge) {\n    assertPKCESupport(sdk);\n    codeVerifier = codeVerifier || PKCE.generateVerifier();\n    codeChallenge = await PKCE.computeChallenge(codeVerifier);\n  }\n  codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n  // Clone/copy the params. Set PKCE values\n  tokenParams = {\n    ...tokenParams,\n    responseType: 'code', // responseType is forced\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  };\n\n  return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n  // build params using defaults + options\n  const defaults = getDefaultTokenParams(sdk);\n  tokenParams = { ...defaults, ...tokenParams };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return tokenParams;\n  }\n\n  return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAA2D;EAChE,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAuEQ,mBAAvE,EAAqG;EAC1G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF0G,CAI1G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;EACA,IAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAI,sBAAAC,OAAO,MAAP,CAAAA,OAAO,EAASJ,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeK,WAAf,CACLb,GADK,EAELc,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFR;EAHE,IAIAM,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIhB,GAAG,CAACS,OAAJ,CAAYO,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBjB,iBAAiB,CAACC,GAAD,CAAjB;IACAe,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDP,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAM,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZR;EALY,CAAd;EAQA,OAAOM,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLrB,GADK,EAELc,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,+CAAsBtB,GAAtB,CAAjB;EACAc,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACS,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,WAAP;EACD;;EAED,OAAOD,WAAW,CAACb,GAAD,EAAMc,WAAN,CAAlB;AACD"}
+{"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","getWellKnown","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","getDefaultTokenParams","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthFeaturesInterface, OktaAuthOIDCInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthFeaturesInterface) {\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    throw new AuthSdkError(errorMessage);\n  }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOIDCInterface, codeChallengeMethod?: string) {\n  // set default code challenge method, if none provided\n  codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n  // validate against .well-known/openid-configuration\n  const wellKnownResponse = await getWellKnown(sdk);\n  var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n  if (methods.indexOf(codeChallengeMethod) === -1) {\n    throw new AuthSdkError('Invalid code_challenge_method');\n  }\n  return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n  sdk: OktaAuthOIDCInterface, \n  tokenParams: TokenParams\n): Promise<TokenParams> {\n  let {\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  } = tokenParams;\n\n  // PKCE calculations can be avoided by passing a codeChallenge\n  codeChallenge = codeChallenge || sdk.options.codeChallenge;\n  if (!codeChallenge) {\n    assertPKCESupport(sdk);\n    codeVerifier = codeVerifier || PKCE.generateVerifier();\n    codeChallenge = await PKCE.computeChallenge(codeVerifier);\n  }\n  codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n  // Clone/copy the params. Set PKCE values\n  tokenParams = {\n    ...tokenParams,\n    responseType: 'code', // responseType is forced\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  };\n\n  return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n  // build params using defaults + options\n  const defaults = getDefaultTokenParams(sdk);\n  tokenParams = { ...defaults, ...tokenParams };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return tokenParams;\n  }\n\n  return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAA2D;EAChE,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAuEQ,mBAAvE,EAAqG;EAC1G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF0G,CAI1G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,uBAAA,EAAaZ,GAAb,CAAhC;EACA,IAAIa,OAAO,GAAGF,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAI,sBAAAE,OAAO,MAAP,CAAAA,OAAO,EAASL,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeM,WAAf,CACLd,GADK,EAELe,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFT;EAHE,IAIAO,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIjB,GAAG,CAACS,OAAJ,CAAYQ,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBlB,iBAAiB,CAACC,GAAD,CAAjB;IACAgB,YAAY,GAAGA,YAAY,IAAIE,aAAA,CAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,aAAA,CAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDR,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAO,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZT;EALY,CAAd;EAQA,OAAOO,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLtB,GADK,EAELe,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,IAAAC,yCAAA,EAAsBxB,GAAtB,CAAjB;EACAe,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACU,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOV,WAAP;EACD;;EAED,OAAOD,WAAW,CAACd,GAAD,EAAMe,WAAN,CAAlB;AACD"}

package/cjs/oidc/util/refreshToken.js

@@ -1,7 +1,7 @@
 "use strict";
 
-exports.isSameRefreshToken = isSameRefreshToken;
 exports.isRefreshTokenError = isRefreshTokenError;
+exports.isSameRefreshToken = isSameRefreshToken;
 
 var _errors = require("../../errors");
 

package/cjs/oidc/util/refreshToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n  return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n  if (!isAuthApiError(err)) {\n    return false;\n  }\n\n  if (!err.xhr || !err.xhr.responseJSON) {\n    return false;\n  }\n\n  const { responseJSON } = err.xhr;\n  if (responseJSON.error === 'invalid_grant') {\n    return true;\n  }\n\n  return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,4BAAeA,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACC,GAAL,IAAY,CAACD,GAAG,CAACC,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBF,GAAG,CAACC,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}
+{"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","isAuthApiError","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n  return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n  if (!isAuthApiError(err)) {\n    return false;\n  }\n\n  if (!err.xhr || !err.xhr.responseJSON) {\n    return false;\n  }\n\n  const { responseJSON } = err.xhr;\n  if (responseJSON.error === 'invalid_grant') {\n    return true;\n  }\n\n  return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,IAAAC,sBAAA,EAAeD,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACE,GAAL,IAAY,CAACF,GAAG,CAACE,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBH,GAAG,CAACE,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}

package/cjs/oidc/util/validateToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"validateToken.js","names":["validateToken","token","type","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n    throw new AuthSdkError(\n      'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n    );\n  }\n  \n  if (type === 'accessToken' && !isAccessToken(token)) {\n    throw new AuthSdkError('invalid accessToken');\n  } \n  if (type === 'idToken' && !isIDToken(token)) {\n    throw new AuthSdkError('invalid idToken');\n  }\n\n  if (type === 'refreshToken' && !isRefreshToken(token)) {\n    throw new AuthSdkError('invalid refreshToken');\n  }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,sBAAUD,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAAtB,IAA8C,CAAC,2BAAeA,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIE,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAID,IAAI,KAAK,aAAT,IAA0B,CAAC,0BAAcD,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIE,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAID,IAAI,KAAK,SAAT,IAAsB,CAAC,sBAAUD,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIE,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAID,IAAI,KAAK,cAAT,IAA2B,CAAC,2BAAeD,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIE,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}
+{"version":3,"file":"validateToken.js","names":["validateToken","token","type","isIDToken","isAccessToken","isRefreshToken","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n    throw new AuthSdkError(\n      'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n    );\n  }\n  \n  if (type === 'accessToken' && !isAccessToken(token)) {\n    throw new AuthSdkError('invalid accessToken');\n  } \n  if (type === 'idToken' && !isIDToken(token)) {\n    throw new AuthSdkError('invalid idToken');\n  }\n\n  if (type === 'refreshToken' && !isRefreshToken(token)) {\n    throw new AuthSdkError('invalid refreshToken');\n  }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAAD,IAAqB,CAAC,IAAAG,oBAAA,EAAcH,KAAd,CAAtB,IAA8C,CAAC,IAAAI,qBAAA,EAAeJ,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIK,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAIJ,IAAI,KAAK,aAAT,IAA0B,CAAC,IAAAE,oBAAA,EAAcH,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIK,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAIJ,IAAI,KAAK,SAAT,IAAsB,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIK,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAIJ,IAAI,KAAK,cAAT,IAA2B,CAAC,IAAAG,qBAAA,EAAeJ,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}

package/cjs/oidc/verifyToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","configuredIssuer","issuer","options","validationOptions","clientId","ignoreSignature","payload","features","isTokenVerifySupported","key","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOIDCInterface, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOIDCInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n  if (!token || !token.idToken) {\n    throw new AuthSdkError('Only idTokens may be verified');\n  }\n\n  // Decode the Jwt object (may throw)\n  var jwt = decodeToken(token.idToken);\n\n  // The configured issuer may point to a frontend proxy.\n  // Get the \"real\" issuer from .well-known/openid-configuration\n  const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n  const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n  var validationOptions: TokenVerifyParams = Object.assign({\n    // base options, can be overridden by params\n    clientId: sdk.options.clientId,\n    ignoreSignature: sdk.options.ignoreSignature\n  }, validationParams, {\n    // final options, cannot be overridden\n    issuer\n  });\n\n  // Standard claim validation (may throw)\n  validateClaims(sdk, jwt.payload, validationOptions);\n\n  // If the browser doesn't support native crypto or we choose not\n  // to verify the signature, bail early\n  if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n    return token;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n  const valid = await sdkCrypto.verifyToken(token.idToken, key);\n  if (!valid) {\n    throw new AuthSdkError('The token signature is not valid');\n  }\n  if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n    const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n    if (hash !== token.claims.at_hash) {\n      throw new AuthSdkError('Token hash verification failed');\n    }\n  }\n  return token;\n}\n"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAAuEC,gBAAvE,EAA8H;EACnI,IAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;IAC5B,MAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;EACD,CAHkI,CAKnI;;;EACA,IAAIC,GAAG,GAAG,8BAAYJ,KAAK,CAACE,OAAlB,CAAV,CANmI,CAQnI;EACA;;EACA,MAAMG,gBAAgB,GAAG,CAAAJ,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEK,MAAlB,KAA4BP,GAAG,CAACQ,OAAJ,CAAYD,MAAjE;EACA,MAAM;IAAEA;EAAF,IAAa,MAAM,6BAAaP,GAAb,EAAkBM,gBAAlB,CAAzB;EAEA,IAAIG,iBAAoC,GAAG,qBAAc;IACvD;IACAC,QAAQ,EAAEV,GAAG,CAACQ,OAAJ,CAAYE,QAFiC;IAGvDC,eAAe,EAAEX,GAAG,CAACQ,OAAJ,CAAYG;EAH0B,CAAd,EAIxCT,gBAJwC,EAItB;IACnB;IACAK;EAFmB,CAJsB,CAA3C,CAbmI,CAsBnI;;EACA,0BAAeP,GAAf,EAAoBK,GAAG,CAACO,OAAxB,EAAiCH,iBAAjC,EAvBmI,CAyBnI;EACA;;EACA,IAAIA,iBAAiB,CAACE,eAAlB,IAAqC,IAArC,IAA6C,CAACX,GAAG,CAACa,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;IACvF,OAAOb,KAAP;EACD,CA7BkI,CA+BnI;;;EACA,MAAMc,GAAG,GAAG,MAAM,uBAAOf,GAAP,EAAYC,KAAK,CAACM,MAAlB,EAA0BF,GAAG,CAACW,MAAJ,CAAWC,GAArC,CAAlB;EACA,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAACpB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCY,GAArC,CAApB;;EACA,IAAI,CAACG,KAAL,EAAY;IACV,MAAM,IAAId,oBAAJ,CAAiB,kCAAjB,CAAN;EACD;;EACD,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACkB,WAArC,IAAoDnB,KAAK,CAACoB,MAAN,CAAaC,OAArE,EAA8E;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsBtB,gBAAgB,CAACkB,WAAvC,CAAnB;;IACA,IAAIG,IAAI,KAAKtB,KAAK,CAACoB,MAAN,CAAaC,OAA1B,EAAmC;MACjC,MAAM,IAAIlB,oBAAJ,CAAiB,gCAAjB,CAAN;IACD;EACF;;EACD,OAAOH,KAAP;AACD"}
+{"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOIDCInterface, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOIDCInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n  if (!token || !token.idToken) {\n    throw new AuthSdkError('Only idTokens may be verified');\n  }\n\n  // Decode the Jwt object (may throw)\n  var jwt = decodeToken(token.idToken);\n\n  // The configured issuer may point to a frontend proxy.\n  // Get the \"real\" issuer from .well-known/openid-configuration\n  const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n  const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n  var validationOptions: TokenVerifyParams = Object.assign({\n    // base options, can be overridden by params\n    clientId: sdk.options.clientId,\n    ignoreSignature: sdk.options.ignoreSignature\n  }, validationParams, {\n    // final options, cannot be overridden\n    issuer\n  });\n\n  // Standard claim validation (may throw)\n  validateClaims(sdk, jwt.payload, validationOptions);\n\n  // If the browser doesn't support native crypto or we choose not\n  // to verify the signature, bail early\n  if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n    return token;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n  const valid = await sdkCrypto.verifyToken(token.idToken, key);\n  if (!valid) {\n    throw new AuthSdkError('The token signature is not valid');\n  }\n  if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n    const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n    if (hash !== token.claims.at_hash) {\n      throw new AuthSdkError('Token hash verification failed');\n    }\n  }\n  return token;\n}\n"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAAuEC,gBAAvE,EAA8H;EACnI,IAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;IAC5B,MAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;EACD,CAHkI,CAKnI;;;EACA,IAAIC,GAAG,GAAG,IAAAC,wBAAA,EAAYL,KAAK,CAACE,OAAlB,CAAV,CANmI,CAQnI;EACA;;EACA,MAAMI,gBAAgB,GAAG,CAAAL,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEM,MAAlB,KAA4BR,GAAG,CAACS,OAAJ,CAAYD,MAAjE;EACA,MAAM;IAAEA;EAAF,IAAa,MAAM,IAAAE,uBAAA,EAAaV,GAAb,EAAkBO,gBAAlB,CAAzB;EAEA,IAAII,iBAAoC,GAAG,qBAAc;IACvD;IACAC,QAAQ,EAAEZ,GAAG,CAACS,OAAJ,CAAYG,QAFiC;IAGvDC,eAAe,EAAEb,GAAG,CAACS,OAAJ,CAAYI;EAH0B,CAAd,EAIxCX,gBAJwC,EAItB;IACnB;IACAM;EAFmB,CAJsB,CAA3C,CAbmI,CAsBnI;;EACA,IAAAM,oBAAA,EAAed,GAAf,EAAoBK,GAAG,CAACU,OAAxB,EAAiCJ,iBAAjC,EAvBmI,CAyBnI;EACA;;EACA,IAAIA,iBAAiB,CAACE,eAAlB,IAAqC,IAArC,IAA6C,CAACb,GAAG,CAACgB,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;IACvF,OAAOhB,KAAP;EACD,CA7BkI,CA+BnI;;;EACA,MAAMiB,GAAG,GAAG,MAAM,IAAAC,iBAAA,EAAOnB,GAAP,EAAYC,KAAK,CAACO,MAAlB,EAA0BH,GAAG,CAACe,MAAJ,CAAWC,GAArC,CAAlB;EACA,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAACxB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCe,GAArC,CAApB;;EACA,IAAI,CAACI,KAAL,EAAY;IACV,MAAM,IAAIlB,oBAAJ,CAAiB,kCAAjB,CAAN;EACD;;EACD,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACsB,WAArC,IAAoDvB,KAAK,CAACwB,MAAN,CAAaC,OAArE,EAA8E;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsB1B,gBAAgB,CAACsB,WAAvC,CAAnB;;IACA,IAAIG,IAAI,KAAK1B,KAAK,CAACwB,MAAN,CAAaC,OAA1B,EAAmC;MACjC,MAAM,IAAItB,oBAAJ,CAAiB,gCAAjB,CAAN;IACD;EACF;;EACD,OAAOH,KAAP;AACD"}

package/cjs/options/browser.js

@@ -2,9 +2,9 @@
 
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
-exports.getStorage = getStorage;
-exports.getCookieSettings = getCookieSettings;
 exports.enableSharedStorage = exports.STORAGE_MANAGER_OPTIONS = void 0;
+exports.getCookieSettings = getCookieSettings;
+exports.getStorage = getStorage;
 
 var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
 

package/cjs/options/browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"browser.js","names":["getStorage","storageUtil","browserStorage","inMemoryStore","STORAGE_MANAGER_OPTIONS","token","storageTypes","cache","transaction","enableSharedStorage","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite"],"sources":["../../../lib/options/browser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\nimport { StorageManagerOptions, OktaAuthOptions, StorageUtil } from '../types';\nimport { warn } from '../util';\n\nimport { default as browserStorage } from '../browser/browserStorage';\n\nexport function getStorage(): StorageUtil {\n  const storageUtil = Object.assign({}, browserStorage, {\n    inMemoryStore: {} // create unique storage for this instance\n  });\n  return storageUtil;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  cache: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'sessionStorage',\n      'localStorage',\n      'cookie'\n    ]\n  },\n  'shared-transaction': {\n    storageTypes: [\n      'localStorage'\n    ]\n  },\n  'original-uri': {\n    storageTypes: [\n      'localStorage'\n    ]\n  }\n};\n\nexport const enableSharedStorage = true;\n\nexport function getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n  // Secure cookies will be automatically used on a HTTPS connection\n  // Non-secure cookies will be automatically used on a HTTP connection\n  // secure option can override the automatic behavior\n  var cookieSettings = args.cookies || {};\n  if (typeof cookieSettings.secure === 'undefined') {\n    cookieSettings.secure = isHTTPS;\n  }\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n\n  // If secure=true, but the connection is not HTTPS, set secure=false.\n  if (cookieSettings.secure && !isHTTPS) {\n    // eslint-disable-next-line no-console\n    warn(\n      'The current page is not being served with the HTTPS protocol.\\n' +\n      'For security reasons, we strongly recommend using HTTPS.\\n' +\n      'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n    );\n    cookieSettings.secure = false;\n  }\n\n  // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n  // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n  if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n    cookieSettings.sameSite = 'lax';\n  }\n\n  return cookieSettings;\n}\n"],"mappings":";;;;;;;;;;AAcA;;AAEA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAMO,SAASA,UAAT,GAAmC;EACxC,MAAMC,WAAW,GAAG,qBAAc,EAAd,EAAkBC,uBAAlB,EAAkC;IACpDC,aAAa,EAAE,EADqC,CAClC;;EADkC,CAAlC,CAApB;EAGA,OAAOF,WAAP;AACD;;AAEM,MAAMG,uBAA8C,GAAG;EAC5DC,KAAK,EAAE;IACLC,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;EADT,CADqD;EAQ5DC,KAAK,EAAE;IACLD,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;EADT,CARqD;EAe5DE,WAAW,EAAE;IACXF,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;EADH,CAf+C;EAsB5D,sBAAsB;IACpBA,YAAY,EAAE,CACZ,cADY;EADM,CAtBsC;EA2B5D,gBAAgB;IACdA,YAAY,EAAE,CACZ,cADY;EADA;AA3B4C,CAAvD;;AAkCA,MAAMG,mBAAmB,GAAG,IAA5B;;;AAEA,SAASC,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;EAC9E;EACA;EACA;EACA,IAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;EACA,IAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;IAChDF,cAAc,CAACE,MAAf,GAAwBH,OAAxB;EACD;;EACD,IAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;IAClDH,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;EACD,CAV6E,CAY9E;;;EACA,IAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;IACrC;IACA,gBACE,oEACA,4DADA,GAEA,gEAHF;IAKAC,cAAc,CAACE,MAAf,GAAwB,KAAxB;EACD,CArB6E,CAuB9E;EACA;;;EACA,IAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;IAChEF,cAAc,CAACG,QAAf,GAA0B,KAA1B;EACD;;EAED,OAAOH,cAAP;AACD"}
+{"version":3,"file":"browser.js","names":["getStorage","storageUtil","browserStorage","inMemoryStore","STORAGE_MANAGER_OPTIONS","token","storageTypes","cache","transaction","enableSharedStorage","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","warn"],"sources":["../../../lib/options/browser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\nimport { StorageManagerOptions, OktaAuthOptions, StorageUtil } from '../types';\nimport { warn } from '../util';\n\nimport { default as browserStorage } from '../browser/browserStorage';\n\nexport function getStorage(): StorageUtil {\n  const storageUtil = Object.assign({}, browserStorage, {\n    inMemoryStore: {} // create unique storage for this instance\n  });\n  return storageUtil;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  cache: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'sessionStorage',\n      'localStorage',\n      'cookie'\n    ]\n  },\n  'shared-transaction': {\n    storageTypes: [\n      'localStorage'\n    ]\n  },\n  'original-uri': {\n    storageTypes: [\n      'localStorage'\n    ]\n  }\n};\n\nexport const enableSharedStorage = true;\n\nexport function getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n  // Secure cookies will be automatically used on a HTTPS connection\n  // Non-secure cookies will be automatically used on a HTTP connection\n  // secure option can override the automatic behavior\n  var cookieSettings = args.cookies || {};\n  if (typeof cookieSettings.secure === 'undefined') {\n    cookieSettings.secure = isHTTPS;\n  }\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n\n  // If secure=true, but the connection is not HTTPS, set secure=false.\n  if (cookieSettings.secure && !isHTTPS) {\n    // eslint-disable-next-line no-console\n    warn(\n      'The current page is not being served with the HTTPS protocol.\\n' +\n      'For security reasons, we strongly recommend using HTTPS.\\n' +\n      'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n    );\n    cookieSettings.secure = false;\n  }\n\n  // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n  // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n  if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n    cookieSettings.sameSite = 'lax';\n  }\n\n  return cookieSettings;\n}\n"],"mappings":";;;;;;;;;;AAcA;;AAEA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAMO,SAASA,UAAT,GAAmC;EACxC,MAAMC,WAAW,GAAG,qBAAc,EAAd,EAAkBC,uBAAlB,EAAkC;IACpDC,aAAa,EAAE,EADqC,CAClC;;EADkC,CAAlC,CAApB;EAGA,OAAOF,WAAP;AACD;;AAEM,MAAMG,uBAA8C,GAAG;EAC5DC,KAAK,EAAE;IACLC,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;EADT,CADqD;EAQ5DC,KAAK,EAAE;IACLD,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;EADT,CARqD;EAe5DE,WAAW,EAAE;IACXF,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;EADH,CAf+C;EAsB5D,sBAAsB;IACpBA,YAAY,EAAE,CACZ,cADY;EADM,CAtBsC;EA2B5D,gBAAgB;IACdA,YAAY,EAAE,CACZ,cADY;EADA;AA3B4C,CAAvD;;AAkCA,MAAMG,mBAAmB,GAAG,IAA5B;;;AAEA,SAASC,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;EAC9E;EACA;EACA;EACA,IAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;EACA,IAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;IAChDF,cAAc,CAACE,MAAf,GAAwBH,OAAxB;EACD;;EACD,IAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;IAClDH,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;EACD,CAV6E,CAY9E;;;EACA,IAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;IACrC;IACA,IAAAK,UAAA,EACE,oEACA,4DADA,GAEA,gEAHF;IAKAJ,cAAc,CAACE,MAAf,GAAwB,KAAxB;EACD,CArB6E,CAuB9E;EACA;;;EACA,IAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;IAChEF,cAAc,CAACG,QAAf,GAA0B,KAA1B;EACD;;EAED,OAAOH,cAAP;AACD"}

package/cjs/options/index.js

@@ -2,8 +2,8 @@
 
 var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
-exports.getDefaultOptions = getDefaultOptions;
 exports.buildOptions = buildOptions;
+exports.getDefaultOptions = getDefaultOptions;
 
 var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));