@okta/okta-auth-js 6.9.0 → 7.0.0

package/cjs/oidc/options/OAuthOptionsConstructor.js

@@ -0,0 +1,120 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+
+exports.createOAuthOptionsConstructor = createOAuthOptionsConstructor;
+
+var _constants = require("../../constants");
+
+var _url = require("../../util/url");
+
+var _features = require("../../features");
+
+var _options = require("../../http/options");
+
+var _node = require("./node");
+
+var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
+
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * 
+ * See the License for the specific language governing permissions and limitations under the License.
+ */
+function assertValidConfig(args) {
+  args = args || {};
+  var scopes = args.scopes;
+
+  if (scopes && !Array.isArray(scopes)) {
+    throw new _AuthSdkError.default('scopes must be a array of strings. ' + 'Required usage: new OktaAuth({scopes: ["openid", "email"]})');
+  } // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+
+
+  var issuer = args.issuer;
+
+  if (!issuer) {
+    throw new _AuthSdkError.default('No issuer passed to constructor. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
+  }
+
+  var isUrlRegex = new RegExp('^http?s?://.+');
+
+  if (!isUrlRegex.test(issuer)) {
+    throw new _AuthSdkError.default('Issuer must be a valid URL. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
+  }
+
+  if (issuer.indexOf('-admin.') !== -1) {
+    throw new _AuthSdkError.default('Issuer URL passed to constructor contains "-admin" in subdomain. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com})');
+  }
+}
+
+function createOAuthOptionsConstructor() {
+  const HttpOptionsConstructor = (0, _options.createHttpOptionsConstructor)();
+  return class OAuthOptionsConstructor extends HttpOptionsConstructor {
+    // CustomUrls
+    // TokenParams
+    // Additional options
+    // For server-side web applications ONLY!
+    // Workaround for bad client time/clock
+    // eslint-disable-next-line max-statements
+    constructor(options) {
+      super(options);
+      assertValidConfig(options);
+      this.issuer = (0, _url.removeTrailingSlash)(options.issuer);
+      this.tokenUrl = (0, _url.removeTrailingSlash)(options.tokenUrl);
+      this.authorizeUrl = (0, _url.removeTrailingSlash)(options.authorizeUrl);
+      this.userinfoUrl = (0, _url.removeTrailingSlash)(options.userinfoUrl);
+      this.revokeUrl = (0, _url.removeTrailingSlash)(options.revokeUrl);
+      this.logoutUrl = (0, _url.removeTrailingSlash)(options.logoutUrl);
+      this.pkce = options.pkce === false ? false : true; // PKCE defaults to true
+
+      this.clientId = options.clientId;
+      this.redirectUri = options.redirectUri;
+
+      if ((0, _features.isBrowser)()) {
+        this.redirectUri = (0, _url.toAbsoluteUrl)(options.redirectUri, window.location.origin); // allow relative URIs
+      }
+
+      this.responseType = options.responseType;
+      this.responseMode = options.responseMode;
+      this.state = options.state;
+      this.scopes = options.scopes; // Give the developer the ability to disable token signature validation.
+
+      this.ignoreSignature = !!options.ignoreSignature;
+      this.codeChallenge = options.codeChallenge;
+      this.codeChallengeMethod = options.codeChallengeMethod;
+      this.tokenManager = options.tokenManager;
+      this.postLogoutRedirectUri = options.postLogoutRedirectUri;
+      this.restoreOriginalUri = options.restoreOriginalUri;
+      this.transactionManager = {
+        enableSharedStorage: _node.enableSharedStorage,
+        ...options.transactionManager
+      };
+      this.clientSecret = options.clientSecret;
+      this.setLocation = options.setLocation; // As some end user's devices can have their date 
+      // and time incorrectly set, allow for the disabling
+      // of the jwt liftetime validation
+
+      this.ignoreLifetime = !!options.ignoreLifetime; // Digital clocks will drift over time, so the server
+      // can misalign with the time reported by the browser.
+      // The maxClockSkew allows relaxing the time-based
+      // validation of tokens (in seconds, not milliseconds).
+      // It currently defaults to 300, because 5 min is the
+      // default maximum tolerance allowed by Kerberos.
+      // (https://technet.microsoft.com/en-us/library/cc976357.aspx)
+
+      if (!options.maxClockSkew && options.maxClockSkew !== 0) {
+        this.maxClockSkew = _constants.DEFAULT_MAX_CLOCK_SKEW;
+      } else {
+        this.maxClockSkew = options.maxClockSkew;
+      }
+    }
+
+  };
+}
+//# sourceMappingURL=OAuthOptionsConstructor.js.map

package/cjs/oidc/options/OAuthOptionsConstructor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n  OAuthResponseMode,\n  OAuthResponseType,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  SetLocationFunction,\n  TokenManagerOptions,\n  TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n  args = args || {};\n\n  var scopes = args.scopes;\n  if (scopes && !Array.isArray(scopes)) {\n    throw new AuthSdkError('scopes must be a array of strings. ' +\n      'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var issuer = args.issuer!;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n}\n\nexport function createOAuthOptionsConstructor() {\n  const HttpOptionsConstructor = createHttpOptionsConstructor();\n  return class OAuthOptionsConstructor\n    extends HttpOptionsConstructor\n    implements Required<OktaAuthOAuthOptions>\n  {\n    // CustomUrls\n    issuer: string;\n    authorizeUrl: string;\n    userinfoUrl: string;\n    tokenUrl: string;\n    revokeUrl: string;\n    logoutUrl: string;\n    \n    // TokenParams\n    pkce: boolean;\n    clientId: string;\n    redirectUri: string;\n    responseType: OAuthResponseType | OAuthResponseType[];\n    responseMode: OAuthResponseMode;\n    state: string;\n    scopes: string[];\n    ignoreSignature: boolean;\n    codeChallenge: string;\n    codeChallengeMethod: string;\n\n    // Additional options\n    tokenManager: TokenManagerOptions;\n    postLogoutRedirectUri: string;\n    restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n    transactionManager: TransactionManagerOptions;\n\n    // For server-side web applications ONLY!\n    clientSecret: string;\n    setLocation: SetLocationFunction;\n\n    // Workaround for bad client time/clock\n    ignoreLifetime: boolean;\n    maxClockSkew: number;\n\n\n    // eslint-disable-next-line max-statements\n    constructor(options: any) {\n      super(options);\n      \n      assertValidConfig(options);\n      \n      this.issuer = removeTrailingSlash(options.issuer);\n      this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n      this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n      this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n      this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n      this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n      this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n      this.clientId = options.clientId;\n      this.redirectUri = options.redirectUri;\n      if (isBrowser()) {\n        this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n      }\n      this.responseType = options.responseType;\n      this.responseMode = options.responseMode;\n      this.state = options.state;\n      this.scopes = options.scopes;\n      // Give the developer the ability to disable token signature validation.\n      this.ignoreSignature = !!options.ignoreSignature;\n      this.codeChallenge = options.codeChallenge;\n      this.codeChallengeMethod = options.codeChallengeMethod;\n\n      this.tokenManager = options.tokenManager;\n      this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n      this.restoreOriginalUri = options.restoreOriginalUri;\n      this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n      \n      this.clientSecret = options.clientSecret;\n      this.setLocation = options.setLocation;\n      \n      // As some end user's devices can have their date \n      // and time incorrectly set, allow for the disabling\n      // of the jwt liftetime validation\n      this.ignoreLifetime = !!options.ignoreLifetime;\n\n      // Digital clocks will drift over time, so the server\n      // can misalign with the time reported by the browser.\n      // The maxClockSkew allows relaxing the time-based\n      // validation of tokens (in seconds, not milliseconds).\n      // It currently defaults to 300, because 5 min is the\n      // default maximum tolerance allowed by Kerberos.\n      // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n      if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n        this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n      } else {\n        this.maxClockSkew = options.maxClockSkew;\n      }\n\n    }\n  };\n}\n"],"mappings":";;;;;;AAYA;;AACA;;AACA;;AACA;;AAUA;;AACA;;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAkBA,SAASA,iBAAT,CAA2BC,IAA3B,EAAiC;EAC/BA,IAAI,GAAGA,IAAI,IAAI,EAAf;EAEA,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAlB;;EACA,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,MAAd,CAAf,EAAsC;IACpC,MAAM,IAAIG,qBAAJ,CAAiB,wCACrB,6DADI,CAAN;EAED,CAP8B,CAS/B;;;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAlB;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,qBAAJ,CAAiB,sCACrB,8FADI,CAAN;EAED;;EAED,IAAIE,UAAU,GAAG,IAAIC,MAAJ,CAAW,eAAX,CAAjB;;EACA,IAAI,CAACD,UAAU,CAACE,IAAX,CAAgBH,MAAhB,CAAL,EAA8B;IAC5B,MAAM,IAAID,qBAAJ,CAAiB,iCACrB,8FADI,CAAN;EAED;;EAED,IAAIC,MAAM,CAACI,OAAP,CAAe,SAAf,MAA8B,CAAC,CAAnC,EAAsC;IACpC,MAAM,IAAIL,qBAAJ,CAAiB,sEACrB,uEADI,CAAN;EAED;AACF;;AAEM,SAASM,6BAAT,GAAyC;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAAA,GAA/B;EACA,OAAO,MAAMC,uBAAN,SACGF,sBADH,CAGP;IACE;IAQA;IAYA;IAMA;IAIA;IAKA;IACAG,WAAW,CAACC,OAAD,EAAe;MACxB,MAAMA,OAAN;MAEAhB,iBAAiB,CAACgB,OAAD,CAAjB;MAEA,KAAKV,MAAL,GAAc,IAAAW,wBAAA,EAAoBD,OAAO,CAACV,MAA5B,CAAd;MACA,KAAKY,QAAL,GAAgB,IAAAD,wBAAA,EAAoBD,OAAO,CAACE,QAA5B,CAAhB;MACA,KAAKC,YAAL,GAAoB,IAAAF,wBAAA,EAAoBD,OAAO,CAACG,YAA5B,CAApB;MACA,KAAKC,WAAL,GAAmB,IAAAH,wBAAA,EAAoBD,OAAO,CAACI,WAA5B,CAAnB;MACA,KAAKC,SAAL,GAAiB,IAAAJ,wBAAA,EAAoBD,OAAO,CAACK,SAA5B,CAAjB;MACA,KAAKC,SAAL,GAAiB,IAAAL,wBAAA,EAAoBD,OAAO,CAACM,SAA5B,CAAjB;MAEA,KAAKC,IAAL,GAAYP,OAAO,CAACO,IAAR,KAAiB,KAAjB,GAAyB,KAAzB,GAAiC,IAA7C,CAZwB,CAY2B;;MACnD,KAAKC,QAAL,GAAgBR,OAAO,CAACQ,QAAxB;MACA,KAAKC,WAAL,GAAmBT,OAAO,CAACS,WAA3B;;MACA,IAAI,IAAAC,mBAAA,GAAJ,EAAiB;QACf,KAAKD,WAAL,GAAmB,IAAAE,kBAAA,EAAcX,OAAO,CAACS,WAAtB,EAAmCG,MAAM,CAACC,QAAP,CAAgBC,MAAnD,CAAnB,CADe,CACgE;MAChF;;MACD,KAAKC,YAAL,GAAoBf,OAAO,CAACe,YAA5B;MACA,KAAKC,YAAL,GAAoBhB,OAAO,CAACgB,YAA5B;MACA,KAAKC,KAAL,GAAajB,OAAO,CAACiB,KAArB;MACA,KAAK/B,MAAL,GAAcc,OAAO,CAACd,MAAtB,CArBwB,CAsBxB;;MACA,KAAKgC,eAAL,GAAuB,CAAC,CAAClB,OAAO,CAACkB,eAAjC;MACA,KAAKC,aAAL,GAAqBnB,OAAO,CAACmB,aAA7B;MACA,KAAKC,mBAAL,GAA2BpB,OAAO,CAACoB,mBAAnC;MAEA,KAAKC,YAAL,GAAoBrB,OAAO,CAACqB,YAA5B;MACA,KAAKC,qBAAL,GAA6BtB,OAAO,CAACsB,qBAArC;MACA,KAAKC,kBAAL,GAA0BvB,OAAO,CAACuB,kBAAlC;MACA,KAAKC,kBAAL,GAA0B;QAAEC,mBAAmB,EAAnBA,yBAAF;QAAuB,GAAGzB,OAAO,CAACwB;MAAlC,CAA1B;MAEA,KAAKE,YAAL,GAAoB1B,OAAO,CAAC0B,YAA5B;MACA,KAAKC,WAAL,GAAmB3B,OAAO,CAAC2B,WAA3B,CAjCwB,CAmCxB;MACA;MACA;;MACA,KAAKC,cAAL,GAAsB,CAAC,CAAC5B,OAAO,CAAC4B,cAAhC,CAtCwB,CAwCxB;MACA;MACA;MACA;MACA;MACA;MACA;;MACA,IAAI,CAAC5B,OAAO,CAAC6B,YAAT,IAAyB7B,OAAO,CAAC6B,YAAR,KAAyB,CAAtD,EAAyD;QACvD,KAAKA,YAAL,GAAoBC,iCAApB;MACD,CAFD,MAEO;QACL,KAAKD,YAAL,GAAoB7B,OAAO,CAAC6B,YAA5B;MACD;IAEF;;EA1FH,CAHA;AA+FD"}

package/cjs/oidc/options/browser.js

@@ -0,0 +1,6 @@
+"use strict";
+
+exports.enableSharedStorage = void 0;
+const enableSharedStorage = true;
+exports.enableSharedStorage = enableSharedStorage;
+//# sourceMappingURL=browser.js.map

package/cjs/oidc/options/browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.js","names":["enableSharedStorage"],"sources":["../../../../lib/oidc/options/browser.ts"],"sourcesContent":["export const enableSharedStorage = true;\n"],"mappings":";;;AAAO,MAAMA,mBAAmB,GAAG,IAA5B"}

package/cjs/oidc/options/index.js

@@ -0,0 +1,15 @@
+"use strict";
+
+var _OAuthOptionsConstructor = require("./OAuthOptionsConstructor");
+
+Object.keys(_OAuthOptionsConstructor).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _OAuthOptionsConstructor[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _OAuthOptionsConstructor[key];
+    }
+  });
+});
+//# sourceMappingURL=index.js.map

package/cjs/oidc/options/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/options/index.ts"],"sourcesContent":["export * from './OAuthOptionsConstructor';\n"],"mappings":";;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/cjs/oidc/options/node.js

@@ -0,0 +1,6 @@
+"use strict";
+
+exports.enableSharedStorage = void 0;
+const enableSharedStorage = false;
+exports.enableSharedStorage = enableSharedStorage;
+//# sourceMappingURL=node.js.map

package/cjs/oidc/options/node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.js","names":["enableSharedStorage"],"sources":["../../../../lib/oidc/options/node.ts"],"sourcesContent":["\nexport const enableSharedStorage = false;\n"],"mappings":";;;AACO,MAAMA,mBAAmB,GAAG,KAA5B"}

package/cjs/oidc/parseFromUrl.js

@@ -1,16 +1,10 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
 exports.getResponseMode = getResponseMode;
 exports.parseFromUrl = parseFromUrl;
 exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
 
-var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
-
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
 var _errors = require("../errors");
 
 var _util = require("./util");
@@ -87,9 +81,9 @@ function parseOAuthResponseFromUrl(sdk, options) {
   var paramStr;
 
   if (responseMode === 'query') {
-    paramStr = url ? url.substring((0, _indexOf.default)(url).call(url, '?')) : nativeLoc.search;
+    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;
   } else {
-    paramStr = url ? url.substring((0, _indexOf.default)(url).call(url, '#')) : nativeLoc.hash;
+    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;
   }
 
   if (!paramStr) {
@@ -119,13 +113,16 @@ async function parseFromUrl(sdk, options) {
   const res = parseOAuthResponseFromUrl(sdk, options);
   const state = res.state;
   const oauthParams = sdk.transactionManager.load({
-    oauth: true,
-    pkce: sdk.options.pkce,
     state
   });
 
   if (!oauthParams) {
-    return _promise.default.reject(new _errors.AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
+    if (sdk.options.pkce) {
+      // eslint-disable-next-line max-len
+      throw new _errors.AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);
+    }
+
+    throw new _errors.AuthSdkError('Unable to retrieve OAuth redirect params from storage');
   }
 
   const urls = oauthParams.urls;

package/cjs/oidc/parseFromUrl.js.map

@@ -1 +1 @@
-{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","isString","url","paramStr","substring","AuthSdkError","urlParamsToObject","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","handleOAuthResponse","catch","err","isInteractionRequiredError","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAIK,GAAG,GAAGL,OAAO,CAACK,GAAlB;EACA,IAAIH,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIe,QAAJ;;EAEA,IAAIJ,YAAY,KAAK,OAArB,EAA8B;IAC5BI,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCf,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLW,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCf,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACU,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,IAAAC,uBAAA,EAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC3B,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMW,GAAkB,GAAGR,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMY,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG9B,GAAG,CAAC+B,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DC,KAAK,EAAE,IADwD;IAE/Df,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;IAG/DW;EAH+D,CAA5B,CAArC;;EAKA,IAAI,CAACC,WAAL,EAAkB;IAChB,OAAO,iBAAQI,MAAR,CAAe,IAAIT,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;EACD;;EACD,MAAMU,IAAgB,GAAGL,WAAW,CAACK,IAArC;EACA,OAAOL,WAAW,CAACK,IAAnB;;EAEA,IAAI,CAAClB,OAAO,CAACK,GAAb,EAAkB;IAChB;IACAK,yBAAyB,CAAC3B,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,IAAAmB,wCAAA,EAAoBpC,GAApB,EAAyB8B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJE,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,IAAAC,gCAAA,EAA2BD,GAA3B,CAAL,EAAsC;MACpCtC,GAAG,CAAC+B,kBAAJ,CAAuBS,KAAvB,CAA6B;QAC3BX;MAD2B,CAA7B;IAGD;;IACD,MAAMS,GAAN;EACD,CARI,EASJG,IATI,CASCb,GAAG,IAAI;IACX5B,GAAG,CAAC+B,kBAAJ,CAAuBS,KAAvB,CAA6B;MAC3BX;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}
+{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","isString","url","paramStr","substring","indexOf","AuthSdkError","urlParamsToObject","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","undefined","urls","handleOAuthResponse","catch","err","isInteractionRequiredError","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from './types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    state\n  });\n  if (!oauthParams) {\n    if (sdk.options.pkce) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n    }\n    throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAIK,GAAG,GAAGL,OAAO,CAACK,GAAlB;EACA,IAAIH,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIe,QAAJ;;EAEA,IAAIJ,YAAY,KAAK,OAArB,EAA8B;IAC5BI,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqClB,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLW,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqClB,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACU,QAAL,EAAe;IACb,MAAM,IAAIG,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,IAAAC,uBAAA,EAAkBJ,QAAlB,CAAP;AACD;;AAEM,SAASK,yBAAT,CAAmC5B,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMY,GAAkB,GAAGT,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMa,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG/B,GAAG,CAACgC,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DH;EAD+D,CAA5B,CAArC;;EAGA,IAAI,CAACC,WAAL,EAAkB;IAChB,IAAI/B,GAAG,CAACiB,OAAJ,CAAYC,IAAhB,EAAsB;MACpB;MACA,MAAM,IAAIQ,oBAAJ,CAAiB,yJAAjB,EAA4KQ,SAA5K,CAAN;IACD;;IACD,MAAM,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAN;EACD;;EACD,MAAMS,IAAgB,GAAGJ,WAAW,CAACI,IAArC;EACA,OAAOJ,WAAW,CAACI,IAAnB;;EAEA,IAAI,CAAClB,OAAO,CAACK,GAAb,EAAkB;IAChB;IACAM,yBAAyB,CAAC5B,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,IAAAmB,wCAAA,EAAoBpC,GAApB,EAAyB+B,WAAzB,EAAsCF,GAAtC,EAA2CM,IAA3C,EACJE,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,IAAAC,gCAAA,EAA2BD,GAA3B,CAAL,EAAsC;MACpCtC,GAAG,CAACgC,kBAAJ,CAAuBQ,KAAvB,CAA6B;QAC3BV;MAD2B,CAA7B;IAGD;;IACD,MAAMQ,GAAN;EACD,CARI,EASJG,IATI,CASCZ,GAAG,IAAI;IACX7B,GAAG,CAACgC,kBAAJ,CAAuBQ,KAAvB,CAA6B;MAC3BV;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}

package/cjs/oidc/renewToken.js

@@ -4,7 +4,7 @@ exports.renewToken = renewToken;
 
 var _errors = require("../errors");
 
-var _types = require("../types");
+var _types = require("./types");
 
 var _getWithoutPrompt = require("./getWithoutPrompt");
 

package/cjs/oidc/renewToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOIDCInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,IAAAC,gBAAA,EAAUF,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACE,OAAd;EACD;;EACD,IAAI,IAAAC,oBAAA,EAAcJ,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACI,WAAd;EACD;;EACDR,sBAAsB;AACvB,C,CAED;;;AACO,eAAeS,UAAf,CAA0BC,GAA1B,EAAsDC,KAAtD,EAAgG;EACrG,IAAI,CAAC,IAAAN,gBAAA,EAAUM,KAAV,CAAD,IAAqB,CAAC,IAAAJ,oBAAA,EAAcI,KAAd,CAA1B,EAAgD;IAC9CX,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIT,MAAM,CAACU,YAAX,EAAyB;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAA,EAAuBL,GAAvB,EAA4B;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAD2B,CAA5B,EAEZZ,MAAM,CAACU,YAFK,CAAf;IAGA,OAAOZ,cAAc,CAACS,KAAD,EAAQP,MAAR,CAArB;EACD;;EAED,IAAIa,YAAJ;;EACA,IAAIP,GAAG,CAACQ,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,IAAAV,oBAAA,EAAcI,KAAd,CAAJ,EAA0B;IAC/BM,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDX,KAAtD;EACA,OAAO,IAAAY,kCAAA,EAAiBb,GAAjB,EAAsB;IAC3BO,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJE,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOvB,cAAc,CAACS,KAAD,EAAQc,GAAG,CAACrB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}
+{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,IAAAC,gBAAA,EAAUF,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACE,OAAd;EACD;;EACD,IAAI,IAAAC,oBAAA,EAAcJ,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACI,WAAd;EACD;;EACDR,sBAAsB;AACvB,C,CAED;;;AACO,eAAeS,UAAf,CAA0BC,GAA1B,EAAuDC,KAAvD,EAAiG;EACtG,IAAI,CAAC,IAAAN,gBAAA,EAAUM,KAAV,CAAD,IAAqB,CAAC,IAAAJ,oBAAA,EAAcI,KAAd,CAA1B,EAAgD;IAC9CX,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIT,MAAM,CAACU,YAAX,EAAyB;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAA,EAAuBL,GAAvB,EAA4B;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAD2B,CAA5B,EAEZZ,MAAM,CAACU,YAFK,CAAf;IAGA,OAAOZ,cAAc,CAACS,KAAD,EAAQP,MAAR,CAArB;EACD;;EAED,IAAIa,YAAJ;;EACA,IAAIP,GAAG,CAACQ,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,IAAAV,oBAAA,EAAcI,KAAd,CAAJ,EAA0B;IAC/BM,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDX,KAAtD;EACA,OAAO,IAAAY,kCAAA,EAAiBb,GAAjB,EAAsB;IAC3BO,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJE,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOvB,cAAc,CAACS,KAAD,EAAQc,GAAG,CAACrB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}

package/cjs/oidc/renewTokens.js

@@ -1,11 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.renewTokens = renewTokens;
 
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
 var _errors = require("../errors");
 
 var _getWithoutPrompt = require("./getWithoutPrompt");
@@ -56,7 +52,7 @@ async function renewTokens(sdk, options) {
   const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
   const issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
 
-  options = (0, _assign.default)({
+  options = Object.assign({
     scopes,
     authorizeUrl,
     userinfoUrl,

package/cjs/oidc/renewTokens.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,IAAAC,8CAAA,EAAuBN,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACK,WAAR,IAAuB,CAACL,MAAM,CAACM,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BZ,GAAG,CAACC,OAAJ,CAAYW,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBb,GAAG,CAACC,OAAJ,CAAYY,MAA7C,CArB6E,CAuB7E;;EACAZ,OAAO,GAAG,qBAAc;IACtBS,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPZ,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;IACpBb,OAAO,CAACc,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,IAAAC,2BAAA,EAAsBhB,GAAtB,CAAzB;IACAC,OAAO,CAACc,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,IAAAE,kCAAA,EAAiBjB,GAAjB,EAAsBC,OAAtB,EACJiB,IADI,CACCC,GAAG,IAAIA,GAAG,CAACjB,MADZ,CAAP;AAGD"}
+{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,IAAAC,8CAAA,EAAuBN,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACK,WAAR,IAAuB,CAACL,MAAM,CAACM,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BZ,GAAG,CAACC,OAAJ,CAAYW,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBb,GAAG,CAACC,OAAJ,CAAYY,MAA7C,CArB6E,CAuB7E;;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAP,CAAc;IACtBL,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPZ,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYe,IAAhB,EAAsB;IACpBf,OAAO,CAACgB,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,IAAAC,2BAAA,EAAsBlB,GAAtB,CAAzB;IACAC,OAAO,CAACgB,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,IAAAE,kCAAA,EAAiBnB,GAAjB,EAAsBC,OAAtB,EACJmB,IADI,CACCC,GAAG,IAAIA,GAAG,CAACnB,MADZ,CAAP;AAGD"}

package/cjs/oidc/renewTokensWithRefresh.js

@@ -1,11 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.renewTokensWithRefresh = renewTokensWithRefresh;
 
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
 var _errors = require("../errors");
 
 var _oauth = require("./util/oauth");
@@ -40,7 +36,7 @@ async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
   }
 
   try {
-    const renewTokenParams = (0, _assign.default)({}, tokenParams, {
+    const renewTokenParams = Object.assign({}, tokenParams, {
       clientId
     });
     const tokenResponse = await (0, _token.postRefreshToken)(sdk, renewTokenParams, refreshTokenObject);

package/cjs/oidc/renewTokensWithRefresh.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOIDCInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMI,aAAa,GAAG,MAAM,IAAAC,uBAAA,EAAiBR,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMO,IAAI,GAAG,IAAAC,mBAAA,EAAaV,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEU;IAAF,IAAa,MAAM,IAAAC,wCAAA,EAAoBZ,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DE,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEI;IAAF,IAAmBF,MAAzB;;IACA,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAA,EAAmBD,YAAnB,EAAiCX,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACe,YAAJ,CAAiBC,kBAAjB,CAAoCH,YAApC;IACD;;IAED,OAAOF,MAAP;EACD,CAfD,CAgBA,OAAOM,GAAP,EAAY;IACV,IAAI,IAAAC,mCAAA,EAA2BD,GAA3B,CAAJ,EAAqC;MACnC;MACAjB,GAAG,CAACe,YAAJ,CAAiBI,kBAAjB;IACD;;IACD,MAAMF,GAAN;EACD;AACF"}
+{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","Object","assign","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAGC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBP,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMM,aAAa,GAAG,MAAM,IAAAC,uBAAA,EAAiBV,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMS,IAAI,GAAG,IAAAC,mBAAA,EAAaZ,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEY;IAAF,IAAa,MAAM,IAAAC,wCAAA,EAAoBd,GAApB,EAAyBM,gBAAzB,EAA2CG,aAA3C,EAA0DE,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEI;IAAF,IAAmBF,MAAzB;;IACA,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAA,EAAmBD,YAAnB,EAAiCb,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACiB,YAAJ,CAAiBC,kBAAjB,CAAoCH,YAApC;IACD;;IAED,OAAOF,MAAP;EACD,CAfD,CAgBA,OAAOM,GAAP,EAAY;IACV,IAAI,IAAAC,mCAAA,EAA2BD,GAA3B,CAAJ,EAAqC;MACnC;MACAnB,GAAG,CAACiB,YAAJ,CAAiBI,kBAAjB;IACD;;IACD,MAAMF,GAAN;EACD;AACF"}

package/cjs/oidc/revokeToken.js

@@ -1,11 +1,9 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.revokeToken = revokeToken;
 
-var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
-
 var _http = require("../http");
 
 var _util = require("../util");
@@ -32,8 +30,6 @@ var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
 /* eslint complexity:[0,8] */
 // refresh tokens have precedence to be revoked if no token is specified
 async function revokeToken(sdk, token) {
-  var _context;
-
   let accessToken = '';
   let refreshToken = '';
 
@@ -55,11 +51,11 @@ async function revokeToken(sdk, token) {
 
 
   var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
-  var args = (0, _slice.default)(_context = (0, _util.toQueryString)({
+  var args = (0, _util.toQueryString)({
     // eslint-disable-next-line camelcase
     token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
     token: refreshToken || accessToken
-  })).call(_context, 1);
+  }).slice(1);
   var creds = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
   return (0, _http.post)(sdk, revokeUrl, args, {
     headers: {

package/cjs/oidc/revokeToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","getOAuthUrls","args","toQueryString","token_type_hint","creds","btoa","post","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOIDCInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOIDCInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAA4F;EAAA;;EACjG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdgG,CAejG;;;EACA,IAAII,SAAS,GAAG,IAAAC,mBAAA,EAAaT,GAAb,EAAkBQ,SAAlC;EACA,IAAIE,IAAI,GAAG,mCAAAC,mBAAA,EAAc;IACvB;IACAC,eAAe,EAAET,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,kBAIF,CAJE,CAAX;EAKA,IAAIW,KAAK,GAAGN,YAAY,GAAG,IAAAO,YAAA,EAAM,GAAET,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,IAAAO,YAAA,EAAKT,QAAL,CAAjE;EACA,OAAO,IAAAU,UAAA,EAAKf,GAAL,EAAUQ,SAAV,EAAqBE,IAArB,EAA2B;IAChCM,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWH;IAFrB;EADuB,CAA3B,CAAP;AAMD"}
+{"version":3,"file":"revokeToken.js","names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","getOAuthUrls","args","toQueryString","token_type_hint","slice","creds","btoa","post","headers"],"sources":["../../../lib/oidc/revokeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOAuthInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from './types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOAuthInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"mappings":";;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAwDC,KAAxD,EAA6F;EAClG,IAAIC,WAAW,GAAG,EAAlB;EACA,IAAIC,YAAY,GAAG,EAAnB;;EACA,IAAIF,KAAJ,EAAW;IACPC,WAAW,GAAID,KAAD,CAAuBC,WAArC;IACAC,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;EACH;;EACD,IAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;IAChC,MAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,IAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;EACA,IAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;EACA,IAAI,CAACF,QAAL,EAAe;IACb,MAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;EACD,CAdiG,CAelG;;;EACA,IAAII,SAAS,GAAG,IAAAC,mBAAA,EAAaT,GAAb,EAAkBQ,SAAlC;EACA,IAAIE,IAAI,GAAG,IAAAC,mBAAA,EAAc;IACvB;IACAC,eAAe,EAAET,YAAY,GAAG,eAAH,GAAqB,cAF3B;IAGvBF,KAAK,EAAEE,YAAY,IAAID;EAHA,CAAd,EAIRW,KAJQ,CAIF,CAJE,CAAX;EAKA,IAAIC,KAAK,GAAGP,YAAY,GAAG,IAAAQ,YAAA,EAAM,GAAEV,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,IAAAQ,YAAA,EAAKV,QAAL,CAAjE;EACA,OAAO,IAAAW,UAAA,EAAKhB,GAAL,EAAUQ,SAAV,EAAqBE,IAArB,EAA2B;IAChCO,OAAO,EAAE;MACP,gBAAgB,mCADT;MAEP,iBAAiB,WAAWH;IAFrB;EADuB,CAA3B,CAAP;AAMD"}

package/cjs/oidc/storage.js

@@ -0,0 +1,43 @@
+"use strict";
+
+exports.createOAuthStorageManager = createOAuthStorageManager;
+
+var _BaseStorageManager = require("../storage/BaseStorageManager");
+
+var _storage = require("../storage");
+
+var _constants = require("../constants");
+
+function createOAuthStorageManager() {
+  return class OAuthStorageManager extends _BaseStorageManager.BaseStorageManager {
+    constructor(storageManagerOptions, cookieOptions, storageUtil) {
+      super(storageManagerOptions, cookieOptions, storageUtil);
+    }
+
+    getTransactionStorage(options) {
+      options = this.getOptionsForSection('transaction', options);
+      (0, _BaseStorageManager.logServerSideMemoryStorageWarning)(options);
+      const storage = this.getStorage(options);
+      const storageKey = options.storageKey || _constants.TRANSACTION_STORAGE_NAME;
+      return new _storage.SavedObject(storage, storageKey);
+    }
+
+    getSharedTansactionStorage(options) {
+      options = this.getOptionsForSection('shared-transaction', options);
+      (0, _BaseStorageManager.logServerSideMemoryStorageWarning)(options);
+      const storage = this.getStorage(options);
+      const storageKey = options.storageKey || _constants.SHARED_TRANSACTION_STORAGE_NAME;
+      return new _storage.SavedObject(storage, storageKey);
+    }
+
+    getOriginalUriStorage(options) {
+      options = this.getOptionsForSection('original-uri', options);
+      (0, _BaseStorageManager.logServerSideMemoryStorageWarning)(options);
+      const storage = this.getStorage(options);
+      const storageKey = options.storageKey || _constants.ORIGINAL_URI_STORAGE_NAME;
+      return new _storage.SavedObject(storage, storageKey);
+    }
+
+  };
+}
+//# sourceMappingURL=storage.js.map

package/cjs/oidc/storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.js","names":["createOAuthStorageManager","OAuthStorageManager","BaseStorageManager","constructor","storageManagerOptions","cookieOptions","storageUtil","getTransactionStorage","options","getOptionsForSection","logServerSideMemoryStorageWarning","storage","getStorage","storageKey","TRANSACTION_STORAGE_NAME","SavedObject","getSharedTansactionStorage","SHARED_TRANSACTION_STORAGE_NAME","getOriginalUriStorage","ORIGINAL_URI_STORAGE_NAME"],"sources":["../../../lib/oidc/storage.ts"],"sourcesContent":["import {\n  CookieOptions,\n  StorageManagerOptions,\n  StorageOptions,\n  StorageUtil\n} from '../storage/types';\nimport { BaseStorageManager, logServerSideMemoryStorageWarning } from '../storage/BaseStorageManager';\nimport { TransactionStorage, OAuthTransactionMeta, OAuthStorageManagerInterface, PKCETransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { ORIGINAL_URI_STORAGE_NAME, SHARED_TRANSACTION_STORAGE_NAME, TRANSACTION_STORAGE_NAME } from '../constants';\n\n\nexport function createOAuthStorageManager<M extends OAuthTransactionMeta = PKCETransactionMeta>()\n{\n  return class OAuthStorageManager\n    extends BaseStorageManager\n    implements OAuthStorageManagerInterface<M>\n  {\n    constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n      super(storageManagerOptions, cookieOptions, storageUtil);\n    }\n\n    getTransactionStorage(options?: StorageOptions): TransactionStorage<M> {\n      options = this.getOptionsForSection('transaction', options);\n      logServerSideMemoryStorageWarning(options);\n      const storage = this.getStorage(options);\n      const storageKey = options.storageKey || TRANSACTION_STORAGE_NAME;\n      return new SavedObject(storage, storageKey);\n    }\n\n    getSharedTansactionStorage(options?: StorageOptions): TransactionStorage<M> {\n      options = this.getOptionsForSection('shared-transaction', options);\n      logServerSideMemoryStorageWarning(options);\n      const storage = this.getStorage(options);\n      const storageKey = options.storageKey || SHARED_TRANSACTION_STORAGE_NAME;\n      return new SavedObject(storage, storageKey);\n    }\n\n    getOriginalUriStorage(options?: StorageOptions): TransactionStorage<M> {\n      options = this.getOptionsForSection('original-uri', options);\n      logServerSideMemoryStorageWarning(options);\n      const storage = this.getStorage(options);\n      const storageKey = options.storageKey || ORIGINAL_URI_STORAGE_NAME;\n      return new SavedObject(storage, storageKey);\n    }\n  };\n\n}\n"],"mappings":";;;;AAMA;;AAEA;;AACA;;AAGO,SAASA,yBAAT,GACP;EACE,OAAO,MAAMC,mBAAN,SACGC,sCADH,CAGP;IACEC,WAAW,CAACC,qBAAD,EAA+CC,aAA/C,EAA6EC,WAA7E,EAAuG;MAChH,MAAMF,qBAAN,EAA6BC,aAA7B,EAA4CC,WAA5C;IACD;;IAEDC,qBAAqB,CAACC,OAAD,EAAkD;MACrEA,OAAO,GAAG,KAAKC,oBAAL,CAA0B,aAA1B,EAAyCD,OAAzC,CAAV;MACA,IAAAE,qDAAA,EAAkCF,OAAlC;MACA,MAAMG,OAAO,GAAG,KAAKC,UAAL,CAAgBJ,OAAhB,CAAhB;MACA,MAAMK,UAAU,GAAGL,OAAO,CAACK,UAAR,IAAsBC,mCAAzC;MACA,OAAO,IAAIC,oBAAJ,CAAgBJ,OAAhB,EAAyBE,UAAzB,CAAP;IACD;;IAEDG,0BAA0B,CAACR,OAAD,EAAkD;MAC1EA,OAAO,GAAG,KAAKC,oBAAL,CAA0B,oBAA1B,EAAgDD,OAAhD,CAAV;MACA,IAAAE,qDAAA,EAAkCF,OAAlC;MACA,MAAMG,OAAO,GAAG,KAAKC,UAAL,CAAgBJ,OAAhB,CAAhB;MACA,MAAMK,UAAU,GAAGL,OAAO,CAACK,UAAR,IAAsBI,0CAAzC;MACA,OAAO,IAAIF,oBAAJ,CAAgBJ,OAAhB,EAAyBE,UAAzB,CAAP;IACD;;IAEDK,qBAAqB,CAACV,OAAD,EAAkD;MACrEA,OAAO,GAAG,KAAKC,oBAAL,CAA0B,cAA1B,EAA0CD,OAA1C,CAAV;MACA,IAAAE,qDAAA,EAAkCF,OAAlC;MACA,MAAMG,OAAO,GAAG,KAAKC,UAAL,CAAgBJ,OAAhB,CAAhB;MACA,MAAMK,UAAU,GAAGL,OAAO,CAACK,UAAR,IAAsBM,oCAAzC;MACA,OAAO,IAAIJ,oBAAJ,CAAgBJ,OAAhB,EAAyBE,UAAzB,CAAP;IACD;;EA3BH,CAHA;AAiCD"}

package/cjs/oidc/types/JWT.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JWT.js","names":[],"sources":["../../../../lib/oidc/types/JWT.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface JWTHeader {\n  alg: string;\n  typ?: string;\n  kid?: string;\n  jku?: string;\n  x5u?: string;\n  x5t?: string;\n}\n\nexport type JWTPayload = UserClaims & {\n  scp?: string[];\n}\n\nexport interface JWTObject {\n  header: JWTHeader;\n  payload: JWTPayload;\n  signature: string;\n}\n"],"mappings":""}

package/cjs/oidc/types/Token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Token.js","names":["isToken","obj","accessToken","idToken","refreshToken","Array","isArray","scopes","isAccessToken","isIDToken","isRefreshToken"],"sources":["../../../../lib/oidc/types/Token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n  expiresAt: number;\n  authorizeUrl: string;\n  scopes: string[];\n  pendingRemove?: boolean;\n}\n\nexport interface AccessToken extends AbstractToken {\n  accessToken: string;\n  claims: UserClaims;\n  tokenType: string;\n  userinfoUrl: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n  refreshToken: string;\n  tokenUrl: string;\n  issuer: string;\n}\n\nexport interface IDToken extends AbstractToken {\n  idToken: string;\n  claims: UserClaims;\n  issuer: string;\n  clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\n\nexport function isToken(obj: any): obj is Token {\n  if (obj &&\n      (obj.accessToken || obj.idToken || obj.refreshToken) &&\n      Array.isArray(obj.scopes)) {\n    return true;\n  }\n  return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n  return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n  return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n  return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n  accessToken?: AccessToken;\n  idToken?: IDToken;\n  refreshToken?: RefreshToken;\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAoCO,SAASA,OAAT,CAAiBC,GAAjB,EAAyC;EAC9C,IAAIA,GAAG,KACFA,GAAG,CAACC,WAAJ,IAAmBD,GAAG,CAACE,OAAvB,IAAkCF,GAAG,CAACG,YADpC,CAAH,IAEAC,KAAK,CAACC,OAAN,CAAcL,GAAG,CAACM,MAAlB,CAFJ,EAE+B;IAC7B,OAAO,IAAP;EACD;;EACD,OAAO,KAAP;AACD;;AAEM,SAASC,aAAT,CAAuBP,GAAvB,EAAqD;EAC1D,OAAOA,GAAG,IAAIA,GAAG,CAACC,WAAlB;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAA6C;EAClD,OAAOA,GAAG,IAAIA,GAAG,CAACE,OAAlB;AACD;;AAEM,SAASO,cAAT,CAAwBT,GAAxB,EAAuD;EAC5D,OAAOA,GAAG,IAAIA,GAAG,CAACG,YAAlB;AACD"}

package/cjs/oidc/types/TokenManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenManager.js","names":["EVENT_EXPIRED","EVENT_RENEWED","EVENT_ADDED","EVENT_REMOVED","EVENT_ERROR","EVENT_SET_STORAGE"],"sources":["../../../../lib/oidc/types/TokenManager.ts"],"sourcesContent":["/* eslint-disable max-len */\nimport { StorageProvider } from '../../storage/types';\nimport { TokenManagerOptions } from './options';\nimport { AccessToken, IDToken, RefreshToken, Token, Tokens, TokenType } from './Token';\n\nexport interface TokenManagerError {\n  errorSummary: string;\n  errorCode: string;\n  message: string;\n  name: string;\n  tokenKey: string;\n}\n\nexport declare type AccessTokenCallback = (key: string, token: AccessToken) => void;\nexport declare type IDTokenCallback = (key: string, token: IDToken) => void;\nexport declare type RefreshTokenCallback = (key: string, token: RefreshToken) => void;\n\nexport const EVENT_EXPIRED = 'expired';\nexport const EVENT_RENEWED = 'renewed';\nexport const EVENT_ADDED = 'added';\nexport const EVENT_REMOVED = 'removed';\nexport const EVENT_ERROR = 'error';\nexport const EVENT_SET_STORAGE = 'set_storage';\n\nexport declare type TokenManagerErrorEventHandler = (error: TokenManagerError) => void;\nexport declare type TokenManagerEventHandler = (key: string, token: Token) => void;\nexport declare type TokenManagerRenewEventHandler = (key: string, token: Token, oldtoken: Token) => void;\nexport declare type TokenManagerSetStorageEventHandler = (storage: Tokens) => void;\n\nexport declare type TokenManagerAnyEventHandler = TokenManagerErrorEventHandler | TokenManagerRenewEventHandler | TokenManagerSetStorageEventHandler | TokenManagerEventHandler;\nexport declare type TokenManagerAnyEvent = typeof EVENT_RENEWED | typeof EVENT_ERROR | typeof EVENT_SET_STORAGE | typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED;\n\n// only add methods needed internally\nexport interface TokenManagerInterface {\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler: TokenManagerEventHandler, context?: object): void;\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler?: TokenManagerEventHandler): void;\n\n  clear(): void;\n  setExpireEventTimeout(key: string, token: Token): void;\n  clearExpireEventTimeout(key: string): void;\n  clearExpireEventTimeoutAll(): void;\n  emitAdded(key: string, token: Token): void;\n  emitError(error: Error): void;\n  emitRemoved(key: string, token: Token): void;\n  emitRenewed(key: string, token: Token, oldToken?: Token): void;\n  renew(key: string): Promise<Token | undefined>;\n  remove(key: string): void;\n  hasExpired(token: Token): boolean;\n  getExpireTime(token: Token): number;\n\n  get(key): Promise<Token>;\n  getSync(key): Token;\n  getTokens(): Promise<Tokens>;\n  getTokensSync(): Tokens;\n  setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;\n  getStorageKeyByType(type: TokenType): string;\n  add(key: any, token: Token): void;\n  updateRefreshToken(token: RefreshToken);\n  removeRefreshToken(): void;\n  clearPendingRemoveTokens(): void;\n\n  getOptions(): TokenManagerOptions;\n  getStorage(): StorageProvider;\n\n  start();\n  stop();\n}\n"],"mappings":";;;;AAAA;AAiBO,MAAMA,aAAa,GAAG,SAAtB;;AACA,MAAMC,aAAa,GAAG,SAAtB;;AACA,MAAMC,WAAW,GAAG,OAApB;;AACA,MAAMC,aAAa,GAAG,SAAtB;;AACA,MAAMC,WAAW,GAAG,OAApB;;AACA,MAAMC,iBAAiB,GAAG,aAA1B"}