@okta/okta-auth-js 6.9.0 → 7.0.0

package/cjs/oidc/util/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","names":["generateState","genRandomString","generateNonce","getIssuer","sdk","options","issuer","removeTrailingSlash","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOptionsInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOptionsInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,IAAAC,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,IAAAD,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAED,SAASE,SAAT,CAAmBC,GAAnB,EAAkDC,OAAmB,GAAG,EAAxE,EAA4E;EAC1E,MAAMC,MAAM,GAAG,IAAAC,yBAAA,EAAoBF,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASE,eAAT,CAAyBJ,GAAzB,EAAwDC,OAAmB,GAAG,EAA9E,EAAkF;EACvF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMI,OAAO,GAAG,sBAAAH,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOG,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBN,GAAxB,EAAuDC,OAAmB,GAAG,EAA7E,EAAiF;EACtF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBT,GAAtB,EAAqDC,OAArD,EAAuF;EAC5F,IAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDX,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4F,CAM5F;;EACA,IAAIY,YAAY,GAAG,IAAAV,yBAAA,EAAoBF,OAAO,CAACY,YAA5B,KAA6Cb,GAAG,CAACC,OAAJ,CAAYY,YAA5E;EACA,IAAIX,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIa,WAAW,GAAG,IAAAX,yBAAA,EAAoBF,OAAO,CAACa,WAA5B,KAA4Cd,GAAG,CAACC,OAAJ,CAAYa,WAA1E;EACA,IAAIC,QAAQ,GAAG,IAAAZ,yBAAA,EAAoBF,OAAO,CAACc,QAA5B,KAAyCf,GAAG,CAACC,OAAJ,CAAYc,QAApE;EACA,IAAIC,SAAS,GAAG,IAAAb,yBAAA,EAAoBF,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;EACA,IAAIC,SAAS,GAAG,IAAAd,yBAAA,EAAoBF,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;EAEA,IAAIZ,OAAO,GAAGD,eAAe,CAACJ,GAAD,EAAMC,OAAN,CAA7B;EAEAY,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;EACAS,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;EACAU,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EACAW,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLH,MAAM,EAAEA,MADH;IAELW,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}
+{"version":3,"file":"oauth.js","names":["generateState","genRandomString","generateNonce","getIssuer","sdk","options","issuer","removeTrailingSlash","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, CustomUrls } from '../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOAuthInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,IAAAC,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,IAAAD,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAED,SAASE,SAAT,CAAmBC,GAAnB,EAAgDC,OAAmB,GAAG,EAAtE,EAA0E;EACxE,MAAMC,MAAM,GAAG,IAAAC,yBAAA,EAAoBF,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASE,eAAT,CAAyBJ,GAAzB,EAAsDC,OAAmB,GAAG,EAA5E,EAAgF;EACrF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMI,OAAO,GAAGH,MAAM,CAACI,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCJ,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOG,OAAP;AACD;;AAEM,SAASE,cAAT,CAAwBP,GAAxB,EAAqDC,OAAmB,GAAG,EAA3E,EAA+E;EACpF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMO,MAAM,GAAGN,MAAM,CAACO,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBV,GAAtB,EAAmDC,OAAnD,EAAqF;EAC1F,IAAIU,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDZ,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ0F,CAM1F;;EACA,IAAIa,YAAY,GAAG,IAAAX,yBAAA,EAAoBF,OAAO,CAACa,YAA5B,KAA6Cd,GAAG,CAACC,OAAJ,CAAYa,YAA5E;EACA,IAAIZ,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIc,WAAW,GAAG,IAAAZ,yBAAA,EAAoBF,OAAO,CAACc,WAA5B,KAA4Cf,GAAG,CAACC,OAAJ,CAAYc,WAA1E;EACA,IAAIC,QAAQ,GAAG,IAAAb,yBAAA,EAAoBF,OAAO,CAACe,QAA5B,KAAyChB,GAAG,CAACC,OAAJ,CAAYe,QAApE;EACA,IAAIC,SAAS,GAAG,IAAAd,yBAAA,EAAoBF,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;EACA,IAAIC,SAAS,GAAG,IAAAf,yBAAA,EAAoBF,OAAO,CAACiB,SAA5B,KAA0ClB,GAAG,CAACC,OAAJ,CAAYiB,SAAtE;EAEA,IAAIb,OAAO,GAAGD,eAAe,CAACJ,GAAD,EAAMC,OAAN,CAA7B;EAEAa,YAAY,GAAGA,YAAY,IAAIT,OAAO,GAAG,eAAzC;EACAU,WAAW,GAAGA,WAAW,IAAIV,OAAO,GAAG,cAAvC;EACAW,QAAQ,GAAGA,QAAQ,IAAIX,OAAO,GAAG,WAAjC;EACAa,SAAS,GAAGA,SAAS,IAAIb,OAAO,GAAG,YAAnC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLH,MAAM,EAAEA,MADH;IAELY,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}

package/cjs/oidc/util/oauthMeta.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","getOAuthUrls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOptionsInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOptionsInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,IAAAC,mBAAA,EAAaL,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMK,SAA+B,GAAG;IACtCJ,MADsC;IAEtCE,IAFsC;IAGtCG,QAAQ,EAAEN,WAAW,CAACM,QAHgB;IAItCC,WAAW,EAAEP,WAAW,CAACO,WAJa;IAKtCC,YAAY,EAAER,WAAW,CAACQ,YALY;IAMtCC,YAAY,EAAET,WAAW,CAACS,YANY;IAOtCC,MAAM,EAAEV,WAAW,CAACU,MAPkB;IAQtCC,KAAK,EAAEX,WAAW,CAACW,KARmB;IAStCC,KAAK,EAAEZ,WAAW,CAACY,KATmB;IAUtCC,eAAe,EAAEb,WAAW,CAACa;EAVS,CAAxC;;EAaA,IAAIb,WAAW,CAACc,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEhB,WAAW,CAACgB,YAFU;IAGpCC,mBAAmB,EAAEjB,WAAW,CAACiB,mBAHG;IAIpCC,aAAa,EAAElB,WAAW,CAACkB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}
+{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","getOAuthUrls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, PKCETransactionMeta, TokenParams } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOAuthInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,IAAAC,mBAAA,EAAaL,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMK,SAA+B,GAAG;IACtCJ,MADsC;IAEtCE,IAFsC;IAGtCG,QAAQ,EAAEN,WAAW,CAACM,QAHgB;IAItCC,WAAW,EAAEP,WAAW,CAACO,WAJa;IAKtCC,YAAY,EAAER,WAAW,CAACQ,YALY;IAMtCC,YAAY,EAAET,WAAW,CAACS,YANY;IAOtCC,MAAM,EAAEV,WAAW,CAACU,MAPkB;IAQtCC,KAAK,EAAEX,WAAW,CAACW,KARmB;IAStCC,KAAK,EAAEZ,WAAW,CAACY,KATmB;IAUtCC,eAAe,EAAEb,WAAW,CAACa;EAVS,CAAxC;;EAaA,IAAIb,WAAW,CAACc,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEhB,WAAW,CAACgB,YAFU;IAGpCC,mBAAmB,EAAEjB,WAAW,CAACiB,mBAHG;IAIpCC,aAAa,EAAElB,WAAW,CAACkB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}

package/cjs/oidc/util/pkce.js

@@ -1,13 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.default = void 0;
 
-var _from = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/array/from"));
-
-var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
-
 var _crypto = require("../../crypto");
 
 var _constants = require("../../constants");
@@ -35,20 +29,18 @@ function getRandomString(length) {
 
   _crypto.webcrypto.getRandomValues(a);
 
-  var str = (0, _from.default)(a, dec2hex).join('');
-  return (0, _slice.default)(str).call(str, 0, length);
+  var str = Array.from(a, dec2hex).join('');
+  return str.slice(0, length);
 }
 
 function generateVerifier(prefix) {
-  var _context;
-
   var verifier = prefix || '';
 
   if (verifier.length < _constants.MIN_VERIFIER_LENGTH) {
     verifier = verifier + getRandomString(_constants.MIN_VERIFIER_LENGTH - verifier.length);
   }
 
-  return (0, _slice.default)(_context = encodeURIComponent(verifier)).call(_context, 0, _constants.MAX_VERIFIER_LENGTH);
+  return encodeURIComponent(verifier).slice(0, _constants.MAX_VERIFIER_LENGTH);
 }
 
 function computeChallenge(str) {

package/cjs/oidc/util/pkce.js.map

@@ -1 +1 @@
-{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","stringToBase64Url","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,iBAAA,CAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;EAAA;;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,8BAAA,GAAsBD,QAAQ,CAACX,MAAhC,CAArC;EACD;;EACD,OAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;EACvD,IAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;EACA,OAAOF,iBAAA,CAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,IAAAC,yBAAA,EAAkBL,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbE,6BAA6B,EAA7BA,wCADa;EAEbpB,gBAFa;EAGbM;AAHa,C"}
+{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","stringToBase64Url","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"mappings":";;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,iBAAA,CAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWR,CAAX,EAAcN,OAAd,EAAuBe,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaX,MAAb,CAAP;AACD;;AAED,SAASY,gBAAT,CAA0BC,MAA1B,EAAmD;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACd,MAAT,GAAkBe,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGf,eAAe,CAACgB,8BAAA,GAAsBD,QAAQ,CAACd,MAAhC,CAArC;EACD;;EACD,OAAOgB,kBAAkB,CAACF,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsCM,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BX,GAA1B,EAAyD;EACvD,IAAIY,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBd,GAAzB,CAAb;EACA,OAAOF,iBAAA,CAAUiB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAI3B,UAAJ,CAAeuB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,IAAAC,yBAAA,EAAkBL,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbE,6BAA6B,EAA7BA,wCADa;EAEbpB,gBAFa;EAGbM;AAHa,C"}

package/cjs/oidc/util/prepareTokenParams.js

@@ -1,14 +1,12 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.assertPKCESupport = assertPKCESupport;
 exports.preparePKCE = preparePKCE;
 exports.prepareTokenParams = prepareTokenParams;
 exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
 
-var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
-
 var _wellKnown = require("../endpoints/well-known");
 
 var _errors = require("../../errors");
@@ -58,7 +56,7 @@ async function validateCodeChallengeMethod(sdk, codeChallengeMethod) {
   const wellKnownResponse = await (0, _wellKnown.getWellKnown)(sdk);
   var methods = wellKnownResponse['code_challenge_methods_supported'] || [];
 
-  if ((0, _indexOf.default)(methods).call(methods, codeChallengeMethod) === -1) {
+  if (methods.indexOf(codeChallengeMethod) === -1) {
     throw new _errors.AuthSdkError('Invalid code_challenge_method');
   }
 

package/cjs/oidc/util/prepareTokenParams.js.map

@@ -1 +1 @@
-{"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","getWellKnown","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","getDefaultTokenParams","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthFeaturesInterface, OktaAuthOIDCInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthFeaturesInterface) {\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    throw new AuthSdkError(errorMessage);\n  }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOIDCInterface, codeChallengeMethod?: string) {\n  // set default code challenge method, if none provided\n  codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n  // validate against .well-known/openid-configuration\n  const wellKnownResponse = await getWellKnown(sdk);\n  var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n  if (methods.indexOf(codeChallengeMethod) === -1) {\n    throw new AuthSdkError('Invalid code_challenge_method');\n  }\n  return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n  sdk: OktaAuthOIDCInterface, \n  tokenParams: TokenParams\n): Promise<TokenParams> {\n  let {\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  } = tokenParams;\n\n  // PKCE calculations can be avoided by passing a codeChallenge\n  codeChallenge = codeChallenge || sdk.options.codeChallenge;\n  if (!codeChallenge) {\n    assertPKCESupport(sdk);\n    codeVerifier = codeVerifier || PKCE.generateVerifier();\n    codeChallenge = await PKCE.computeChallenge(codeVerifier);\n  }\n  codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n  // Clone/copy the params. Set PKCE values\n  tokenParams = {\n    ...tokenParams,\n    responseType: 'code', // responseType is forced\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  };\n\n  return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n  // build params using defaults + options\n  const defaults = getDefaultTokenParams(sdk);\n  tokenParams = { ...defaults, ...tokenParams };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return tokenParams;\n  }\n\n  return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAA2D;EAChE,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAuEQ,mBAAvE,EAAqG;EAC1G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF0G,CAI1G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,uBAAA,EAAaZ,GAAb,CAAhC;EACA,IAAIa,OAAO,GAAGF,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAI,sBAAAE,OAAO,MAAP,CAAAA,OAAO,EAASL,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeM,WAAf,CACLd,GADK,EAELe,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFT;EAHE,IAIAO,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIjB,GAAG,CAACS,OAAJ,CAAYQ,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBlB,iBAAiB,CAACC,GAAD,CAAjB;IACAgB,YAAY,GAAGA,YAAY,IAAIE,aAAA,CAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,aAAA,CAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDR,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAO,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZT;EALY,CAAd;EAQA,OAAOO,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLtB,GADK,EAELe,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,IAAAC,yCAAA,EAAsBxB,GAAtB,CAAjB;EACAe,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACU,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOV,WAAP;EACD;;EAED,OAAOD,WAAW,CAACd,GAAD,EAAMe,WAAN,CAAlB;AACD"}
+{"version":3,"file":"prepareTokenParams.js","names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","getWellKnown","methods","indexOf","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","getDefaultTokenParams","pkce"],"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\nimport { OktaAuthBaseInterface } from '../../base/types';\n\nexport function assertPKCESupport(sdk: OktaAuthBaseInterface) {\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    throw new AuthSdkError(errorMessage);\n  }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOAuthInterface, codeChallengeMethod?: string) {\n  // set default code challenge method, if none provided\n  codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n  // validate against .well-known/openid-configuration\n  const wellKnownResponse = await getWellKnown(sdk);\n  var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n  if (methods.indexOf(codeChallengeMethod) === -1) {\n    throw new AuthSdkError('Invalid code_challenge_method');\n  }\n  return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n  sdk: OktaAuthOAuthInterface, \n  tokenParams: TokenParams\n): Promise<TokenParams> {\n  let {\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  } = tokenParams;\n\n  // PKCE calculations can be avoided by passing a codeChallenge\n  codeChallenge = codeChallenge || sdk.options.codeChallenge;\n  if (!codeChallenge) {\n    assertPKCESupport(sdk);\n    codeVerifier = codeVerifier || PKCE.generateVerifier();\n    codeChallenge = await PKCE.computeChallenge(codeVerifier);\n  }\n  codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n  // Clone/copy the params. Set PKCE values\n  tokenParams = {\n    ...tokenParams,\n    responseType: 'code', // responseType is forced\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  };\n\n  return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n  // build params using defaults + options\n  const defaults = getDefaultTokenParams(sdk);\n  tokenParams = { ...defaults, ...tokenParams };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return tokenParams;\n  }\n\n  return preparePKCE(sdk, tokenParams);\n}"],"mappings":";;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,SAASA,iBAAT,CAA2BC,GAA3B,EAAuD;EAC5D,IAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;IACnC,IAAIC,YAAY,GAAG,qFAAnB;;IACA,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;MAC3B;MACAD,YAAY,IAAI,kGAAhB;IACD;;IACD,IAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;MAClC;MACAF,YAAY,IAAI,wGAAhB;IACD;;IACD,MAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;EACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAwEQ,mBAAxE,EAAsG;EAC3G;EACAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF2G,CAI3G;;EACA,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,uBAAA,EAAaZ,GAAb,CAAhC;EACA,IAAIa,OAAO,GAAGF,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;EACA,IAAIE,OAAO,CAACC,OAAR,CAAgBN,mBAAhB,MAAyC,CAAC,CAA9C,EAAiD;IAC/C,MAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;EACD;;EACD,OAAOE,mBAAP;AACD;;AAEM,eAAeO,WAAf,CACLf,GADK,EAELgB,WAFK,EAGiB;EACtB,IAAI;IACFC,YADE;IAEFC,aAFE;IAGFV;EAHE,IAIAQ,WAJJ,CADsB,CAOtB;;EACAE,aAAa,GAAGA,aAAa,IAAIlB,GAAG,CAACS,OAAJ,CAAYS,aAA7C;;EACA,IAAI,CAACA,aAAL,EAAoB;IAClBnB,iBAAiB,CAACC,GAAD,CAAjB;IACAiB,YAAY,GAAGA,YAAY,IAAIE,aAAA,CAAKC,gBAAL,EAA/B;IACAF,aAAa,GAAG,MAAMC,aAAA,CAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;EACD;;EACDT,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;EACAQ,WAAW,GAAG,EACZ,GAAGA,WADS;IAEZM,YAAY,EAAE,MAFF;IAEU;IACtBL,YAHY;IAIZC,aAJY;IAKZV;EALY,CAAd;EAQA,OAAOQ,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLvB,GADK,EAELgB,WAAwB,GAAG,EAFtB,EAGiB;EACtB;EACA,MAAMQ,QAAQ,GAAG,IAAAC,yCAAA,EAAsBzB,GAAtB,CAAjB;EACAgB,WAAW,GAAG,EAAE,GAAGQ,QAAL;IAAe,GAAGR;EAAlB,CAAd;;EAEA,IAAIA,WAAW,CAACU,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOV,WAAP;EACD;;EAED,OAAOD,WAAW,CAACf,GAAD,EAAMgB,WAAN,CAAlB;AACD"}

package/cjs/oidc/util/refreshToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","isAuthApiError","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n  return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n  if (!isAuthApiError(err)) {\n    return false;\n  }\n\n  if (!err.xhr || !err.xhr.responseJSON) {\n    return false;\n  }\n\n  const { responseJSON } = err.xhr;\n  if (responseJSON.error === 'invalid_grant') {\n    return true;\n  }\n\n  return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,IAAAC,sBAAA,EAAeD,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACE,GAAL,IAAY,CAACF,GAAG,CAACE,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBH,GAAG,CAACE,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}
+{"version":3,"file":"refreshToken.js","names":["isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","isAuthApiError","xhr","responseJSON","error"],"sources":["../../../../lib/oidc/util/refreshToken.ts"],"sourcesContent":["import { RefreshToken } from '../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n  return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n  if (!isAuthApiError(err)) {\n    return false;\n  }\n\n  if (!err.xhr || !err.xhr.responseJSON) {\n    return false;\n  }\n\n  const { responseJSON } = err.xhr;\n  if (responseJSON.error === 'invalid_grant') {\n    return true;\n  }\n\n  return false;\n}"],"mappings":";;;;;AACA;;AAEO,SAASA,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;EACnE,OAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;;AAEM,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;EAC9C,IAAI,CAAC,IAAAC,sBAAA,EAAeD,GAAf,CAAL,EAA0B;IACxB,OAAO,KAAP;EACD;;EAED,IAAI,CAACA,GAAG,CAACE,GAAL,IAAY,CAACF,GAAG,CAACE,GAAJ,CAAQC,YAAzB,EAAuC;IACrC,OAAO,KAAP;EACD;;EAED,MAAM;IAAEA;EAAF,IAAmBH,GAAG,CAACE,GAA7B;;EACA,IAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;IAC1C,OAAO,IAAP;EACD;;EAED,OAAO,KAAP;AACD"}

package/cjs/oidc/util/sharedStorage.js

@@ -0,0 +1,54 @@
+"use strict";
+
+exports.clearTransactionFromSharedStorage = clearTransactionFromSharedStorage;
+exports.loadTransactionFromSharedStorage = loadTransactionFromSharedStorage;
+exports.pruneSharedStorage = pruneSharedStorage;
+exports.saveTransactionToSharedStorage = saveTransactionToSharedStorage;
+
+var _types = require("../types");
+
+const MAX_ENTRY_LIFETIME = 30 * 60 * 1000; // 30 minutes
+
+function pruneSharedStorage(storageManager) {
+  const sharedStorage = storageManager.getSharedTansactionStorage();
+  const entries = sharedStorage.getStorage();
+  Object.keys(entries).forEach(state => {
+    const entry = entries[state];
+    const age = Date.now() - entry.dateCreated;
+
+    if (age > MAX_ENTRY_LIFETIME) {
+      delete entries[state];
+    }
+  });
+  sharedStorage.setStorage(entries);
+}
+
+function saveTransactionToSharedStorage(storageManager, state, meta) {
+  const sharedStorage = storageManager.getSharedTansactionStorage();
+  const entries = sharedStorage.getStorage();
+  entries[state] = {
+    dateCreated: Date.now(),
+    transaction: meta
+  };
+  sharedStorage.setStorage(entries);
+}
+
+function loadTransactionFromSharedStorage(storageManager, state) {
+  const sharedStorage = storageManager.getSharedTansactionStorage();
+  const entries = sharedStorage.getStorage();
+  const entry = entries[state];
+
+  if (entry && entry.transaction && (0, _types.isTransactionMeta)(entry.transaction)) {
+    return entry.transaction;
+  }
+
+  return null;
+}
+
+function clearTransactionFromSharedStorage(storageManager, state) {
+  const sharedStorage = storageManager.getSharedTansactionStorage();
+  const entries = sharedStorage.getStorage();
+  delete entries[state];
+  sharedStorage.setStorage(entries);
+}
+//# sourceMappingURL=sharedStorage.js.map

package/cjs/oidc/util/sharedStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sharedStorage.js","names":["MAX_ENTRY_LIFETIME","pruneSharedStorage","storageManager","sharedStorage","getSharedTansactionStorage","entries","getStorage","Object","keys","forEach","state","entry","age","Date","now","dateCreated","setStorage","saveTransactionToSharedStorage","meta","transaction","loadTransactionFromSharedStorage","isTransactionMeta","clearTransactionFromSharedStorage"],"sources":["../../../../lib/oidc/util/sharedStorage.ts"],"sourcesContent":["import { OAuthStorageManagerInterface, OAuthTransactionMeta, isTransactionMeta } from '../types';\n\nconst MAX_ENTRY_LIFETIME = 30 * 60 * 1000; // 30 minutes\n\nexport function pruneSharedStorage<M extends OAuthTransactionMeta>(storageManager: OAuthStorageManagerInterface<M>) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  Object.keys(entries).forEach(state => {\n    const entry = entries[state];\n    const age = Date.now() - entry.dateCreated;\n    if (age > MAX_ENTRY_LIFETIME) {\n      delete entries[state];\n    }\n  });\n  sharedStorage.setStorage(entries);\n}\n\nexport function saveTransactionToSharedStorage<M extends OAuthTransactionMeta>(\n  storageManager: OAuthStorageManagerInterface<M>, state: string, meta: M\n) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  entries[state] = {\n    dateCreated: Date.now(),\n    transaction: meta\n  };\n  sharedStorage.setStorage(entries);\n}\n\n\nexport function loadTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n  storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  const entry = entries[state];\n  if (entry && entry.transaction && isTransactionMeta(entry.transaction)) {\n    return entry.transaction;\n  }\n  return null;\n}\n\nexport function clearTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n  storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  delete entries[state];\n  sharedStorage.setStorage(entries);\n}\n"],"mappings":";;;;;;;AAAA;;AAEA,MAAMA,kBAAkB,GAAG,KAAK,EAAL,GAAU,IAArC,C,CAA2C;;AAEpC,SAASC,kBAAT,CAA4DC,cAA5D,EAA6G;EAClH,MAAMC,aAAa,GAAGD,cAAc,CAACE,0BAAf,EAAtB;EACA,MAAMC,OAAO,GAAGF,aAAa,CAACG,UAAd,EAAhB;EACAC,MAAM,CAACC,IAAP,CAAYH,OAAZ,EAAqBI,OAArB,CAA6BC,KAAK,IAAI;IACpC,MAAMC,KAAK,GAAGN,OAAO,CAACK,KAAD,CAArB;IACA,MAAME,GAAG,GAAGC,IAAI,CAACC,GAAL,KAAaH,KAAK,CAACI,WAA/B;;IACA,IAAIH,GAAG,GAAGZ,kBAAV,EAA8B;MAC5B,OAAOK,OAAO,CAACK,KAAD,CAAd;IACD;EACF,CAND;EAOAP,aAAa,CAACa,UAAd,CAAyBX,OAAzB;AACD;;AAEM,SAASY,8BAAT,CACLf,cADK,EAC4CQ,KAD5C,EAC2DQ,IAD3D,EAEL;EACA,MAAMf,aAAa,GAAGD,cAAc,CAACE,0BAAf,EAAtB;EACA,MAAMC,OAAO,GAAGF,aAAa,CAACG,UAAd,EAAhB;EACAD,OAAO,CAACK,KAAD,CAAP,GAAiB;IACfK,WAAW,EAAEF,IAAI,CAACC,GAAL,EADE;IAEfK,WAAW,EAAED;EAFE,CAAjB;EAIAf,aAAa,CAACa,UAAd,CAAyBX,OAAzB;AACD;;AAGM,SAASe,gCAAT,CACLlB,cADK,EAC4CQ,KAD5C,EAEL;EACA,MAAMP,aAAa,GAAGD,cAAc,CAACE,0BAAf,EAAtB;EACA,MAAMC,OAAO,GAAGF,aAAa,CAACG,UAAd,EAAhB;EACA,MAAMK,KAAK,GAAGN,OAAO,CAACK,KAAD,CAArB;;EACA,IAAIC,KAAK,IAAIA,KAAK,CAACQ,WAAf,IAA8B,IAAAE,wBAAA,EAAkBV,KAAK,CAACQ,WAAxB,CAAlC,EAAwE;IACtE,OAAOR,KAAK,CAACQ,WAAb;EACD;;EACD,OAAO,IAAP;AACD;;AAEM,SAASG,iCAAT,CACLpB,cADK,EAC4CQ,KAD5C,EAEL;EACA,MAAMP,aAAa,GAAGD,cAAc,CAACE,0BAAf,EAAtB;EACA,MAAMC,OAAO,GAAGF,aAAa,CAACG,UAAd,EAAhB;EACA,OAAOD,OAAO,CAACK,KAAD,CAAd;EACAP,aAAa,CAACa,UAAd,CAAyBX,OAAzB;AACD"}

package/cjs/oidc/util/validateClaims.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.validateClaims = validateClaims;
 

package/cjs/oidc/util/validateClaims.js.map

@@ -1 +1 @@
-{"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOptionsInterface, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuthOptionsInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n  var aud = validationParams.clientId;\n  var iss = validationParams.issuer;\n  var nonce = validationParams.nonce;\n\n  if (!claims || !iss || !aud) {\n    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n  }\n\n  if (nonce && claims.nonce !== nonce) {\n    throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n  }\n\n  var now = Math.floor(Date.now()/1000);\n\n  if (claims.iss !== iss) {\n    throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n      'does not match [' + iss + ']');\n  }\n\n  if (claims.aud !== aud) {\n    throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n      'does not match [' + aud + ']');\n  }\n\n  if (claims.iat! > claims.exp!) {\n    throw new AuthSdkError('The JWT expired before it was issued');\n  }\n\n  if (!sdk.options.ignoreLifetime) {\n    if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n      throw new AuthSdkError('The JWT expired and is no longer valid');\n    }\n\n    if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n      throw new AuthSdkError('The JWT was issued in the future');\n    }\n  }\n}\n"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAuDC,MAAvD,EAA2EC,gBAA3E,EAAgH;EACrH,IAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;EACA,IAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;EACA,IAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;EAEA,IAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;IAC3B,MAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;EACD;;EAED,IAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;IACnC,MAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;EACD;;EAED,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;IACtB,MAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;EAED;;EAED,IAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;IACtB,MAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;EAED;;EAED,IAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;IAC7B,MAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,IAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;IAC/B,IAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;MACnD,MAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;IACD;;IAED,IAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;MACnD,MAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;IACD;EACF;AACF"}
+{"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n  var aud = validationParams.clientId;\n  var iss = validationParams.issuer;\n  var nonce = validationParams.nonce;\n\n  if (!claims || !iss || !aud) {\n    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n  }\n\n  if (nonce && claims.nonce !== nonce) {\n    throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n  }\n\n  var now = Math.floor(Date.now()/1000);\n\n  if (claims.iss !== iss) {\n    throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n      'does not match [' + iss + ']');\n  }\n\n  if (claims.aud !== aud) {\n    throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n      'does not match [' + aud + ']');\n  }\n\n  if (claims.iat! > claims.exp!) {\n    throw new AuthSdkError('The JWT expired before it was issued');\n  }\n\n  if (!sdk.options.ignoreLifetime) {\n    if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n      throw new AuthSdkError('The JWT expired and is no longer valid');\n    }\n\n    if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n      throw new AuthSdkError('The JWT was issued in the future');\n    }\n  }\n}\n"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAqDC,MAArD,EAAyEC,gBAAzE,EAA8G;EACnH,IAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;EACA,IAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;EACA,IAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;EAEA,IAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;IAC3B,MAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;EACD;;EAED,IAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;IACnC,MAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;EACD;;EAED,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;IACtB,MAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;EAED;;EAED,IAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;IACtB,MAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;EAED;;EAED,IAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;IAC7B,MAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,IAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;IAC/B,IAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;MACnD,MAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;IACD;;IAED,IAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;MACnD,MAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;IACD;EACF;AACF"}

package/cjs/oidc/util/validateToken.js

@@ -4,7 +4,7 @@ exports.validateToken = validateToken;
 
 var _errors = require("../../errors");
 
-var _types = require("../../types");
+var _types = require("../../oidc/types");
 
 /* eslint-disable complexity */
 function validateToken(token, type) {

package/cjs/oidc/util/validateToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"validateToken.js","names":["validateToken","token","type","isIDToken","isAccessToken","isRefreshToken","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n    throw new AuthSdkError(\n      'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n    );\n  }\n  \n  if (type === 'accessToken' && !isAccessToken(token)) {\n    throw new AuthSdkError('invalid accessToken');\n  } \n  if (type === 'idToken' && !isIDToken(token)) {\n    throw new AuthSdkError('invalid idToken');\n  }\n\n  if (type === 'refreshToken' && !isRefreshToken(token)) {\n    throw new AuthSdkError('invalid refreshToken');\n  }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAAD,IAAqB,CAAC,IAAAG,oBAAA,EAAcH,KAAd,CAAtB,IAA8C,CAAC,IAAAI,qBAAA,EAAeJ,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIK,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAIJ,IAAI,KAAK,aAAT,IAA0B,CAAC,IAAAE,oBAAA,EAAcH,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIK,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAIJ,IAAI,KAAK,SAAT,IAAsB,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIK,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAIJ,IAAI,KAAK,cAAT,IAA2B,CAAC,IAAAG,qBAAA,EAAeJ,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}
+{"version":3,"file":"validateToken.js","names":["validateToken","token","type","isIDToken","isAccessToken","isRefreshToken","AuthSdkError"],"sources":["../../../../lib/oidc/util/validateToken.ts"],"sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../oidc/types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n    throw new AuthSdkError(\n      'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n    );\n  }\n  \n  if (type === 'accessToken' && !isAccessToken(token)) {\n    throw new AuthSdkError('invalid accessToken');\n  } \n  if (type === 'idToken' && !isIDToken(token)) {\n    throw new AuthSdkError('invalid idToken');\n  }\n\n  if (type === 'refreshToken' && !isRefreshToken(token)) {\n    throw new AuthSdkError('invalid refreshToken');\n  }\n}"],"mappings":";;;;AAEA;;AACA;;AAHA;AAKO,SAASA,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;EAC5D,IAAI,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAAD,IAAqB,CAAC,IAAAG,oBAAA,EAAcH,KAAd,CAAtB,IAA8C,CAAC,IAAAI,qBAAA,EAAeJ,KAAf,CAAnD,EAA0E;IACxE,MAAM,IAAIK,oBAAJ,CACJ,+GADI,CAAN;EAGD;;EAED,IAAIJ,IAAI,KAAK,aAAT,IAA0B,CAAC,IAAAE,oBAAA,EAAcH,KAAd,CAA/B,EAAqD;IACnD,MAAM,IAAIK,oBAAJ,CAAiB,qBAAjB,CAAN;EACD;;EACD,IAAIJ,IAAI,KAAK,SAAT,IAAsB,CAAC,IAAAC,gBAAA,EAAUF,KAAV,CAA3B,EAA6C;IAC3C,MAAM,IAAIK,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,IAAIJ,IAAI,KAAK,cAAT,IAA2B,CAAC,IAAAG,qBAAA,EAAeJ,KAAf,CAAhC,EAAuD;IACrD,MAAM,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAN;EACD;AACF"}

package/cjs/oidc/verifyToken.js

@@ -1,15 +1,7 @@
 "use strict";
 
-var _WeakMap = require("@babel/runtime-corejs3/core-js-stable/weak-map");
-
-var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptor");
-
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.verifyToken = verifyToken;
 
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
 var _wellKnown = require("./endpoints/well-known");
 
 var _util = require("./util");
@@ -20,9 +12,9 @@ var _decodeToken = require("./decodeToken");
 
 var sdkCrypto = _interopRequireWildcard(require("../crypto"));
 
-function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 
 /* eslint-disable max-len */
 
@@ -54,7 +46,7 @@ async function verifyToken(sdk, token, validationParams) {
   const {
     issuer
   } = await (0, _wellKnown.getWellKnown)(sdk, configuredIssuer);
-  var validationOptions = (0, _assign.default)({
+  var validationOptions = Object.assign({
     // base options, can be overridden by params
     clientId: sdk.options.clientId,
     ignoreSignature: sdk.options.ignoreSignature

package/cjs/oidc/verifyToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOIDCInterface, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOIDCInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n  if (!token || !token.idToken) {\n    throw new AuthSdkError('Only idTokens may be verified');\n  }\n\n  // Decode the Jwt object (may throw)\n  var jwt = decodeToken(token.idToken);\n\n  // The configured issuer may point to a frontend proxy.\n  // Get the \"real\" issuer from .well-known/openid-configuration\n  const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n  const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n  var validationOptions: TokenVerifyParams = Object.assign({\n    // base options, can be overridden by params\n    clientId: sdk.options.clientId,\n    ignoreSignature: sdk.options.ignoreSignature\n  }, validationParams, {\n    // final options, cannot be overridden\n    issuer\n  });\n\n  // Standard claim validation (may throw)\n  validateClaims(sdk, jwt.payload, validationOptions);\n\n  // If the browser doesn't support native crypto or we choose not\n  // to verify the signature, bail early\n  if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n    return token;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n  const valid = await sdkCrypto.verifyToken(token.idToken, key);\n  if (!valid) {\n    throw new AuthSdkError('The token signature is not valid');\n  }\n  if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n    const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n    if (hash !== token.claims.at_hash) {\n      throw new AuthSdkError('Token hash verification failed');\n    }\n  }\n  return token;\n}\n"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAuDC,KAAvD,EAAuEC,gBAAvE,EAA8H;EACnI,IAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;IAC5B,MAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;EACD,CAHkI,CAKnI;;;EACA,IAAIC,GAAG,GAAG,IAAAC,wBAAA,EAAYL,KAAK,CAACE,OAAlB,CAAV,CANmI,CAQnI;EACA;;EACA,MAAMI,gBAAgB,GAAG,CAAAL,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEM,MAAlB,KAA4BR,GAAG,CAACS,OAAJ,CAAYD,MAAjE;EACA,MAAM;IAAEA;EAAF,IAAa,MAAM,IAAAE,uBAAA,EAAaV,GAAb,EAAkBO,gBAAlB,CAAzB;EAEA,IAAII,iBAAoC,GAAG,qBAAc;IACvD;IACAC,QAAQ,EAAEZ,GAAG,CAACS,OAAJ,CAAYG,QAFiC;IAGvDC,eAAe,EAAEb,GAAG,CAACS,OAAJ,CAAYI;EAH0B,CAAd,EAIxCX,gBAJwC,EAItB;IACnB;IACAM;EAFmB,CAJsB,CAA3C,CAbmI,CAsBnI;;EACA,IAAAM,oBAAA,EAAed,GAAf,EAAoBK,GAAG,CAACU,OAAxB,EAAiCJ,iBAAjC,EAvBmI,CAyBnI;EACA;;EACA,IAAIA,iBAAiB,CAACE,eAAlB,IAAqC,IAArC,IAA6C,CAACb,GAAG,CAACgB,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;IACvF,OAAOhB,KAAP;EACD,CA7BkI,CA+BnI;;;EACA,MAAMiB,GAAG,GAAG,MAAM,IAAAC,iBAAA,EAAOnB,GAAP,EAAYC,KAAK,CAACO,MAAlB,EAA0BH,GAAG,CAACe,MAAJ,CAAWC,GAArC,CAAlB;EACA,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAACxB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCe,GAArC,CAApB;;EACA,IAAI,CAACI,KAAL,EAAY;IACV,MAAM,IAAIlB,oBAAJ,CAAiB,kCAAjB,CAAN;EACD;;EACD,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACsB,WAArC,IAAoDvB,KAAK,CAACwB,MAAN,CAAaC,OAArE,EAA8E;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsB1B,gBAAgB,CAACsB,WAAvC,CAAnB;;IACA,IAAIG,IAAI,KAAK1B,KAAK,CAACwB,MAAN,CAAaC,OAA1B,EAAmC;MACjC,MAAM,IAAItB,oBAAJ,CAAiB,gCAAjB,CAAN;IACD;EACF;;EACD,OAAOH,KAAP;AACD"}
+{"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","Object","assign","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n  if (!token || !token.idToken) {\n    throw new AuthSdkError('Only idTokens may be verified');\n  }\n\n  // Decode the Jwt object (may throw)\n  var jwt = decodeToken(token.idToken);\n\n  // The configured issuer may point to a frontend proxy.\n  // Get the \"real\" issuer from .well-known/openid-configuration\n  const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n  const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n  var validationOptions: TokenVerifyParams = Object.assign({\n    // base options, can be overridden by params\n    clientId: sdk.options.clientId,\n    ignoreSignature: sdk.options.ignoreSignature\n  }, validationParams, {\n    // final options, cannot be overridden\n    issuer\n  });\n\n  // Standard claim validation (may throw)\n  validateClaims(sdk, jwt.payload, validationOptions);\n\n  // If the browser doesn't support native crypto or we choose not\n  // to verify the signature, bail early\n  if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n    return token;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n  const valid = await sdkCrypto.verifyToken(token.idToken, key);\n  if (!valid) {\n    throw new AuthSdkError('The token signature is not valid');\n  }\n  if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n    const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n    if (hash !== token.claims.at_hash) {\n      throw new AuthSdkError('Token hash verification failed');\n    }\n  }\n  return token;\n}\n"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAwDC,KAAxD,EAAwEC,gBAAxE,EAA+H;EACpI,IAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;IAC5B,MAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;EACD,CAHmI,CAKpI;;;EACA,IAAIC,GAAG,GAAG,IAAAC,wBAAA,EAAYL,KAAK,CAACE,OAAlB,CAAV,CANoI,CAQpI;EACA;;EACA,MAAMI,gBAAgB,GAAG,CAAAL,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEM,MAAlB,KAA4BR,GAAG,CAACS,OAAJ,CAAYD,MAAjE;EACA,MAAM;IAAEA;EAAF,IAAa,MAAM,IAAAE,uBAAA,EAAaV,GAAb,EAAkBO,gBAAlB,CAAzB;EAEA,IAAII,iBAAoC,GAAGC,MAAM,CAACC,MAAP,CAAc;IACvD;IACAC,QAAQ,EAAEd,GAAG,CAACS,OAAJ,CAAYK,QAFiC;IAGvDC,eAAe,EAAEf,GAAG,CAACS,OAAJ,CAAYM;EAH0B,CAAd,EAIxCb,gBAJwC,EAItB;IACnB;IACAM;EAFmB,CAJsB,CAA3C,CAboI,CAsBpI;;EACA,IAAAQ,oBAAA,EAAehB,GAAf,EAAoBK,GAAG,CAACY,OAAxB,EAAiCN,iBAAjC,EAvBoI,CAyBpI;EACA;;EACA,IAAIA,iBAAiB,CAACI,eAAlB,IAAqC,IAArC,IAA6C,CAACf,GAAG,CAACkB,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;IACvF,OAAOlB,KAAP;EACD,CA7BmI,CA+BpI;;;EACA,MAAMmB,GAAG,GAAG,MAAM,IAAAC,iBAAA,EAAOrB,GAAP,EAAYC,KAAK,CAACO,MAAlB,EAA0BH,GAAG,CAACiB,MAAJ,CAAWC,GAArC,CAAlB;EACA,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAAC1B,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCiB,GAArC,CAApB;;EACA,IAAI,CAACI,KAAL,EAAY;IACV,MAAM,IAAIpB,oBAAJ,CAAiB,kCAAjB,CAAN;EACD;;EACD,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACwB,WAArC,IAAoDzB,KAAK,CAAC0B,MAAN,CAAaC,OAArE,EAA8E;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsB5B,gBAAgB,CAACwB,WAAvC,CAAnB;;IACA,IAAIG,IAAI,KAAK5B,KAAK,CAAC0B,MAAN,CAAaC,OAA1B,EAAmC;MACjC,MAAM,IAAIxB,oBAAJ,CAAiB,gCAAjB,CAAN;IACD;EACF;;EACD,OAAOH,KAAP;AACD"}

package/cjs/server/serverStorage.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 
@@ -97,11 +97,6 @@ class ServerStorage {
 
   findStorageType() {
     return 'memory';
-  } // will be removed in next version. OKTA-362589
-
-
-  getHttpCache() {
-    return null; // stubbed in server.js
   } // shared in-memory using node cache
 
 
@@ -110,9 +105,7 @@ class ServerStorage {
       getItem: this.nodeCache.get,
       setItem: (key, value) => {
         this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');
-      },
-      // TODO: remove - https://oktainc.atlassian.net/browse/OKTA-529631
-      isSharedStorage: () => true
+      }
     };
   }
 

package/cjs/server/serverStorage.js.map

@@ -1 +1 @@
-{"version":3,"file":"serverStorage.js","names":["sharedStorage","NodeCache","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getHttpCache","getItem","setItem","key","isSharedStorage"],"sources":["../../../lib/server/serverStorage.ts"],"sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport NodeCache from 'node-cache';\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\n// eslint-disable-next-line import/no-commonjs\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n  nodeCache: any; // NodeCache\n  \n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n  }\n\n  set(name: string, value: string, expiresAt: string): string {\n    // eslint-disable-next-line no-extra-boolean-cast\n    if (!!(Date.parse(expiresAt))) {\n      // Time to expiration in seconds\n      var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n      this.nodeCache.set(name, value, ttl);\n    } else {\n      this.nodeCache.set(name, value);\n    }\n\n    return this.get(name);\n  }\n\n  get(name): string {\n    return this.nodeCache.get(name);\n  }\n\n  delete(name) {\n    return this.nodeCache.del(name);\n  }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n  nodeCache: any; // NodeCache\n  storage: Cookies;\n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n    this.storage = new ServerCookies(nodeCache);\n  }\n\n  testStorageType(storageType: StorageType): boolean {\n    var supported = false;\n    switch (storageType) {\n      case 'memory':\n        supported = true;\n        break;\n      default:\n        break;\n    }\n    return supported;\n  }\n\n  getStorageByType(storageType: StorageType): SimpleStorage {\n    let storageProvider;\n    switch (storageType) {\n      case 'memory':\n        storageProvider = this.getStorage();\n        break;\n      default:\n        throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n        break;\n    }\n    return storageProvider;\n  }\n\n  findStorageType(): StorageType {\n    return 'memory';\n  }\n\n  // will be removed in next version. OKTA-362589\n  getHttpCache() {\n    return null; // stubbed in server.js\n  }\n\n  // shared in-memory using node cache\n  getStorage(): SimpleStorage {\n    return {\n      getItem: this.nodeCache.get,\n      setItem: (key, value) => {\n        this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n      },\n      // TODO: remove - https://oktainc.atlassian.net/browse/OKTA-529631\n      isSharedStorage: () => true\n    };\n  }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"mappings":";;;;;;AAgBA;;AAEA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AAIA;AAEA;AACA,MAAMA,aAAa,GAAG,OAAOC,kBAAP,KAAqB,UAArB,GAAkC,IAAIA,kBAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMC,aAAN,CAAuC;EACrB;EAEhBC,WAAW,CAACC,SAAD,EAAY;IACrB,KAAKA,SAAL,GAAiBA,SAAjB;EACD;;EAEDC,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;IAC1D;IACA,IAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;MAC7B;MACA,IAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;MACA,KAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;IACD,CAJD,MAIO;MACL,KAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;IACD;;IAED,OAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;EACD;;EAEDO,GAAG,CAACP,IAAD,EAAe;IAChB,OAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;EACD;;EAEDQ,MAAM,CAACR,IAAD,EAAO;IACX,OAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;EACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;EACzB;EAEhBb,WAAW,CAACC,SAAD,EAAY;IACrB,KAAKA,SAAL,GAAiBA,SAAjB;IACA,KAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;EACD;;EAEDc,eAAe,CAACC,WAAD,EAAoC;IACjD,IAAIC,SAAS,GAAG,KAAhB;;IACA,QAAQD,WAAR;MACE,KAAK,QAAL;QACEC,SAAS,GAAG,IAAZ;QACA;;MACF;QACE;IALJ;;IAOA,OAAOA,SAAP;EACD;;EAEDC,gBAAgB,CAACF,WAAD,EAA0C;IACxD,IAAIG,eAAJ;;IACA,QAAQH,WAAR;MACE,KAAK,QAAL;QACEG,eAAe,GAAG,KAAKC,UAAL,EAAlB;QACA;;MACF;QACE,MAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;QACA;IANJ;;IAQA,OAAOG,eAAP;EACD;;EAEDG,eAAe,GAAgB;IAC7B,OAAO,QAAP;EACD,CAnCwC,CAqCzC;;;EACAC,YAAY,GAAG;IACb,OAAO,IAAP,CADa,CACA;EACd,CAxCwC,CA0CzC;;;EACAH,UAAU,GAAkB;IAC1B,OAAO;MACLI,OAAO,EAAE,KAAKvB,SAAL,CAAeS,GADnB;MAELe,OAAO,EAAE,CAACC,GAAD,EAAMtB,KAAN,KAAgB;QACvB,KAAKH,SAAL,CAAeC,GAAf,CAAmBwB,GAAnB,EAAwBtB,KAAxB,EAA+B,0BAA/B;MACD,CAJI;MAKL;MACAuB,eAAe,EAAE,MAAM;IANlB,CAAP;EAQD;;AApDwC;;eAuD5B,IAAId,aAAJ,CAAkBhB,aAAlB,C"}
+{"version":3,"file":"serverStorage.js","names":["sharedStorage","NodeCache","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getItem","setItem","key"],"sources":["../../../lib/server/serverStorage.ts"],"sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport NodeCache from 'node-cache';\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../storage/types';\nimport { AuthSdkError } from '../errors';\n// eslint-disable-next-line import/no-commonjs\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n  nodeCache: any; // NodeCache\n  \n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n  }\n\n  set(name: string, value: string, expiresAt: string): string {\n    // eslint-disable-next-line no-extra-boolean-cast\n    if (!!(Date.parse(expiresAt))) {\n      // Time to expiration in seconds\n      var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n      this.nodeCache.set(name, value, ttl);\n    } else {\n      this.nodeCache.set(name, value);\n    }\n\n    return this.get(name);\n  }\n\n  get(name): string {\n    return this.nodeCache.get(name);\n  }\n\n  delete(name) {\n    return this.nodeCache.del(name);\n  }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n  nodeCache: any; // NodeCache\n  storage: Cookies;\n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n    this.storage = new ServerCookies(nodeCache);\n  }\n\n  testStorageType(storageType: StorageType): boolean {\n    var supported = false;\n    switch (storageType) {\n      case 'memory':\n        supported = true;\n        break;\n      default:\n        break;\n    }\n    return supported;\n  }\n\n  getStorageByType(storageType: StorageType): SimpleStorage {\n    let storageProvider;\n    switch (storageType) {\n      case 'memory':\n        storageProvider = this.getStorage();\n        break;\n      default:\n        throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n        break;\n    }\n    return storageProvider;\n  }\n\n  findStorageType(): StorageType {\n    return 'memory';\n  }\n\n  // shared in-memory using node cache\n  getStorage(): SimpleStorage {\n    return {\n      getItem: this.nodeCache.get,\n      setItem: (key, value) => {\n        this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n      },\n    };\n  }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"mappings":";;;;;;AAgBA;;AAEA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AAIA;AAEA;AACA,MAAMA,aAAa,GAAG,OAAOC,kBAAP,KAAqB,UAArB,GAAkC,IAAIA,kBAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMC,aAAN,CAAuC;EACrB;EAEhBC,WAAW,CAACC,SAAD,EAAY;IACrB,KAAKA,SAAL,GAAiBA,SAAjB;EACD;;EAEDC,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;IAC1D;IACA,IAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;MAC7B;MACA,IAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;MACA,KAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;IACD,CAJD,MAIO;MACL,KAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;IACD;;IAED,OAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;EACD;;EAEDO,GAAG,CAACP,IAAD,EAAe;IAChB,OAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;EACD;;EAEDQ,MAAM,CAACR,IAAD,EAAO;IACX,OAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;EACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;EACzB;EAEhBb,WAAW,CAACC,SAAD,EAAY;IACrB,KAAKA,SAAL,GAAiBA,SAAjB;IACA,KAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;EACD;;EAEDc,eAAe,CAACC,WAAD,EAAoC;IACjD,IAAIC,SAAS,GAAG,KAAhB;;IACA,QAAQD,WAAR;MACE,KAAK,QAAL;QACEC,SAAS,GAAG,IAAZ;QACA;;MACF;QACE;IALJ;;IAOA,OAAOA,SAAP;EACD;;EAEDC,gBAAgB,CAACF,WAAD,EAA0C;IACxD,IAAIG,eAAJ;;IACA,QAAQH,WAAR;MACE,KAAK,QAAL;QACEG,eAAe,GAAG,KAAKC,UAAL,EAAlB;QACA;;MACF;QACE,MAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;QACA;IANJ;;IAQA,OAAOG,eAAP;EACD;;EAEDG,eAAe,GAAgB;IAC7B,OAAO,QAAP;EACD,CAnCwC,CAqCzC;;;EACAF,UAAU,GAAkB;IAC1B,OAAO;MACLG,OAAO,EAAE,KAAKtB,SAAL,CAAeS,GADnB;MAELc,OAAO,EAAE,CAACC,GAAD,EAAMrB,KAAN,KAAgB;QACvB,KAAKH,SAAL,CAAeC,GAAf,CAAmBuB,GAAnB,EAAwBrB,KAAxB,EAA+B,0BAA/B;MACD;IAJI,CAAP;EAMD;;AA7CwC;;eAgD5B,IAAIS,aAAJ,CAAkBhB,aAAlB,C"}

package/cjs/services/AutoRenewService.js

@@ -1,14 +1,14 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.AutoRenewService = void 0;
 
-var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs3/helpers/defineProperty"));
+var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
 
 var _errors = require("../errors");
 
-var _types = require("../types");
+var _types = require("../oidc/types");
 
 var _features = require("../features");
 

package/cjs/services/AutoRenewService.js.map

@@ -1 +1 @@
-{"version":3,"file":"AutoRenewService.js","names":["AutoRenewService","constructor","tokenManager","options","renewTimeQueue","onTokenExpiredHandler","bind","shouldThrottleRenew","res","push","Date","now","length","firstTime","shift","lastTime","requiresLeadership","syncStorage","isBrowser","key","autoRenew","error","AuthSdkError","emitError","renew","catch","autoRemove","remove","canStart","start","stop","on","EVENT_EXPIRED","started","off","isStarted"],"sources":["../../../lib/services/AutoRenewService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { TokenManager } from '../TokenManager';\nimport { AuthSdkError } from '../errors';\nimport { ServiceInterface, ServiceManagerOptions, EVENT_EXPIRED } from '../types';\nimport { isBrowser } from '../features';\n\nexport class AutoRenewService implements ServiceInterface {\n  private tokenManager: TokenManager;\n  private options: ServiceManagerOptions;\n  private renewTimeQueue: Array<number>;\n  private started = false;\n\n  constructor(tokenManager: TokenManager, options: ServiceManagerOptions = {}) {\n    this.tokenManager = tokenManager;\n    this.options = options;\n    this.renewTimeQueue = [];\n    this.onTokenExpiredHandler = this.onTokenExpiredHandler.bind(this);\n  }\n  \n  private shouldThrottleRenew(): boolean {\n    let res = false;\n    this.renewTimeQueue.push(Date.now());\n    if (this.renewTimeQueue.length >= 10) {\n      // get and remove first item from queue\n      const firstTime = this.renewTimeQueue.shift() as number;\n      const lastTime = this.renewTimeQueue[this.renewTimeQueue.length - 1];\n      res = (lastTime - firstTime) < 30 * 1000;\n    }\n    return res;\n  }\n\n  requiresLeadership() {\n    // If tokens sync storage is enabled, handle tokens expiration only in 1 leader tab\n    return !!this.options.syncStorage && isBrowser();\n  }\n\n  private onTokenExpiredHandler(key: string) {\n    if (this.options.autoRenew) {\n      if (this.shouldThrottleRenew()) {\n        const error = new AuthSdkError('Too many token renew requests');\n        this.tokenManager.emitError(error);\n      } else {\n        this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n      }\n    } else if (this.options.autoRemove) {\n      this.tokenManager.remove(key);\n    }\n  }\n\n  canStart() {\n    return (!!this.options.autoRenew || !!this.options.autoRemove);\n  }\n\n  async start() {\n    if (this.canStart()) {\n      await this.stop();\n      this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n      this.started = true;\n    }\n  }\n\n  async stop() {\n    if (this.started) {\n      this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n      this.renewTimeQueue = [];\n      this.started = false;\n    }\n  }\n\n  isStarted() {\n    return this.started;\n  }\n}\n"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,MAAMA,gBAAN,CAAmD;EAMxDC,WAAW,CAACC,YAAD,EAA6BC,OAA8B,GAAG,EAA9D,EAAkE;IAAA,+CAF3D,KAE2D;IAC3E,KAAKD,YAAL,GAAoBA,YAApB;IACA,KAAKC,OAAL,GAAeA,OAAf;IACA,KAAKC,cAAL,GAAsB,EAAtB;IACA,KAAKC,qBAAL,GAA6B,KAAKA,qBAAL,CAA2BC,IAA3B,CAAgC,IAAhC,CAA7B;EACD;;EAEOC,mBAAmB,GAAY;IACrC,IAAIC,GAAG,GAAG,KAAV;IACA,KAAKJ,cAAL,CAAoBK,IAApB,CAAyBC,IAAI,CAACC,GAAL,EAAzB;;IACA,IAAI,KAAKP,cAAL,CAAoBQ,MAApB,IAA8B,EAAlC,EAAsC;MACpC;MACA,MAAMC,SAAS,GAAG,KAAKT,cAAL,CAAoBU,KAApB,EAAlB;MACA,MAAMC,QAAQ,GAAG,KAAKX,cAAL,CAAoB,KAAKA,cAAL,CAAoBQ,MAApB,GAA6B,CAAjD,CAAjB;MACAJ,GAAG,GAAIO,QAAQ,GAAGF,SAAZ,GAAyB,KAAK,IAApC;IACD;;IACD,OAAOL,GAAP;EACD;;EAEDQ,kBAAkB,GAAG;IACnB;IACA,OAAO,CAAC,CAAC,KAAKb,OAAL,CAAac,WAAf,IAA8B,IAAAC,mBAAA,GAArC;EACD;;EAEOb,qBAAqB,CAACc,GAAD,EAAc;IACzC,IAAI,KAAKhB,OAAL,CAAaiB,SAAjB,EAA4B;MAC1B,IAAI,KAAKb,mBAAL,EAAJ,EAAgC;QAC9B,MAAMc,KAAK,GAAG,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAd;QACA,KAAKpB,YAAL,CAAkBqB,SAAlB,CAA4BF,KAA5B;MACD,CAHD,MAGO;QACL,KAAKnB,YAAL,CAAkBsB,KAAlB,CAAwBL,GAAxB,EAA6BM,KAA7B,CAAmC,MAAM,CAAE,CAA3C,EADK,CACyC;MAC/C;IACF,CAPD,MAOO,IAAI,KAAKtB,OAAL,CAAauB,UAAjB,EAA6B;MAClC,KAAKxB,YAAL,CAAkByB,MAAlB,CAAyBR,GAAzB;IACD;EACF;;EAEDS,QAAQ,GAAG;IACT,OAAQ,CAAC,CAAC,KAAKzB,OAAL,CAAaiB,SAAf,IAA4B,CAAC,CAAC,KAAKjB,OAAL,CAAauB,UAAnD;EACD;;EAEU,MAALG,KAAK,GAAG;IACZ,IAAI,KAAKD,QAAL,EAAJ,EAAqB;MACnB,MAAM,KAAKE,IAAL,EAAN;MACA,KAAK5B,YAAL,CAAkB6B,EAAlB,CAAqBC,oBAArB,EAAoC,KAAK3B,qBAAzC;MACA,KAAK4B,OAAL,GAAe,IAAf;IACD;EACF;;EAES,MAAJH,IAAI,GAAG;IACX,IAAI,KAAKG,OAAT,EAAkB;MAChB,KAAK/B,YAAL,CAAkBgC,GAAlB,CAAsBF,oBAAtB,EAAqC,KAAK3B,qBAA1C;MACA,KAAKD,cAAL,GAAsB,EAAtB;MACA,KAAK6B,OAAL,GAAe,KAAf;IACD;EACF;;EAEDE,SAAS,GAAG;IACV,OAAO,KAAKF,OAAZ;EACD;;AAjEuD"}
+{"version":3,"file":"AutoRenewService.js","names":["AutoRenewService","constructor","tokenManager","options","renewTimeQueue","onTokenExpiredHandler","bind","shouldThrottleRenew","res","push","Date","now","length","firstTime","shift","lastTime","requiresLeadership","syncStorage","isBrowser","key","autoRenew","error","AuthSdkError","emitError","renew","catch","autoRemove","remove","canStart","start","stop","on","EVENT_EXPIRED","started","off","isStarted"],"sources":["../../../lib/services/AutoRenewService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport { EVENT_EXPIRED, TokenManagerInterface } from '../oidc/types';\nimport { isBrowser } from '../features';\n\nexport class AutoRenewService implements ServiceInterface {\n  private tokenManager: TokenManagerInterface;\n  private options: ServiceManagerOptions;\n  private renewTimeQueue: Array<number>;\n  private started = false;\n\n  constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n    this.tokenManager = tokenManager;\n    this.options = options;\n    this.renewTimeQueue = [];\n    this.onTokenExpiredHandler = this.onTokenExpiredHandler.bind(this);\n  }\n  \n  private shouldThrottleRenew(): boolean {\n    let res = false;\n    this.renewTimeQueue.push(Date.now());\n    if (this.renewTimeQueue.length >= 10) {\n      // get and remove first item from queue\n      const firstTime = this.renewTimeQueue.shift() as number;\n      const lastTime = this.renewTimeQueue[this.renewTimeQueue.length - 1];\n      res = (lastTime - firstTime) < 30 * 1000;\n    }\n    return res;\n  }\n\n  requiresLeadership() {\n    // If tokens sync storage is enabled, handle tokens expiration only in 1 leader tab\n    return !!this.options.syncStorage && isBrowser();\n  }\n\n  private onTokenExpiredHandler(key: string) {\n    if (this.options.autoRenew) {\n      if (this.shouldThrottleRenew()) {\n        const error = new AuthSdkError('Too many token renew requests');\n        this.tokenManager.emitError(error);\n      } else {\n        this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n      }\n    } else if (this.options.autoRemove) {\n      this.tokenManager.remove(key);\n    }\n  }\n\n  canStart() {\n    return (!!this.options.autoRenew || !!this.options.autoRemove);\n  }\n\n  async start() {\n    if (this.canStart()) {\n      await this.stop();\n      this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n      this.started = true;\n    }\n  }\n\n  async stop() {\n    if (this.started) {\n      this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n      this.renewTimeQueue = [];\n      this.started = false;\n    }\n  }\n\n  isStarted() {\n    return this.started;\n  }\n}\n"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,MAAMA,gBAAN,CAAmD;EAMxDC,WAAW,CAACC,YAAD,EAAsCC,OAA8B,GAAG,EAAvE,EAA2E;IAAA,+CAFpE,KAEoE;IACpF,KAAKD,YAAL,GAAoBA,YAApB;IACA,KAAKC,OAAL,GAAeA,OAAf;IACA,KAAKC,cAAL,GAAsB,EAAtB;IACA,KAAKC,qBAAL,GAA6B,KAAKA,qBAAL,CAA2BC,IAA3B,CAAgC,IAAhC,CAA7B;EACD;;EAEOC,mBAAmB,GAAY;IACrC,IAAIC,GAAG,GAAG,KAAV;IACA,KAAKJ,cAAL,CAAoBK,IAApB,CAAyBC,IAAI,CAACC,GAAL,EAAzB;;IACA,IAAI,KAAKP,cAAL,CAAoBQ,MAApB,IAA8B,EAAlC,EAAsC;MACpC;MACA,MAAMC,SAAS,GAAG,KAAKT,cAAL,CAAoBU,KAApB,EAAlB;MACA,MAAMC,QAAQ,GAAG,KAAKX,cAAL,CAAoB,KAAKA,cAAL,CAAoBQ,MAApB,GAA6B,CAAjD,CAAjB;MACAJ,GAAG,GAAIO,QAAQ,GAAGF,SAAZ,GAAyB,KAAK,IAApC;IACD;;IACD,OAAOL,GAAP;EACD;;EAEDQ,kBAAkB,GAAG;IACnB;IACA,OAAO,CAAC,CAAC,KAAKb,OAAL,CAAac,WAAf,IAA8B,IAAAC,mBAAA,GAArC;EACD;;EAEOb,qBAAqB,CAACc,GAAD,EAAc;IACzC,IAAI,KAAKhB,OAAL,CAAaiB,SAAjB,EAA4B;MAC1B,IAAI,KAAKb,mBAAL,EAAJ,EAAgC;QAC9B,MAAMc,KAAK,GAAG,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAd;QACA,KAAKpB,YAAL,CAAkBqB,SAAlB,CAA4BF,KAA5B;MACD,CAHD,MAGO;QACL,KAAKnB,YAAL,CAAkBsB,KAAlB,CAAwBL,GAAxB,EAA6BM,KAA7B,CAAmC,MAAM,CAAE,CAA3C,EADK,CACyC;MAC/C;IACF,CAPD,MAOO,IAAI,KAAKtB,OAAL,CAAauB,UAAjB,EAA6B;MAClC,KAAKxB,YAAL,CAAkByB,MAAlB,CAAyBR,GAAzB;IACD;EACF;;EAEDS,QAAQ,GAAG;IACT,OAAQ,CAAC,CAAC,KAAKzB,OAAL,CAAaiB,SAAf,IAA4B,CAAC,CAAC,KAAKjB,OAAL,CAAauB,UAAnD;EACD;;EAEU,MAALG,KAAK,GAAG;IACZ,IAAI,KAAKD,QAAL,EAAJ,EAAqB;MACnB,MAAM,KAAKE,IAAL,EAAN;MACA,KAAK5B,YAAL,CAAkB6B,EAAlB,CAAqBC,oBAArB,EAAoC,KAAK3B,qBAAzC;MACA,KAAK4B,OAAL,GAAe,IAAf;IACD;EACF;;EAES,MAAJH,IAAI,GAAG;IACX,IAAI,KAAKG,OAAT,EAAkB;MAChB,KAAK/B,YAAL,CAAkBgC,GAAlB,CAAsBF,oBAAtB,EAAqC,KAAK3B,qBAA1C;MACA,KAAKD,cAAL,GAAsB,EAAtB;MACA,KAAK6B,OAAL,GAAe,KAAf;IACD;EACF;;EAEDE,SAAS,GAAG;IACV,OAAO,KAAKF,OAAZ;EACD;;AAjEuD"}

package/cjs/services/LeaderElectionService.js

@@ -1,12 +1,10 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.LeaderElectionService = void 0;
 
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
-var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs3/helpers/defineProperty"));
+var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
 
 var _broadcastChannel = require("broadcast-channel");
 
@@ -75,7 +73,7 @@ class LeaderElectionService {
 
       if (this.channel) {
         // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`
-        this.channel.postInternal = () => _promise.default.resolve();
+        this.channel.postInternal = () => Promise.resolve();
 
         await this.channel.close();
         this.channel = undefined;

package/cjs/services/LeaderElectionService.js.map

@@ -1 +1 @@
-{"version":3,"file":"LeaderElectionService.js","names":["LeaderElectionService","constructor","options","onLeaderDuplicate","bind","onLeader","isLeader","elector","hasLeader","start","stop","canStart","electionChannelName","channel","BroadcastChannel","createLeaderElection","onduplicate","awaitLeadership","then","started","die","undefined","postInternal","resolve","close","requiresLeadership","isStarted","isBrowser"],"sources":["../../../lib/services/LeaderElectionService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../types';\nimport {\n  BroadcastChannel,\n  createLeaderElection,\n  LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n  onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n  private options: ServiceOptions;\n  private channel?: BroadcastChannel;\n  private elector?: LeaderElector;\n  private started = false;\n\n  constructor(options: ServiceOptions = {}) {\n    this.options = options;\n    this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n    this.onLeader = this.onLeader.bind(this);\n  }\n\n  private onLeaderDuplicate() {\n  }\n\n  private async onLeader() {\n    await this.options.onLeader?.();\n  }\n\n  isLeader() {\n    return !!this.elector?.isLeader;\n  }\n\n  hasLeader() {\n    return !!this.elector?.hasLeader;\n  }\n\n  async start() {\n    await this.stop();\n    if (this.canStart()) {\n      const { electionChannelName } = this.options;\n      this.channel = new BroadcastChannel(electionChannelName as string);\n      this.elector = createLeaderElection(this.channel);\n      this.elector.onduplicate = this.onLeaderDuplicate;\n      this.elector.awaitLeadership().then(this.onLeader);\n      this.started = true;\n    }\n  }\n\n  async stop() {\n    if (this.started) {\n      if (this.elector) {\n        await this.elector.die();\n        this.elector = undefined;\n      }\n      if (this.channel) {\n        // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n        (this.channel as any).postInternal = () => Promise.resolve();\n        await this.channel.close();\n        this.channel = undefined;\n      }\n      this.started = false;\n    }\n  }\n\n  requiresLeadership() {\n    return false;\n  }\n\n  isStarted() {\n    return this.started;\n  }\n\n  canStart() {\n    return isBrowser();\n  }\n\n}\n"],"mappings":";;;;;;;;;;AAcA;;AAKA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAgBO,MAAMA,qBAAN,CAAwD;EAM7DC,WAAW,CAACC,OAAuB,GAAG,EAA3B,EAA+B;IAAA,+CAFxB,KAEwB;IACxC,KAAKA,OAAL,GAAeA,OAAf;IACA,KAAKC,iBAAL,GAAyB,KAAKA,iBAAL,CAAuBC,IAAvB,CAA4B,IAA5B,CAAzB;IACA,KAAKC,QAAL,GAAgB,KAAKA,QAAL,CAAcD,IAAd,CAAmB,IAAnB,CAAhB;EACD;;EAEOD,iBAAiB,GAAG,CAC3B;;EAEqB,MAARE,QAAQ,GAAG;IAAA;;IACvB,gCAAM,sBAAKH,OAAL,EAAaG,QAAnB,0DAAM,yCAAN;EACD;;EAEDC,QAAQ,GAAG;IAAA;;IACT,OAAO,CAAC,mBAAC,KAAKC,OAAN,0CAAC,cAAcD,QAAf,CAAR;EACD;;EAEDE,SAAS,GAAG;IAAA;;IACV,OAAO,CAAC,oBAAC,KAAKD,OAAN,2CAAC,eAAcC,SAAf,CAAR;EACD;;EAEU,MAALC,KAAK,GAAG;IACZ,MAAM,KAAKC,IAAL,EAAN;;IACA,IAAI,KAAKC,QAAL,EAAJ,EAAqB;MACnB,MAAM;QAAEC;MAAF,IAA0B,KAAKV,OAArC;MACA,KAAKW,OAAL,GAAe,IAAIC,kCAAJ,CAAqBF,mBAArB,CAAf;MACA,KAAKL,OAAL,GAAe,IAAAQ,sCAAA,EAAqB,KAAKF,OAA1B,CAAf;MACA,KAAKN,OAAL,CAAaS,WAAb,GAA2B,KAAKb,iBAAhC;MACA,KAAKI,OAAL,CAAaU,eAAb,GAA+BC,IAA/B,CAAoC,KAAKb,QAAzC;MACA,KAAKc,OAAL,GAAe,IAAf;IACD;EACF;;EAES,MAAJT,IAAI,GAAG;IACX,IAAI,KAAKS,OAAT,EAAkB;MAChB,IAAI,KAAKZ,OAAT,EAAkB;QAChB,MAAM,KAAKA,OAAL,CAAaa,GAAb,EAAN;QACA,KAAKb,OAAL,GAAec,SAAf;MACD;;MACD,IAAI,KAAKR,OAAT,EAAkB;QAChB;QACC,KAAKA,OAAN,CAAsBS,YAAtB,GAAqC,MAAM,iBAAQC,OAAR,EAA3C;;QACA,MAAM,KAAKV,OAAL,CAAaW,KAAb,EAAN;QACA,KAAKX,OAAL,GAAeQ,SAAf;MACD;;MACD,KAAKF,OAAL,GAAe,KAAf;IACD;EACF;;EAEDM,kBAAkB,GAAG;IACnB,OAAO,KAAP;EACD;;EAEDC,SAAS,GAAG;IACV,OAAO,KAAKP,OAAZ;EACD;;EAEDR,QAAQ,GAAG;IACT,OAAO,IAAAgB,mBAAA,GAAP;EACD;;AAjE4D"}
+{"version":3,"file":"LeaderElectionService.js","names":["LeaderElectionService","constructor","options","onLeaderDuplicate","bind","onLeader","isLeader","elector","hasLeader","start","stop","canStart","electionChannelName","channel","BroadcastChannel","createLeaderElection","onduplicate","awaitLeadership","then","started","die","undefined","postInternal","Promise","resolve","close","requiresLeadership","isStarted","isBrowser"],"sources":["../../../lib/services/LeaderElectionService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n  BroadcastChannel,\n  createLeaderElection,\n  LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n  onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n  private options: ServiceOptions;\n  private channel?: BroadcastChannel;\n  private elector?: LeaderElector;\n  private started = false;\n\n  constructor(options: ServiceOptions = {}) {\n    this.options = options;\n    this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n    this.onLeader = this.onLeader.bind(this);\n  }\n\n  private onLeaderDuplicate() {\n  }\n\n  private async onLeader() {\n    await this.options.onLeader?.();\n  }\n\n  isLeader() {\n    return !!this.elector?.isLeader;\n  }\n\n  hasLeader() {\n    return !!this.elector?.hasLeader;\n  }\n\n  async start() {\n    await this.stop();\n    if (this.canStart()) {\n      const { electionChannelName } = this.options;\n      this.channel = new BroadcastChannel(electionChannelName as string);\n      this.elector = createLeaderElection(this.channel);\n      this.elector.onduplicate = this.onLeaderDuplicate;\n      this.elector.awaitLeadership().then(this.onLeader);\n      this.started = true;\n    }\n  }\n\n  async stop() {\n    if (this.started) {\n      if (this.elector) {\n        await this.elector.die();\n        this.elector = undefined;\n      }\n      if (this.channel) {\n        // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n        (this.channel as any).postInternal = () => Promise.resolve();\n        await this.channel.close();\n        this.channel = undefined;\n      }\n      this.started = false;\n    }\n  }\n\n  requiresLeadership() {\n    return false;\n  }\n\n  isStarted() {\n    return this.started;\n  }\n\n  canStart() {\n    return isBrowser();\n  }\n\n}\n"],"mappings":";;;;;;;;AAcA;;AAKA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAgBO,MAAMA,qBAAN,CAAwD;EAM7DC,WAAW,CAACC,OAAuB,GAAG,EAA3B,EAA+B;IAAA,+CAFxB,KAEwB;IACxC,KAAKA,OAAL,GAAeA,OAAf;IACA,KAAKC,iBAAL,GAAyB,KAAKA,iBAAL,CAAuBC,IAAvB,CAA4B,IAA5B,CAAzB;IACA,KAAKC,QAAL,GAAgB,KAAKA,QAAL,CAAcD,IAAd,CAAmB,IAAnB,CAAhB;EACD;;EAEOD,iBAAiB,GAAG,CAC3B;;EAEqB,MAARE,QAAQ,GAAG;IAAA;;IACvB,gCAAM,sBAAKH,OAAL,EAAaG,QAAnB,0DAAM,yCAAN;EACD;;EAEDC,QAAQ,GAAG;IAAA;;IACT,OAAO,CAAC,mBAAC,KAAKC,OAAN,0CAAC,cAAcD,QAAf,CAAR;EACD;;EAEDE,SAAS,GAAG;IAAA;;IACV,OAAO,CAAC,oBAAC,KAAKD,OAAN,2CAAC,eAAcC,SAAf,CAAR;EACD;;EAEU,MAALC,KAAK,GAAG;IACZ,MAAM,KAAKC,IAAL,EAAN;;IACA,IAAI,KAAKC,QAAL,EAAJ,EAAqB;MACnB,MAAM;QAAEC;MAAF,IAA0B,KAAKV,OAArC;MACA,KAAKW,OAAL,GAAe,IAAIC,kCAAJ,CAAqBF,mBAArB,CAAf;MACA,KAAKL,OAAL,GAAe,IAAAQ,sCAAA,EAAqB,KAAKF,OAA1B,CAAf;MACA,KAAKN,OAAL,CAAaS,WAAb,GAA2B,KAAKb,iBAAhC;MACA,KAAKI,OAAL,CAAaU,eAAb,GAA+BC,IAA/B,CAAoC,KAAKb,QAAzC;MACA,KAAKc,OAAL,GAAe,IAAf;IACD;EACF;;EAES,MAAJT,IAAI,GAAG;IACX,IAAI,KAAKS,OAAT,EAAkB;MAChB,IAAI,KAAKZ,OAAT,EAAkB;QAChB,MAAM,KAAKA,OAAL,CAAaa,GAAb,EAAN;QACA,KAAKb,OAAL,GAAec,SAAf;MACD;;MACD,IAAI,KAAKR,OAAT,EAAkB;QAChB;QACC,KAAKA,OAAN,CAAsBS,YAAtB,GAAqC,MAAMC,OAAO,CAACC,OAAR,EAA3C;;QACA,MAAM,KAAKX,OAAL,CAAaY,KAAb,EAAN;QACA,KAAKZ,OAAL,GAAeQ,SAAf;MACD;;MACD,KAAKF,OAAL,GAAe,KAAf;IACD;EACF;;EAEDO,kBAAkB,GAAG;IACnB,OAAO,KAAP;EACD;;EAEDC,SAAS,GAAG;IACV,OAAO,KAAKR,OAAZ;EACD;;EAEDR,QAAQ,GAAG;IACT,OAAO,IAAAiB,mBAAA,GAAP;EACD;;AAjE4D"}

package/cjs/services/SyncStorageService.js

@@ -1,16 +1,18 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.SyncStorageService = void 0;
 
-var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs3/helpers/defineProperty"));
+var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
 
 var _broadcastChannel = require("broadcast-channel");
 
 var _features = require("../features");
 
-var _types = require("../types");
+var _types = require("../oidc/types");
+
+var _errors = require("../errors");
 
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -45,26 +47,32 @@ class SyncStorageService {
   }
 
   canStart() {
-    // TODO: canStart logic should depend on canUse logic from broadcast-channel 
-    // instead of the storage that TokenManager uses
-    // JIRA: https://oktainc.atlassian.net/browse/OKTA-529631
-    return !!this.options.syncStorage && (0, _features.isBrowser)() && this.tokenManager.hasSharedStorage();
+    return !!this.options.syncStorage && (0, _features.isBrowser)();
   }
 
   async start() {
-    if (this.canStart()) {
-      await this.stop();
-      const {
-        syncChannelName
-      } = this.options;
+    if (!this.canStart()) {
+      return;
+    }
+
+    await this.stop();
+    const {
+      syncChannelName
+    } = this.options;
+
+    try {
+      // BroadcastChannel throws if no supported method can be found
       this.channel = new _broadcastChannel.BroadcastChannel(syncChannelName);
-      this.tokenManager.on(_types.EVENT_ADDED, this.onTokenAddedHandler);
-      this.tokenManager.on(_types.EVENT_REMOVED, this.onTokenRemovedHandler);
-      this.tokenManager.on(_types.EVENT_RENEWED, this.onTokenRenewedHandler);
-      this.tokenManager.on(_types.EVENT_SET_STORAGE, this.onSetStorageHandler);
-      this.channel.addEventListener('message', this.onSyncMessageHandler);
-      this.started = true;
+    } catch (err) {
+      throw new _errors.AuthSdkError('SyncStorageService is not supported in current browser.');
     }
+
+    this.tokenManager.on(_types.EVENT_ADDED, this.onTokenAddedHandler);
+    this.tokenManager.on(_types.EVENT_REMOVED, this.onTokenRemovedHandler);
+    this.tokenManager.on(_types.EVENT_RENEWED, this.onTokenRenewedHandler);
+    this.tokenManager.on(_types.EVENT_SET_STORAGE, this.onSetStorageHandler);
+    this.channel.addEventListener('message', this.onSyncMessageHandler);
+    this.started = true;
   }
 
   async stop() {