@okta/okta-auth-js 6.9.0 → 7.0.1

package/cjs/myaccount/request.js.map

@@ -1 +1 @@
-{"version":3,"file":"request.js","names":["parseInsufficientAuthenticationError","header","AuthSdkError","split","part","acc","curr","replace","sendRequest","oktaAuth","options","accessToken","accessTokenObj","idToken","idTokenObj","tokenManager","getTokensSync","issuer","url","method","payload","requestUrl","res","httpRequest","headers","args","err","errorResp","xhr","status","error","error_description","max_age","insufficientAuthenticationError","AuthApiError","errorSummary","errorCauses","map","EmailTransaction","EmailStatusTransaction","EmailChallengeTransaction","ProfileTransaction","ProfileSchemaTransaction","PhoneTransaction","TransactionClass","transactionClassName","BaseTransaction","Array","isArray","item","generateRequestFnFromLinks","methodName","links","toLowerCase","link","self","href","hints","allow"],"sources":["../../../lib/myaccount/request.ts"],"sourcesContent":["import { \n  BaseTransaction,\n  EmailTransaction,\n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PhoneTransaction\n} from './transactions';\nimport { httpRequest } from '../http';\nimport { AuthApiError, AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { OktaAuthInterface } from '../types';\n\nexport type TransactionLink = {\n  href: string;\n  hints?: {\n    allow?: string[];\n  };\n}\n\ntype TransactionLinks = {\n  self: TransactionLink;\n  [property: string]: TransactionLink;\n}\n\ntype SendRequestOptions = RequestOptions & {\n  url: string;\n  method: string;\n  transactionClassName?: string;\n}\n\ntype InsufficientAuthenticationError = {\n  error: string;\n  // eslint-disable-next-line camelcase\n  error_description: string;\n  // eslint-disable-next-line camelcase\n  max_age: string;\n}\n\nconst parseInsufficientAuthenticationError = (\n  header: string\n): InsufficientAuthenticationError => {\n  if (!header) {\n    throw new AuthSdkError('Missing header string');\n  }\n\n  return header\n    .split(',')\n    .map(part => part.trim())\n    .map(part => part.split('='))\n    .reduce((acc, curr) => {\n      // unwrap quotes from value\n      acc[curr[0]] = curr[1].replace(/^\"(.*)\"$/, '$1');\n      return acc;\n    }, {}) as InsufficientAuthenticationError;\n};\n\n/* eslint-disable complexity */\nexport async function sendRequest<T extends BaseTransaction> (\n  oktaAuth: OktaAuthInterface, \n  options: SendRequestOptions\n): Promise<T | T[]> {\n  const { \n    accessToken: accessTokenObj,\n    idToken: idTokenObj \n  } = oktaAuth.tokenManager.getTokensSync();\n  \n  const idToken = idTokenObj?.idToken;\n  const accessToken = options.accessToken || accessTokenObj?.accessToken;\n  const { issuer } = oktaAuth.options;\n  const { url, method, payload } = options;\n  const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n  if (!accessToken) {\n    throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n  }\n  \n  let res;\n  try {\n    res = await httpRequest(oktaAuth, {\n      headers: { 'Accept': '*/*;okta-version=1.0.0' },\n      accessToken,\n      url: requestUrl,\n      method,\n      ...(payload && { args: payload })\n    });\n  } catch (err) {\n    const errorResp = (err as AuthApiError).xhr;\n    if (idToken && errorResp?.status === 403 && !!errorResp?.headers?.['www-authenticate']) {\n      const { \n        error, \n        // eslint-disable-next-line camelcase\n        error_description,\n        // eslint-disable-next-line camelcase\n        max_age \n      } = parseInsufficientAuthenticationError(errorResp?.headers?.['www-authenticate']);\n      if (error === 'insufficient_authentication_context') {\n        const insufficientAuthenticationError = new AuthApiError(\n          { \n            errorSummary: error,\n            // eslint-disable-next-line camelcase\n            errorCauses: [{ errorSummary: error_description }]\n          }, \n          errorResp, \n          // eslint-disable-next-line camelcase\n          { max_age: +max_age }\n        );\n        throw insufficientAuthenticationError;\n      } else {\n        throw err;\n      }\n    } else {\n      throw err;\n    }\n  }\n\n  const map = {\n    EmailTransaction,\n    EmailStatusTransaction,\n    EmailChallengeTransaction,\n    ProfileTransaction,\n    ProfileSchemaTransaction,\n    PhoneTransaction\n  };\n  const TransactionClass = map[options.transactionClassName!] || BaseTransaction;\n\n  if (Array.isArray(res)) {\n    return res.map(item => new TransactionClass(oktaAuth, { \n      res: item, \n      accessToken\n    }));\n  }\n\n  return new TransactionClass(oktaAuth, { \n    res, \n    accessToken\n  });\n}\n/* eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n  oktaAuth: OktaAuthInterface;\n  accessToken: string;\n  methodName: string;\n  links: TransactionLinks;\n  transactionClassName?: string;\n}\n\ntype IRequestFnFromLinks = <T extends BaseTransaction>(payload?) => Promise<T | T[]>;\n\nexport function generateRequestFnFromLinks ({\n  oktaAuth, \n  accessToken,\n  methodName,\n  links,\n  transactionClassName\n}: GenerateRequestFnFromLinksOptions): IRequestFnFromLinks {\n  for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n    if (method.toLowerCase() === methodName) {\n      const link = links.self;\n      return (async (payload?) => sendRequest(oktaAuth, {\n        accessToken,\n        url: link.href,\n        method,\n        payload,\n        transactionClassName\n      }));\n    }\n  }\n  \n  const link = links[methodName];\n  if (!link) {\n    throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n  }\n\n  return (async (payload?) => sendRequest(oktaAuth, {\n    accessToken,\n    url: link.href,\n    method: link.hints!.allow![0],\n    payload,\n    transactionClassName\n  }));\n}\n"],"mappings":";;;;;;;;;;;;;;;AAAA;;AASA;;AACA;;AA8BA,MAAMA,oCAAoC,GACxCC,MAD2C,IAEP;EAAA;;EACpC,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAIC,oBAAJ,CAAiB,uBAAjB,CAAN;EACD;;EAED,OAAO,4FAAAD,MAAM,CACVE,KADI,CACE,GADF,mBAEAC,IAAI,IAAI,mBAAAA,IAAI,MAAJ,CAAAA,IAAI,CAFZ,mBAGAA,IAAI,IAAIA,IAAI,CAACD,KAAL,CAAW,GAAX,CAHR,kBAIG,CAACE,GAAD,EAAMC,IAAN,KAAe;IACrB;IACAD,GAAG,CAACC,IAAI,CAAC,CAAD,CAAL,CAAH,GAAeA,IAAI,CAAC,CAAD,CAAJ,CAAQC,OAAR,CAAgB,UAAhB,EAA4B,IAA5B,CAAf;IACA,OAAOF,GAAP;EACD,CARI,EAQF,EARE,CAAP;AASD,CAhBD;AAkBA;;;AACO,eAAeG,WAAf,CACLC,QADK,EAELC,OAFK,EAGa;EAClB,MAAM;IACJC,WAAW,EAAEC,cADT;IAEJC,OAAO,EAAEC;EAFL,IAGFL,QAAQ,CAACM,YAAT,CAAsBC,aAAtB,EAHJ;EAKA,MAAMH,OAAO,GAAGC,UAAH,aAAGA,UAAH,uBAAGA,UAAU,CAAED,OAA5B;EACA,MAAMF,WAAW,GAAGD,OAAO,CAACC,WAAR,KAAuBC,cAAvB,aAAuBA,cAAvB,uBAAuBA,cAAc,CAAED,WAAvC,CAApB;EACA,MAAM;IAAEM;EAAF,IAAaR,QAAQ,CAACC,OAA5B;EACA,MAAM;IAAEQ,GAAF;IAAOC,MAAP;IAAeC;EAAf,IAA2BV,OAAjC;EACA,MAAMW,UAAU,GAAG,yBAAAH,GAAG,MAAH,CAAAA,GAAG,EAAYD,MAAZ,CAAH,GAA0BC,GAA1B,GAAiC,GAAED,MAAO,GAAEC,GAAI,EAAnE;;EAEA,IAAI,CAACP,WAAL,EAAkB;IAChB,MAAM,IAAIT,oBAAJ,CAAiB,6DAAjB,CAAN;EACD;;EAED,IAAIoB,GAAJ;;EACA,IAAI;IACFA,GAAG,GAAG,MAAM,IAAAC,iBAAA,EAAYd,QAAZ,EAAsB;MAChCe,OAAO,EAAE;QAAE,UAAU;MAAZ,CADuB;MAEhCb,WAFgC;MAGhCO,GAAG,EAAEG,UAH2B;MAIhCF,MAJgC;MAKhC,IAAIC,OAAO,IAAI;QAAEK,IAAI,EAAEL;MAAR,CAAf;IALgC,CAAtB,CAAZ;EAOD,CARD,CAQE,OAAOM,GAAP,EAAY;IAAA;;IACZ,MAAMC,SAAS,GAAID,GAAD,CAAsBE,GAAxC;;IACA,IAAIf,OAAO,IAAI,CAAAc,SAAS,SAAT,IAAAA,SAAS,WAAT,YAAAA,SAAS,CAAEE,MAAX,MAAsB,GAAjC,IAAwC,CAAC,EAACF,SAAD,aAACA,SAAD,qCAACA,SAAS,CAAEH,OAAZ,+CAAC,mBAAqB,kBAArB,CAAD,CAA7C,EAAwF;MAAA;;MACtF,MAAM;QACJM,KADI;QAEJ;QACAC,iBAHI;QAIJ;QACAC;MALI,IAMFhC,oCAAoC,CAAC2B,SAAD,aAACA,SAAD,8CAACA,SAAS,CAAEH,OAAZ,wDAAC,oBAAqB,kBAArB,CAAD,CANxC;;MAOA,IAAIM,KAAK,KAAK,qCAAd,EAAqD;QACnD,MAAMG,+BAA+B,GAAG,IAAIC,oBAAJ,CACtC;UACEC,YAAY,EAAEL,KADhB;UAEE;UACAM,WAAW,EAAE,CAAC;YAAED,YAAY,EAAEJ;UAAhB,CAAD;QAHf,CADsC,EAMtCJ,SANsC,EAOtC;QACA;UAAEK,OAAO,EAAE,CAACA;QAAZ,CARsC,CAAxC;QAUA,MAAMC,+BAAN;MACD,CAZD,MAYO;QACL,MAAMP,GAAN;MACD;IACF,CAvBD,MAuBO;MACL,MAAMA,GAAN;IACD;EACF;;EAED,MAAMW,GAAG,GAAG;IACVC,gBAAgB,EAAhBA,8BADU;IAEVC,sBAAsB,EAAtBA,oCAFU;IAGVC,yBAAyB,EAAzBA,uCAHU;IAIVC,kBAAkB,EAAlBA,gCAJU;IAKVC,wBAAwB,EAAxBA,sCALU;IAMVC,gBAAgB,EAAhBA;EANU,CAAZ;EAQA,MAAMC,gBAAgB,GAAGP,GAAG,CAAC3B,OAAO,CAACmC,oBAAT,CAAH,IAAsCC,6BAA/D;;EAEA,IAAIC,KAAK,CAACC,OAAN,CAAc1B,GAAd,CAAJ,EAAwB;IACtB,OAAO,kBAAAA,GAAG,MAAH,CAAAA,GAAG,EAAK2B,IAAI,IAAI,IAAIL,gBAAJ,CAAqBnC,QAArB,EAA+B;MACpDa,GAAG,EAAE2B,IAD+C;MAEpDtC;IAFoD,CAA/B,CAAb,CAAV;EAID;;EAED,OAAO,IAAIiC,gBAAJ,CAAqBnC,QAArB,EAA+B;IACpCa,GADoC;IAEpCX;EAFoC,CAA/B,CAAP;AAID;AACD;;;AAYO,SAASuC,0BAAT,CAAqC;EAC1CzC,QAD0C;EAE1CE,WAF0C;EAG1CwC,UAH0C;EAI1CC,KAJ0C;EAK1CP;AAL0C,CAArC,EAMoD;EACzD,KAAK,MAAM1B,MAAX,IAAqB,CAAC,KAAD,EAAQ,MAAR,EAAgB,KAAhB,EAAuB,QAAvB,CAArB,EAAuD;IACrD,IAAIA,MAAM,CAACkC,WAAP,OAAyBF,UAA7B,EAAyC;MACvC,MAAMG,IAAI,GAAGF,KAAK,CAACG,IAAnB;MACA,OAAQ,MAAOnC,OAAP,IAAoBZ,WAAW,CAACC,QAAD,EAAW;QAChDE,WADgD;QAEhDO,GAAG,EAAEoC,IAAI,CAACE,IAFsC;QAGhDrC,MAHgD;QAIhDC,OAJgD;QAKhDyB;MALgD,CAAX,CAAvC;IAOD;EACF;;EAED,MAAMS,IAAI,GAAGF,KAAK,CAACD,UAAD,CAAlB;;EACA,IAAI,CAACG,IAAL,EAAW;IACT,MAAM,IAAIpD,oBAAJ,CAAkB,qCAAoCiD,UAAW,EAAjE,CAAN;EACD;;EAED,OAAQ,MAAO/B,OAAP,IAAoBZ,WAAW,CAACC,QAAD,EAAW;IAChDE,WADgD;IAEhDO,GAAG,EAAEoC,IAAI,CAACE,IAFsC;IAGhDrC,MAAM,EAAEmC,IAAI,CAACG,KAAL,CAAYC,KAAZ,CAAmB,CAAnB,CAHwC;IAIhDtC,OAJgD;IAKhDyB;EALgD,CAAX,CAAvC;AAOD"}
+{"version":3,"file":"request.js","names":["parseInsufficientAuthenticationError","header","AuthSdkError","split","map","part","trim","reduce","acc","curr","replace","sendRequest","oktaAuth","options","accessToken","accessTokenObj","idToken","idTokenObj","tokenManager","getTokensSync","issuer","url","method","payload","requestUrl","startsWith","res","httpRequest","headers","args","err","errorResp","xhr","status","error","error_description","max_age","insufficientAuthenticationError","AuthApiError","errorSummary","errorCauses","EmailTransaction","EmailStatusTransaction","EmailChallengeTransaction","ProfileTransaction","ProfileSchemaTransaction","PhoneTransaction","TransactionClass","transactionClassName","BaseTransaction","Array","isArray","item","generateRequestFnFromLinks","methodName","links","toLowerCase","link","self","href","hints","allow"],"sources":["../../../lib/myaccount/request.ts"],"sourcesContent":["import { \n  BaseTransaction,\n  EmailTransaction,\n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PhoneTransaction\n} from './transactions';\nimport { httpRequest } from '../http';\nimport { AuthApiError, AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\n\nexport type TransactionLink = {\n  href: string;\n  hints?: {\n    allow?: string[];\n  };\n}\n\ntype TransactionLinks = {\n  self: TransactionLink;\n  [property: string]: TransactionLink;\n}\n\ntype SendRequestOptions = RequestOptions & {\n  url: string;\n  method: string;\n  transactionClassName?: string;\n}\n\ntype InsufficientAuthenticationError = {\n  error: string;\n  // eslint-disable-next-line camelcase\n  error_description: string;\n  // eslint-disable-next-line camelcase\n  max_age: string;\n}\n\nconst parseInsufficientAuthenticationError = (\n  header: string\n): InsufficientAuthenticationError => {\n  if (!header) {\n    throw new AuthSdkError('Missing header string');\n  }\n\n  return header\n    .split(',')\n    .map(part => part.trim())\n    .map(part => part.split('='))\n    .reduce((acc, curr) => {\n      // unwrap quotes from value\n      acc[curr[0]] = curr[1].replace(/^\"(.*)\"$/, '$1');\n      return acc;\n    }, {}) as InsufficientAuthenticationError;\n};\n\n/* eslint-disable complexity */\nexport async function sendRequest<T extends BaseTransaction> (\n  oktaAuth: OktaAuthOAuthInterface, \n  options: SendRequestOptions\n): Promise<T | T[]> {\n  const { \n    accessToken: accessTokenObj,\n    idToken: idTokenObj \n  } = oktaAuth.tokenManager.getTokensSync();\n  \n  const idToken = idTokenObj?.idToken;\n  const accessToken = options.accessToken || accessTokenObj?.accessToken;\n  const { issuer } = oktaAuth.options;\n  const { url, method, payload } = options;\n  const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n  if (!accessToken) {\n    throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n  }\n  \n  let res;\n  try {\n    res = await httpRequest(oktaAuth, {\n      headers: { 'Accept': '*/*;okta-version=1.0.0' },\n      accessToken,\n      url: requestUrl,\n      method,\n      ...(payload && { args: payload })\n    });\n  } catch (err) {\n    const errorResp = (err as AuthApiError).xhr;\n    if (idToken && errorResp?.status === 403 && !!errorResp?.headers?.['www-authenticate']) {\n      const { \n        error, \n        // eslint-disable-next-line camelcase\n        error_description,\n        // eslint-disable-next-line camelcase\n        max_age \n      } = parseInsufficientAuthenticationError(errorResp?.headers?.['www-authenticate']);\n      if (error === 'insufficient_authentication_context') {\n        const insufficientAuthenticationError = new AuthApiError(\n          { \n            errorSummary: error,\n            // eslint-disable-next-line camelcase\n            errorCauses: [{ errorSummary: error_description }]\n          }, \n          errorResp, \n          // eslint-disable-next-line camelcase\n          { max_age: +max_age }\n        );\n        throw insufficientAuthenticationError;\n      } else {\n        throw err;\n      }\n    } else {\n      throw err;\n    }\n  }\n\n  const map = {\n    EmailTransaction,\n    EmailStatusTransaction,\n    EmailChallengeTransaction,\n    ProfileTransaction,\n    ProfileSchemaTransaction,\n    PhoneTransaction\n  };\n  const TransactionClass = map[options.transactionClassName!] || BaseTransaction;\n\n  if (Array.isArray(res)) {\n    return res.map(item => new TransactionClass(oktaAuth, { \n      res: item, \n      accessToken\n    }));\n  }\n\n  return new TransactionClass(oktaAuth, { \n    res, \n    accessToken\n  });\n}\n/* eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n  oktaAuth: OktaAuthOAuthInterface;\n  accessToken: string;\n  methodName: string;\n  links: TransactionLinks;\n  transactionClassName?: string;\n}\n\ntype IRequestFnFromLinks = <T extends BaseTransaction>(payload?) => Promise<T | T[]>;\n\nexport function generateRequestFnFromLinks ({\n  oktaAuth, \n  accessToken,\n  methodName,\n  links,\n  transactionClassName\n}: GenerateRequestFnFromLinksOptions): IRequestFnFromLinks {\n  for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n    if (method.toLowerCase() === methodName) {\n      const link = links.self;\n      return (async (payload?) => sendRequest(oktaAuth, {\n        accessToken,\n        url: link.href,\n        method,\n        payload,\n        transactionClassName\n      }));\n    }\n  }\n  \n  const link = links[methodName];\n  if (!link) {\n    throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n  }\n\n  return (async (payload?) => sendRequest(oktaAuth, {\n    accessToken,\n    url: link.href,\n    method: link.hints!.allow![0],\n    payload,\n    transactionClassName\n  }));\n}\n"],"mappings":";;;;;AAAA;;AASA;;AACA;;AA8BA,MAAMA,oCAAoC,GACxCC,MAD2C,IAEP;EACpC,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAIC,oBAAJ,CAAiB,uBAAjB,CAAN;EACD;;EAED,OAAOD,MAAM,CACVE,KADI,CACE,GADF,EAEJC,GAFI,CAEAC,IAAI,IAAIA,IAAI,CAACC,IAAL,EAFR,EAGJF,GAHI,CAGAC,IAAI,IAAIA,IAAI,CAACF,KAAL,CAAW,GAAX,CAHR,EAIJI,MAJI,CAIG,CAACC,GAAD,EAAMC,IAAN,KAAe;IACrB;IACAD,GAAG,CAACC,IAAI,CAAC,CAAD,CAAL,CAAH,GAAeA,IAAI,CAAC,CAAD,CAAJ,CAAQC,OAAR,CAAgB,UAAhB,EAA4B,IAA5B,CAAf;IACA,OAAOF,GAAP;EACD,CARI,EAQF,EARE,CAAP;AASD,CAhBD;AAkBA;;;AACO,eAAeG,WAAf,CACLC,QADK,EAELC,OAFK,EAGa;EAClB,MAAM;IACJC,WAAW,EAAEC,cADT;IAEJC,OAAO,EAAEC;EAFL,IAGFL,QAAQ,CAACM,YAAT,CAAsBC,aAAtB,EAHJ;EAKA,MAAMH,OAAO,GAAGC,UAAH,aAAGA,UAAH,uBAAGA,UAAU,CAAED,OAA5B;EACA,MAAMF,WAAW,GAAGD,OAAO,CAACC,WAAR,KAAuBC,cAAvB,aAAuBA,cAAvB,uBAAuBA,cAAc,CAAED,WAAvC,CAApB;EACA,MAAM;IAAEM;EAAF,IAAaR,QAAQ,CAACC,OAA5B;EACA,MAAM;IAAEQ,GAAF;IAAOC,MAAP;IAAeC;EAAf,IAA2BV,OAAjC;EACA,MAAMW,UAAU,GAAGH,GAAG,CAACI,UAAJ,CAAeL,MAAf,IAA0BC,GAA1B,GAAiC,GAAED,MAAO,GAAEC,GAAI,EAAnE;;EAEA,IAAI,CAACP,WAAL,EAAkB;IAChB,MAAM,IAAIZ,oBAAJ,CAAiB,6DAAjB,CAAN;EACD;;EAED,IAAIwB,GAAJ;;EACA,IAAI;IACFA,GAAG,GAAG,MAAM,IAAAC,iBAAA,EAAYf,QAAZ,EAAsB;MAChCgB,OAAO,EAAE;QAAE,UAAU;MAAZ,CADuB;MAEhCd,WAFgC;MAGhCO,GAAG,EAAEG,UAH2B;MAIhCF,MAJgC;MAKhC,IAAIC,OAAO,IAAI;QAAEM,IAAI,EAAEN;MAAR,CAAf;IALgC,CAAtB,CAAZ;EAOD,CARD,CAQE,OAAOO,GAAP,EAAY;IAAA;;IACZ,MAAMC,SAAS,GAAID,GAAD,CAAsBE,GAAxC;;IACA,IAAIhB,OAAO,IAAI,CAAAe,SAAS,SAAT,IAAAA,SAAS,WAAT,YAAAA,SAAS,CAAEE,MAAX,MAAsB,GAAjC,IAAwC,CAAC,EAACF,SAAD,aAACA,SAAD,qCAACA,SAAS,CAAEH,OAAZ,+CAAC,mBAAqB,kBAArB,CAAD,CAA7C,EAAwF;MAAA;;MACtF,MAAM;QACJM,KADI;QAEJ;QACAC,iBAHI;QAIJ;QACAC;MALI,IAMFpC,oCAAoC,CAAC+B,SAAD,aAACA,SAAD,8CAACA,SAAS,CAAEH,OAAZ,wDAAC,oBAAqB,kBAArB,CAAD,CANxC;;MAOA,IAAIM,KAAK,KAAK,qCAAd,EAAqD;QACnD,MAAMG,+BAA+B,GAAG,IAAIC,oBAAJ,CACtC;UACEC,YAAY,EAAEL,KADhB;UAEE;UACAM,WAAW,EAAE,CAAC;YAAED,YAAY,EAAEJ;UAAhB,CAAD;QAHf,CADsC,EAMtCJ,SANsC,EAOtC;QACA;UAAEK,OAAO,EAAE,CAACA;QAAZ,CARsC,CAAxC;QAUA,MAAMC,+BAAN;MACD,CAZD,MAYO;QACL,MAAMP,GAAN;MACD;IACF,CAvBD,MAuBO;MACL,MAAMA,GAAN;IACD;EACF;;EAED,MAAM1B,GAAG,GAAG;IACVqC,gBAAgB,EAAhBA,8BADU;IAEVC,sBAAsB,EAAtBA,oCAFU;IAGVC,yBAAyB,EAAzBA,uCAHU;IAIVC,kBAAkB,EAAlBA,gCAJU;IAKVC,wBAAwB,EAAxBA,sCALU;IAMVC,gBAAgB,EAAhBA;EANU,CAAZ;EAQA,MAAMC,gBAAgB,GAAG3C,GAAG,CAACS,OAAO,CAACmC,oBAAT,CAAH,IAAsCC,6BAA/D;;EAEA,IAAIC,KAAK,CAACC,OAAN,CAAczB,GAAd,CAAJ,EAAwB;IACtB,OAAOA,GAAG,CAACtB,GAAJ,CAAQgD,IAAI,IAAI,IAAIL,gBAAJ,CAAqBnC,QAArB,EAA+B;MACpDc,GAAG,EAAE0B,IAD+C;MAEpDtC;IAFoD,CAA/B,CAAhB,CAAP;EAID;;EAED,OAAO,IAAIiC,gBAAJ,CAAqBnC,QAArB,EAA+B;IACpCc,GADoC;IAEpCZ;EAFoC,CAA/B,CAAP;AAID;AACD;;;AAYO,SAASuC,0BAAT,CAAqC;EAC1CzC,QAD0C;EAE1CE,WAF0C;EAG1CwC,UAH0C;EAI1CC,KAJ0C;EAK1CP;AAL0C,CAArC,EAMoD;EACzD,KAAK,MAAM1B,MAAX,IAAqB,CAAC,KAAD,EAAQ,MAAR,EAAgB,KAAhB,EAAuB,QAAvB,CAArB,EAAuD;IACrD,IAAIA,MAAM,CAACkC,WAAP,OAAyBF,UAA7B,EAAyC;MACvC,MAAMG,IAAI,GAAGF,KAAK,CAACG,IAAnB;MACA,OAAQ,MAAOnC,OAAP,IAAoBZ,WAAW,CAACC,QAAD,EAAW;QAChDE,WADgD;QAEhDO,GAAG,EAAEoC,IAAI,CAACE,IAFsC;QAGhDrC,MAHgD;QAIhDC,OAJgD;QAKhDyB;MALgD,CAAX,CAAvC;IAOD;EACF;;EAED,MAAMS,IAAI,GAAGF,KAAK,CAACD,UAAD,CAAlB;;EACA,IAAI,CAACG,IAAL,EAAW;IACT,MAAM,IAAIvD,oBAAJ,CAAkB,qCAAoCoD,UAAW,EAAjE,CAAN;EACD;;EAED,OAAQ,MAAO/B,OAAP,IAAoBZ,WAAW,CAACC,QAAD,EAAW;IAChDE,WADgD;IAEhDO,GAAG,EAAEoC,IAAI,CAACE,IAFsC;IAGhDrC,MAAM,EAAEmC,IAAI,CAACG,KAAL,CAAYC,KAAZ,CAAmB,CAAnB,CAHwC;IAIhDtC,OAJgD;IAKhDyB;EALgD,CAAX,CAAvC;AAOD"}

package/cjs/myaccount/transactions/Base.js

@@ -1,11 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.default = void 0;
 
-var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/keys"));
-
 class BaseTransaction {
   // Deprecated
   constructor(oktaAuth, options) {
@@ -22,7 +18,7 @@ class BaseTransaction {
     } // add all rest fields from res
 
 
-    (0, _keys.default)(rest).forEach(key => {
+    Object.keys(rest).forEach(key => {
       if (key === '_links') {
         return;
       }

package/cjs/myaccount/transactions/Base.js.map

@@ -1 +1 @@
-{"version":3,"file":"Base.js","names":["BaseTransaction","constructor","oktaAuth","options","res","headers","rest","forEach","key"],"sources":["../../../../lib/myaccount/transactions/Base.ts"],"sourcesContent":["import { OktaAuthInterface } from '../../types';\nimport { TransactionLink } from '../request';\n\ntype TransactionOptions = {\n  // TODO: move res type to http module\n  res: {\n    headers: Record<string, string>;\n    _links?: Record<string, TransactionLink>;\n    [property: string]: unknown;\n  };\n  accessToken: string;\n};\nexport default class BaseTransaction {\n  // Deprecated\n  headers?: Record<string, string>;\n\n  constructor(oktaAuth: OktaAuthInterface, options: TransactionOptions) {\n    const { res } = options;\n    const { headers, ...rest } = res;\n    \n    // assign required fields from res\n    if (headers) {\n      this.headers = headers;\n    }\n\n    // add all rest fields from res\n    Object.keys(rest).forEach(key => {\n      if (key === '_links') {\n        return;\n      }\n      this[key] = rest[key];\n    });\n  }\n}\n"],"mappings":";;;;;;;;AAYe,MAAMA,eAAN,CAAsB;EACnC;EAGAC,WAAW,CAACC,QAAD,EAA8BC,OAA9B,EAA2D;IACpE,MAAM;MAAEC;IAAF,IAAUD,OAAhB;IACA,MAAM;MAAEE,OAAF;MAAW,GAAGC;IAAd,IAAuBF,GAA7B,CAFoE,CAIpE;;IACA,IAAIC,OAAJ,EAAa;MACX,KAAKA,OAAL,GAAeA,OAAf;IACD,CAPmE,CASpE;;;IACA,mBAAYC,IAAZ,EAAkBC,OAAlB,CAA0BC,GAAG,IAAI;MAC/B,IAAIA,GAAG,KAAK,QAAZ,EAAsB;QACpB;MACD;;MACD,KAAKA,GAAL,IAAYF,IAAI,CAACE,GAAD,CAAhB;IACD,CALD;EAMD;;AApBkC"}
+{"version":3,"file":"Base.js","names":["BaseTransaction","constructor","oktaAuth","options","res","headers","rest","Object","keys","forEach","key"],"sources":["../../../../lib/myaccount/transactions/Base.ts"],"sourcesContent":["import { OktaAuthHttpInterface } from '../../http/types';\nimport { TransactionLink } from '../request';\n\ntype TransactionOptions = {\n  // TODO: move res type to http module\n  res: {\n    headers: Record<string, string>;\n    _links?: Record<string, TransactionLink>;\n    [property: string]: unknown;\n  };\n  accessToken: string;\n};\nexport default class BaseTransaction {\n  // Deprecated\n  headers?: Record<string, string>;\n\n  constructor(oktaAuth: OktaAuthHttpInterface, options: TransactionOptions) {\n    const { res } = options;\n    const { headers, ...rest } = res;\n    \n    // assign required fields from res\n    if (headers) {\n      this.headers = headers;\n    }\n\n    // add all rest fields from res\n    Object.keys(rest).forEach(key => {\n      if (key === '_links') {\n        return;\n      }\n      this[key] = rest[key];\n    });\n  }\n}\n"],"mappings":";;;;AAYe,MAAMA,eAAN,CAAsB;EACnC;EAGAC,WAAW,CAACC,QAAD,EAAkCC,OAAlC,EAA+D;IACxE,MAAM;MAAEC;IAAF,IAAUD,OAAhB;IACA,MAAM;MAAEE,OAAF;MAAW,GAAGC;IAAd,IAAuBF,GAA7B,CAFwE,CAIxE;;IACA,IAAIC,OAAJ,EAAa;MACX,KAAKA,OAAL,GAAeA,OAAf;IACD,CAPuE,CASxE;;;IACAE,MAAM,CAACC,IAAP,CAAYF,IAAZ,EAAkBG,OAAlB,CAA0BC,GAAG,IAAI;MAC/B,IAAIA,GAAG,KAAK,QAAZ,EAAsB;QACpB;MACD;;MACD,KAAKA,GAAL,IAAYJ,IAAI,CAACI,GAAD,CAAhB;IACD,CALD;EAMD;;AApBkC"}

package/cjs/myaccount/transactions/EmailChallengeTransaction.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 

package/cjs/myaccount/transactions/EmailStatusTransaction.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 

package/cjs/myaccount/transactions/EmailTransaction.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 

package/cjs/myaccount/transactions/PhoneTransaction.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 

package/cjs/myaccount/transactions/ProfileSchemaTransaction.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 

package/cjs/myaccount/transactions/ProfileTransaction.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.default = void 0;
 

package/cjs/myaccount/transactions/index.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 Object.defineProperty(exports, "BaseTransaction", {
   enumerable: true,

package/cjs/myaccount/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","names":["EmailRole","Status"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import { OktaAuthInterface } from '../types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;IAUYA,S;;;WAAAA,S;EAAAA,S;EAAAA,S;GAAAA,S,yBAAAA,S;;IAKAC,M;;;WAAAA,M;EAAAA,M;EAAAA,M;GAAAA,M,sBAAAA,M"}
+{"version":3,"file":"types.js","names":["EmailRole","Status"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta\n} from '../oidc/types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthOAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n  extends OktaAuthOAuthInterface<M, S, O>\n{\n  myaccount;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA;;IAUYA,S;;;WAAAA,S;EAAAA,S;EAAAA,S;GAAAA,S,yBAAAA,S;;IAKAC,M;;;WAAAA,M;EAAAA,M;EAAAA,M;GAAAA,M,sBAAAA,M"}

package/cjs/oidc/TokenManager.js

@@ -0,0 +1,479 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+
+exports.TokenManager = void 0;
+
+var _util = require("../util");
+
+var _errors = require("../errors");
+
+var _util2 = require("../oidc/util");
+
+var _features = require("../features");
+
+var _clock = _interopRequireDefault(require("../clock"));
+
+var _types = require("./types");
+
+var _constants = require("../constants");
+
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and limitations under the License.
+ *
+ */
+const DEFAULT_OPTIONS = {
+  // TODO: remove in next major version - OKTA-473815
+  autoRenew: true,
+  autoRemove: true,
+  syncStorage: true,
+  // --- //
+  clearPendingRemoveTokens: true,
+  storage: undefined,
+  // will use value from storageManager config
+  expireEarlySeconds: 30,
+  storageKey: _constants.TOKEN_STORAGE_NAME
+};
+
+function defaultState() {
+  return {
+    expireTimeouts: {},
+    renewPromise: null
+  };
+}
+
+class TokenManager {
+  on(event, handler, context) {
+    if (context) {
+      this.emitter.on(event, handler, context);
+    } else {
+      this.emitter.on(event, handler);
+    }
+  }
+
+  off(event, handler) {
+    if (handler) {
+      this.emitter.off(event, handler);
+    } else {
+      this.emitter.off(event);
+    }
+  } // eslint-disable-next-line complexity
+
+
+  constructor(sdk, options = {}) {
+    this.sdk = sdk;
+    this.emitter = sdk.emitter;
+
+    if (!this.emitter) {
+      throw new _errors.AuthSdkError('Emitter should be initialized before TokenManager');
+    }
+
+    options = Object.assign({}, DEFAULT_OPTIONS, (0, _util.removeNils)(options));
+
+    if (!(0, _features.isLocalhost)()) {
+      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;
+    }
+
+    this.options = options;
+    const storageOptions = (0, _util.removeNils)({
+      storageKey: options.storageKey,
+      secure: options.secure
+    });
+
+    if (typeof options.storage === 'object') {
+      // A custom storage provider must implement getItem(key) and setItem(key, val)
+      storageOptions.storageProvider = options.storage;
+    } else if (options.storage) {
+      storageOptions.storageType = options.storage;
+    }
+
+    this.storage = sdk.storageManager.getTokenStorage({ ...storageOptions,
+      useSeparateCookies: true
+    });
+    this.clock = _clock.default.create();
+    this.state = defaultState();
+  }
+
+  start() {
+    if (this.options.clearPendingRemoveTokens) {
+      this.clearPendingRemoveTokens();
+    }
+
+    this.setExpireEventTimeoutAll();
+  }
+
+  stop() {
+    this.clearExpireEventTimeoutAll();
+  }
+
+  getOptions() {
+    return (0, _util.clone)(this.options);
+  }
+
+  getExpireTime(token) {
+    const expireEarlySeconds = this.options.expireEarlySeconds || 0;
+    var expireTime = token.expiresAt - expireEarlySeconds;
+    return expireTime;
+  }
+
+  hasExpired(token) {
+    var expireTime = this.getExpireTime(token);
+    return expireTime <= this.clock.now();
+  }
+
+  emitExpired(key, token) {
+    this.emitter.emit(_types.EVENT_EXPIRED, key, token);
+  }
+
+  emitRenewed(key, freshToken, oldToken) {
+    this.emitter.emit(_types.EVENT_RENEWED, key, freshToken, oldToken);
+  }
+
+  emitAdded(key, token) {
+    this.emitter.emit(_types.EVENT_ADDED, key, token);
+  }
+
+  emitRemoved(key, token) {
+    this.emitter.emit(_types.EVENT_REMOVED, key, token);
+  }
+
+  emitError(error) {
+    this.emitter.emit(_types.EVENT_ERROR, error);
+  }
+
+  clearExpireEventTimeout(key) {
+    clearTimeout(this.state.expireTimeouts[key]);
+    delete this.state.expireTimeouts[key]; // Remove the renew promise (if it exists)
+
+    this.state.renewPromise = null;
+  }
+
+  clearExpireEventTimeoutAll() {
+    var expireTimeouts = this.state.expireTimeouts;
+
+    for (var key in expireTimeouts) {
+      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {
+        continue;
+      }
+
+      this.clearExpireEventTimeout(key);
+    }
+  }
+
+  setExpireEventTimeout(key, token) {
+    if ((0, _types.isRefreshToken)(token)) {
+      return;
+    }
+
+    var expireTime = this.getExpireTime(token);
+    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000; // Clear any existing timeout
+
+    this.clearExpireEventTimeout(key);
+    var expireEventTimeout = setTimeout(() => {
+      this.emitExpired(key, token);
+    }, expireEventWait); // Add a new timeout
+
+    this.state.expireTimeouts[key] = expireEventTimeout;
+  }
+
+  setExpireEventTimeoutAll() {
+    var tokenStorage = this.storage.getStorage();
+
+    for (var key in tokenStorage) {
+      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {
+        continue;
+      }
+
+      var token = tokenStorage[key];
+      this.setExpireEventTimeout(key, token);
+    }
+  } // reset timeouts to setup autoRenew for tokens from other document context (tabs)
+
+
+  resetExpireEventTimeoutAll() {
+    this.clearExpireEventTimeoutAll();
+    this.setExpireEventTimeoutAll();
+  }
+
+  add(key, token) {
+    var tokenStorage = this.storage.getStorage();
+    (0, _util2.validateToken)(token);
+    tokenStorage[key] = token;
+    this.storage.setStorage(tokenStorage);
+    this.emitSetStorageEvent();
+    this.emitAdded(key, token);
+    this.setExpireEventTimeout(key, token);
+  }
+
+  getSync(key) {
+    var tokenStorage = this.storage.getStorage();
+    return tokenStorage[key];
+  }
+
+  async get(key) {
+    return this.getSync(key);
+  }
+
+  getTokensSync() {
+    const tokens = {};
+    const tokenStorage = this.storage.getStorage();
+    Object.keys(tokenStorage).forEach(key => {
+      const token = tokenStorage[key];
+
+      if ((0, _types.isAccessToken)(token)) {
+        tokens.accessToken = token;
+      } else if ((0, _types.isIDToken)(token)) {
+        tokens.idToken = token;
+      } else if ((0, _types.isRefreshToken)(token)) {
+        tokens.refreshToken = token;
+      }
+    });
+    return tokens;
+  }
+
+  async getTokens() {
+    return this.getTokensSync();
+  }
+
+  getStorageKeyByType(type) {
+    const tokenStorage = this.storage.getStorage();
+    const key = Object.keys(tokenStorage).filter(key => {
+      const token = tokenStorage[key];
+      return (0, _types.isAccessToken)(token) && type === 'accessToken' || (0, _types.isIDToken)(token) && type === 'idToken' || (0, _types.isRefreshToken)(token) && type === 'refreshToken';
+    })[0];
+    return key;
+  }
+
+  getTokenType(token) {
+    if ((0, _types.isAccessToken)(token)) {
+      return 'accessToken';
+    }
+
+    if ((0, _types.isIDToken)(token)) {
+      return 'idToken';
+    }
+
+    if ((0, _types.isRefreshToken)(token)) {
+      return 'refreshToken';
+    }
+
+    throw new _errors.AuthSdkError('Unknown token type');
+  } // for synchronization of LocalStorage cross tabs for IE11
+
+
+  emitSetStorageEvent() {
+    if ((0, _features.isIE11OrLess)()) {
+      const storage = this.storage.getStorage();
+      this.emitter.emit(_types.EVENT_SET_STORAGE, storage);
+    }
+  } // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11
+
+
+  getStorage() {
+    return this.storage;
+  }
+
+  setTokens(tokens, // TODO: callbacks can be removed in the next major version OKTA-407224
+  accessTokenCb, idTokenCb, refreshTokenCb) {
+    const handleTokenCallback = (key, token) => {
+      const type = this.getTokenType(token);
+
+      if (type === 'accessToken') {
+        accessTokenCb && accessTokenCb(key, token);
+      } else if (type === 'idToken') {
+        idTokenCb && idTokenCb(key, token);
+      } else if (type === 'refreshToken') {
+        refreshTokenCb && refreshTokenCb(key, token);
+      }
+    };
+
+    const handleAdded = (key, token) => {
+      this.emitAdded(key, token);
+      this.setExpireEventTimeout(key, token);
+      handleTokenCallback(key, token);
+    };
+
+    const handleRenewed = (key, token, oldToken) => {
+      this.emitRenewed(key, token, oldToken);
+      this.clearExpireEventTimeout(key);
+      this.setExpireEventTimeout(key, token);
+      handleTokenCallback(key, token);
+    };
+
+    const handleRemoved = (key, token) => {
+      this.clearExpireEventTimeout(key);
+      this.emitRemoved(key, token);
+      handleTokenCallback(key, token);
+    };
+
+    const types = ['idToken', 'accessToken', 'refreshToken'];
+    const existingTokens = this.getTokensSync(); // valid tokens
+
+    types.forEach(type => {
+      const token = tokens[type];
+
+      if (token) {
+        (0, _util2.validateToken)(token, type);
+      }
+    }); // add token to storage
+
+    const storage = types.reduce((storage, type) => {
+      const token = tokens[type];
+
+      if (token) {
+        const storageKey = this.getStorageKeyByType(type) || type;
+        storage[storageKey] = token;
+      }
+
+      return storage;
+    }, {});
+    this.storage.setStorage(storage);
+    this.emitSetStorageEvent(); // emit event and start expiration timer
+
+    types.forEach(type => {
+      const newToken = tokens[type];
+      const existingToken = existingTokens[type];
+      const storageKey = this.getStorageKeyByType(type) || type;
+
+      if (newToken && existingToken) {
+        // renew
+        // call handleRemoved first, since it clears timers
+        handleRemoved(storageKey, existingToken);
+        handleAdded(storageKey, newToken);
+        handleRenewed(storageKey, newToken, existingToken);
+      } else if (newToken) {
+        // add
+        handleAdded(storageKey, newToken);
+      } else if (existingToken) {
+        //remove
+        handleRemoved(storageKey, existingToken);
+      }
+    });
+  }
+
+  remove(key) {
+    // Clear any listener for this token
+    this.clearExpireEventTimeout(key);
+    var tokenStorage = this.storage.getStorage();
+    var removedToken = tokenStorage[key];
+    delete tokenStorage[key];
+    this.storage.setStorage(tokenStorage);
+    this.emitSetStorageEvent();
+    this.emitRemoved(key, removedToken);
+  } // TODO: this methods is redundant and can be removed in the next major version OKTA-407224
+
+
+  async renewToken(token) {
+    var _this$sdk$token;
+
+    return (_this$sdk$token = this.sdk.token) === null || _this$sdk$token === void 0 ? void 0 : _this$sdk$token.renew(token);
+  } // TODO: this methods is redundant and can be removed in the next major version OKTA-407224
+
+
+  validateToken(token) {
+    return (0, _util2.validateToken)(token);
+  } // TODO: renew method should take no param, change in the next major version OKTA-407224
+
+
+  renew(key) {
+    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.
+    if (this.state.renewPromise) {
+      return this.state.renewPromise;
+    }
+
+    try {
+      var token = this.getSync(key);
+
+      if (!token) {
+        throw new _errors.AuthSdkError('The tokenManager has no token for the key: ' + key);
+      }
+    } catch (e) {
+      return Promise.reject(e);
+    } // Remove existing autoRenew timeout
+
+
+    this.clearExpireEventTimeout(key); // A refresh token means a replace instead of renewal
+    // Store the renew promise state, to avoid renewing again
+
+    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens().then(tokens => {
+      this.setTokens(tokens); // resolve token based on the key
+
+      const tokenType = this.getTokenType(token);
+      return tokens[tokenType];
+    }).catch(err => {
+      // If renew fails, remove token from storage and emit error
+      this.remove(key);
+      err.tokenKey = key;
+      this.emitError(err);
+      throw err;
+    }).finally(() => {
+      // Remove existing promise key
+      this.state.renewPromise = null;
+    });
+    return renewPromise;
+  }
+
+  clear() {
+    const tokens = this.getTokensSync();
+    this.clearExpireEventTimeoutAll();
+    this.storage.clearStorage();
+    this.emitSetStorageEvent();
+    Object.keys(tokens).forEach(key => {
+      this.emitRemoved(key, tokens[key]);
+    });
+  }
+
+  clearPendingRemoveTokens() {
+    const tokenStorage = this.storage.getStorage();
+    const removedTokens = {};
+    Object.keys(tokenStorage).forEach(key => {
+      if (tokenStorage[key].pendingRemove) {
+        removedTokens[key] = tokenStorage[key];
+        delete tokenStorage[key];
+      }
+    });
+    this.storage.setStorage(tokenStorage);
+    this.emitSetStorageEvent();
+    Object.keys(removedTokens).forEach(key => {
+      this.clearExpireEventTimeout(key);
+      this.emitRemoved(key, removedTokens[key]);
+    });
+  }
+
+  updateRefreshToken(token) {
+    const key = this.getStorageKeyByType('refreshToken') || _constants.REFRESH_TOKEN_STORAGE_KEY; // do not emit any event
+
+
+    var tokenStorage = this.storage.getStorage();
+    (0, _util2.validateToken)(token);
+    tokenStorage[key] = token;
+    this.storage.setStorage(tokenStorage);
+    this.emitSetStorageEvent();
+  }
+
+  removeRefreshToken() {
+    const key = this.getStorageKeyByType('refreshToken') || _constants.REFRESH_TOKEN_STORAGE_KEY;
+
+    this.remove(key);
+  }
+
+  addPendingRemoveFlags() {
+    const tokens = this.getTokensSync();
+    Object.keys(tokens).forEach(key => {
+      tokens[key].pendingRemove = true;
+    });
+    this.setTokens(tokens);
+  }
+
+}
+
+exports.TokenManager = TokenManager;
+//# sourceMappingURL=TokenManager.js.map