@okta/okta-auth-js 6.9.0 → 7.0.1

package/cjs/oidc/factory/api.js

@@ -0,0 +1,104 @@
+"use strict";
+
+exports.createTokenAPI = createTokenAPI;
+
+var _util = require("../../util");
+
+var _decodeToken = require("../decodeToken");
+
+var _exchangeCodeForTokens = require("../exchangeCodeForTokens");
+
+var _getUserInfo = require("../getUserInfo");
+
+var _getWithoutPrompt = require("../getWithoutPrompt");
+
+var _getWithPopup = require("../getWithPopup");
+
+var _getWithRedirect = require("../getWithRedirect");
+
+var _parseFromUrl = require("../parseFromUrl");
+
+var _renewToken = require("../renewToken");
+
+var _renewTokens = require("../renewTokens");
+
+var _renewTokensWithRefresh = require("../renewTokensWithRefresh");
+
+var _revokeToken = require("../revokeToken");
+
+var _util2 = require("../util");
+
+var _verifyToken = require("../verifyToken");
+
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and limitations under the License.
+ *
+ */
+// Factory
+function createTokenAPI(sdk, queue) {
+  const useQueue = method => {
+    return _util.PromiseQueue.prototype.push.bind(queue, method, null);
+  };
+
+  const getWithRedirectFn = useQueue(_getWithRedirect.getWithRedirect.bind(null, sdk));
+  const getWithRedirectApi = Object.assign(getWithRedirectFn, {
+    // This is exposed so we can set window.location in our tests
+    _setLocation: url => {
+      if (sdk.options.setLocation) {
+        sdk.options.setLocation(url);
+      } else {
+        window.location = url;
+      }
+    }
+  }); // eslint-disable-next-line max-len
+
+  const parseFromUrlFn = useQueue(_parseFromUrl.parseFromUrl.bind(null, sdk));
+  const parseFromUrlApi = Object.assign(parseFromUrlFn, {
+    // This is exposed so we can mock getting window.history in our tests
+    _getHistory: function () {
+      return window.history;
+    },
+    // This is exposed so we can mock getting window.location in our tests
+    _getLocation: function () {
+      return window.location;
+    },
+    // This is exposed so we can mock getting window.document in our tests
+    _getDocument: function () {
+      return window.document;
+    }
+  });
+  const token = {
+    prepareTokenParams: _util2.prepareTokenParams.bind(null, sdk),
+    exchangeCodeForTokens: _exchangeCodeForTokens.exchangeCodeForTokens.bind(null, sdk),
+    getWithoutPrompt: _getWithoutPrompt.getWithoutPrompt.bind(null, sdk),
+    getWithPopup: _getWithPopup.getWithPopup.bind(null, sdk),
+    getWithRedirect: getWithRedirectApi,
+    parseFromUrl: parseFromUrlApi,
+    decode: _decodeToken.decodeToken,
+    revoke: _revokeToken.revokeToken.bind(null, sdk),
+    renew: _renewToken.renewToken.bind(null, sdk),
+    renewTokensWithRefresh: _renewTokensWithRefresh.renewTokensWithRefresh.bind(null, sdk),
+    renewTokens: _renewTokens.renewTokens.bind(null, sdk),
+    getUserInfo: (accessTokenObject, idTokenObject) => {
+      return (0, _getUserInfo.getUserInfo)(sdk, accessTokenObject, idTokenObject);
+    },
+    verify: _verifyToken.verifyToken.bind(null, sdk),
+    isLoginRedirect: _util2.isLoginRedirect.bind(null, sdk)
+  }; // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency
+  // 'getWithRedirect' and 'parseFromUrl' are already wrapped
+
+  const toWrap = ['getWithoutPrompt', 'getWithPopup', 'revoke', 'renew', 'renewTokensWithRefresh', 'renewTokens'];
+  toWrap.forEach(key => {
+    token[key] = useQueue(token[key]);
+  });
+  return token;
+}
+//# sourceMappingURL=api.js.map

package/cjs/oidc/factory/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","getWithRedirectApi","Object","assign","_setLocation","url","options","setLocation","window","location","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","toWrap","forEach","key"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  GetWithRedirectAPI,\n  GetWithRedirectFunction,\n  IDToken,\n  OktaAuthOAuthInterface,\n  ParseFromUrlInterface,\n  TokenAPI,\n  UserClaims\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n  const useQueue = (method) => {\n    return PromiseQueue.prototype.push.bind(queue, method, null);\n  };\n\n  const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n  const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n    // This is exposed so we can set window.location in our tests\n    _setLocation: (url) => {\n      if (sdk.options.setLocation) {\n        sdk.options.setLocation(url);\n      } else {\n        window.location = url;\n      }\n    }\n  });\n  // eslint-disable-next-line max-len\n  const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n  const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n    // This is exposed so we can mock getting window.history in our tests\n    _getHistory: function() {\n      return window.history;\n    },\n\n    // This is exposed so we can mock getting window.location in our tests\n    _getLocation: function() {\n      return window.location;\n    },\n\n    // This is exposed so we can mock getting window.document in our tests\n    _getDocument: function() {\n      return window.document;\n    }\n  });\n\n  const token: TokenAPI ={\n    prepareTokenParams: prepareTokenParams.bind(null, sdk),\n    exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n    getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n    getWithPopup: getWithPopup.bind(null, sdk),\n    getWithRedirect: getWithRedirectApi,\n    parseFromUrl: parseFromUrlApi,\n    decode: decodeToken,\n    revoke: revokeToken.bind(null, sdk),\n    renew: renewToken.bind(null, sdk),\n    renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n    renewTokens: renewTokens.bind(null, sdk),\n    getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n      accessTokenObject: AccessToken,\n      idTokenObject: IDToken\n    ): Promise<UserClaims<C>> => {\n      return getUserInfo(sdk, accessTokenObject, idTokenObject);\n    },\n    verify: verifyToken.bind(null, sdk),\n    isLoginRedirect: isLoginRedirect.bind(null, sdk)\n  };\n\n  // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n  // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n  const toWrap = [\n    'getWithoutPrompt',\n    'getWithPopup',\n    'revoke',\n    'renew',\n    'renewTokensWithRefresh',\n    'renewTokens'\n  ];\n  toWrap.forEach(key => {\n    token[key] = useQueue(token[key]);\n  });\n\n  return token;\n}\n"],"mappings":";;;;AAaA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAYA;;AACA;;AArCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA4BA;AACO,SAASA,cAAT,CAAwBC,GAAxB,EAAqDC,KAArD,EAAoF;EACzF,MAAMC,QAAQ,GAAIC,MAAD,IAAY;IAC3B,OAAOC,kBAAA,CAAaC,SAAb,CAAuBC,IAAvB,CAA4BC,IAA5B,CAAiCN,KAAjC,EAAwCE,MAAxC,EAAgD,IAAhD,CAAP;EACD,CAFD;;EAIA,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAA,CAAgBF,IAAhB,CAAqB,IAArB,EAA2BP,GAA3B,CAAD,CAAlC;EACA,MAAMU,kBAAsC,GAAGC,MAAM,CAACC,MAAP,CAAcJ,iBAAd,EAAiC;IAC9E;IACAK,YAAY,EAAGC,GAAD,IAAS;MACrB,IAAId,GAAG,CAACe,OAAJ,CAAYC,WAAhB,EAA6B;QAC3BhB,GAAG,CAACe,OAAJ,CAAYC,WAAZ,CAAwBF,GAAxB;MACD,CAFD,MAEO;QACLG,MAAM,CAACC,QAAP,GAAkBJ,GAAlB;MACD;IACF;EAR6E,CAAjC,CAA/C,CANyF,CAgBzF;;EACA,MAAMK,cAAc,GAAGjB,QAAQ,CAACkB,0BAAA,CAAab,IAAb,CAAkB,IAAlB,EAAwBP,GAAxB,CAAD,CAA/B;EACA,MAAMqB,eAAsC,GAAGV,MAAM,CAACC,MAAP,CAAcO,cAAd,EAA8B;IAC3E;IACAG,WAAW,EAAE,YAAW;MACtB,OAAOL,MAAM,CAACM,OAAd;IACD,CAJ0E;IAM3E;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOP,MAAM,CAACC,QAAd;IACD,CAT0E;IAW3E;IACAO,YAAY,EAAE,YAAW;MACvB,OAAOR,MAAM,CAACS,QAAd;IACD;EAd0E,CAA9B,CAA/C;EAiBA,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAA,CAAmBrB,IAAnB,CAAwB,IAAxB,EAA8BP,GAA9B,CADC;IAErB6B,qBAAqB,EAAEA,4CAAA,CAAsBtB,IAAtB,CAA2B,IAA3B,EAAiCP,GAAjC,CAFF;IAGrB8B,gBAAgB,EAAEA,kCAAA,CAAiBvB,IAAjB,CAAsB,IAAtB,EAA4BP,GAA5B,CAHG;IAIrB+B,YAAY,EAAEA,0BAAA,CAAaxB,IAAb,CAAkB,IAAlB,EAAwBP,GAAxB,CAJO;IAKrBS,eAAe,EAAEC,kBALI;IAMrBU,YAAY,EAAEC,eANO;IAOrBW,MAAM,EAAEC,wBAPa;IAQrBC,MAAM,EAAEC,wBAAA,CAAY5B,IAAZ,CAAiB,IAAjB,EAAuBP,GAAvB,CARa;IASrBoC,KAAK,EAAEC,sBAAA,CAAW9B,IAAX,CAAgB,IAAhB,EAAsBP,GAAtB,CATc;IAUrBsC,sBAAsB,EAAEA,8CAAA,CAAuB/B,IAAvB,CAA4B,IAA5B,EAAkCP,GAAlC,CAVH;IAWrBuC,WAAW,EAAEA,wBAAA,CAAYhC,IAAZ,CAAiB,IAAjB,EAAuBP,GAAvB,CAXQ;IAYrBwC,WAAW,EAAE,CACXC,iBADW,EAEXC,aAFW,KAGgB;MAC3B,OAAO,IAAAF,wBAAA,EAAYxC,GAAZ,EAAiByC,iBAAjB,EAAoCC,aAApC,CAAP;IACD,CAjBoB;IAkBrBC,MAAM,EAAEC,wBAAA,CAAYrC,IAAZ,CAAiB,IAAjB,EAAuBP,GAAvB,CAlBa;IAmBrB6C,eAAe,EAAEA,sBAAA,CAAgBtC,IAAhB,CAAqB,IAArB,EAA2BP,GAA3B;EAnBI,CAAvB,CAnCyF,CAyDzF;EACA;;EACA,MAAM8C,MAAM,GAAG,CACb,kBADa,EAEb,cAFa,EAGb,QAHa,EAIb,OAJa,EAKb,wBALa,EAMb,aANa,CAAf;EAQAA,MAAM,CAACC,OAAP,CAAeC,GAAG,IAAI;IACpBrB,KAAK,CAACqB,GAAD,CAAL,GAAa9C,QAAQ,CAACyB,KAAK,CAACqB,GAAD,CAAN,CAArB;EACD,CAFD;EAIA,OAAOrB,KAAP;AACD"}

package/cjs/oidc/factory/index.js

@@ -0,0 +1,28 @@
+"use strict";
+
+var _api = require("./api");
+
+Object.keys(_api).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _api[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _api[key];
+    }
+  });
+});
+
+var _OktaAuthOAuth = require("./OktaAuthOAuth");
+
+Object.keys(_OktaAuthOAuth).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _OktaAuthOAuth[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _OktaAuthOAuth[key];
+    }
+  });
+});
+//# sourceMappingURL=index.js.map

package/cjs/oidc/factory/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/factory/index.ts"],"sourcesContent":["export * from './api';\nexport * from './OktaAuthOAuth';\n"],"mappings":";;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/cjs/oidc/getToken.js

@@ -1,13 +1,9 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
 
 exports.getToken = getToken;
 
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
 var _util = require("./util");
 
 var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
@@ -87,7 +83,7 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
  */
 function getToken(sdk, options) {
   if (arguments.length > 2) {
-    return _promise.default.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
+    return Promise.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
   }
 
   options = options || {}; // window object cannot be serialized, save for later use
@@ -107,9 +103,9 @@ function getToken(sdk, options) {
     };
 
     if (options.sessionToken) {
-      (0, _assign.default)(tokenParams, sessionTokenOverrides);
+      Object.assign(tokenParams, sessionTokenOverrides);
     } else if (options.idp) {
-      (0, _assign.default)(tokenParams, idpOverrides);
+      Object.assign(tokenParams, idpOverrides);
     } // Use the query params to build the authorize url
 
 
@@ -164,7 +160,7 @@ function getToken(sdk, options) {
         } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
 
 
-        var popupPromise = new _promise.default(function (resolve, reject) {
+        var popupPromise = new Promise(function (resolve, reject) {
           var closePoller = setInterval(function () {
             if (!popupWindow || popupWindow.closed) {
               clearInterval(closePoller);

package/cjs/oidc/getToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOIDCInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOIDCInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA8CC,OAA9C,EAAkF;EACvF,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAGA,OAAO,IAAI,EAArB,CALuF,CAOvF;EACA;;EACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;EACAL,OAAO,CAACK,WAAR,GAAsBC,SAAtB;EAEA,OAAO,IAAAC,sCAAA,EAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MADkB;MAE1BC,YAAY,EAAE,mBAFY;MAG1BC,OAAO,EAAE;IAHiB,CAA5B;IAMA,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IADQ,CAAnB;;IAIA,IAAIb,OAAO,CAACe,YAAZ,EAA0B;MACxB,qBAAcN,WAAd,EAA2BC,qBAA3B;IACD,CAFD,MAEO,IAAIV,OAAO,CAACgB,GAAZ,EAAiB;MACtB,qBAAcP,WAAd,EAA2BK,YAA3B;IACD,CAjBuC,CAmBxC;;;IACA,IAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;IACAA,IAAI,GAAG,IAAAC,kBAAA,EAAarB,GAAb,EAAkBU,WAAlB,CAAP;IACAS,QAAQ,GAAGlB,OAAO,CAACqB,YAAR,GAAuBF,IAAI,CAACG,QAA5B,GAAuCH,IAAI,CAACI,YAAvD;IACAN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAA,EAAqBf,WAArB,CAAxB,CA3BwC,CA6BxC;;IACA,IAAIgB,QAAJ;;IACA,IAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;MAC5DY,QAAQ,GAAG,QAAX;IACD,CAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;MAC1CY,QAAQ,GAAG,OAAX;IACD,CAFM,MAEA;MACLA,QAAQ,GAAG,UAAX;IACD,CArCuC,CAuCxC;;;IACA,QAAQA,QAAR;MACE,KAAK,QAAL;QACE,IAAIC,aAAa,GAAG,IAAAC,4BAAA,EAAuB5B,GAAvB,EAA4BC,OAAO,CAAC4B,OAApC,EAA6CnB,WAAW,CAACoB,KAAzD,CAApB;QACA,IAAIC,QAAQ,GAAG,IAAAC,eAAA,EAAUd,UAAV,CAAf;QACA,OAAOS,aAAa,CACjBlB,IADI,CACC,UAAUwB,GAAV,EAAe;UACnB,OAAO,IAAAC,wCAAA,EAAoBlC,GAApB,EAAyBU,WAAzB,EAAsCuB,GAAtC,EAA4Db,IAA5D,CAAP;QACD,CAHI,EAIJe,OAJI,CAII,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBP,QAAvB,CAAJ,EAAsC;YAAA;;YACpC,yBAAAA,QAAQ,CAACQ,aAAT,gFAAwBC,WAAxB,CAAoCT,QAApC;UACD;QACF,CARI,CAAP;;MAUF,KAAK,OAAL;QACE,IAAIU,YAAJ,CADF,CACoB;QAElB;QACA;;QACA,IAAI/B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;UACpD,IAAI,CAACb,GAAG,CAAC0C,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;YAC/C,MAAM,IAAItC,qBAAJ,CAAiB,qDAAjB,CAAN;UACD;;UACDoC,YAAY,GAAG,IAAAb,4BAAA,EAAuB5B,GAAvB,EAA4BC,OAAO,CAAC4B,OAApC,EAA6CnB,WAAW,CAACoB,KAAzD,CAAf;QACD,CAVH,CAYE;QACA;;;QACA,IAAIxB,WAAJ,EAAiB;UACfA,WAAW,CAACsC,QAAZ,CAAqBC,MAArB,CAA4B3B,UAA5B;QACD,CAhBH,CAkBE;;;QACA,IAAI4B,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmB3C,MAAnB,EAA2B;UACxD,IAAI4C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC3C,WAAD,IAAgBA,WAAW,CAAC4C,MAAhC,EAAwC;cACtCC,aAAa,CAACH,WAAD,CAAb;cACA5C,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;YACD;UACF,CAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;UACAoC,YAAY,CACThC,IADH,CACQ,UAAUwB,GAAV,EAAe;YACnBkB,aAAa,CAACH,WAAD,CAAb;YACAD,OAAO,CAACd,GAAD,CAAP;UACD,CAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;YACpBF,aAAa,CAACH,WAAD,CAAb;YACA5C,MAAM,CAACiD,GAAD,CAAN;UACD,CARH;QASD,CAlBkB,CAAnB;QAoBA,OAAOP,YAAY,CAChBrC,IADI,CACC,UAAUwB,GAAV,EAAe;UACnB,OAAO,IAAAC,wCAAA,EAAoBlC,GAApB,EAAyBU,WAAzB,EAAsCuB,GAAtC,EAA4Db,IAA5D,CAAP;QACD,CAHI,EAIJe,OAJI,CAII,YAAY;UACnB,IAAI7B,WAAW,IAAI,CAACA,WAAW,CAAC4C,MAAhC,EAAwC;YACtC5C,WAAW,CAACgD,KAAZ;UACD;QACF,CARI,CAAP;;MAUF;QACE,MAAM,IAAIjD,qBAAJ,CAAiB,8CAAjB,CAAN;IAhEJ;EAkED,CA3GI,CAAP;AA4GD"}
+{"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOAuthInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"mappings":";;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA+CC,OAA/C,EAAmF;EACxF,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;EACD;;EAEDL,OAAO,GAAGA,OAAO,IAAI,EAArB,CALwF,CAOxF;EACA;;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;EACAN,OAAO,CAACM,WAAR,GAAsBC,SAAtB;EAEA,OAAO,IAAAC,sCAAA,EAAmBT,GAAnB,EAAwBC,OAAxB,EACJS,IADI,CACC,UAAUC,WAAV,EAAoC;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MADkB;MAE1BC,YAAY,EAAE,mBAFY;MAG1BC,OAAO,EAAE;IAHiB,CAA5B;IAMA,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IADQ,CAAnB;;IAIA,IAAId,OAAO,CAACgB,YAAZ,EAA0B;MACxBC,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;IACD,CAFD,MAEO,IAAIX,OAAO,CAACmB,GAAZ,EAAiB;MACtBF,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;IACD,CAjBuC,CAmBxC;;;IACA,IAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;IACAA,IAAI,GAAG,IAAAC,kBAAA,EAAaxB,GAAb,EAAkBW,WAAlB,CAAP;IACAW,QAAQ,GAAGrB,OAAO,CAACwB,YAAR,GAAuBF,IAAI,CAACG,QAA5B,GAAuCH,IAAI,CAACI,YAAvD;IACAN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAA,EAAqBjB,WAArB,CAAxB,CA3BwC,CA6BxC;;IACA,IAAIkB,QAAJ;;IACA,IAAIlB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;MAC5Dc,QAAQ,GAAG,QAAX;IACD,CAFD,MAEO,IAAIlB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;MAC1Cc,QAAQ,GAAG,OAAX;IACD,CAFM,MAEA;MACLA,QAAQ,GAAG,UAAX;IACD,CArCuC,CAuCxC;;;IACA,QAAQA,QAAR;MACE,KAAK,QAAL;QACE,IAAIC,aAAa,GAAG,IAAAC,4BAAA,EAAuB/B,GAAvB,EAA4BC,OAAO,CAAC+B,OAApC,EAA6CrB,WAAW,CAACsB,KAAzD,CAApB;QACA,IAAIC,QAAQ,GAAG,IAAAC,eAAA,EAAUd,UAAV,CAAf;QACA,OAAOS,aAAa,CACjBpB,IADI,CACC,UAAU0B,GAAV,EAAe;UACnB,OAAO,IAAAC,wCAAA,EAAoBrC,GAApB,EAAyBW,WAAzB,EAAsCyB,GAAtC,EAA4Db,IAA5D,CAAP;QACD,CAHI,EAIJe,OAJI,CAII,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBP,QAAvB,CAAJ,EAAsC;YAAA;;YACpC,yBAAAA,QAAQ,CAACQ,aAAT,gFAAwBC,WAAxB,CAAoCT,QAApC;UACD;QACF,CARI,CAAP;;MAUF,KAAK,OAAL;QACE,IAAIU,YAAJ,CADF,CACoB;QAElB;QACA;;QACA,IAAIjC,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;YAC/C,MAAM,IAAIxC,qBAAJ,CAAiB,qDAAjB,CAAN;UACD;;UACDsC,YAAY,GAAG,IAAAb,4BAAA,EAAuB/B,GAAvB,EAA4BC,OAAO,CAAC+B,OAApC,EAA6CrB,WAAW,CAACsB,KAAzD,CAAf;QACD,CAVH,CAYE;QACA;;;QACA,IAAI1B,WAAJ,EAAiB;UACfA,WAAW,CAACwC,QAAZ,CAAqB5B,MAArB,CAA4BE,UAA5B;QACD,CAhBH,CAkBE;;;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAJ,CAAY,UAAU6C,OAAV,EAAmB5C,MAAnB,EAA2B;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAD,IAAgBA,WAAW,CAAC6C,MAAhC,EAAwC;cACtCC,aAAa,CAACH,WAAD,CAAb;cACA7C,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;YACD;UACF,CAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;UACAsC,YAAY,CACTlC,IADH,CACQ,UAAU0B,GAAV,EAAe;YACnBiB,aAAa,CAACH,WAAD,CAAb;YACAD,OAAO,CAACb,GAAD,CAAP;UACD,CAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;YACpBF,aAAa,CAACH,WAAD,CAAb;YACA7C,MAAM,CAACkD,GAAD,CAAN;UACD,CARH;QASD,CAlBkB,CAAnB;QAoBA,OAAOP,YAAY,CAChBtC,IADI,CACC,UAAU0B,GAAV,EAAe;UACnB,OAAO,IAAAC,wCAAA,EAAoBrC,GAApB,EAAyBW,WAAzB,EAAsCyB,GAAtC,EAA4Db,IAA5D,CAAP;QACD,CAHI,EAIJe,OAJI,CAII,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAhC,EAAwC;YACtC7C,WAAW,CAACiD,KAAZ;UACD;QACF,CARI,CAAP;;MAUF;QACE,MAAM,IAAIlD,qBAAJ,CAAiB,8CAAjB,CAAN;IAhEJ;EAkED,CA3GI,CAAP;AA4GD"}

package/cjs/oidc/getUserInfo.js

@@ -1,18 +1,14 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.getUserInfo = getUserInfo;
 
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
 var _util = require("../util");
 
 var _errors = require("../errors");
 
 var _http = require("../http");
 
-var _types = require("../types");
+var _types = require("./types");
 
 /* eslint-disable complexity */
 
@@ -39,11 +35,11 @@ async function getUserInfo(sdk, accessTokenObject, idTokenObject) {
   }
 
   if (!accessTokenObject || !(0, _types.isAccessToken)(accessTokenObject)) {
-    return _promise.default.reject(new _errors.AuthSdkError('getUserInfo requires an access token object'));
+    return Promise.reject(new _errors.AuthSdkError('getUserInfo requires an access token object'));
   }
 
   if (!idTokenObject || !(0, _types.isIDToken)(idTokenObject)) {
-    return _promise.default.reject(new _errors.AuthSdkError('getUserInfo requires an ID token object'));
+    return Promise.reject(new _errors.AuthSdkError('getUserInfo requires an ID token object'));
   }
 
   return (0, _http.httpRequest)(sdk, {
@@ -56,7 +52,7 @@ async function getUserInfo(sdk, accessTokenObject, idTokenObject) {
       return userInfo;
     }
 
-    return _promise.default.reject(new _errors.AuthSdkError('getUserInfo request was rejected due to token mismatch'));
+    return Promise.reject(new _errors.AuthSdkError('getUserInfo request was rejected due to token mismatch'));
   }).catch(function (err) {
     if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {
       var authenticateHeader;

package/cjs/oidc/getUserInfo.js.map

@@ -1 +1 @@
-{"version":3,"file":"getUserInfo.js","names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","isAccessToken","reject","AuthSdkError","isIDToken","httpRequest","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","isFunction","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"sources":["../../../lib/oidc/getUserInfo.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from '../types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;EACxB;EACA,IAAI,CAACD,iBAAL,EAAwB;IACtBA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;EACD;;EACD,IAAI,CAACH,aAAL,EAAoB;IAClBA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;EACD;;EAED,IAAI,CAACL,iBAAD,IAAsB,CAAC,IAAAM,oBAAA,EAAcN,iBAAd,CAA3B,EAA6D;IAC3D,OAAO,iBAAQO,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;EACD;;EAED,IAAI,CAACP,aAAD,IAAkB,CAAC,IAAAQ,gBAAA,EAAUR,aAAV,CAAvB,EAAiD;IAC/C,OAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;EACD;;EAED,OAAO,IAAAE,iBAAA,EAAYX,GAAZ,EAAiB;IACtBY,GAAG,EAAEX,iBAAiB,CAACY,WADD;IAEtBC,MAAM,EAAE,KAFc;IAGtBT,WAAW,EAAEJ,iBAAiB,CAACI;EAHT,CAAjB,EAKJU,IALI,CAKCC,QAAQ,IAAI;IAChB;IACA,IAAIA,QAAQ,CAACC,GAAT,KAAiBf,aAAa,CAACgB,MAAd,CAAqBD,GAA1C,EAA+C;MAC7C,OAAOD,QAAP;IACD;;IACD,OAAO,iBAAQR,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;EACD,CAXI,EAYJU,KAZI,CAYE,UAAUC,GAAV,EAAe;IACpB,IAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;MACjE,IAAIC,kBAAJ;;MACA,IAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,IAAAC,gBAAA,EAAWL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAA3B,CAAnB,IAAsDN,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;QACjGH,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAAhB,CAAoB,kBAApB,CAArB;MACD,CAFD,MAEO,IAAI,IAAAD,gBAAA,EAAWL,GAAG,CAACC,GAAJ,CAAQM,iBAAnB,CAAJ,EAA2C;QAChDJ,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQM,iBAAR,CAA0B,kBAA1B,CAArB;MACD;;MACD,IAAIJ,kBAAJ,EAAwB;QACtB,IAAIK,YAAY,GAAGL,kBAAkB,CAACM,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;QACA,IAAIC,uBAAuB,GAAGP,kBAAkB,CAACM,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;QACA,IAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;QACA,IAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;QACA,IAAIC,KAAK,IAAIC,gBAAb,EAA+B;UAC7BZ,GAAG,GAAG,IAAIa,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;QACD;MACF;IACF;;IACD,MAAMZ,GAAN;EACD,CA/BI,CAAP;AAgCD"}
+{"version":3,"file":"getUserInfo.js","names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","isAccessToken","Promise","reject","AuthSdkError","isIDToken","httpRequest","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","isFunction","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"sources":["../../../lib/oidc/getUserInfo.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from './types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"mappings":";;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;EACxB;EACA,IAAI,CAACD,iBAAL,EAAwB;IACtBA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;EACD;;EACD,IAAI,CAACH,aAAL,EAAoB;IAClBA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;EACD;;EAED,IAAI,CAACL,iBAAD,IAAsB,CAAC,IAAAM,oBAAA,EAAcN,iBAAd,CAA3B,EAA6D;IAC3D,OAAOO,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;EACD;;EAED,IAAI,CAACR,aAAD,IAAkB,CAAC,IAAAS,gBAAA,EAAUT,aAAV,CAAvB,EAAiD;IAC/C,OAAOM,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;EACD;;EAED,OAAO,IAAAE,iBAAA,EAAYZ,GAAZ,EAAiB;IACtBa,GAAG,EAAEZ,iBAAiB,CAACa,WADD;IAEtBC,MAAM,EAAE,KAFc;IAGtBV,WAAW,EAAEJ,iBAAiB,CAACI;EAHT,CAAjB,EAKJW,IALI,CAKCC,QAAQ,IAAI;IAChB;IACA,IAAIA,QAAQ,CAACC,GAAT,KAAiBhB,aAAa,CAACiB,MAAd,CAAqBD,GAA1C,EAA+C;MAC7C,OAAOD,QAAP;IACD;;IACD,OAAOT,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;EACD,CAXI,EAYJU,KAZI,CAYE,UAAUC,GAAV,EAAe;IACpB,IAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;MACjE,IAAIC,kBAAJ;;MACA,IAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,IAAAC,gBAAA,EAAWL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAA3B,CAAnB,IAAsDN,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;QACjGH,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAAhB,CAAoB,kBAApB,CAArB;MACD,CAFD,MAEO,IAAI,IAAAD,gBAAA,EAAWL,GAAG,CAACC,GAAJ,CAAQM,iBAAnB,CAAJ,EAA2C;QAChDJ,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQM,iBAAR,CAA0B,kBAA1B,CAArB;MACD;;MACD,IAAIJ,kBAAJ,EAAwB;QACtB,IAAIK,YAAY,GAAGL,kBAAkB,CAACM,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;QACA,IAAIC,uBAAuB,GAAGP,kBAAkB,CAACM,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;QACA,IAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;QACA,IAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;QACA,IAAIC,KAAK,IAAIC,gBAAb,EAA+B;UAC7BZ,GAAG,GAAG,IAAIa,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;QACD;MACF;IACF;;IACD,MAAMZ,GAAN;EACD,CA/BI,CAAP;AAgCD"}

package/cjs/oidc/getWithPopup.js

@@ -1,13 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.getWithPopup = getWithPopup;
 
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
 var _errors = require("../errors");
 
 var _util = require("../util");
@@ -30,7 +24,7 @@ var _util2 = require("./util");
  */
 function getWithPopup(sdk, options) {
   if (arguments.length > 2) {
-    return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
+    return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
   } // some browsers (safari, firefox) block popup if it's initialed from an async process
   // here we create the popup window immediately after user interaction
   // then redirect to the /authorize endpoint when the requestUrl is available
@@ -38,7 +32,7 @@ function getWithPopup(sdk, options) {
 
   const popupWindow = (0, _util2.loadPopup)('/', options);
   options = (0, _util.clone)(options) || {};
-  (0, _assign.default)(options, {
+  Object.assign(options, {
     display: 'popup',
     responseMode: 'okta_post_message',
     popupWindow

package/cjs/oidc/getWithPopup.js.map

@@ -1 +1 @@
-{"version":3,"file":"getWithPopup.js","names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","loadPopup","clone","display","responseMode","getToken"],"sources":["../../../lib/oidc/getWithPopup.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAkDC,OAAlD,EAAgG;EACrG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;EACD,CAHoG,CAKrG;EACA;EACA;;;EACA,MAAMC,WAAW,GAAG,IAAAC,gBAAA,EAAU,GAAV,EAAeN,OAAf,CAApB;EACAA,OAAO,GAAG,IAAAO,WAAA,EAAMP,OAAN,KAAkB,EAA5B;EACA,qBAAcA,OAAd,EAAuB;IACrBQ,OAAO,EAAE,OADY;IAErBC,YAAY,EAAE,mBAFO;IAGrBJ;EAHqB,CAAvB;EAKA,OAAO,IAAAK,kBAAA,EAASX,GAAT,EAAcC,OAAd,CAAP;AACD"}
+{"version":3,"file":"getWithPopup.js","names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","loadPopup","clone","Object","assign","display","responseMode","getToken"],"sources":["../../../lib/oidc/getWithPopup.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAmDC,OAAnD,EAAiG;EACtG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;EACD,CAHqG,CAKtG;EACA;EACA;;;EACA,MAAMC,WAAW,GAAG,IAAAC,gBAAA,EAAU,GAAV,EAAeP,OAAf,CAApB;EACAA,OAAO,GAAG,IAAAQ,WAAA,EAAMR,OAAN,KAAkB,EAA5B;EACAS,MAAM,CAACC,MAAP,CAAcV,OAAd,EAAuB;IACrBW,OAAO,EAAE,OADY;IAErBC,YAAY,EAAE,mBAFO;IAGrBN;EAHqB,CAAvB;EAKA,OAAO,IAAAO,kBAAA,EAASd,GAAT,EAAcC,OAAd,CAAP;AACD"}

package/cjs/oidc/getWithRedirect.js

@@ -1,11 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.getWithRedirect = getWithRedirect;
 
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
 var _errors = require("../errors");
 
 var _util = require("../util");
@@ -30,16 +26,14 @@ var _authorize = require("./endpoints/authorize");
  */
 async function getWithRedirect(sdk, options) {
   if (arguments.length > 2) {
-    return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithRedirect" takes only a single set of options'));
+    return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithRedirect" takes only a single set of options'));
   }
 
   options = (0, _util.clone)(options) || {};
   const tokenParams = await (0, _util2.prepareTokenParams)(sdk, options);
   const meta = (0, _util2.createOAuthMeta)(sdk, tokenParams);
   const requestUrl = meta.urls.authorizeUrl + (0, _authorize.buildAuthorizeParams)(tokenParams);
-  sdk.transactionManager.save(meta, {
-    oauth: true
-  });
+  sdk.transactionManager.save(meta);
 
   sdk.token.getWithRedirect._setLocation(requestUrl);
 }

package/cjs/oidc/getWithRedirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"getWithRedirect.js","names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","clone","tokenParams","prepareTokenParams","meta","createOAuthMeta","requestUrl","urls","authorizeUrl","buildAuthorizeParams","transactionManager","save","oauth","token","_setLocation"],"sources":["../../../lib/oidc/getWithRedirect.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOIDCInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta, { oauth: true });\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA2DC,OAA3D,EAAiG;EACtG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAG,IAAAK,WAAA,EAAML,OAAN,KAAkB,EAA5B;EAEA,MAAMM,WAAW,GAAG,MAAM,IAAAC,yBAAA,EAAmBR,GAAnB,EAAwBC,OAAxB,CAA1B;EACA,MAAMQ,IAAI,GAAG,IAAAC,sBAAA,EAAgBV,GAAhB,EAAqBO,WAArB,CAAb;EACA,MAAMI,UAAU,GAAGF,IAAI,CAACG,IAAL,CAAUC,YAAV,GAAyB,IAAAC,+BAAA,EAAqBP,WAArB,CAA5C;EACAP,GAAG,CAACe,kBAAJ,CAAuBC,IAAvB,CAA4BP,IAA5B,EAAkC;IAAEQ,KAAK,EAAE;EAAT,CAAlC;;EACAjB,GAAG,CAACkB,KAAJ,CAAUnB,eAAV,CAA0BoB,YAA1B,CAAuCR,UAAvC;AACD"}
+{"version":3,"file":"getWithRedirect.js","names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","clone","tokenParams","prepareTokenParams","meta","createOAuthMeta","requestUrl","urls","authorizeUrl","buildAuthorizeParams","transactionManager","save","token","_setLocation"],"sources":["../../../lib/oidc/getWithRedirect.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from './types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOAuthInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta);\n  sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"mappings":";;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA4DC,OAA5D,EAAkG;EACvG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;EACD;;EAEDL,OAAO,GAAG,IAAAM,WAAA,EAAMN,OAAN,KAAkB,EAA5B;EAEA,MAAMO,WAAW,GAAG,MAAM,IAAAC,yBAAA,EAAmBT,GAAnB,EAAwBC,OAAxB,CAA1B;EACA,MAAMS,IAAI,GAAG,IAAAC,sBAAA,EAAgBX,GAAhB,EAAqBQ,WAArB,CAAb;EACA,MAAMI,UAAU,GAAGF,IAAI,CAACG,IAAL,CAAUC,YAAV,GAAyB,IAAAC,+BAAA,EAAqBP,WAArB,CAA5C;EACAR,GAAG,CAACgB,kBAAJ,CAAuBC,IAAvB,CAA4BP,IAA5B;;EACAV,GAAG,CAACkB,KAAJ,CAAUnB,eAAV,CAA0BoB,YAA1B,CAAuCP,UAAvC;AACD"}

package/cjs/oidc/getWithoutPrompt.js

@@ -1,13 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.getWithoutPrompt = getWithoutPrompt;
 
-var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
-
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
 var _errors = require("../errors");
 
 var _util = require("../util");
@@ -28,11 +22,11 @@ var _getToken = require("./getToken");
  */
 function getWithoutPrompt(sdk, options) {
   if (arguments.length > 2) {
-    return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithoutPrompt" takes only a single set of options'));
+    return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithoutPrompt" takes only a single set of options'));
   }
 
   options = (0, _util.clone)(options) || {};
-  (0, _assign.default)(options, {
+  Object.assign(options, {
     prompt: 'none',
     responseMode: 'okta_post_message',
     display: null

package/cjs/oidc/getWithoutPrompt.js.map

@@ -1 +1 @@
-{"version":3,"file":"getWithoutPrompt.js","names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","clone","prompt","responseMode","display","getToken"],"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOIDCInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOIDCInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAsDC,OAAtD,EAAoG;EACzG,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;EACD;;EAEDJ,OAAO,GAAG,IAAAK,WAAA,EAAML,OAAN,KAAkB,EAA5B;EACA,qBAAcA,OAAd,EAAuB;IACrBM,MAAM,EAAE,MADa;IAErBC,YAAY,EAAE,mBAFO;IAGrBC,OAAO,EAAE;EAHY,CAAvB;EAKA,OAAO,IAAAC,kBAAA,EAASV,GAAT,EAAcC,OAAd,CAAP;AACD"}
+{"version":3,"file":"getWithoutPrompt.js","names":["getWithoutPrompt","sdk","options","arguments","length","Promise","reject","AuthSdkError","clone","Object","assign","prompt","responseMode","display","getToken"],"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n"],"mappings":";;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAuDC,OAAvD,EAAqG;EAC1G,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;EACD;;EAEDL,OAAO,GAAG,IAAAM,WAAA,EAAMN,OAAN,KAAkB,EAA5B;EACAO,MAAM,CAACC,MAAP,CAAcR,OAAd,EAAuB;IACrBS,MAAM,EAAE,MADa;IAErBC,YAAY,EAAE,mBAFO;IAGrBC,OAAO,EAAE;EAHY,CAAvB;EAKA,OAAO,IAAAC,kBAAA,EAASb,GAAT,EAAcC,OAAd,CAAP;AACD"}

package/cjs/oidc/handleOAuthResponse.js

@@ -1,13 +1,7 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
-
 exports.handleOAuthResponse = handleOAuthResponse;
 
-var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
-
-var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
-
 var _util = require("../util");
 
 var _oauth = require("./util/oauth");
@@ -49,7 +43,7 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
   // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result
 
   if (pkce && (res.code || res.interaction_code)) {
-    return sdk.token.exchangeCodeForTokens((0, _assign.default)({}, tokenParams, {
+    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {
       authorizationCode: res.code,
       interactionCode: res.interaction_code
     }), urls);
@@ -136,12 +130,12 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
   } // Validate received tokens against requested response types 
 
 
-  if ((0, _indexOf.default)(responseType).call(responseType, 'token') !== -1 && !tokenDict.accessToken) {
+  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {
     // eslint-disable-next-line max-len
     throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "token" was requested but "access_token" was not returned.');
   }
 
-  if ((0, _indexOf.default)(responseType).call(responseType, 'id_token') !== -1 && !tokenDict.idToken) {
+  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {
     // eslint-disable-next-line max-len
     throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "id_token" was requested but "id_token" was not returned.');
   }

package/cjs/oidc/handleOAuthResponse.js.map

@@ -1 +1 @@
-{"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","authorizationCode","interactionCode","getDefaultTokenParams","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","verifyToken","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthOIDCInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from '../types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthOIDCInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  var tokenDict = {} as Tokens;\n  var expiresIn = res.expires_in;\n  var tokenType = res.token_type;\n  var accessToken = res.access_token;\n  var idToken = res.id_token;\n  var refreshToken = res.refresh_token;\n  var now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    var accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    var idJwt = sdk.token.decode(idToken);\n    var idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    var validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code\n  };\n  \n}"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;EACtE,IAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;IAC5C,MAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;EACD;;EAED,IAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;IACnC,MAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;EACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;EACxB,IAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;EACA;;EACA,IAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;IAC9C,OAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgC,qBAAc,EAAd,EAAkBP,WAAlB,EAA+B;MACpEQ,iBAAiB,EAAEf,GAAG,CAACW,IAD6C;MAEpEK,eAAe,EAAEhB,GAAG,CAACY;IAF+C,CAA/B,CAAhC,EAGHJ,IAHG,CAAP;EAID;;EAEDD,WAAW,GAAGA,WAAW,IAAI,IAAAU,4BAAA,EAAsBX,GAAtB,CAA7B;EACAE,IAAI,GAAGA,IAAI,IAAI,IAAAU,mBAAA,EAAaZ,GAAb,EAAkBC,WAAlB,CAAf;EAEA,IAAIY,YAAY,GAAGZ,WAAW,CAACY,YAAZ,IAA4B,EAA/C;;EACA,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;IAChCA,YAAY,GAAG,CAACA,YAAD,CAAf;EACD;;EAED,IAAIG,MAAJ;;EACA,IAAItB,GAAG,CAACuB,KAAR,EAAe;IACbD,MAAM,GAAGtB,GAAG,CAACuB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;EACD,CAFD,MAEO;IACLF,MAAM,GAAG,IAAAG,WAAA,EAAMlB,WAAW,CAACe,MAAlB,CAAT;EACD;;EACD,IAAII,QAAQ,GAAGnB,WAAW,CAACmB,QAAZ,IAAwBpB,GAAG,CAACI,OAAJ,CAAYgB,QAAnD,CA1BwB,CA4BxB;;EACA3B,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;EAEA,IAAIoB,SAAS,GAAG,EAAhB;EACA,IAAIC,SAAS,GAAG5B,GAAG,CAAC6B,UAApB;EACA,IAAIC,SAAS,GAAG9B,GAAG,CAAC+B,UAApB;EACA,IAAIC,WAAW,GAAGhC,GAAG,CAACiC,YAAtB;EACA,IAAIC,OAAO,GAAGlC,GAAG,CAACmC,QAAlB;EACA,IAAIC,YAAY,GAAGpC,GAAG,CAACqC,aAAvB;EACA,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIN,WAAJ,EAAiB;IACf,IAAIU,SAAS,GAAGpC,GAAG,CAACO,KAAJ,CAAU8B,MAAV,CAAiBX,WAAjB,CAAhB;IACAL,SAAS,CAACK,WAAV,GAAwB;MACtBA,WAAW,EAAEA,WADS;MAEtBY,MAAM,EAAEF,SAAS,CAACG,OAFI;MAGtBC,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;MAItBR,SAAS,EAAEA,SAJW;MAKtBR,MAAM,EAAEA,MALc;MAMtB0B,YAAY,EAAExC,IAAI,CAACwC,YANG;MAOtBC,WAAW,EAAEzC,IAAI,CAACyC;IAPI,CAAxB;EASD;;EAED,IAAIb,YAAJ,EAAkB;IAChBT,SAAS,CAACS,YAAV,GAAyB;MACvBA,YAAY,EAAEA,YADS;MAEvB;MACA;MACAU,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;MAKvBhB,MAAM,EAAEA,MALe;MAMvB4B,QAAQ,EAAE1C,IAAI,CAAC0C,QANQ;MAOvBF,YAAY,EAAExC,IAAI,CAACwC,YAPI;MAQvBG,MAAM,EAAE3C,IAAI,CAAC2C;IARU,CAAzB;EAUD;;EAED,IAAIjB,OAAJ,EAAa;IACX,IAAIkB,KAAK,GAAG9C,GAAG,CAACO,KAAJ,CAAU8B,MAAV,CAAiBT,OAAjB,CAAZ;IACA,IAAImB,UAAmB,GAAG;MACxBnB,OAAO,EAAEA,OADe;MAExBU,MAAM,EAAEQ,KAAK,CAACP,OAFU;MAGxBC,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;MAGkC;MAC1DhB,MAAM,EAAEA,MAJgB;MAKxB0B,YAAY,EAAExC,IAAI,CAACwC,YALK;MAMxBG,MAAM,EAAE3C,IAAI,CAAC2C,MANW;MAOxBzB,QAAQ,EAAEA;IAPc,CAA1B;IAUA,IAAI8B,gBAAmC,GAAG;MACxC9B,QAAQ,EAAEA,QAD8B;MAExCyB,MAAM,EAAE3C,IAAI,CAAC2C,MAF2B;MAGxCM,KAAK,EAAElD,WAAW,CAACkD,KAHqB;MAIxCzB,WAAW,EAAEA;IAJ2B,CAA1C;;IAOA,IAAIzB,WAAW,CAACmD,eAAZ,KAAgCC,SAApC,EAA+C;MAC7CH,gBAAgB,CAACE,eAAjB,GAAmCnD,WAAW,CAACmD,eAA/C;IACD;;IAED,MAAM,IAAAE,wBAAA,EAAYtD,GAAZ,EAAiB+C,UAAjB,EAA6BG,gBAA7B,CAAN;IACA7B,SAAS,CAACO,OAAV,GAAoBmB,UAApB;EACD,CA1FuB,CA4FxB;;;EACA,IAAI,sBAAAlC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACQ,SAAS,CAACK,WAAvD,EAAoE;IAClE;IACA,MAAM,IAAI5B,oBAAJ,CAAiB,+GAAjB,CAAN;EACD;;EACD,IAAI,sBAAAe,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACQ,SAAS,CAACO,OAA1D,EAAmE;IACjE;IACA,MAAM,IAAI9B,oBAAJ,CAAiB,8GAAjB,CAAN;EACD;;EAED,OAAO;IACLyD,MAAM,EAAElC,SADH;IAELxB,KAAK,EAAEH,GAAG,CAACG,KAFN;IAGLQ,IAAI,EAAEX,GAAG,CAACW;EAHL,CAAP;AAMD"}
+{"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","Object","assign","authorizationCode","interactionCode","getDefaultTokenParams","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","verifyToken","indexOf","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthOAuthInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  var tokenDict = {} as Tokens;\n  var expiresIn = res.expires_in;\n  var tokenType = res.token_type;\n  var accessToken = res.access_token;\n  var idToken = res.id_token;\n  var refreshToken = res.refresh_token;\n  var now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    var accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    var idJwt = sdk.token.decode(idToken);\n    var idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    var validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code\n  };\n  \n}"],"mappings":";;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AA/BA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAmBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;EACtE,IAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;IAC5C,MAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;EACD;;EAED,IAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;IACnC,MAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;EACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;EACxB,IAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;EACA;;EACA,IAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;IAC9C,OAAON,GAAG,CAACO,KAAJ,CAAUC,qBAAV,CAAgCC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBT,WAAlB,EAA+B;MACpEU,iBAAiB,EAAEjB,GAAG,CAACW,IAD6C;MAEpEO,eAAe,EAAElB,GAAG,CAACY;IAF+C,CAA/B,CAAhC,EAGHJ,IAHG,CAAP;EAID;;EAEDD,WAAW,GAAGA,WAAW,IAAI,IAAAY,4BAAA,EAAsBb,GAAtB,CAA7B;EACAE,IAAI,GAAGA,IAAI,IAAI,IAAAY,mBAAA,EAAad,GAAb,EAAkBC,WAAlB,CAAf;EAEA,IAAIc,YAAY,GAAGd,WAAW,CAACc,YAAZ,IAA4B,EAA/C;;EACA,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;IAChCA,YAAY,GAAG,CAACA,YAAD,CAAf;EACD;;EAED,IAAIG,MAAJ;;EACA,IAAIxB,GAAG,CAACyB,KAAR,EAAe;IACbD,MAAM,GAAGxB,GAAG,CAACyB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;EACD,CAFD,MAEO;IACLF,MAAM,GAAG,IAAAG,WAAA,EAAMpB,WAAW,CAACiB,MAAlB,CAAT;EACD;;EACD,IAAII,QAAQ,GAAGrB,WAAW,CAACqB,QAAZ,IAAwBtB,GAAG,CAACI,OAAJ,CAAYkB,QAAnD,CA1BwB,CA4BxB;;EACA7B,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;EAEA,IAAIsB,SAAS,GAAG,EAAhB;EACA,IAAIC,SAAS,GAAG9B,GAAG,CAAC+B,UAApB;EACA,IAAIC,SAAS,GAAGhC,GAAG,CAACiC,UAApB;EACA,IAAIC,WAAW,GAAGlC,GAAG,CAACmC,YAAtB;EACA,IAAIC,OAAO,GAAGpC,GAAG,CAACqC,QAAlB;EACA,IAAIC,YAAY,GAAGtC,GAAG,CAACuC,aAAvB;EACA,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;EAEA,IAAIN,WAAJ,EAAiB;IACf,IAAIU,SAAS,GAAGtC,GAAG,CAACO,KAAJ,CAAUgC,MAAV,CAAiBX,WAAjB,CAAhB;IACAL,SAAS,CAACK,WAAV,GAAwB;MACtBA,WAAW,EAAEA,WADS;MAEtBY,MAAM,EAAEF,SAAS,CAACG,OAFI;MAGtBC,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAHT;MAItBR,SAAS,EAAEA,SAJW;MAKtBR,MAAM,EAAEA,MALc;MAMtB0B,YAAY,EAAE1C,IAAI,CAAC0C,YANG;MAOtBC,WAAW,EAAE3C,IAAI,CAAC2C;IAPI,CAAxB;EASD;;EAED,IAAIb,YAAJ,EAAkB;IAChBT,SAAS,CAACS,YAAV,GAAyB;MACvBA,YAAY,EAAEA,YADS;MAEvB;MACA;MACAU,SAAS,EAAEC,MAAM,CAACnB,SAAD,CAAN,GAAoBU,GAJR;MAKvBhB,MAAM,EAAEA,MALe;MAMvB4B,QAAQ,EAAE5C,IAAI,CAAC4C,QANQ;MAOvBF,YAAY,EAAE1C,IAAI,CAAC0C,YAPI;MAQvBG,MAAM,EAAE7C,IAAI,CAAC6C;IARU,CAAzB;EAUD;;EAED,IAAIjB,OAAJ,EAAa;IACX,IAAIkB,KAAK,GAAGhD,GAAG,CAACO,KAAJ,CAAUgC,MAAV,CAAiBT,OAAjB,CAAZ;IACA,IAAImB,UAAmB,GAAG;MACxBnB,OAAO,EAAEA,OADe;MAExBU,MAAM,EAAEQ,KAAK,CAACP,OAFU;MAGxBC,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0CjB,GAH7B;MAGkC;MAC1DhB,MAAM,EAAEA,MAJgB;MAKxB0B,YAAY,EAAE1C,IAAI,CAAC0C,YALK;MAMxBG,MAAM,EAAE7C,IAAI,CAAC6C,MANW;MAOxBzB,QAAQ,EAAEA;IAPc,CAA1B;IAUA,IAAI8B,gBAAmC,GAAG;MACxC9B,QAAQ,EAAEA,QAD8B;MAExCyB,MAAM,EAAE7C,IAAI,CAAC6C,MAF2B;MAGxCM,KAAK,EAAEpD,WAAW,CAACoD,KAHqB;MAIxCzB,WAAW,EAAEA;IAJ2B,CAA1C;;IAOA,IAAI3B,WAAW,CAACqD,eAAZ,KAAgCC,SAApC,EAA+C;MAC7CH,gBAAgB,CAACE,eAAjB,GAAmCrD,WAAW,CAACqD,eAA/C;IACD;;IAED,MAAM,IAAAE,wBAAA,EAAYxD,GAAZ,EAAiBiD,UAAjB,EAA6BG,gBAA7B,CAAN;IACA7B,SAAS,CAACO,OAAV,GAAoBmB,UAApB;EACD,CA1FuB,CA4FxB;;;EACA,IAAIlC,YAAY,CAAC0C,OAAb,CAAqB,OAArB,MAAkC,CAAC,CAAnC,IAAwC,CAAClC,SAAS,CAACK,WAAvD,EAAoE;IAClE;IACA,MAAM,IAAI9B,oBAAJ,CAAiB,+GAAjB,CAAN;EACD;;EACD,IAAIiB,YAAY,CAAC0C,OAAb,CAAqB,UAArB,MAAqC,CAAC,CAAtC,IAA2C,CAAClC,SAAS,CAACO,OAA1D,EAAmE;IACjE;IACA,MAAM,IAAIhC,oBAAJ,CAAiB,8GAAjB,CAAN;EACD;;EAED,OAAO;IACL4D,MAAM,EAAEnC,SADH;IAEL1B,KAAK,EAAEH,GAAG,CAACG,KAFN;IAGLQ,IAAI,EAAEX,GAAG,CAACW;EAHL,CAAP;AAMD"}