@okta/okta-auth-js 7.0.0 → 7.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (569) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +2 -0
  3. package/cjs/authn/AuthnTransactionImpl.js +6 -8
  4. package/cjs/authn/AuthnTransactionImpl.js.map +1 -1
  5. package/cjs/authn/api.js +3 -18
  6. package/cjs/authn/api.js.map +1 -1
  7. package/cjs/authn/factory.js +1 -7
  8. package/cjs/authn/factory.js.map +1 -1
  9. package/cjs/authn/index.js +0 -5
  10. package/cjs/authn/index.js.map +1 -1
  11. package/cjs/authn/mixin.js +14 -22
  12. package/cjs/authn/mixin.js.map +1 -1
  13. package/cjs/authn/util/flattenEmbedded.js +5 -12
  14. package/cjs/authn/util/flattenEmbedded.js.map +1 -1
  15. package/cjs/authn/util/link2fn.js +0 -22
  16. package/cjs/authn/util/link2fn.js.map +1 -1
  17. package/cjs/authn/util/links2fns.js +0 -12
  18. package/cjs/authn/util/links2fns.js.map +1 -1
  19. package/cjs/authn/util/poll.js +9 -27
  20. package/cjs/authn/util/poll.js.map +1 -1
  21. package/cjs/authn/util/stateToken.js +3 -4
  22. package/cjs/authn/util/stateToken.js.map +1 -1
  23. package/cjs/base/factory.js +6 -14
  24. package/cjs/base/factory.js.map +1 -1
  25. package/cjs/base/index.js +0 -5
  26. package/cjs/base/index.js.map +1 -1
  27. package/cjs/base/options.js +1 -2
  28. package/cjs/base/options.js.map +1 -1
  29. package/cjs/browser/browserStorage.js +15 -43
  30. package/cjs/browser/browserStorage.js.map +1 -1
  31. package/cjs/browser/fingerprint.js +3 -15
  32. package/cjs/browser/fingerprint.js.map +1 -1
  33. package/cjs/clock.js +5 -7
  34. package/cjs/clock.js.map +1 -1
  35. package/cjs/constants.js +4 -3
  36. package/cjs/constants.js.map +1 -1
  37. package/cjs/core/AuthStateManager.js +24 -48
  38. package/cjs/core/AuthStateManager.js.map +1 -1
  39. package/cjs/core/ServiceManager/browser.js +13 -33
  40. package/cjs/core/ServiceManager/browser.js.map +1 -1
  41. package/cjs/core/ServiceManager/index.js +0 -1
  42. package/cjs/core/ServiceManager/index.js.map +1 -1
  43. package/cjs/core/ServiceManager/node.js +3 -9
  44. package/cjs/core/ServiceManager/node.js.map +1 -1
  45. package/cjs/core/factory.js +0 -7
  46. package/cjs/core/factory.js.map +1 -1
  47. package/cjs/core/index.js +0 -13
  48. package/cjs/core/index.js.map +1 -1
  49. package/cjs/core/mixin.js +16 -20
  50. package/cjs/core/mixin.js.map +1 -1
  51. package/cjs/core/options.js +1 -3
  52. package/cjs/core/options.js.map +1 -1
  53. package/cjs/core/storage.js +0 -2
  54. package/cjs/core/storage.js.map +1 -1
  55. package/cjs/core/types/index.js +0 -5
  56. package/cjs/core/types/index.js.map +1 -1
  57. package/cjs/crypto/base64.js +9 -22
  58. package/cjs/crypto/base64.js.map +1 -1
  59. package/cjs/crypto/browser.js +0 -4
  60. package/cjs/crypto/browser.js.map +1 -1
  61. package/cjs/crypto/index.js +0 -9
  62. package/cjs/crypto/index.js.map +1 -1
  63. package/cjs/crypto/node.js +0 -13
  64. package/cjs/crypto/node.js.map +1 -1
  65. package/cjs/crypto/oidcHash.js +1 -4
  66. package/cjs/crypto/oidcHash.js.map +1 -1
  67. package/cjs/crypto/verifyToken.js +6 -7
  68. package/cjs/crypto/verifyToken.js.map +1 -1
  69. package/cjs/crypto/webcrypto.js +0 -1
  70. package/cjs/crypto/webcrypto.js.map +1 -1
  71. package/cjs/errors/AuthApiError.js +1 -7
  72. package/cjs/errors/AuthApiError.js.map +1 -1
  73. package/cjs/errors/AuthPollStopError.js +1 -5
  74. package/cjs/errors/AuthPollStopError.js.map +1 -1
  75. package/cjs/errors/AuthSdkError.js +1 -6
  76. package/cjs/errors/AuthSdkError.js.map +1 -1
  77. package/cjs/errors/CustomError.js +1 -4
  78. package/cjs/errors/CustomError.js.map +1 -1
  79. package/cjs/errors/OAuthError.js +4 -7
  80. package/cjs/errors/OAuthError.js.map +1 -1
  81. package/cjs/errors/index.js +1 -9
  82. package/cjs/errors/index.js.map +1 -1
  83. package/cjs/exports/authn.js +0 -9
  84. package/cjs/exports/authn.js.map +1 -1
  85. package/cjs/exports/cdn/authn.js +0 -2
  86. package/cjs/exports/cdn/authn.js.map +1 -1
  87. package/cjs/exports/cdn/core.js +0 -2
  88. package/cjs/exports/cdn/core.js.map +1 -1
  89. package/cjs/exports/cdn/default.js +0 -2
  90. package/cjs/exports/cdn/default.js.map +1 -1
  91. package/cjs/exports/cdn/idx.js +0 -2
  92. package/cjs/exports/cdn/idx.js.map +1 -1
  93. package/cjs/exports/cdn/myaccount.js +0 -2
  94. package/cjs/exports/cdn/myaccount.js.map +1 -1
  95. package/cjs/exports/common.js +0 -22
  96. package/cjs/exports/common.js.map +1 -1
  97. package/cjs/exports/core.js +0 -9
  98. package/cjs/exports/core.js.map +1 -1
  99. package/cjs/exports/default.js +2 -12
  100. package/cjs/exports/default.js.map +1 -1
  101. package/cjs/exports/idx.js +3 -7
  102. package/cjs/exports/idx.js.map +1 -1
  103. package/cjs/exports/myaccount.js +0 -9
  104. package/cjs/exports/myaccount.js.map +1 -1
  105. package/cjs/features.js +1 -18
  106. package/cjs/features.js.map +1 -1
  107. package/cjs/fetch/fetchRequest.js +6 -20
  108. package/cjs/fetch/fetchRequest.js.map +1 -1
  109. package/cjs/http/OktaUserAgent.js +3 -11
  110. package/cjs/http/OktaUserAgent.js.map +1 -1
  111. package/cjs/http/headers.js +1 -1
  112. package/cjs/http/headers.js.map +1 -1
  113. package/cjs/http/index.js +0 -11
  114. package/cjs/http/index.js.map +1 -1
  115. package/cjs/http/mixin.js +2 -10
  116. package/cjs/http/mixin.js.map +1 -1
  117. package/cjs/http/options.js +1 -5
  118. package/cjs/http/options.js.map +1 -1
  119. package/cjs/http/request.js +75 -57
  120. package/cjs/http/request.js.map +1 -1
  121. package/cjs/idx/IdxTransactionManager.js +2 -22
  122. package/cjs/idx/IdxTransactionManager.js.map +1 -1
  123. package/cjs/idx/authenticate.js +3 -5
  124. package/cjs/idx/authenticate.js.map +1 -1
  125. package/cjs/idx/authenticator/Authenticator.js +2 -4
  126. package/cjs/idx/authenticator/Authenticator.js.map +1 -1
  127. package/cjs/idx/authenticator/OktaPassword.js +2 -10
  128. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  129. package/cjs/idx/authenticator/OktaVerifyTotp.js +0 -6
  130. package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
  131. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +0 -10
  132. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
  133. package/cjs/idx/authenticator/SecurityQuestionVerification.js +1 -10
  134. package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
  135. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +2 -10
  136. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  137. package/cjs/idx/authenticator/WebauthnEnrollment.js +0 -8
  138. package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
  139. package/cjs/idx/authenticator/WebauthnVerification.js +0 -8
  140. package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
  141. package/cjs/idx/authenticator/getAuthenticator.js +0 -15
  142. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  143. package/cjs/idx/authenticator/index.js +0 -15
  144. package/cjs/idx/authenticator/index.js.map +1 -1
  145. package/cjs/idx/authenticator/util.js +8 -18
  146. package/cjs/idx/authenticator/util.js.map +1 -1
  147. package/cjs/idx/cancel.js +3 -4
  148. package/cjs/idx/cancel.js.map +1 -1
  149. package/cjs/idx/emailVerify.js +5 -13
  150. package/cjs/idx/emailVerify.js.map +1 -1
  151. package/cjs/idx/factory/OktaAuthIdx.js +0 -3
  152. package/cjs/idx/factory/OktaAuthIdx.js.map +1 -1
  153. package/cjs/idx/factory/api.js +1 -17
  154. package/cjs/idx/factory/api.js.map +1 -1
  155. package/cjs/idx/factory/index.js +0 -3
  156. package/cjs/idx/factory/index.js.map +1 -1
  157. package/cjs/idx/flow/AccountUnlockFlow.js +1 -2
  158. package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -1
  159. package/cjs/idx/flow/AuthenticationFlow.js +1 -2
  160. package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
  161. package/cjs/idx/flow/FlowSpecification.js +2 -13
  162. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  163. package/cjs/idx/flow/PasswordRecoveryFlow.js +1 -2
  164. package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  165. package/cjs/idx/flow/RegistrationFlow.js +1 -2
  166. package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
  167. package/cjs/idx/flow/index.js +0 -11
  168. package/cjs/idx/flow/index.js.map +1 -1
  169. package/cjs/idx/handleInteractionCodeRedirect.js +7 -12
  170. package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
  171. package/cjs/idx/idxState/index.js +1 -11
  172. package/cjs/idx/idxState/index.js.map +1 -1
  173. package/cjs/idx/idxState/v1/actionParser.js +1 -12
  174. package/cjs/idx/idxState/v1/actionParser.js.map +1 -1
  175. package/cjs/idx/idxState/v1/generateIdxAction.js +10 -15
  176. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  177. package/cjs/idx/idxState/v1/idxResponseParser.js +7 -23
  178. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  179. package/cjs/idx/idxState/v1/makeIdxState.js +2 -10
  180. package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
  181. package/cjs/idx/idxState/v1/parsers.js +0 -2
  182. package/cjs/idx/idxState/v1/parsers.js.map +1 -1
  183. package/cjs/idx/idxState/v1/remediationParser.js +2 -4
  184. package/cjs/idx/idxState/v1/remediationParser.js.map +1 -1
  185. package/cjs/idx/index.js +0 -26
  186. package/cjs/idx/index.js.map +1 -1
  187. package/cjs/idx/interact.js +18 -18
  188. package/cjs/idx/interact.js.map +1 -1
  189. package/cjs/idx/introspect.js +5 -14
  190. package/cjs/idx/introspect.js.map +1 -1
  191. package/cjs/idx/mixin.js +0 -9
  192. package/cjs/idx/mixin.js.map +1 -1
  193. package/cjs/idx/options.js +2 -3
  194. package/cjs/idx/options.js.map +1 -1
  195. package/cjs/idx/poll.js +1 -10
  196. package/cjs/idx/poll.js.map +1 -1
  197. package/cjs/idx/proceed.js +3 -9
  198. package/cjs/idx/proceed.js.map +1 -1
  199. package/cjs/idx/recoverPassword.js +3 -4
  200. package/cjs/idx/recoverPassword.js.map +1 -1
  201. package/cjs/idx/register.js +5 -11
  202. package/cjs/idx/register.js.map +1 -1
  203. package/cjs/idx/remediate.js +24 -45
  204. package/cjs/idx/remediate.js.map +1 -1
  205. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +7 -16
  206. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
  207. package/cjs/idx/remediators/AuthenticatorVerificationData.js +7 -15
  208. package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
  209. package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -22
  210. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  211. package/cjs/idx/remediators/Base/Remediator.js +38 -67
  212. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  213. package/cjs/idx/remediators/Base/SelectAuthenticator.js +13 -30
  214. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  215. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +5 -13
  216. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  217. package/cjs/idx/remediators/ChallengeAuthenticator.js +1 -5
  218. package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
  219. package/cjs/idx/remediators/ChallengePoll.js +1 -6
  220. package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
  221. package/cjs/idx/remediators/EnrollAuthenticator.js +1 -5
  222. package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
  223. package/cjs/idx/remediators/EnrollPoll.js +5 -12
  224. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  225. package/cjs/idx/remediators/EnrollProfile.js +8 -30
  226. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  227. package/cjs/idx/remediators/EnrollmentChannelData.js +5 -13
  228. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
  229. package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js +13 -19
  230. package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js.map +1 -1
  231. package/cjs/idx/remediators/GenericRemediator/index.js +0 -1
  232. package/cjs/idx/remediators/GenericRemediator/index.js.map +1 -1
  233. package/cjs/idx/remediators/GenericRemediator/util.js +19 -31
  234. package/cjs/idx/remediators/GenericRemediator/util.js.map +1 -1
  235. package/cjs/idx/remediators/Identify.js +3 -12
  236. package/cjs/idx/remediators/Identify.js.map +1 -1
  237. package/cjs/idx/remediators/ReEnrollAuthenticator.js +3 -10
  238. package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
  239. package/cjs/idx/remediators/RedirectIdp.js +1 -7
  240. package/cjs/idx/remediators/RedirectIdp.js.map +1 -1
  241. package/cjs/idx/remediators/ResetAuthenticator.js +1 -5
  242. package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
  243. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +3 -11
  244. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  245. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +1 -5
  246. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
  247. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +6 -15
  248. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
  249. package/cjs/idx/remediators/SelectEnrollProfile.js +1 -6
  250. package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
  251. package/cjs/idx/remediators/SelectEnrollmentChannel.js +5 -16
  252. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  253. package/cjs/idx/remediators/Skip.js +1 -6
  254. package/cjs/idx/remediators/Skip.js.map +1 -1
  255. package/cjs/idx/remediators/index.js +0 -39
  256. package/cjs/idx/remediators/index.js.map +1 -1
  257. package/cjs/idx/remediators/util.js +1 -7
  258. package/cjs/idx/remediators/util.js.map +1 -1
  259. package/cjs/idx/run.js +39 -54
  260. package/cjs/idx/run.js.map +1 -1
  261. package/cjs/idx/startTransaction.js +1 -2
  262. package/cjs/idx/startTransaction.js.map +1 -1
  263. package/cjs/idx/storage.js +3 -22
  264. package/cjs/idx/storage.js.map +1 -1
  265. package/cjs/idx/transactionMeta.js +24 -42
  266. package/cjs/idx/transactionMeta.js.map +1 -1
  267. package/cjs/idx/types/api.js +1 -9
  268. package/cjs/idx/types/api.js.map +1 -1
  269. package/cjs/idx/types/idx-js.js +3 -3
  270. package/cjs/idx/types/idx-js.js.map +1 -1
  271. package/cjs/idx/types/index.js +0 -7
  272. package/cjs/idx/types/index.js.map +1 -1
  273. package/cjs/idx/types/meta.js.map +1 -1
  274. package/cjs/idx/types/options.js.map +1 -1
  275. package/cjs/idx/unlockAccount.js +7 -11
  276. package/cjs/idx/unlockAccount.js.map +1 -1
  277. package/cjs/idx/util.js +24 -76
  278. package/cjs/idx/util.js.map +1 -1
  279. package/cjs/idx/webauthn.js +13 -18
  280. package/cjs/idx/webauthn.js.map +1 -1
  281. package/cjs/myaccount/api.js +0 -5
  282. package/cjs/myaccount/api.js.map +1 -1
  283. package/cjs/myaccount/emailApi.js +6 -21
  284. package/cjs/myaccount/emailApi.js.map +1 -1
  285. package/cjs/myaccount/factory.js +0 -3
  286. package/cjs/myaccount/factory.js.map +1 -1
  287. package/cjs/myaccount/index.js +0 -7
  288. package/cjs/myaccount/index.js.map +1 -1
  289. package/cjs/myaccount/mixin.js +0 -5
  290. package/cjs/myaccount/mixin.js.map +1 -1
  291. package/cjs/myaccount/phoneApi.js +5 -18
  292. package/cjs/myaccount/phoneApi.js.map +1 -1
  293. package/cjs/myaccount/profileApi.js +2 -9
  294. package/cjs/myaccount/profileApi.js.map +1 -1
  295. package/cjs/myaccount/request.js +12 -78
  296. package/cjs/myaccount/request.js.map +1 -1
  297. package/cjs/myaccount/transactions/Base.js +5 -7
  298. package/cjs/myaccount/transactions/Base.js.map +1 -1
  299. package/cjs/myaccount/transactions/EmailChallengeTransaction.js +5 -10
  300. package/cjs/myaccount/transactions/EmailChallengeTransaction.js.map +1 -1
  301. package/cjs/myaccount/transactions/EmailStatusTransaction.js +2 -7
  302. package/cjs/myaccount/transactions/EmailStatusTransaction.js.map +1 -1
  303. package/cjs/myaccount/transactions/EmailTransaction.js +5 -13
  304. package/cjs/myaccount/transactions/EmailTransaction.js.map +1 -1
  305. package/cjs/myaccount/transactions/PhoneTransaction.js +5 -12
  306. package/cjs/myaccount/transactions/PhoneTransaction.js.map +1 -1
  307. package/cjs/myaccount/transactions/ProfileSchemaTransaction.js +0 -5
  308. package/cjs/myaccount/transactions/ProfileSchemaTransaction.js.map +1 -1
  309. package/cjs/myaccount/transactions/ProfileTransaction.js +0 -5
  310. package/cjs/myaccount/transactions/ProfileTransaction.js.map +1 -1
  311. package/cjs/myaccount/transactions/index.js +0 -8
  312. package/cjs/myaccount/transactions/index.js.map +1 -1
  313. package/cjs/myaccount/types.js +0 -5
  314. package/cjs/myaccount/types.js.map +1 -1
  315. package/cjs/oidc/TokenManager.js +39 -100
  316. package/cjs/oidc/TokenManager.js.map +1 -1
  317. package/cjs/oidc/TransactionManager.js +19 -26
  318. package/cjs/oidc/TransactionManager.js.map +1 -1
  319. package/cjs/oidc/decodeToken.js +1 -5
  320. package/cjs/oidc/decodeToken.js.map +1 -1
  321. package/cjs/oidc/endpoints/authorize.js +9 -13
  322. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  323. package/cjs/oidc/endpoints/index.js +0 -5
  324. package/cjs/oidc/endpoints/index.js.map +1 -1
  325. package/cjs/oidc/endpoints/token.js +5 -17
  326. package/cjs/oidc/endpoints/token.js.map +1 -1
  327. package/cjs/oidc/endpoints/well-known.js +7 -14
  328. package/cjs/oidc/endpoints/well-known.js.map +1 -1
  329. package/cjs/oidc/exchangeCodeForTokens.js +7 -12
  330. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  331. package/cjs/oidc/factory/OktaAuthOAuth.js +0 -6
  332. package/cjs/oidc/factory/OktaAuthOAuth.js.map +1 -1
  333. package/cjs/oidc/factory/api.js +6 -20
  334. package/cjs/oidc/factory/api.js.map +1 -1
  335. package/cjs/oidc/factory/index.js +0 -3
  336. package/cjs/oidc/factory/index.js.map +1 -1
  337. package/cjs/oidc/getToken.js +18 -30
  338. package/cjs/oidc/getToken.js.map +1 -1
  339. package/cjs/oidc/getUserInfo.js +1 -15
  340. package/cjs/oidc/getUserInfo.js.map +1 -1
  341. package/cjs/oidc/getWithPopup.js +4 -8
  342. package/cjs/oidc/getWithPopup.js.map +1 -1
  343. package/cjs/oidc/getWithRedirect.js +1 -8
  344. package/cjs/oidc/getWithRedirect.js.map +1 -1
  345. package/cjs/oidc/getWithoutPrompt.js +1 -5
  346. package/cjs/oidc/getWithoutPrompt.js.map +1 -1
  347. package/cjs/oidc/handleOAuthResponse.js +23 -40
  348. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  349. package/cjs/oidc/index.js +0 -32
  350. package/cjs/oidc/index.js.map +1 -1
  351. package/cjs/oidc/mixin/browser.js +6 -18
  352. package/cjs/oidc/mixin/browser.js.map +1 -1
  353. package/cjs/oidc/mixin/index.js +37 -89
  354. package/cjs/oidc/mixin/index.js.map +1 -1
  355. package/cjs/oidc/mixin/node.js +2 -9
  356. package/cjs/oidc/mixin/node.js.map +1 -1
  357. package/cjs/oidc/options/OAuthOptionsConstructor.js +17 -24
  358. package/cjs/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  359. package/cjs/oidc/options/browser.js.map +1 -1
  360. package/cjs/oidc/options/index.js +0 -1
  361. package/cjs/oidc/options/index.js.map +1 -1
  362. package/cjs/oidc/options/node.js.map +1 -1
  363. package/cjs/oidc/parseFromUrl.js +1 -32
  364. package/cjs/oidc/parseFromUrl.js.map +1 -1
  365. package/cjs/oidc/renewToken.js +5 -16
  366. package/cjs/oidc/renewToken.js.map +1 -1
  367. package/cjs/oidc/renewTokens.js +3 -15
  368. package/cjs/oidc/renewTokens.js.map +1 -1
  369. package/cjs/oidc/renewTokensWithRefresh.js +3 -13
  370. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  371. package/cjs/oidc/revokeToken.js +3 -14
  372. package/cjs/oidc/revokeToken.js.map +1 -1
  373. package/cjs/oidc/storage.js +0 -8
  374. package/cjs/oidc/storage.js.map +1 -1
  375. package/cjs/oidc/types/Token.js +1 -5
  376. package/cjs/oidc/types/Token.js.map +1 -1
  377. package/cjs/oidc/types/TokenManager.js +1 -1
  378. package/cjs/oidc/types/TokenManager.js.map +1 -1
  379. package/cjs/oidc/types/Transaction.js +1 -12
  380. package/cjs/oidc/types/Transaction.js.map +1 -1
  381. package/cjs/oidc/types/UserClaims.js.map +1 -1
  382. package/cjs/oidc/types/api.js.map +1 -1
  383. package/cjs/oidc/types/index.js +0 -21
  384. package/cjs/oidc/types/index.js.map +1 -1
  385. package/cjs/oidc/types/meta.js.map +1 -1
  386. package/cjs/oidc/types/options.js.map +1 -1
  387. package/cjs/oidc/types/proto.js.map +1 -1
  388. package/cjs/oidc/util/browser.js +4 -13
  389. package/cjs/oidc/util/browser.js.map +1 -1
  390. package/cjs/oidc/util/defaultTokenParams.js +5 -5
  391. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  392. package/cjs/oidc/util/errors.js +3 -8
  393. package/cjs/oidc/util/errors.js.map +1 -1
  394. package/cjs/oidc/util/index.js +0 -24
  395. package/cjs/oidc/util/index.js.map +1 -1
  396. package/cjs/oidc/util/loginRedirect.js +11 -25
  397. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  398. package/cjs/oidc/util/oauth.js +3 -12
  399. package/cjs/oidc/util/oauth.js.map +1 -1
  400. package/cjs/oidc/util/oauthMeta.js +5 -6
  401. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  402. package/cjs/oidc/util/pkce.js +1 -12
  403. package/cjs/oidc/util/pkce.js.map +1 -1
  404. package/cjs/oidc/util/prepareTokenParams.js +13 -26
  405. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  406. package/cjs/oidc/util/refreshToken.js +0 -7
  407. package/cjs/oidc/util/refreshToken.js.map +1 -1
  408. package/cjs/oidc/util/sharedStorage.js +0 -8
  409. package/cjs/oidc/util/sharedStorage.js.map +1 -1
  410. package/cjs/oidc/util/urlParams.js +9 -12
  411. package/cjs/oidc/util/urlParams.js.map +1 -1
  412. package/cjs/oidc/util/validateClaims.js +9 -17
  413. package/cjs/oidc/util/validateClaims.js.map +1 -1
  414. package/cjs/oidc/util/validateToken.js +1 -6
  415. package/cjs/oidc/util/validateToken.js.map +1 -1
  416. package/cjs/oidc/verifyToken.js +13 -23
  417. package/cjs/oidc/verifyToken.js.map +1 -1
  418. package/cjs/server/serverStorage.js +9 -27
  419. package/cjs/server/serverStorage.js.map +1 -1
  420. package/cjs/services/AutoRenewService.js +1 -17
  421. package/cjs/services/AutoRenewService.js.map +1 -1
  422. package/cjs/services/LeaderElectionService.js +1 -23
  423. package/cjs/services/LeaderElectionService.js.map +1 -1
  424. package/cjs/services/SyncStorageService.js +3 -37
  425. package/cjs/services/SyncStorageService.js.map +1 -1
  426. package/cjs/services/index.js +0 -5
  427. package/cjs/services/index.js.map +1 -1
  428. package/cjs/session/api.js +1 -12
  429. package/cjs/session/api.js.map +1 -1
  430. package/cjs/session/factory.js +0 -2
  431. package/cjs/session/factory.js.map +1 -1
  432. package/cjs/session/index.js +0 -7
  433. package/cjs/session/index.js.map +1 -1
  434. package/cjs/session/mixin.js +2 -6
  435. package/cjs/session/mixin.js.map +1 -1
  436. package/cjs/storage/BaseStorageManager.js +13 -25
  437. package/cjs/storage/BaseStorageManager.js.map +1 -1
  438. package/cjs/storage/SavedObject.js +7 -19
  439. package/cjs/storage/SavedObject.js.map +1 -1
  440. package/cjs/storage/index.js +0 -9
  441. package/cjs/storage/index.js.map +1 -1
  442. package/cjs/storage/mixin.js +2 -4
  443. package/cjs/storage/mixin.js.map +1 -1
  444. package/cjs/storage/options/StorageOptionsConstructor.js +3 -6
  445. package/cjs/storage/options/StorageOptionsConstructor.js.map +1 -1
  446. package/cjs/storage/options/browser.js +7 -15
  447. package/cjs/storage/options/browser.js.map +1 -1
  448. package/cjs/storage/options/node.js +3 -6
  449. package/cjs/storage/options/node.js.map +1 -1
  450. package/cjs/util/PromiseQueue.js +7 -15
  451. package/cjs/util/PromiseQueue.js.map +1 -1
  452. package/cjs/util/console.js +3 -7
  453. package/cjs/util/console.js.map +1 -1
  454. package/cjs/util/index.js +0 -11
  455. package/cjs/util/index.js.map +1 -1
  456. package/cjs/util/misc.js +3 -8
  457. package/cjs/util/misc.js.map +1 -1
  458. package/cjs/util/object.js +9 -23
  459. package/cjs/util/object.js.map +1 -1
  460. package/cjs/util/types.js +1 -5
  461. package/cjs/util/types.js.map +1 -1
  462. package/cjs/util/url.js +5 -14
  463. package/cjs/util/url.js.map +1 -1
  464. package/dist/okta-auth-js.authn.min.analyzer.html +3 -3
  465. package/dist/okta-auth-js.authn.min.js +1 -1
  466. package/dist/okta-auth-js.authn.min.js.LICENSE.txt +2 -0
  467. package/dist/okta-auth-js.authn.min.js.map +1 -1
  468. package/dist/okta-auth-js.core.min.analyzer.html +3 -3
  469. package/dist/okta-auth-js.core.min.js +1 -1
  470. package/dist/okta-auth-js.core.min.js.LICENSE.txt +2 -0
  471. package/dist/okta-auth-js.core.min.js.map +1 -1
  472. package/dist/okta-auth-js.idx.min.analyzer.html +3 -3
  473. package/dist/okta-auth-js.idx.min.js +1 -1
  474. package/dist/okta-auth-js.idx.min.js.LICENSE.txt +2 -0
  475. package/dist/okta-auth-js.idx.min.js.map +1 -1
  476. package/dist/okta-auth-js.min.analyzer.html +3 -3
  477. package/dist/okta-auth-js.min.js +1 -1
  478. package/dist/okta-auth-js.min.js.LICENSE.txt +2 -0
  479. package/dist/okta-auth-js.min.js.map +1 -1
  480. package/dist/okta-auth-js.myaccount.min.analyzer.html +3 -3
  481. package/dist/okta-auth-js.myaccount.min.js +1 -1
  482. package/dist/okta-auth-js.myaccount.min.js.LICENSE.txt +2 -0
  483. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  484. package/dist/okta-auth-js.polyfill.js +1 -1
  485. package/dist/okta-auth-js.polyfill.js.map +1 -1
  486. package/esm/browser/http/OktaUserAgent.js +2 -2
  487. package/esm/browser/http/request.js +56 -23
  488. package/esm/browser/http/request.js.map +1 -1
  489. package/esm/browser/idx/interact.js +2 -2
  490. package/esm/browser/idx/interact.js.map +1 -1
  491. package/esm/browser/idx/run.js +3 -2
  492. package/esm/browser/idx/run.js.map +1 -1
  493. package/esm/browser/idx/transactionMeta.js +3 -2
  494. package/esm/browser/idx/transactionMeta.js.map +1 -1
  495. package/esm/browser/myaccount/request.js +2 -43
  496. package/esm/browser/myaccount/request.js.map +1 -1
  497. package/esm/browser/oidc/endpoints/authorize.js +1 -0
  498. package/esm/browser/oidc/endpoints/authorize.js.map +1 -1
  499. package/esm/browser/oidc/exchangeCodeForTokens.js +2 -1
  500. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  501. package/esm/browser/oidc/handleOAuthResponse.js +17 -16
  502. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  503. package/esm/browser/oidc/options/OAuthOptionsConstructor.js +2 -0
  504. package/esm/browser/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  505. package/esm/browser/oidc/util/defaultTokenParams.js +3 -1
  506. package/esm/browser/oidc/util/defaultTokenParams.js.map +1 -1
  507. package/esm/browser/oidc/util/oauthMeta.js +1 -0
  508. package/esm/browser/oidc/util/oauthMeta.js.map +1 -1
  509. package/esm/browser/oidc/util/validateClaims.js +9 -4
  510. package/esm/browser/oidc/util/validateClaims.js.map +1 -1
  511. package/esm/browser/oidc/verifyToken.js +2 -2
  512. package/esm/browser/oidc/verifyToken.js.map +1 -1
  513. package/esm/browser/package.json +1 -1
  514. package/esm/node/http/OktaUserAgent.js +2 -2
  515. package/esm/node/http/request.js +56 -23
  516. package/esm/node/http/request.js.map +1 -1
  517. package/esm/node/idx/interact.js +2 -2
  518. package/esm/node/idx/interact.js.map +1 -1
  519. package/esm/node/idx/run.js +3 -2
  520. package/esm/node/idx/run.js.map +1 -1
  521. package/esm/node/idx/transactionMeta.js +3 -2
  522. package/esm/node/idx/transactionMeta.js.map +1 -1
  523. package/esm/node/myaccount/request.js +2 -43
  524. package/esm/node/myaccount/request.js.map +1 -1
  525. package/esm/node/oidc/endpoints/authorize.js +1 -0
  526. package/esm/node/oidc/endpoints/authorize.js.map +1 -1
  527. package/esm/node/oidc/exchangeCodeForTokens.js +2 -1
  528. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  529. package/esm/node/oidc/handleOAuthResponse.js +17 -16
  530. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  531. package/esm/node/oidc/options/OAuthOptionsConstructor.js +2 -0
  532. package/esm/node/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  533. package/esm/node/oidc/util/defaultTokenParams.js +3 -1
  534. package/esm/node/oidc/util/defaultTokenParams.js.map +1 -1
  535. package/esm/node/oidc/util/oauthMeta.js +1 -0
  536. package/esm/node/oidc/util/oauthMeta.js.map +1 -1
  537. package/esm/node/oidc/util/validateClaims.js +9 -4
  538. package/esm/node/oidc/util/validateClaims.js.map +1 -1
  539. package/esm/node/oidc/verifyToken.js +2 -2
  540. package/esm/node/oidc/verifyToken.js.map +1 -1
  541. package/esm/node/package.json +1 -1
  542. package/package.json +12 -13
  543. package/polyfill/index.js +8 -5
  544. package/types/lib/core/options.d.ts +2 -0
  545. package/types/lib/idx/interact.d.ts +1 -0
  546. package/types/lib/idx/options.d.ts +2 -0
  547. package/types/lib/idx/types/meta.d.ts +1 -0
  548. package/types/lib/idx/types/options.d.ts +1 -0
  549. package/types/lib/oidc/options/OAuthOptionsConstructor.d.ts +2 -0
  550. package/types/lib/oidc/types/UserClaims.d.ts +1 -0
  551. package/types/lib/oidc/types/api.d.ts +1 -0
  552. package/types/lib/oidc/types/meta.d.ts +1 -1
  553. package/types/lib/oidc/types/options.d.ts +2 -1
  554. package/types/lib/oidc/types/proto.d.ts +1 -0
  555. package/umd/authn.js +1 -1
  556. package/umd/authn.js.LICENSE.txt +2 -0
  557. package/umd/authn.js.map +1 -1
  558. package/umd/core.js +1 -1
  559. package/umd/core.js.LICENSE.txt +2 -0
  560. package/umd/core.js.map +1 -1
  561. package/umd/default.js +1 -1
  562. package/umd/default.js.LICENSE.txt +2 -0
  563. package/umd/default.js.map +1 -1
  564. package/umd/idx.js +1 -1
  565. package/umd/idx.js.LICENSE.txt +2 -0
  566. package/umd/idx.js.map +1 -1
  567. package/umd/myaccount.js +1 -1
  568. package/umd/myaccount.js.LICENSE.txt +2 -0
  569. package/umd/myaccount.js.map +1 -1
package/cjs/oidc/TransactionManager.js CHANGED
@@ -1,13 +1,9 @@
1
1
  "use strict";
2
2
 
3
3
  exports.createTransactionManager = createTransactionManager;
4
-
5
4
  var _types = require("./types");
6
-
7
5
  var _util = require("../util");
8
-
9
6
  var _sharedStorage = require("./util/sharedStorage");
10
-
11
7
  /*!
12
8
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
13
9
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -19,6 +15,7 @@ var _sharedStorage = require("./util/sharedStorage");
19
15
  *
20
16
  * See the License for the specific language governing permissions and limitations under the License.
21
17
  */
18
+
22
19
  function createTransactionManager() {
23
20
  return class TransactionManager {
24
21
  constructor(options) {
@@ -27,46 +24,47 @@ function createTransactionManager() {
27
24
  this.enableSharedStorage = options.enableSharedStorage === false ? false : true;
28
25
  this.saveLastResponse = options.saveLastResponse === false ? false : true;
29
26
  this.options = options;
30
- } // eslint-disable-next-line complexity
31
-
27
+ }
32
28
 
29
+ // eslint-disable-next-line complexity
33
30
  clear(options = {}) {
34
31
  const transactionStorage = this.storageManager.getTransactionStorage();
35
- const meta = transactionStorage.getStorage(); // Clear primary storage (by default, sessionStorage on browser)
32
+ const meta = transactionStorage.getStorage();
36
33
 
37
- transactionStorage.clearStorage(); // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow
34
+ // Clear primary storage (by default, sessionStorage on browser)
35
+ transactionStorage.clearStorage();
38
36
 
37
+ // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow
39
38
  if (this.enableSharedStorage && options.clearSharedStorage !== false) {
40
39
  const state = options.state || (meta === null || meta === void 0 ? void 0 : meta.state);
41
-
42
40
  if (state) {
43
41
  (0, _sharedStorage.clearTransactionFromSharedStorage)(this.storageManager, state);
44
42
  }
45
43
  }
46
- } // eslint-disable-next-line complexity
47
-
44
+ }
48
45
 
46
+ // eslint-disable-next-line complexity
49
47
  save(meta, options = {}) {
50
48
  // There must be only one transaction executing at a time.
51
49
  // Before saving, check to see if a transaction is already stored.
52
50
  // An existing transaction indicates a concurrency/race/overlap condition
51
+
53
52
  let storage = this.storageManager.getTransactionStorage();
54
- const obj = storage.getStorage(); // oie process may need to update transaction in the middle of process for tracking purpose
53
+ const obj = storage.getStorage();
54
+ // oie process may need to update transaction in the middle of process for tracking purpose
55
55
  // false alarm might be caused
56
56
  // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919
57
-
58
57
  if ((0, _types.isTransactionMeta)(obj) && !options.muteWarning) {
59
58
  // eslint-disable-next-line max-len
60
59
  (0, _util.warn)('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');
61
60
  }
61
+ storage.setStorage(meta);
62
62
 
63
- storage.setStorage(meta); // Shared storage allows continuation of transaction in another tab
64
-
63
+ // Shared storage allows continuation of transaction in another tab
65
64
  if (this.enableSharedStorage && meta.state) {
66
65
  (0, _sharedStorage.saveTransactionToSharedStorage)(this.storageManager, meta.state, meta);
67
66
  }
68
67
  }
69
-
70
68
  exists(options = {}) {
71
69
  try {
72
70
  const meta = this.load(options);
@@ -74,34 +72,29 @@ function createTransactionManager() {
74
72
  } catch {
75
73
  return false;
76
74
  }
77
- } // load transaction meta from storage
78
- // eslint-disable-next-line complexity,max-statements
79
-
75
+ }
80
76
 
77
+ // load transaction meta from storage
78
+ // eslint-disable-next-line complexity,max-statements
81
79
  load(options = {}) {
82
- let meta; // If state was passed, try loading transaction data from shared storage
80
+ let meta;
83
81
 
82
+ // If state was passed, try loading transaction data from shared storage
84
83
  if (this.enableSharedStorage && options.state) {
85
84
  (0, _sharedStorage.pruneSharedStorage)(this.storageManager); // prune before load
86
-
87
85
  meta = (0, _sharedStorage.loadTransactionFromSharedStorage)(this.storageManager, options.state);
88
-
89
86
  if ((0, _types.isTransactionMeta)(meta)) {
90
87
  return meta;
91
88
  }
92
89
  }
93
-
94
90
  let storage = this.storageManager.getTransactionStorage();
95
91
  meta = storage.getStorage();
96
-
97
92
  if ((0, _types.isTransactionMeta)(meta)) {
98
93
  // if we have meta in the new location, there is no need to go further
99
94
  return meta;
100
95
  }
101
-
102
96
  return null;
103
97
  }
104
-
105
98
  };
106
99
  }
107
100
  //# sourceMappingURL=TransactionManager.js.map
package/cjs/oidc/TransactionManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TransactionManager.js","names":["createTransactionManager","TransactionManager","constructor","options","storageManager","enableSharedStorage","saveLastResponse","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearSharedStorage","state","clearTransactionFromSharedStorage","save","storage","obj","isTransactionMeta","muteWarning","warn","setStorage","saveTransactionToSharedStorage","exists","load","pruneSharedStorage","loadTransactionFromSharedStorage"],"sources":["../../../lib/oidc/TransactionManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n TransactionMeta,\n isTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n OAuthTransactionMeta,\n OAuthStorageManagerInterface,\n ClearTransactionMetaOptions,\n TransactionManagerInterface,\n PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n return class TransactionManager implements TransactionManagerInterface\n {\n options: TransactionManagerOptions;\n storageManager: S;\n enableSharedStorage: boolean;\n saveLastResponse: boolean;\n\n constructor(options: TransactionManagerOptions) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = options.storageManager! as S;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.saveLastResponse = options.saveLastResponse === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: M, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n return null;\n }\n\n };\n}\n"],"mappings":";;;;AAaA;;AAWA;;AACA;;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAuBO,SAASA,wBAAT,GAMP;EACE,OAAO,MAAMC,kBAAN,CACP;IAMEC,WAAW,CAACC,OAAD,EAAqC;MAC9C;MACA,KAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;MACA,KAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;MACA,KAAKC,gBAAL,GAAwBH,OAAO,CAACG,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;MACA,KAAKH,OAAL,GAAeA,OAAf;IACD,CAZH,CAcE;;;IACAI,KAAK,CAACJ,OAAoC,GAAG,EAAxC,EAA4C;MAC/C,MAAMK,kBAAmC,GAAG,KAAKJ,cAAL,CAAoBK,qBAApB,EAA5C;MACA,MAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAnB,EAAb,CAF+C,CAI/C;;MACAH,kBAAkB,CAACI,YAAnB,GAL+C,CAO/C;;MACA,IAAI,KAAKP,mBAAL,IAA4BF,OAAO,CAACU,kBAAR,KAA+B,KAA/D,EAAsE;QACpE,MAAMC,KAAK,GAAGX,OAAO,CAACW,KAAR,KAAiBJ,IAAjB,aAAiBA,IAAjB,uBAAiBA,IAAI,CAAEI,KAAvB,CAAd;;QACA,IAAIA,KAAJ,EAAW;UACT,IAAAC,gDAAA,EAAkC,KAAKX,cAAvC,EAAuDU,KAAvD;QACD;MACF;IACF,CA7BH,CA+BE;;;IACAE,IAAI,CAACN,IAAD,EAAUP,OAA+B,GAAG,EAA5C,EAAgD;MAClD;MACA;MACA;MAEA,IAAIc,OAAwB,GAAG,KAAKb,cAAL,CAAoBK,qBAApB,EAA/B;MACA,MAAMS,GAAG,GAAGD,OAAO,CAACN,UAAR,EAAZ,CANkD,CAOlD;MACA;MACA;;MACA,IAAI,IAAAQ,wBAAA,EAAkBD,GAAlB,KAA0B,CAACf,OAAO,CAACiB,WAAvC,EAAoD;QAClD;QACA,IAAAC,UAAA,EAAK,yGAAL;MACD;;MAEDJ,OAAO,CAACK,UAAR,CAAmBZ,IAAnB,EAfkD,CAiBlD;;MACA,IAAI,KAAKL,mBAAL,IAA4BK,IAAI,CAACI,KAArC,EAA4C;QAC1C,IAAAS,6CAAA,EAA+B,KAAKnB,cAApC,EAAoDM,IAAI,CAACI,KAAzD,EAAgEJ,IAAhE;MACD;IACF;;IAEDc,MAAM,CAACrB,OAA+B,GAAG,EAAnC,EAAgD;MACpD,IAAI;QACF,MAAMO,IAAI,GAAG,KAAKe,IAAL,CAAUtB,OAAV,CAAb;QACA,OAAO,CAAC,CAACO,IAAT;MACD,CAHD,CAGE,MAAM;QACN,OAAO,KAAP;MACD;IACF,CA9DH,CAgEE;IACA;;;IACAe,IAAI,CAACtB,OAA+B,GAAG,EAAnC,EAA+D;MAEjE,IAAIO,IAAJ,CAFiE,CAIjE;;MACA,IAAI,KAAKL,mBAAL,IAA4BF,OAAO,CAACW,KAAxC,EAA+C;QAC7C,IAAAY,iCAAA,EAAmB,KAAKtB,cAAxB,EAD6C,CACJ;;QACzCM,IAAI,GAAG,IAAAiB,+CAAA,EAAiC,KAAKvB,cAAtC,EAAsDD,OAAO,CAACW,KAA9D,CAAP;;QACA,IAAI,IAAAK,wBAAA,EAAkBT,IAAlB,CAAJ,EAA6B;UAC3B,OAAOA,IAAP;QACD;MACF;;MAED,IAAIO,OAAwB,GAAG,KAAKb,cAAL,CAAoBK,qBAApB,EAA/B;MACAC,IAAI,GAAGO,OAAO,CAACN,UAAR,EAAP;;MACA,IAAI,IAAAQ,wBAAA,EAAkBT,IAAlB,CAAJ,EAA6B;QAC3B;QACA,OAAOA,IAAP;MACD;;MAED,OAAO,IAAP;IACD;;EAvFH,CADA;AA2FD"}
1
+ {"version":3,"file":"TransactionManager.js","names":["createTransactionManager","TransactionManager","constructor","options","storageManager","enableSharedStorage","saveLastResponse","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearSharedStorage","state","clearTransactionFromSharedStorage","save","storage","obj","isTransactionMeta","muteWarning","warn","setStorage","saveTransactionToSharedStorage","exists","load","pruneSharedStorage","loadTransactionFromSharedStorage"],"sources":["../../../lib/oidc/TransactionManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n TransactionMeta,\n isTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n OAuthTransactionMeta,\n OAuthStorageManagerInterface,\n ClearTransactionMetaOptions,\n TransactionManagerInterface,\n PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n return class TransactionManager implements TransactionManagerInterface\n {\n options: TransactionManagerOptions;\n storageManager: S;\n enableSharedStorage: boolean;\n saveLastResponse: boolean;\n\n constructor(options: TransactionManagerOptions) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = options.storageManager! as S;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.saveLastResponse = options.saveLastResponse === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: M, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n return null;\n }\n\n };\n}\n"],"mappings":";;;AAaA;AAWA;AACA;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBO,SAASA,wBAAwB,GAMxC;EACE,OAAO,MAAMC,kBAAkB,CAC/B;IAMEC,WAAW,CAACC,OAAkC,EAAE;MAC9C;MACA,IAAI,CAACC,cAAc,GAAGD,OAAO,CAACC,cAAoB;MAClD,IAAI,CAACC,mBAAmB,GAAGF,OAAO,CAACE,mBAAmB,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI;MAC/E,IAAI,CAACC,gBAAgB,GAAGH,OAAO,CAACG,gBAAgB,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI;MACzE,IAAI,CAACH,OAAO,GAAGA,OAAO;IACxB;;IAEA;IACAI,KAAK,CAACJ,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,MAAMK,kBAAmC,GAAG,IAAI,CAACJ,cAAc,CAACK,qBAAqB,EAAE;MACvF,MAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAU,EAAE;;MAE5C;MACAH,kBAAkB,CAACI,YAAY,EAAE;;MAEjC;MACA,IAAI,IAAI,CAACP,mBAAmB,IAAIF,OAAO,CAACU,kBAAkB,KAAK,KAAK,EAAE;QACpE,MAAMC,KAAK,GAAGX,OAAO,CAACW,KAAK,KAAIJ,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEI,KAAK;QAC1C,IAAIA,KAAK,EAAE;UACT,IAAAC,gDAAiC,EAAC,IAAI,CAACX,cAAc,EAAEU,KAAK,CAAC;QAC/D;MACF;IACF;;IAEA;IACAE,IAAI,CAACN,IAAO,EAAEP,OAA+B,GAAG,CAAC,CAAC,EAAE;MAClD;MACA;MACA;;MAEA,IAAIc,OAAwB,GAAG,IAAI,CAACb,cAAc,CAACK,qBAAqB,EAAE;MAC1E,MAAMS,GAAG,GAAGD,OAAO,CAACN,UAAU,EAAE;MAChC;MACA;MACA;MACA,IAAI,IAAAQ,wBAAiB,EAACD,GAAG,CAAC,IAAI,CAACf,OAAO,CAACiB,WAAW,EAAE;QAClD;QACA,IAAAC,UAAI,EAAC,yGAAyG,CAAC;MACjH;MAEAJ,OAAO,CAACK,UAAU,CAACZ,IAAI,CAAC;;MAExB;MACA,IAAI,IAAI,CAACL,mBAAmB,IAAIK,IAAI,CAACI,KAAK,EAAE;QAC1C,IAAAS,6CAA8B,EAAC,IAAI,CAACnB,cAAc,EAAEM,IAAI,CAACI,KAAK,EAAEJ,IAAI,CAAC;MACvE;IACF;IAEAc,MAAM,CAACrB,OAA+B,GAAG,CAAC,CAAC,EAAW;MACpD,IAAI;QACF,MAAMO,IAAI,GAAG,IAAI,CAACe,IAAI,CAACtB,OAAO,CAAC;QAC/B,OAAO,CAAC,CAACO,IAAI;MACf,CAAC,CAAC,MAAM;QACN,OAAO,KAAK;MACd;IACF;;IAEA;IACA;IACAe,IAAI,CAACtB,OAA+B,GAAG,CAAC,CAAC,EAA0B;MAEjE,IAAIO,IAAqB;;MAEzB;MACA,IAAI,IAAI,CAACL,mBAAmB,IAAIF,OAAO,CAACW,KAAK,EAAE;QAC7C,IAAAY,iCAAkB,EAAC,IAAI,CAACtB,cAAc,CAAC,CAAC,CAAC;QACzCM,IAAI,GAAG,IAAAiB,+CAAgC,EAAC,IAAI,CAACvB,cAAc,EAAED,OAAO,CAACW,KAAK,CAAC;QAC3E,IAAI,IAAAK,wBAAiB,EAACT,IAAI,CAAC,EAAE;UAC3B,OAAOA,IAAI;QACb;MACF;MAEA,IAAIO,OAAwB,GAAG,IAAI,CAACb,cAAc,CAACK,qBAAqB,EAAE;MAC1EC,IAAI,GAAGO,OAAO,CAACN,UAAU,EAAE;MAC3B,IAAI,IAAAQ,wBAAiB,EAACT,IAAI,CAAC,EAAE;QAC3B;QACA,OAAOA,IAAI;MACb;MAEA,OAAO,IAAI;IACb;EAEF,CAAC;AACH"}
package/cjs/oidc/decodeToken.js CHANGED
@@ -1,11 +1,8 @@
1
1
  "use strict";
2
2
 
3
3
  exports.decodeToken = decodeToken;
4
-
5
4
  var _errors = require("../errors");
6
-
7
5
  var _crypto = require("../crypto");
8
-
9
6
  /*!
10
7
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
11
8
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -18,10 +15,10 @@ var _crypto = require("../crypto");
18
15
  * See the License for the specific language governing permissions and limitations under the License.
19
16
  *
20
17
  */
18
+
21
19
  function decodeToken(token) {
22
20
  var jwt = token.split('.');
23
21
  var decodedToken;
24
-
25
22
  try {
26
23
  decodedToken = {
27
24
  header: JSON.parse((0, _crypto.base64UrlToString)(jwt[0])),
@@ -31,7 +28,6 @@ function decodeToken(token) {
31
28
  } catch (e) {
32
29
  throw new _errors.AuthSdkError('Malformed token');
33
30
  }
34
-
35
31
  return decodedToken;
36
32
  }
37
33
  //# sourceMappingURL=decodeToken.js.map
package/cjs/oidc/decodeToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"decodeToken.js","names":["decodeToken","token","jwt","split","decodedToken","header","JSON","parse","base64UrlToString","payload","signature","e","AuthSdkError"],"sources":["../../../lib/oidc/decodeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from './types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n var jwt = token.split('.');\n var decodedToken: JWTObject;\n\n try {\n decodedToken = {\n header: JSON.parse(base64UrlToString(jwt[0])),\n payload: JSON.parse(base64UrlToString(jwt[1])),\n signature: jwt[2]\n };\n } catch (e) {\n throw new AuthSdkError('Malformed token');\n }\n\n return decodedToken;\n}\n"],"mappings":";;;;AAYA;;AAEA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKO,SAASA,WAAT,CAAqBC,KAArB,EAA+C;EACpD,IAAIC,GAAG,GAAGD,KAAK,CAACE,KAAN,CAAY,GAAZ,CAAV;EACA,IAAIC,YAAJ;;EAEA,IAAI;IACFA,YAAY,GAAG;MACbC,MAAM,EAAEC,IAAI,CAACC,KAAL,CAAW,IAAAC,yBAAA,EAAkBN,GAAG,CAAC,CAAD,CAArB,CAAX,CADK;MAEbO,OAAO,EAAEH,IAAI,CAACC,KAAL,CAAW,IAAAC,yBAAA,EAAkBN,GAAG,CAAC,CAAD,CAArB,CAAX,CAFI;MAGbQ,SAAS,EAAER,GAAG,CAAC,CAAD;IAHD,CAAf;EAKD,CAND,CAME,OAAOS,CAAP,EAAU;IACV,MAAM,IAAIC,oBAAJ,CAAiB,iBAAjB,CAAN;EACD;;EAED,OAAOR,YAAP;AACD"}
1
+ {"version":3,"file":"decodeToken.js","names":["decodeToken","token","jwt","split","decodedToken","header","JSON","parse","base64UrlToString","payload","signature","e","AuthSdkError"],"sources":["../../../lib/oidc/decodeToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from './types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n var jwt = token.split('.');\n var decodedToken: JWTObject;\n\n try {\n decodedToken = {\n header: JSON.parse(base64UrlToString(jwt[0])),\n payload: JSON.parse(base64UrlToString(jwt[1])),\n signature: jwt[2]\n };\n } catch (e) {\n throw new AuthSdkError('Malformed token');\n }\n\n return decodedToken;\n}\n"],"mappings":";;;AAYA;AAEA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKO,SAASA,WAAW,CAACC,KAAa,EAAa;EACpD,IAAIC,GAAG,GAAGD,KAAK,CAACE,KAAK,CAAC,GAAG,CAAC;EAC1B,IAAIC,YAAuB;EAE3B,IAAI;IACFA,YAAY,GAAG;MACbC,MAAM,EAAEC,IAAI,CAACC,KAAK,CAAC,IAAAC,yBAAiB,EAACN,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;MAC7CO,OAAO,EAAEH,IAAI,CAACC,KAAK,CAAC,IAAAC,yBAAiB,EAACN,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;MAC9CQ,SAAS,EAAER,GAAG,CAAC,CAAC;IAClB,CAAC;EACH,CAAC,CAAC,OAAOS,CAAC,EAAE;IACV,MAAM,IAAIC,oBAAY,CAAC,iBAAiB,CAAC;EAC3C;EAEA,OAAOR,YAAY;AACrB"}
package/cjs/oidc/endpoints/authorize.js CHANGED
@@ -2,13 +2,9 @@
2
2
 
3
3
  exports.buildAuthorizeParams = buildAuthorizeParams;
4
4
  exports.convertTokenParamsToOAuthParams = convertTokenParamsToOAuthParams;
5
-
6
5
  var _util = require("../../util");
7
-
8
6
  var _errors = require("../../errors");
9
-
10
7
  /* eslint-disable @typescript-eslint/no-non-null-assertion */
11
-
12
8
  /*!
13
9
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
14
10
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -20,17 +16,17 @@ var _errors = require("../../errors");
20
16
  *
21
17
  * See the License for the specific language governing permissions and limitations under the License.
22
18
  */
19
+
23
20
  function convertTokenParamsToOAuthParams(tokenParams) {
24
21
  // Quick validation
25
22
  if (!tokenParams.clientId) {
26
23
  throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');
27
24
  }
28
-
29
25
  if ((0, _util.isString)(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {
30
26
  throw new _errors.AuthSdkError('Multiple OAuth responseTypes must be defined as an array');
31
- } // Convert our params to their actual OAuth equivalents
32
-
27
+ }
33
28
 
29
+ // Convert our params to their actual OAuth equivalents
34
30
  var oauthParams = {
35
31
  'client_id': tokenParams.clientId,
36
32
  'code_challenge': tokenParams.codeChallenge,
@@ -46,7 +42,8 @@ function convertTokenParamsToOAuthParams(tokenParams) {
46
42
  'response_mode': tokenParams.responseMode,
47
43
  'response_type': tokenParams.responseType,
48
44
  'sessionToken': tokenParams.sessionToken,
49
- 'state': tokenParams.state
45
+ 'state': tokenParams.state,
46
+ 'acr_values': tokenParams.acrValues
50
47
  };
51
48
  oauthParams = (0, _util.removeNils)(oauthParams);
52
49
  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {
@@ -54,20 +51,19 @@ function convertTokenParamsToOAuthParams(tokenParams) {
54
51
  oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');
55
52
  }
56
53
  });
57
-
58
54
  if (tokenParams.responseType.indexOf('id_token') !== -1 && tokenParams.scopes.indexOf('openid') === -1) {
59
55
  throw new _errors.AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');
60
56
  } else {
61
57
  oauthParams.scope = tokenParams.scopes.join(' ');
62
58
  }
63
-
64
59
  return oauthParams;
65
60
  }
66
-
67
61
  function buildAuthorizeParams(tokenParams) {
68
62
  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);
69
- return (0, _util.toQueryString)({ ...oauthQueryParams,
70
- ...(tokenParams.extraParams && { ...tokenParams.extraParams
63
+ return (0, _util.toQueryString)({
64
+ ...oauthQueryParams,
65
+ ...(tokenParams.extraParams && {
66
+ ...tokenParams.extraParams
71
67
  })
72
68
  });
73
69
  }
package/cjs/oidc/endpoints/authorize.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorize.js","names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","isString","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","removeNils","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","toQueryString","extraParams"],"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n tokenParams.scopes!.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else {\n oauthParams.scope = tokenParams.scopes!.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n"],"mappings":";;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;EACxE;EACA,IAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;IACzB,MAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;EACD;;EAED,IAAI,IAAAC,cAAA,EAASH,WAAW,CAACI,YAArB,KAAsCJ,WAAW,CAACI,YAAZ,CAAyBC,OAAzB,CAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;IACtF,MAAM,IAAIH,oBAAJ,CAAiB,0DAAjB,CAAN;EACD,CARuE,CAUxE;;;EACA,IAAII,WAAwB,GAAG;IAC7B,aAAaN,WAAW,CAACC,QADI;IAE7B,kBAAkBD,WAAW,CAACO,aAFD;IAG7B,yBAAyBP,WAAW,CAACQ,mBAHR;IAI7B,WAAWR,WAAW,CAACS,OAJM;IAK7B,OAAOT,WAAW,CAACU,GALU;IAM7B,aAAaV,WAAW,CAACW,QANI;IAO7B,cAAcX,WAAW,CAACY,SAPG;IAQ7B,WAAWZ,WAAW,CAACa,MARM;IAS7B,SAASb,WAAW,CAACc,KATQ;IAU7B,UAAUd,WAAW,CAACe,MAVO;IAW7B,gBAAgBf,WAAW,CAACgB,WAXC;IAY7B,iBAAiBhB,WAAW,CAACiB,YAZA;IAa7B,iBAAiBjB,WAAW,CAACI,YAbA;IAc7B,gBAAgBJ,WAAW,CAACkB,YAdC;IAe7B,SAASlB,WAAW,CAACmB;EAfQ,CAA/B;EAiBAb,WAAW,GAAG,IAAAc,gBAAA,EAAWd,WAAX,CAAd;EAEA,CAAC,WAAD,EAAc,eAAd,EAA+Be,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;IAC3D,IAAIC,KAAK,CAACC,OAAN,CAAclB,WAAW,CAACgB,UAAD,CAAzB,CAAJ,EAA4C;MAC1ChB,WAAW,CAACgB,UAAD,CAAX,GAA0BhB,WAAW,CAACgB,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;IACD;EACF,CAJD;;EAMA,IAAIzB,WAAW,CAACI,YAAZ,CAA0BC,OAA1B,CAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACFL,WAAW,CAAC0B,MAAZ,CAAoBrB,OAApB,CAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;IAC9C,MAAM,IAAIH,oBAAJ,CAAiB,mFAAjB,CAAN;EACD,CAHD,MAGO;IACLI,WAAW,CAACqB,KAAZ,GAAoB3B,WAAW,CAAC0B,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;EACD;;EAED,OAAOnB,WAAP;AACD;;AAEM,SAASsB,oBAAT,CAA8B5B,WAA9B,EAAwD;EAC7D,IAAI6B,gBAAgB,GAAG9B,+BAA+B,CAACC,WAAD,CAAtD;EACA,OAAO,IAAA8B,mBAAA,EAAc,EACnB,GAAGD,gBADgB;IAEnB,IAAI7B,WAAW,CAAC+B,WAAZ,IAA2B,EAAE,GAAG/B,WAAW,CAAC+B;IAAjB,CAA/B;EAFmB,CAAd,CAAP;AAID"}
1
+ {"version":3,"file":"authorize.js","names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","isString","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","acrValues","removeNils","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","toQueryString","extraParams"],"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n 'acr_values': tokenParams.acrValues,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n tokenParams.scopes!.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else {\n oauthParams.scope = tokenParams.scopes!.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n"],"mappings":";;;;AAcA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOO,SAASA,+BAA+B,CAACC,WAAwB,EAAE;EACxE;EACA,IAAI,CAACA,WAAW,CAACC,QAAQ,EAAE;IACzB,MAAM,IAAIC,oBAAY,CAAC,yEAAyE,CAAC;EACnG;EAEA,IAAI,IAAAC,cAAQ,EAACH,WAAW,CAACI,YAAY,CAAC,IAAIJ,WAAW,CAACI,YAAY,CAACC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE;IACtF,MAAM,IAAIH,oBAAY,CAAC,0DAA0D,CAAC;EACpF;;EAEA;EACA,IAAII,WAAwB,GAAG;IAC7B,WAAW,EAAEN,WAAW,CAACC,QAAQ;IACjC,gBAAgB,EAAED,WAAW,CAACO,aAAa;IAC3C,uBAAuB,EAAEP,WAAW,CAACQ,mBAAmB;IACxD,SAAS,EAAER,WAAW,CAACS,OAAO;IAC9B,KAAK,EAAET,WAAW,CAACU,GAAG;IACtB,WAAW,EAAEV,WAAW,CAACW,QAAQ;IACjC,YAAY,EAAEX,WAAW,CAACY,SAAS;IACnC,SAAS,EAAEZ,WAAW,CAACa,MAAM;IAC7B,OAAO,EAAEb,WAAW,CAACc,KAAK;IAC1B,QAAQ,EAAEd,WAAW,CAACe,MAAM;IAC5B,cAAc,EAAEf,WAAW,CAACgB,WAAW;IACvC,eAAe,EAAEhB,WAAW,CAACiB,YAAY;IACzC,eAAe,EAAEjB,WAAW,CAACI,YAAY;IACzC,cAAc,EAAEJ,WAAW,CAACkB,YAAY;IACxC,OAAO,EAAElB,WAAW,CAACmB,KAAK;IAC1B,YAAY,EAAEnB,WAAW,CAACoB;EAC5B,CAAC;EACDd,WAAW,GAAG,IAAAe,gBAAU,EAACf,WAAW,CAAgB;EAEpD,CAAC,WAAW,EAAE,eAAe,CAAC,CAACgB,OAAO,CAAC,UAAUC,UAAU,EAAE;IAC3D,IAAIC,KAAK,CAACC,OAAO,CAACnB,WAAW,CAACiB,UAAU,CAAC,CAAC,EAAE;MAC1CjB,WAAW,CAACiB,UAAU,CAAC,GAAGjB,WAAW,CAACiB,UAAU,CAAC,CAACG,IAAI,CAAC,GAAG,CAAC;IAC7D;EACF,CAAC,CAAC;EAEF,IAAI1B,WAAW,CAACI,YAAY,CAAEC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IACtDL,WAAW,CAAC2B,MAAM,CAAEtB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE;IAC9C,MAAM,IAAIH,oBAAY,CAAC,mFAAmF,CAAC;EAC7G,CAAC,MAAM;IACLI,WAAW,CAACsB,KAAK,GAAG5B,WAAW,CAAC2B,MAAM,CAAED,IAAI,CAAC,GAAG,CAAC;EACnD;EAEA,OAAOpB,WAAW;AACpB;AAEO,SAASuB,oBAAoB,CAAC7B,WAAwB,EAAE;EAC7D,IAAI8B,gBAAgB,GAAG/B,+BAA+B,CAACC,WAAW,CAAC;EACnE,OAAO,IAAA+B,mBAAa,EAAC;IACnB,GAAGD,gBAAgB;IACnB,IAAI9B,WAAW,CAACgC,WAAW,IAAI;MAAE,GAAGhC,WAAW,CAACgC;IAAY,CAAC;EAC/D,CAAC,CAAC;AACJ"}
package/cjs/oidc/endpoints/index.js CHANGED
@@ -1,7 +1,6 @@
1
1
  "use strict";
2
2
 
3
3
  var _authorize = require("./authorize");
4
-
5
4
  Object.keys(_authorize).forEach(function (key) {
6
5
  if (key === "default" || key === "__esModule") return;
7
6
  if (key in exports && exports[key] === _authorize[key]) return;
@@ -12,9 +11,7 @@ Object.keys(_authorize).forEach(function (key) {
12
11
  }
13
12
  });
14
13
  });
15
-
16
14
  var _token = require("./token");
17
-
18
15
  Object.keys(_token).forEach(function (key) {
19
16
  if (key === "default" || key === "__esModule") return;
20
17
  if (key in exports && exports[key] === _token[key]) return;
@@ -25,9 +22,7 @@ Object.keys(_token).forEach(function (key) {
25
22
  }
26
23
  });
27
24
  });
28
-
29
25
  var _wellKnown = require("./well-known");
30
-
31
26
  Object.keys(_wellKnown).forEach(function (key) {
32
27
  if (key === "default" || key === "__esModule") return;
33
28
  if (key in exports && exports[key] === _wellKnown[key]) return;
package/cjs/oidc/endpoints/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/endpoints/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"mappings":";;AAaA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/endpoints/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"mappings":";;AAaA;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
package/cjs/oidc/endpoints/token.js CHANGED
@@ -2,13 +2,9 @@
2
2
 
3
3
  exports.postRefreshToken = postRefreshToken;
4
4
  exports.postToTokenEndpoint = postToTokenEndpoint;
5
-
6
5
  var _errors = require("../../errors");
7
-
8
6
  var _util = require("../../util");
9
-
10
7
  var _http = require("../../http");
11
-
12
8
  /*!
13
9
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
14
10
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -20,25 +16,22 @@ var _http = require("../../http");
20
16
  *
21
17
  * See the License for the specific language governing permissions and limitations under the License.
22
18
  */
19
+
23
20
  function validateOptions(options) {
24
21
  // Quick validation
25
22
  if (!options.clientId) {
26
23
  throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');
27
24
  }
28
-
29
25
  if (!options.redirectUri) {
30
26
  throw new _errors.AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');
31
27
  }
32
-
33
28
  if (!options.authorizationCode && !options.interactionCode) {
34
29
  throw new _errors.AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');
35
30
  }
36
-
37
31
  if (!options.codeVerifier) {
38
32
  throw new _errors.AuthSdkError('The "codeVerifier" (generated and saved by your app) must be passed to /token');
39
33
  }
40
34
  }
41
-
42
35
  function getPostData(sdk, options) {
43
36
  // Convert Token params to OAuth params, sent to the /token endpoint
44
37
  var params = (0, _util.removeNils)({
@@ -47,26 +40,23 @@ function getPostData(sdk, options) {
47
40
  'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',
48
41
  'code_verifier': options.codeVerifier
49
42
  });
50
-
51
43
  if (options.interactionCode) {
52
44
  params['interaction_code'] = options.interactionCode;
53
45
  } else if (options.authorizationCode) {
54
46
  params.code = options.authorizationCode;
55
47
  }
56
-
57
48
  const {
58
49
  clientSecret
59
50
  } = sdk.options;
60
-
61
51
  if (clientSecret) {
62
52
  params['client_secret'] = clientSecret;
63
- } // Encode as URL string
64
-
53
+ }
65
54
 
55
+ // Encode as URL string
66
56
  return (0, _util.toQueryString)(params).slice(1);
67
- } // exchange authorization code for an access token
68
-
57
+ }
69
58
 
59
+ // exchange authorization code for an access token
70
60
  function postToTokenEndpoint(sdk, options, urls) {
71
61
  validateOptions(options);
72
62
  var data = getPostData(sdk, options);
@@ -80,7 +70,6 @@ function postToTokenEndpoint(sdk, options, urls) {
80
70
  headers
81
71
  });
82
72
  }
83
-
84
73
  function postRefreshToken(sdk, options, refreshToken) {
85
74
  return (0, _http.httpRequest)(sdk, {
86
75
  url: refreshToken.tokenUrl,
@@ -95,7 +84,6 @@ function postRefreshToken(sdk, options, refreshToken) {
95
84
  // eslint-disable-line camelcase
96
85
  scope: refreshToken.scopes.join(' '),
97
86
  refresh_token: refreshToken.refreshToken // eslint-disable-line camelcase
98
-
99
87
  }).map(function ([name, value]) {
100
88
  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
101
89
  return name + '=' + encodeURIComponent(value);
package/cjs/oidc/endpoints/token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"token.js","names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","removeNils","code","clientSecret","toQueryString","slice","postToTokenEndpoint","urls","data","headers","httpRequest","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"sources":["../../../../lib/oidc/endpoints/token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded'\n };\n\n return httpRequest(sdk, {\n url: urls.tokenUrl,\n method: 'POST',\n args: data,\n headers\n });\n}\n\nexport function postRefreshToken(\n sdk: OktaAuthHttpInterface,\n options: TokenParams,\n refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n return httpRequest(sdk, {\n url: refreshToken.tokenUrl,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n\n args: Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&'),\n });\n}"],"mappings":";;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;EAC7C;EACA,IAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;IACrB,MAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;IACxB,MAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;IAC1D,MAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;EACD;;EAED,IAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;IACzB,MAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;EACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;EACtD;EACA,IAAIS,MAAmB,GAAG,IAAAC,gBAAA,EAAW;IACnC,aAAaV,OAAO,CAACC,QADc;IAEnC,gBAAgBD,OAAO,CAACG,WAFW;IAGnC,cAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;IAInC,iBAAiBL,OAAO,CAACM;EAJU,CAAX,CAA1B;;EAOA,IAAIN,OAAO,CAACK,eAAZ,EAA6B;IAC3BI,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;EACD,CAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;IACpCK,MAAM,CAACE,IAAP,GAAcX,OAAO,CAACI,iBAAtB;EACD;;EAED,MAAM;IAAEQ;EAAF,IAAmBJ,GAAG,CAACR,OAA7B;;EACA,IAAIY,YAAJ,EAAkB;IAChBH,MAAM,CAAC,eAAD,CAAN,GAA0BG,YAA1B;EACD,CAlBqD,CAoBtD;;;EACA,OAAO,IAAAC,mBAAA,EAAcJ,MAAd,EAAsBK,KAAtB,CAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASC,mBAAT,CAA6BP,GAA7B,EAAkCR,OAAlC,EAAwDgB,IAAxD,EAAkG;EACvGjB,eAAe,CAACC,OAAD,CAAf;EACA,IAAIiB,IAAI,GAAGV,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;EAEA,MAAMkB,OAAO,GAAG;IACd,gBAAgB;EADF,CAAhB;EAIA,OAAO,IAAAC,iBAAA,EAAYX,GAAZ,EAAiB;IACtBY,GAAG,EAAEJ,IAAI,CAACK,QADY;IAEtBC,MAAM,EAAE,MAFc;IAGtBC,IAAI,EAAEN,IAHgB;IAItBC;EAJsB,CAAjB,CAAP;AAMD;;AAEM,SAASM,gBAAT,CACLhB,GADK,EAELR,OAFK,EAGLyB,YAHK,EAImB;EACxB,OAAO,IAAAN,iBAAA,EAAYX,GAAZ,EAAiB;IACtBY,GAAG,EAAEK,YAAY,CAACJ,QADI;IAEtBC,MAAM,EAAE,MAFc;IAGtBJ,OAAO,EAAE;MACP,gBAAgB;IADT,CAHa;IAOtBK,IAAI,EAAEG,MAAM,CAACC,OAAP,CAAe;MACnBC,SAAS,EAAE5B,OAAO,CAACC,QADA;MACU;MAC7B4B,UAAU,EAAE,eAFO;MAEU;MAC7BC,KAAK,EAAEL,YAAY,CAACM,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;MAInBC,aAAa,EAAER,YAAY,CAACA,YAJT,CAIuB;;IAJvB,CAAf,EAKHS,GALG,CAKC,UAAU,CAACC,IAAD,EAAOC,KAAP,CAAV,EAAyB;MAC9B;MACA,OAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;IACD,CARK,EAQHJ,IARG,CAQE,GARF;EAPgB,CAAjB,CAAP;AAiBD"}
1
+ {"version":3,"file":"token.js","names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","removeNils","code","clientSecret","toQueryString","slice","postToTokenEndpoint","urls","data","headers","httpRequest","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"sources":["../../../../lib/oidc/endpoints/token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded'\n };\n\n return httpRequest(sdk, {\n url: urls.tokenUrl,\n method: 'POST',\n args: data,\n headers\n });\n}\n\nexport function postRefreshToken(\n sdk: OktaAuthHttpInterface,\n options: TokenParams,\n refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n return httpRequest(sdk, {\n url: refreshToken.tokenUrl,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n\n args: Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&'),\n });\n}"],"mappings":";;;;AAaA;AAEA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA,SAASA,eAAe,CAACC,OAAoB,EAAE;EAC7C;EACA,IAAI,CAACA,OAAO,CAACC,QAAQ,EAAE;IACrB,MAAM,IAAIC,oBAAY,CAAC,yEAAyE,CAAC;EACnG;EAEA,IAAI,CAACF,OAAO,CAACG,WAAW,EAAE;IACxB,MAAM,IAAID,oBAAY,CAAC,oEAAoE,CAAC;EAC9F;EAEA,IAAI,CAACF,OAAO,CAACI,iBAAiB,IAAI,CAACJ,OAAO,CAACK,eAAe,EAAE;IAC1D,MAAM,IAAIH,oBAAY,CAAC,2EAA2E,CAAC;EACrG;EAEA,IAAI,CAACF,OAAO,CAACM,YAAY,EAAE;IACzB,MAAM,IAAIJ,oBAAY,CAAC,+EAA+E,CAAC;EACzG;AACF;AAEA,SAASK,WAAW,CAACC,GAAG,EAAER,OAAoB,EAAU;EACtD;EACA,IAAIS,MAAmB,GAAG,IAAAC,gBAAU,EAAC;IACnC,WAAW,EAAEV,OAAO,CAACC,QAAQ;IAC7B,cAAc,EAAED,OAAO,CAACG,WAAW;IACnC,YAAY,EAAEH,OAAO,CAACK,eAAe,GAAG,kBAAkB,GAAG,oBAAoB;IACjF,eAAe,EAAEL,OAAO,CAACM;EAC3B,CAAC,CAAC;EAEF,IAAIN,OAAO,CAACK,eAAe,EAAE;IAC3BI,MAAM,CAAC,kBAAkB,CAAC,GAAGT,OAAO,CAACK,eAAe;EACtD,CAAC,MAAM,IAAIL,OAAO,CAACI,iBAAiB,EAAE;IACpCK,MAAM,CAACE,IAAI,GAAGX,OAAO,CAACI,iBAAiB;EACzC;EAEA,MAAM;IAAEQ;EAAa,CAAC,GAAGJ,GAAG,CAACR,OAAO;EACpC,IAAIY,YAAY,EAAE;IAChBH,MAAM,CAAC,eAAe,CAAC,GAAGG,YAAY;EACxC;;EAEA;EACA,OAAO,IAAAC,mBAAa,EAACJ,MAAM,CAAC,CAACK,KAAK,CAAC,CAAC,CAAC;AACvC;;AAEA;AACO,SAASC,mBAAmB,CAACP,GAAG,EAAER,OAAoB,EAAEgB,IAAgB,EAA0B;EACvGjB,eAAe,CAACC,OAAO,CAAC;EACxB,IAAIiB,IAAI,GAAGV,WAAW,CAACC,GAAG,EAAER,OAAO,CAAC;EAEpC,MAAMkB,OAAO,GAAG;IACd,cAAc,EAAE;EAClB,CAAC;EAED,OAAO,IAAAC,iBAAW,EAACX,GAAG,EAAE;IACtBY,GAAG,EAAEJ,IAAI,CAACK,QAAQ;IAClBC,MAAM,EAAE,MAAM;IACdC,IAAI,EAAEN,IAAI;IACVC;EACF,CAAC,CAAC;AACJ;AAEO,SAASM,gBAAgB,CAC9BhB,GAA0B,EAC1BR,OAAoB,EACpByB,YAA0B,EACF;EACxB,OAAO,IAAAN,iBAAW,EAACX,GAAG,EAAE;IACtBY,GAAG,EAAEK,YAAY,CAACJ,QAAQ;IAC1BC,MAAM,EAAE,MAAM;IACdJ,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IAEDK,IAAI,EAAEG,MAAM,CAACC,OAAO,CAAC;MACnBC,SAAS,EAAE5B,OAAO,CAACC,QAAQ;MAAE;MAC7B4B,UAAU,EAAE,eAAe;MAAE;MAC7BC,KAAK,EAAEL,YAAY,CAACM,MAAM,CAACC,IAAI,CAAC,GAAG,CAAC;MACpCC,aAAa,EAAER,YAAY,CAACA,YAAY,CAAE;IAC5C,CAAC,CAAC,CAACS,GAAG,CAAC,UAAU,CAACC,IAAI,EAAEC,KAAK,CAAC,EAAE;MAC9B;MACA,OAAOD,IAAI,GAAG,GAAG,GAAGE,kBAAkB,CAACD,KAAK,CAAE;IAChD,CAAC,CAAC,CAACJ,IAAI,CAAC,GAAG;EACb,CAAC,CAAC;AACJ"}
package/cjs/oidc/endpoints/well-known.js CHANGED
@@ -1,16 +1,11 @@
1
1
  "use strict";
2
2
 
3
3
  var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
4
-
5
4
  exports.getKey = getKey;
6
5
  exports.getWellKnown = getWellKnown;
7
-
8
6
  var _http = require("../../http");
9
-
10
7
  var _util = require("../../util");
11
-
12
8
  var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
13
-
14
9
  /*!
15
10
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
16
11
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -23,45 +18,43 @@ var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"))
23
18
  * See the License for the specific language governing permissions and limitations under the License.
24
19
  *
25
20
  */
21
+
26
22
  function getWellKnown(sdk, issuer) {
27
23
  var authServerUri = issuer || sdk.options.issuer;
28
24
  return (0, _http.get)(sdk, authServerUri + '/.well-known/openid-configuration', {
29
25
  cacheResponse: true
30
26
  });
31
27
  }
32
-
33
28
  function getKey(sdk, issuer, kid) {
34
29
  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);
35
30
  return getWellKnown(sdk, issuer).then(function (wellKnown) {
36
- var jwksUri = wellKnown['jwks_uri']; // Check our kid against the cached version (if it exists and isn't expired)
31
+ var jwksUri = wellKnown['jwks_uri'];
37
32
 
33
+ // Check our kid against the cached version (if it exists and isn't expired)
38
34
  var cacheContents = httpCache.getStorage();
39
35
  var cachedResponse = cacheContents[jwksUri];
40
-
41
36
  if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {
42
37
  var cachedKey = (0, _util.find)(cachedResponse.response.keys, {
43
38
  kid: kid
44
39
  });
45
-
46
40
  if (cachedKey) {
47
41
  return cachedKey;
48
42
  }
49
- } // Remove cache for the key
43
+ }
50
44
 
45
+ // Remove cache for the key
46
+ httpCache.clearStorage(jwksUri);
51
47
 
52
- httpCache.clearStorage(jwksUri); // Pull the latest keys if the key wasn't in the cache
53
-
48
+ // Pull the latest keys if the key wasn't in the cache
54
49
  return (0, _http.get)(sdk, jwksUri, {
55
50
  cacheResponse: true
56
51
  }).then(function (res) {
57
52
  var key = (0, _util.find)(res.keys, {
58
53
  kid: kid
59
54
  });
60
-
61
55
  if (key) {
62
56
  return key;
63
57
  }
64
-
65
58
  throw new _AuthSdkError.default('The key id, ' + kid + ', was not found in the server\'s keys');
66
59
  });
67
60
  });
package/cjs/oidc/endpoints/well-known.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"well-known.js","names":["getWellKnown","sdk","issuer","authServerUri","options","get","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","find","response","keys","clearStorage","res","key","AuthSdkError"],"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOAuthInterface, WellKnownResponse } from '../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuthOAuthInterface, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n"],"mappings":";;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAmDC,MAAnD,EAAgG;EACrG,IAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;EACA,OAAO,IAAAG,SAAA,EAAIJ,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;IACnEG,aAAa,EAAE;EADoD,CAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBN,GAAhB,EAA6CC,MAA7C,EAA6DM,GAA7D,EAA2F;EAChG,IAAIC,SAAS,GAAGR,GAAG,CAACS,cAAJ,CAAmBC,YAAnB,CAAgCV,GAAG,CAACG,OAAJ,CAAYQ,OAA5C,CAAhB;EAEA,OAAOZ,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNW,IADM,CACD,UAASC,SAAT,EAAoB;IACxB,IAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;IACA,IAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;IACA,IAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;IACA,IAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;MAChE,IAAIC,SAAS,GAAG,IAAAC,UAAA,EAAKL,cAAc,CAACM,QAAf,CAAwBC,IAA7B,EAAmC;QACjDjB,GAAG,EAAEA;MAD4C,CAAnC,CAAhB;;MAIA,IAAIc,SAAJ,EAAe;QACb,OAAOA,SAAP;MACD;IACF,CAduB,CAgBxB;;;IACAb,SAAS,CAACiB,YAAV,CAAuBX,OAAvB,EAjBwB,CAmBxB;;IACA,OAAO,IAAAV,SAAA,EAAIJ,GAAJ,EAASc,OAAT,EAAkB;MACvBT,aAAa,EAAE;IADQ,CAAlB,EAGNO,IAHM,CAGD,UAASc,GAAT,EAAc;MAClB,IAAIC,GAAG,GAAG,IAAAL,UAAA,EAAKI,GAAG,CAACF,IAAT,EAAe;QACvBjB,GAAG,EAAEA;MADkB,CAAf,CAAV;;MAIA,IAAIoB,GAAJ,EAAS;QACP,OAAOA,GAAP;MACD;;MAED,MAAM,IAAIC,qBAAJ,CAAiB,iBAAiBrB,GAAjB,GAAuB,uCAAxC,CAAN;IACD,CAbM,CAAP;EAcD,CAnCM,CAAP;AAoCD"}
1
+ {"version":3,"file":"well-known.js","names":["getWellKnown","sdk","issuer","authServerUri","options","get","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","find","response","keys","clearStorage","res","key","AuthSdkError"],"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOAuthInterface, WellKnownResponse } from '../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuthOAuthInterface, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n"],"mappings":";;;;;AAYA;AACA;AAEA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,YAAY,CAACC,GAA2B,EAAEC,MAAe,EAA8B;EACrG,IAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAO,CAACF,MAAO;EAClD,OAAO,IAAAG,SAAG,EAACJ,GAAG,EAAEE,aAAa,GAAG,mCAAmC,EAAE;IACnEG,aAAa,EAAE;EACjB,CAAC,CAAC;AACJ;AAEO,SAASC,MAAM,CAACN,GAA2B,EAAEC,MAAc,EAAEM,GAAW,EAAmB;EAChG,IAAIC,SAAS,GAAGR,GAAG,CAACS,cAAc,CAACC,YAAY,CAACV,GAAG,CAACG,OAAO,CAACQ,OAAO,CAAC;EAEpE,OAAOZ,YAAY,CAACC,GAAG,EAAEC,MAAM,CAAC,CAC/BW,IAAI,CAAC,UAASC,SAAS,EAAE;IACxB,IAAIC,OAAO,GAAGD,SAAS,CAAC,UAAU,CAAC;;IAEnC;IACA,IAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAU,EAAE;IAC1C,IAAIC,cAAc,GAAGF,aAAa,CAACD,OAAO,CAAC;IAC3C,IAAIG,cAAc,IAAIC,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,GAAGF,cAAc,CAACG,SAAS,EAAE;MAChE,IAAIC,SAAS,GAAG,IAAAC,UAAI,EAACL,cAAc,CAACM,QAAQ,CAACC,IAAI,EAAE;QACjDjB,GAAG,EAAEA;MACP,CAAC,CAAC;MAEF,IAAIc,SAAS,EAAE;QACb,OAAOA,SAAS;MAClB;IACF;;IAEA;IACAb,SAAS,CAACiB,YAAY,CAACX,OAAO,CAAC;;IAE/B;IACA,OAAO,IAAAV,SAAG,EAACJ,GAAG,EAAEc,OAAO,EAAE;MACvBT,aAAa,EAAE;IACjB,CAAC,CAAC,CACDO,IAAI,CAAC,UAASc,GAAG,EAAE;MAClB,IAAIC,GAAG,GAAG,IAAAL,UAAI,EAACI,GAAG,CAACF,IAAI,EAAE;QACvBjB,GAAG,EAAEA;MACP,CAAC,CAAC;MAEF,IAAIoB,GAAG,EAAE;QACP,OAAOA,GAAG;MACZ;MAEA,MAAM,IAAIC,qBAAY,CAAC,cAAc,GAAGrB,GAAG,GAAG,uCAAuC,CAAC;IACxF,CAAC,CAAC;EACJ,CAAC,CAAC;AACJ"}