@okta/okta-auth-js 7.0.0 → 7.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (569) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +2 -0
  3. package/cjs/authn/AuthnTransactionImpl.js +6 -8
  4. package/cjs/authn/AuthnTransactionImpl.js.map +1 -1
  5. package/cjs/authn/api.js +3 -18
  6. package/cjs/authn/api.js.map +1 -1
  7. package/cjs/authn/factory.js +1 -7
  8. package/cjs/authn/factory.js.map +1 -1
  9. package/cjs/authn/index.js +0 -5
  10. package/cjs/authn/index.js.map +1 -1
  11. package/cjs/authn/mixin.js +14 -22
  12. package/cjs/authn/mixin.js.map +1 -1
  13. package/cjs/authn/util/flattenEmbedded.js +5 -12
  14. package/cjs/authn/util/flattenEmbedded.js.map +1 -1
  15. package/cjs/authn/util/link2fn.js +0 -22
  16. package/cjs/authn/util/link2fn.js.map +1 -1
  17. package/cjs/authn/util/links2fns.js +0 -12
  18. package/cjs/authn/util/links2fns.js.map +1 -1
  19. package/cjs/authn/util/poll.js +9 -27
  20. package/cjs/authn/util/poll.js.map +1 -1
  21. package/cjs/authn/util/stateToken.js +3 -4
  22. package/cjs/authn/util/stateToken.js.map +1 -1
  23. package/cjs/base/factory.js +6 -14
  24. package/cjs/base/factory.js.map +1 -1
  25. package/cjs/base/index.js +0 -5
  26. package/cjs/base/index.js.map +1 -1
  27. package/cjs/base/options.js +1 -2
  28. package/cjs/base/options.js.map +1 -1
  29. package/cjs/browser/browserStorage.js +15 -43
  30. package/cjs/browser/browserStorage.js.map +1 -1
  31. package/cjs/browser/fingerprint.js +3 -15
  32. package/cjs/browser/fingerprint.js.map +1 -1
  33. package/cjs/clock.js +5 -7
  34. package/cjs/clock.js.map +1 -1
  35. package/cjs/constants.js +4 -3
  36. package/cjs/constants.js.map +1 -1
  37. package/cjs/core/AuthStateManager.js +24 -48
  38. package/cjs/core/AuthStateManager.js.map +1 -1
  39. package/cjs/core/ServiceManager/browser.js +13 -33
  40. package/cjs/core/ServiceManager/browser.js.map +1 -1
  41. package/cjs/core/ServiceManager/index.js +0 -1
  42. package/cjs/core/ServiceManager/index.js.map +1 -1
  43. package/cjs/core/ServiceManager/node.js +3 -9
  44. package/cjs/core/ServiceManager/node.js.map +1 -1
  45. package/cjs/core/factory.js +0 -7
  46. package/cjs/core/factory.js.map +1 -1
  47. package/cjs/core/index.js +0 -13
  48. package/cjs/core/index.js.map +1 -1
  49. package/cjs/core/mixin.js +16 -20
  50. package/cjs/core/mixin.js.map +1 -1
  51. package/cjs/core/options.js +1 -3
  52. package/cjs/core/options.js.map +1 -1
  53. package/cjs/core/storage.js +0 -2
  54. package/cjs/core/storage.js.map +1 -1
  55. package/cjs/core/types/index.js +0 -5
  56. package/cjs/core/types/index.js.map +1 -1
  57. package/cjs/crypto/base64.js +9 -22
  58. package/cjs/crypto/base64.js.map +1 -1
  59. package/cjs/crypto/browser.js +0 -4
  60. package/cjs/crypto/browser.js.map +1 -1
  61. package/cjs/crypto/index.js +0 -9
  62. package/cjs/crypto/index.js.map +1 -1
  63. package/cjs/crypto/node.js +0 -13
  64. package/cjs/crypto/node.js.map +1 -1
  65. package/cjs/crypto/oidcHash.js +1 -4
  66. package/cjs/crypto/oidcHash.js.map +1 -1
  67. package/cjs/crypto/verifyToken.js +6 -7
  68. package/cjs/crypto/verifyToken.js.map +1 -1
  69. package/cjs/crypto/webcrypto.js +0 -1
  70. package/cjs/crypto/webcrypto.js.map +1 -1
  71. package/cjs/errors/AuthApiError.js +1 -7
  72. package/cjs/errors/AuthApiError.js.map +1 -1
  73. package/cjs/errors/AuthPollStopError.js +1 -5
  74. package/cjs/errors/AuthPollStopError.js.map +1 -1
  75. package/cjs/errors/AuthSdkError.js +1 -6
  76. package/cjs/errors/AuthSdkError.js.map +1 -1
  77. package/cjs/errors/CustomError.js +1 -4
  78. package/cjs/errors/CustomError.js.map +1 -1
  79. package/cjs/errors/OAuthError.js +4 -7
  80. package/cjs/errors/OAuthError.js.map +1 -1
  81. package/cjs/errors/index.js +1 -9
  82. package/cjs/errors/index.js.map +1 -1
  83. package/cjs/exports/authn.js +0 -9
  84. package/cjs/exports/authn.js.map +1 -1
  85. package/cjs/exports/cdn/authn.js +0 -2
  86. package/cjs/exports/cdn/authn.js.map +1 -1
  87. package/cjs/exports/cdn/core.js +0 -2
  88. package/cjs/exports/cdn/core.js.map +1 -1
  89. package/cjs/exports/cdn/default.js +0 -2
  90. package/cjs/exports/cdn/default.js.map +1 -1
  91. package/cjs/exports/cdn/idx.js +0 -2
  92. package/cjs/exports/cdn/idx.js.map +1 -1
  93. package/cjs/exports/cdn/myaccount.js +0 -2
  94. package/cjs/exports/cdn/myaccount.js.map +1 -1
  95. package/cjs/exports/common.js +0 -22
  96. package/cjs/exports/common.js.map +1 -1
  97. package/cjs/exports/core.js +0 -9
  98. package/cjs/exports/core.js.map +1 -1
  99. package/cjs/exports/default.js +2 -12
  100. package/cjs/exports/default.js.map +1 -1
  101. package/cjs/exports/idx.js +3 -7
  102. package/cjs/exports/idx.js.map +1 -1
  103. package/cjs/exports/myaccount.js +0 -9
  104. package/cjs/exports/myaccount.js.map +1 -1
  105. package/cjs/features.js +1 -18
  106. package/cjs/features.js.map +1 -1
  107. package/cjs/fetch/fetchRequest.js +6 -20
  108. package/cjs/fetch/fetchRequest.js.map +1 -1
  109. package/cjs/http/OktaUserAgent.js +3 -11
  110. package/cjs/http/OktaUserAgent.js.map +1 -1
  111. package/cjs/http/headers.js +1 -1
  112. package/cjs/http/headers.js.map +1 -1
  113. package/cjs/http/index.js +0 -11
  114. package/cjs/http/index.js.map +1 -1
  115. package/cjs/http/mixin.js +2 -10
  116. package/cjs/http/mixin.js.map +1 -1
  117. package/cjs/http/options.js +1 -5
  118. package/cjs/http/options.js.map +1 -1
  119. package/cjs/http/request.js +75 -57
  120. package/cjs/http/request.js.map +1 -1
  121. package/cjs/idx/IdxTransactionManager.js +2 -22
  122. package/cjs/idx/IdxTransactionManager.js.map +1 -1
  123. package/cjs/idx/authenticate.js +3 -5
  124. package/cjs/idx/authenticate.js.map +1 -1
  125. package/cjs/idx/authenticator/Authenticator.js +2 -4
  126. package/cjs/idx/authenticator/Authenticator.js.map +1 -1
  127. package/cjs/idx/authenticator/OktaPassword.js +2 -10
  128. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  129. package/cjs/idx/authenticator/OktaVerifyTotp.js +0 -6
  130. package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
  131. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +0 -10
  132. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
  133. package/cjs/idx/authenticator/SecurityQuestionVerification.js +1 -10
  134. package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
  135. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +2 -10
  136. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  137. package/cjs/idx/authenticator/WebauthnEnrollment.js +0 -8
  138. package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
  139. package/cjs/idx/authenticator/WebauthnVerification.js +0 -8
  140. package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
  141. package/cjs/idx/authenticator/getAuthenticator.js +0 -15
  142. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  143. package/cjs/idx/authenticator/index.js +0 -15
  144. package/cjs/idx/authenticator/index.js.map +1 -1
  145. package/cjs/idx/authenticator/util.js +8 -18
  146. package/cjs/idx/authenticator/util.js.map +1 -1
  147. package/cjs/idx/cancel.js +3 -4
  148. package/cjs/idx/cancel.js.map +1 -1
  149. package/cjs/idx/emailVerify.js +5 -13
  150. package/cjs/idx/emailVerify.js.map +1 -1
  151. package/cjs/idx/factory/OktaAuthIdx.js +0 -3
  152. package/cjs/idx/factory/OktaAuthIdx.js.map +1 -1
  153. package/cjs/idx/factory/api.js +1 -17
  154. package/cjs/idx/factory/api.js.map +1 -1
  155. package/cjs/idx/factory/index.js +0 -3
  156. package/cjs/idx/factory/index.js.map +1 -1
  157. package/cjs/idx/flow/AccountUnlockFlow.js +1 -2
  158. package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -1
  159. package/cjs/idx/flow/AuthenticationFlow.js +1 -2
  160. package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
  161. package/cjs/idx/flow/FlowSpecification.js +2 -13
  162. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  163. package/cjs/idx/flow/PasswordRecoveryFlow.js +1 -2
  164. package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  165. package/cjs/idx/flow/RegistrationFlow.js +1 -2
  166. package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
  167. package/cjs/idx/flow/index.js +0 -11
  168. package/cjs/idx/flow/index.js.map +1 -1
  169. package/cjs/idx/handleInteractionCodeRedirect.js +7 -12
  170. package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
  171. package/cjs/idx/idxState/index.js +1 -11
  172. package/cjs/idx/idxState/index.js.map +1 -1
  173. package/cjs/idx/idxState/v1/actionParser.js +1 -12
  174. package/cjs/idx/idxState/v1/actionParser.js.map +1 -1
  175. package/cjs/idx/idxState/v1/generateIdxAction.js +10 -15
  176. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  177. package/cjs/idx/idxState/v1/idxResponseParser.js +7 -23
  178. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  179. package/cjs/idx/idxState/v1/makeIdxState.js +2 -10
  180. package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
  181. package/cjs/idx/idxState/v1/parsers.js +0 -2
  182. package/cjs/idx/idxState/v1/parsers.js.map +1 -1
  183. package/cjs/idx/idxState/v1/remediationParser.js +2 -4
  184. package/cjs/idx/idxState/v1/remediationParser.js.map +1 -1
  185. package/cjs/idx/index.js +0 -26
  186. package/cjs/idx/index.js.map +1 -1
  187. package/cjs/idx/interact.js +18 -18
  188. package/cjs/idx/interact.js.map +1 -1
  189. package/cjs/idx/introspect.js +5 -14
  190. package/cjs/idx/introspect.js.map +1 -1
  191. package/cjs/idx/mixin.js +0 -9
  192. package/cjs/idx/mixin.js.map +1 -1
  193. package/cjs/idx/options.js +2 -3
  194. package/cjs/idx/options.js.map +1 -1
  195. package/cjs/idx/poll.js +1 -10
  196. package/cjs/idx/poll.js.map +1 -1
  197. package/cjs/idx/proceed.js +3 -9
  198. package/cjs/idx/proceed.js.map +1 -1
  199. package/cjs/idx/recoverPassword.js +3 -4
  200. package/cjs/idx/recoverPassword.js.map +1 -1
  201. package/cjs/idx/register.js +5 -11
  202. package/cjs/idx/register.js.map +1 -1
  203. package/cjs/idx/remediate.js +24 -45
  204. package/cjs/idx/remediate.js.map +1 -1
  205. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +7 -16
  206. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
  207. package/cjs/idx/remediators/AuthenticatorVerificationData.js +7 -15
  208. package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
  209. package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -22
  210. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  211. package/cjs/idx/remediators/Base/Remediator.js +38 -67
  212. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  213. package/cjs/idx/remediators/Base/SelectAuthenticator.js +13 -30
  214. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  215. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +5 -13
  216. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  217. package/cjs/idx/remediators/ChallengeAuthenticator.js +1 -5
  218. package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
  219. package/cjs/idx/remediators/ChallengePoll.js +1 -6
  220. package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
  221. package/cjs/idx/remediators/EnrollAuthenticator.js +1 -5
  222. package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
  223. package/cjs/idx/remediators/EnrollPoll.js +5 -12
  224. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  225. package/cjs/idx/remediators/EnrollProfile.js +8 -30
  226. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  227. package/cjs/idx/remediators/EnrollmentChannelData.js +5 -13
  228. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
  229. package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js +13 -19
  230. package/cjs/idx/remediators/GenericRemediator/GenericRemediator.js.map +1 -1
  231. package/cjs/idx/remediators/GenericRemediator/index.js +0 -1
  232. package/cjs/idx/remediators/GenericRemediator/index.js.map +1 -1
  233. package/cjs/idx/remediators/GenericRemediator/util.js +19 -31
  234. package/cjs/idx/remediators/GenericRemediator/util.js.map +1 -1
  235. package/cjs/idx/remediators/Identify.js +3 -12
  236. package/cjs/idx/remediators/Identify.js.map +1 -1
  237. package/cjs/idx/remediators/ReEnrollAuthenticator.js +3 -10
  238. package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
  239. package/cjs/idx/remediators/RedirectIdp.js +1 -7
  240. package/cjs/idx/remediators/RedirectIdp.js.map +1 -1
  241. package/cjs/idx/remediators/ResetAuthenticator.js +1 -5
  242. package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
  243. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +3 -11
  244. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  245. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +1 -5
  246. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
  247. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +6 -15
  248. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
  249. package/cjs/idx/remediators/SelectEnrollProfile.js +1 -6
  250. package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
  251. package/cjs/idx/remediators/SelectEnrollmentChannel.js +5 -16
  252. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  253. package/cjs/idx/remediators/Skip.js +1 -6
  254. package/cjs/idx/remediators/Skip.js.map +1 -1
  255. package/cjs/idx/remediators/index.js +0 -39
  256. package/cjs/idx/remediators/index.js.map +1 -1
  257. package/cjs/idx/remediators/util.js +1 -7
  258. package/cjs/idx/remediators/util.js.map +1 -1
  259. package/cjs/idx/run.js +39 -54
  260. package/cjs/idx/run.js.map +1 -1
  261. package/cjs/idx/startTransaction.js +1 -2
  262. package/cjs/idx/startTransaction.js.map +1 -1
  263. package/cjs/idx/storage.js +3 -22
  264. package/cjs/idx/storage.js.map +1 -1
  265. package/cjs/idx/transactionMeta.js +24 -42
  266. package/cjs/idx/transactionMeta.js.map +1 -1
  267. package/cjs/idx/types/api.js +1 -9
  268. package/cjs/idx/types/api.js.map +1 -1
  269. package/cjs/idx/types/idx-js.js +3 -3
  270. package/cjs/idx/types/idx-js.js.map +1 -1
  271. package/cjs/idx/types/index.js +0 -7
  272. package/cjs/idx/types/index.js.map +1 -1
  273. package/cjs/idx/types/meta.js.map +1 -1
  274. package/cjs/idx/types/options.js.map +1 -1
  275. package/cjs/idx/unlockAccount.js +7 -11
  276. package/cjs/idx/unlockAccount.js.map +1 -1
  277. package/cjs/idx/util.js +24 -76
  278. package/cjs/idx/util.js.map +1 -1
  279. package/cjs/idx/webauthn.js +13 -18
  280. package/cjs/idx/webauthn.js.map +1 -1
  281. package/cjs/myaccount/api.js +0 -5
  282. package/cjs/myaccount/api.js.map +1 -1
  283. package/cjs/myaccount/emailApi.js +6 -21
  284. package/cjs/myaccount/emailApi.js.map +1 -1
  285. package/cjs/myaccount/factory.js +0 -3
  286. package/cjs/myaccount/factory.js.map +1 -1
  287. package/cjs/myaccount/index.js +0 -7
  288. package/cjs/myaccount/index.js.map +1 -1
  289. package/cjs/myaccount/mixin.js +0 -5
  290. package/cjs/myaccount/mixin.js.map +1 -1
  291. package/cjs/myaccount/phoneApi.js +5 -18
  292. package/cjs/myaccount/phoneApi.js.map +1 -1
  293. package/cjs/myaccount/profileApi.js +2 -9
  294. package/cjs/myaccount/profileApi.js.map +1 -1
  295. package/cjs/myaccount/request.js +12 -78
  296. package/cjs/myaccount/request.js.map +1 -1
  297. package/cjs/myaccount/transactions/Base.js +5 -7
  298. package/cjs/myaccount/transactions/Base.js.map +1 -1
  299. package/cjs/myaccount/transactions/EmailChallengeTransaction.js +5 -10
  300. package/cjs/myaccount/transactions/EmailChallengeTransaction.js.map +1 -1
  301. package/cjs/myaccount/transactions/EmailStatusTransaction.js +2 -7
  302. package/cjs/myaccount/transactions/EmailStatusTransaction.js.map +1 -1
  303. package/cjs/myaccount/transactions/EmailTransaction.js +5 -13
  304. package/cjs/myaccount/transactions/EmailTransaction.js.map +1 -1
  305. package/cjs/myaccount/transactions/PhoneTransaction.js +5 -12
  306. package/cjs/myaccount/transactions/PhoneTransaction.js.map +1 -1
  307. package/cjs/myaccount/transactions/ProfileSchemaTransaction.js +0 -5
  308. package/cjs/myaccount/transactions/ProfileSchemaTransaction.js.map +1 -1
  309. package/cjs/myaccount/transactions/ProfileTransaction.js +0 -5
  310. package/cjs/myaccount/transactions/ProfileTransaction.js.map +1 -1
  311. package/cjs/myaccount/transactions/index.js +0 -8
  312. package/cjs/myaccount/transactions/index.js.map +1 -1
  313. package/cjs/myaccount/types.js +0 -5
  314. package/cjs/myaccount/types.js.map +1 -1
  315. package/cjs/oidc/TokenManager.js +39 -100
  316. package/cjs/oidc/TokenManager.js.map +1 -1
  317. package/cjs/oidc/TransactionManager.js +19 -26
  318. package/cjs/oidc/TransactionManager.js.map +1 -1
  319. package/cjs/oidc/decodeToken.js +1 -5
  320. package/cjs/oidc/decodeToken.js.map +1 -1
  321. package/cjs/oidc/endpoints/authorize.js +9 -13
  322. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  323. package/cjs/oidc/endpoints/index.js +0 -5
  324. package/cjs/oidc/endpoints/index.js.map +1 -1
  325. package/cjs/oidc/endpoints/token.js +5 -17
  326. package/cjs/oidc/endpoints/token.js.map +1 -1
  327. package/cjs/oidc/endpoints/well-known.js +7 -14
  328. package/cjs/oidc/endpoints/well-known.js.map +1 -1
  329. package/cjs/oidc/exchangeCodeForTokens.js +7 -12
  330. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  331. package/cjs/oidc/factory/OktaAuthOAuth.js +0 -6
  332. package/cjs/oidc/factory/OktaAuthOAuth.js.map +1 -1
  333. package/cjs/oidc/factory/api.js +6 -20
  334. package/cjs/oidc/factory/api.js.map +1 -1
  335. package/cjs/oidc/factory/index.js +0 -3
  336. package/cjs/oidc/factory/index.js.map +1 -1
  337. package/cjs/oidc/getToken.js +18 -30
  338. package/cjs/oidc/getToken.js.map +1 -1
  339. package/cjs/oidc/getUserInfo.js +1 -15
  340. package/cjs/oidc/getUserInfo.js.map +1 -1
  341. package/cjs/oidc/getWithPopup.js +4 -8
  342. package/cjs/oidc/getWithPopup.js.map +1 -1
  343. package/cjs/oidc/getWithRedirect.js +1 -8
  344. package/cjs/oidc/getWithRedirect.js.map +1 -1
  345. package/cjs/oidc/getWithoutPrompt.js +1 -5
  346. package/cjs/oidc/getWithoutPrompt.js.map +1 -1
  347. package/cjs/oidc/handleOAuthResponse.js +23 -40
  348. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  349. package/cjs/oidc/index.js +0 -32
  350. package/cjs/oidc/index.js.map +1 -1
  351. package/cjs/oidc/mixin/browser.js +6 -18
  352. package/cjs/oidc/mixin/browser.js.map +1 -1
  353. package/cjs/oidc/mixin/index.js +37 -89
  354. package/cjs/oidc/mixin/index.js.map +1 -1
  355. package/cjs/oidc/mixin/node.js +2 -9
  356. package/cjs/oidc/mixin/node.js.map +1 -1
  357. package/cjs/oidc/options/OAuthOptionsConstructor.js +17 -24
  358. package/cjs/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  359. package/cjs/oidc/options/browser.js.map +1 -1
  360. package/cjs/oidc/options/index.js +0 -1
  361. package/cjs/oidc/options/index.js.map +1 -1
  362. package/cjs/oidc/options/node.js.map +1 -1
  363. package/cjs/oidc/parseFromUrl.js +1 -32
  364. package/cjs/oidc/parseFromUrl.js.map +1 -1
  365. package/cjs/oidc/renewToken.js +5 -16
  366. package/cjs/oidc/renewToken.js.map +1 -1
  367. package/cjs/oidc/renewTokens.js +3 -15
  368. package/cjs/oidc/renewTokens.js.map +1 -1
  369. package/cjs/oidc/renewTokensWithRefresh.js +3 -13
  370. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  371. package/cjs/oidc/revokeToken.js +3 -14
  372. package/cjs/oidc/revokeToken.js.map +1 -1
  373. package/cjs/oidc/storage.js +0 -8
  374. package/cjs/oidc/storage.js.map +1 -1
  375. package/cjs/oidc/types/Token.js +1 -5
  376. package/cjs/oidc/types/Token.js.map +1 -1
  377. package/cjs/oidc/types/TokenManager.js +1 -1
  378. package/cjs/oidc/types/TokenManager.js.map +1 -1
  379. package/cjs/oidc/types/Transaction.js +1 -12
  380. package/cjs/oidc/types/Transaction.js.map +1 -1
  381. package/cjs/oidc/types/UserClaims.js.map +1 -1
  382. package/cjs/oidc/types/api.js.map +1 -1
  383. package/cjs/oidc/types/index.js +0 -21
  384. package/cjs/oidc/types/index.js.map +1 -1
  385. package/cjs/oidc/types/meta.js.map +1 -1
  386. package/cjs/oidc/types/options.js.map +1 -1
  387. package/cjs/oidc/types/proto.js.map +1 -1
  388. package/cjs/oidc/util/browser.js +4 -13
  389. package/cjs/oidc/util/browser.js.map +1 -1
  390. package/cjs/oidc/util/defaultTokenParams.js +5 -5
  391. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  392. package/cjs/oidc/util/errors.js +3 -8
  393. package/cjs/oidc/util/errors.js.map +1 -1
  394. package/cjs/oidc/util/index.js +0 -24
  395. package/cjs/oidc/util/index.js.map +1 -1
  396. package/cjs/oidc/util/loginRedirect.js +11 -25
  397. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  398. package/cjs/oidc/util/oauth.js +3 -12
  399. package/cjs/oidc/util/oauth.js.map +1 -1
  400. package/cjs/oidc/util/oauthMeta.js +5 -6
  401. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  402. package/cjs/oidc/util/pkce.js +1 -12
  403. package/cjs/oidc/util/pkce.js.map +1 -1
  404. package/cjs/oidc/util/prepareTokenParams.js +13 -26
  405. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  406. package/cjs/oidc/util/refreshToken.js +0 -7
  407. package/cjs/oidc/util/refreshToken.js.map +1 -1
  408. package/cjs/oidc/util/sharedStorage.js +0 -8
  409. package/cjs/oidc/util/sharedStorage.js.map +1 -1
  410. package/cjs/oidc/util/urlParams.js +9 -12
  411. package/cjs/oidc/util/urlParams.js.map +1 -1
  412. package/cjs/oidc/util/validateClaims.js +9 -17
  413. package/cjs/oidc/util/validateClaims.js.map +1 -1
  414. package/cjs/oidc/util/validateToken.js +1 -6
  415. package/cjs/oidc/util/validateToken.js.map +1 -1
  416. package/cjs/oidc/verifyToken.js +13 -23
  417. package/cjs/oidc/verifyToken.js.map +1 -1
  418. package/cjs/server/serverStorage.js +9 -27
  419. package/cjs/server/serverStorage.js.map +1 -1
  420. package/cjs/services/AutoRenewService.js +1 -17
  421. package/cjs/services/AutoRenewService.js.map +1 -1
  422. package/cjs/services/LeaderElectionService.js +1 -23
  423. package/cjs/services/LeaderElectionService.js.map +1 -1
  424. package/cjs/services/SyncStorageService.js +3 -37
  425. package/cjs/services/SyncStorageService.js.map +1 -1
  426. package/cjs/services/index.js +0 -5
  427. package/cjs/services/index.js.map +1 -1
  428. package/cjs/session/api.js +1 -12
  429. package/cjs/session/api.js.map +1 -1
  430. package/cjs/session/factory.js +0 -2
  431. package/cjs/session/factory.js.map +1 -1
  432. package/cjs/session/index.js +0 -7
  433. package/cjs/session/index.js.map +1 -1
  434. package/cjs/session/mixin.js +2 -6
  435. package/cjs/session/mixin.js.map +1 -1
  436. package/cjs/storage/BaseStorageManager.js +13 -25
  437. package/cjs/storage/BaseStorageManager.js.map +1 -1
  438. package/cjs/storage/SavedObject.js +7 -19
  439. package/cjs/storage/SavedObject.js.map +1 -1
  440. package/cjs/storage/index.js +0 -9
  441. package/cjs/storage/index.js.map +1 -1
  442. package/cjs/storage/mixin.js +2 -4
  443. package/cjs/storage/mixin.js.map +1 -1
  444. package/cjs/storage/options/StorageOptionsConstructor.js +3 -6
  445. package/cjs/storage/options/StorageOptionsConstructor.js.map +1 -1
  446. package/cjs/storage/options/browser.js +7 -15
  447. package/cjs/storage/options/browser.js.map +1 -1
  448. package/cjs/storage/options/node.js +3 -6
  449. package/cjs/storage/options/node.js.map +1 -1
  450. package/cjs/util/PromiseQueue.js +7 -15
  451. package/cjs/util/PromiseQueue.js.map +1 -1
  452. package/cjs/util/console.js +3 -7
  453. package/cjs/util/console.js.map +1 -1
  454. package/cjs/util/index.js +0 -11
  455. package/cjs/util/index.js.map +1 -1
  456. package/cjs/util/misc.js +3 -8
  457. package/cjs/util/misc.js.map +1 -1
  458. package/cjs/util/object.js +9 -23
  459. package/cjs/util/object.js.map +1 -1
  460. package/cjs/util/types.js +1 -5
  461. package/cjs/util/types.js.map +1 -1
  462. package/cjs/util/url.js +5 -14
  463. package/cjs/util/url.js.map +1 -1
  464. package/dist/okta-auth-js.authn.min.analyzer.html +3 -3
  465. package/dist/okta-auth-js.authn.min.js +1 -1
  466. package/dist/okta-auth-js.authn.min.js.LICENSE.txt +2 -0
  467. package/dist/okta-auth-js.authn.min.js.map +1 -1
  468. package/dist/okta-auth-js.core.min.analyzer.html +3 -3
  469. package/dist/okta-auth-js.core.min.js +1 -1
  470. package/dist/okta-auth-js.core.min.js.LICENSE.txt +2 -0
  471. package/dist/okta-auth-js.core.min.js.map +1 -1
  472. package/dist/okta-auth-js.idx.min.analyzer.html +3 -3
  473. package/dist/okta-auth-js.idx.min.js +1 -1
  474. package/dist/okta-auth-js.idx.min.js.LICENSE.txt +2 -0
  475. package/dist/okta-auth-js.idx.min.js.map +1 -1
  476. package/dist/okta-auth-js.min.analyzer.html +3 -3
  477. package/dist/okta-auth-js.min.js +1 -1
  478. package/dist/okta-auth-js.min.js.LICENSE.txt +2 -0
  479. package/dist/okta-auth-js.min.js.map +1 -1
  480. package/dist/okta-auth-js.myaccount.min.analyzer.html +3 -3
  481. package/dist/okta-auth-js.myaccount.min.js +1 -1
  482. package/dist/okta-auth-js.myaccount.min.js.LICENSE.txt +2 -0
  483. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  484. package/dist/okta-auth-js.polyfill.js +1 -1
  485. package/dist/okta-auth-js.polyfill.js.map +1 -1
  486. package/esm/browser/http/OktaUserAgent.js +2 -2
  487. package/esm/browser/http/request.js +56 -23
  488. package/esm/browser/http/request.js.map +1 -1
  489. package/esm/browser/idx/interact.js +2 -2
  490. package/esm/browser/idx/interact.js.map +1 -1
  491. package/esm/browser/idx/run.js +3 -2
  492. package/esm/browser/idx/run.js.map +1 -1
  493. package/esm/browser/idx/transactionMeta.js +3 -2
  494. package/esm/browser/idx/transactionMeta.js.map +1 -1
  495. package/esm/browser/myaccount/request.js +2 -43
  496. package/esm/browser/myaccount/request.js.map +1 -1
  497. package/esm/browser/oidc/endpoints/authorize.js +1 -0
  498. package/esm/browser/oidc/endpoints/authorize.js.map +1 -1
  499. package/esm/browser/oidc/exchangeCodeForTokens.js +2 -1
  500. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  501. package/esm/browser/oidc/handleOAuthResponse.js +17 -16
  502. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  503. package/esm/browser/oidc/options/OAuthOptionsConstructor.js +2 -0
  504. package/esm/browser/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  505. package/esm/browser/oidc/util/defaultTokenParams.js +3 -1
  506. package/esm/browser/oidc/util/defaultTokenParams.js.map +1 -1
  507. package/esm/browser/oidc/util/oauthMeta.js +1 -0
  508. package/esm/browser/oidc/util/oauthMeta.js.map +1 -1
  509. package/esm/browser/oidc/util/validateClaims.js +9 -4
  510. package/esm/browser/oidc/util/validateClaims.js.map +1 -1
  511. package/esm/browser/oidc/verifyToken.js +2 -2
  512. package/esm/browser/oidc/verifyToken.js.map +1 -1
  513. package/esm/browser/package.json +1 -1
  514. package/esm/node/http/OktaUserAgent.js +2 -2
  515. package/esm/node/http/request.js +56 -23
  516. package/esm/node/http/request.js.map +1 -1
  517. package/esm/node/idx/interact.js +2 -2
  518. package/esm/node/idx/interact.js.map +1 -1
  519. package/esm/node/idx/run.js +3 -2
  520. package/esm/node/idx/run.js.map +1 -1
  521. package/esm/node/idx/transactionMeta.js +3 -2
  522. package/esm/node/idx/transactionMeta.js.map +1 -1
  523. package/esm/node/myaccount/request.js +2 -43
  524. package/esm/node/myaccount/request.js.map +1 -1
  525. package/esm/node/oidc/endpoints/authorize.js +1 -0
  526. package/esm/node/oidc/endpoints/authorize.js.map +1 -1
  527. package/esm/node/oidc/exchangeCodeForTokens.js +2 -1
  528. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  529. package/esm/node/oidc/handleOAuthResponse.js +17 -16
  530. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  531. package/esm/node/oidc/options/OAuthOptionsConstructor.js +2 -0
  532. package/esm/node/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  533. package/esm/node/oidc/util/defaultTokenParams.js +3 -1
  534. package/esm/node/oidc/util/defaultTokenParams.js.map +1 -1
  535. package/esm/node/oidc/util/oauthMeta.js +1 -0
  536. package/esm/node/oidc/util/oauthMeta.js.map +1 -1
  537. package/esm/node/oidc/util/validateClaims.js +9 -4
  538. package/esm/node/oidc/util/validateClaims.js.map +1 -1
  539. package/esm/node/oidc/verifyToken.js +2 -2
  540. package/esm/node/oidc/verifyToken.js.map +1 -1
  541. package/esm/node/package.json +1 -1
  542. package/package.json +12 -13
  543. package/polyfill/index.js +8 -5
  544. package/types/lib/core/options.d.ts +2 -0
  545. package/types/lib/idx/interact.d.ts +1 -0
  546. package/types/lib/idx/options.d.ts +2 -0
  547. package/types/lib/idx/types/meta.d.ts +1 -0
  548. package/types/lib/idx/types/options.d.ts +1 -0
  549. package/types/lib/oidc/options/OAuthOptionsConstructor.d.ts +2 -0
  550. package/types/lib/oidc/types/UserClaims.d.ts +1 -0
  551. package/types/lib/oidc/types/api.d.ts +1 -0
  552. package/types/lib/oidc/types/meta.d.ts +1 -1
  553. package/types/lib/oidc/types/options.d.ts +2 -1
  554. package/types/lib/oidc/types/proto.d.ts +1 -0
  555. package/umd/authn.js +1 -1
  556. package/umd/authn.js.LICENSE.txt +2 -0
  557. package/umd/authn.js.map +1 -1
  558. package/umd/core.js +1 -1
  559. package/umd/core.js.LICENSE.txt +2 -0
  560. package/umd/core.js.map +1 -1
  561. package/umd/default.js +1 -1
  562. package/umd/default.js.LICENSE.txt +2 -0
  563. package/umd/default.js.map +1 -1
  564. package/umd/idx.js +1 -1
  565. package/umd/idx.js.LICENSE.txt +2 -0
  566. package/umd/idx.js.map +1 -1
  567. package/umd/myaccount.js +1 -1
  568. package/umd/myaccount.js.LICENSE.txt +2 -0
  569. package/umd/myaccount.js.map +1 -1
package/cjs/oidc/exchangeCodeForTokens.js CHANGED
@@ -1,19 +1,12 @@
1
1
  "use strict";
2
2
 
3
3
  exports.exchangeCodeForTokens = exchangeCodeForTokens;
4
-
5
4
  var _util = require("./util");
6
-
7
5
  var _util2 = require("../util");
8
-
9
6
  var _token = require("./endpoints/token");
10
-
11
7
  var _handleOAuthResponse = require("./handleOAuthResponse");
12
-
13
8
  /* eslint-disable @typescript-eslint/no-non-null-assertion */
14
-
15
9
  /* eslint-disable max-len */
16
-
17
10
  /*!
18
11
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
19
12
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -26,10 +19,11 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
26
19
  * See the License for the specific language governing permissions and limitations under the License.
27
20
  *
28
21
  */
22
+
29
23
  // codeVerifier is required. May pass either an authorizationCode or interactionCode
30
24
  function exchangeCodeForTokens(sdk, tokenParams, urls) {
31
- urls = urls || (0, _util.getOAuthUrls)(sdk, tokenParams); // build params using defaults + options
32
-
25
+ urls = urls || (0, _util.getOAuthUrls)(sdk, tokenParams);
26
+ // build params using defaults + options
33
27
  tokenParams = Object.assign({}, (0, _util.getDefaultTokenParams)(sdk), (0, _util2.clone)(tokenParams));
34
28
  const {
35
29
  authorizationCode,
@@ -39,7 +33,8 @@ function exchangeCodeForTokens(sdk, tokenParams, urls) {
39
33
  redirectUri,
40
34
  scopes,
41
35
  ignoreSignature,
42
- state
36
+ state,
37
+ acrValues
43
38
  } = tokenParams;
44
39
  var getTokenOptions = {
45
40
  clientId,
@@ -53,7 +48,6 @@ function exchangeCodeForTokens(sdk, tokenParams, urls) {
53
48
  // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`
54
49
  // `responseType` is used to validate that the expected tokens were returned
55
50
  const responseType = ['token']; // an accessToken will always be returned
56
-
57
51
  if (scopes.indexOf('openid') !== -1) {
58
52
  responseType.push('id_token'); // an idToken will be returned if "openid" is in the scopes
59
53
  }
@@ -63,7 +57,8 @@ function exchangeCodeForTokens(sdk, tokenParams, urls) {
63
57
  redirectUri,
64
58
  scopes,
65
59
  responseType,
66
- ignoreSignature
60
+ ignoreSignature,
61
+ acrValues
67
62
  };
68
63
  return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, handleResponseOptions, response, urls).then(response => {
69
64
  // For compatibility, "code" is returned in the TokenResponse. OKTA-326091
package/cjs/oidc/exchangeCodeForTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"exchangeCodeForTokens.js","names":["exchangeCodeForTokens","sdk","tokenParams","urls","getOAuthUrls","Object","assign","getDefaultTokenParams","clone","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","postToTokenEndpoint","then","response","responseType","indexOf","push","handleResponseOptions","handleOAuthResponse","code","finally","transactionManager","clear"],"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state\n } = tokenParams;\n\n var getTokenOptions = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n };\n\n return postToTokenEndpoint(sdk, getTokenOptions, urls)\n .then((response: OAuthResponse) => {\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n };\n return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n .then((response: TokenResponse) => {\n // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n response.code = authorizationCode;\n response.state = state!;\n return response;\n });\n })\n .finally(() => {\n sdk.transactionManager.clear();\n });\n}"],"mappings":";;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA4DC,WAA5D,EAAsFC,IAAtF,EAAiI;EACtIA,IAAI,GAAGA,IAAI,IAAI,IAAAC,kBAAA,EAAaH,GAAb,EAAkBC,WAAlB,CAAf,CADsI,CAEtI;;EACAA,WAAW,GAAGG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,IAAAC,2BAAA,EAAsBN,GAAtB,CAAlB,EAA8C,IAAAO,YAAA,EAAMN,WAAN,CAA9C,CAAd;EAEA,MAAM;IACJO,iBADI;IAEJC,eAFI;IAGJC,YAHI;IAIJC,QAJI;IAKJC,WALI;IAMJC,MANI;IAOJC,eAPI;IAQJC;EARI,IASFd,WATJ;EAWA,IAAIe,eAAe,GAAG;IACpBL,QADoB;IAEpBC,WAFoB;IAGpBJ,iBAHoB;IAIpBC,eAJoB;IAKpBC;EALoB,CAAtB;EAQA,OAAO,IAAAO,0BAAA,EAAoBjB,GAApB,EAAyBgB,eAAzB,EAA0Cd,IAA1C,EACJgB,IADI,CACEC,QAAD,IAA6B;IAEjC;IACA;IACA;IACA,MAAMC,YAAiC,GAAG,CAAC,OAAD,CAA1C,CALiC,CAKoB;;IACrD,IAAIP,MAAM,CAAEQ,OAAR,CAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;MACpCD,YAAY,CAACE,IAAb,CAAkB,UAAlB,EADoC,CACL;IAChC;;IACD,MAAMC,qBAAkC,GAAG;MACzCZ,QADyC;MAEzCC,WAFyC;MAGzCC,MAHyC;MAIzCO,YAJyC;MAKzCN;IALyC,CAA3C;IAOA,OAAO,IAAAU,wCAAA,EAAoBxB,GAApB,EAAyBuB,qBAAzB,EAAgDJ,QAAhD,EAA0DjB,IAA1D,EACJgB,IADI,CACEC,QAAD,IAA6B;MACjC;MACAA,QAAQ,CAACM,IAAT,GAAgBjB,iBAAhB;MACAW,QAAQ,CAACJ,KAAT,GAAiBA,KAAjB;MACA,OAAOI,QAAP;IACD,CANI,CAAP;EAOD,CAxBI,EAyBJO,OAzBI,CAyBI,MAAM;IACb1B,GAAG,CAAC2B,kBAAJ,CAAuBC,KAAvB;EACD,CA3BI,CAAP;AA4BD"}
1
+ {"version":3,"file":"exchangeCodeForTokens.js","names":["exchangeCodeForTokens","sdk","tokenParams","urls","getOAuthUrls","Object","assign","getDefaultTokenParams","clone","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","acrValues","getTokenOptions","postToTokenEndpoint","then","response","responseType","indexOf","push","handleResponseOptions","handleOAuthResponse","code","finally","transactionManager","clear"],"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state,\n acrValues\n } = tokenParams;\n\n var getTokenOptions = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n };\n\n return postToTokenEndpoint(sdk, getTokenOptions, urls)\n .then((response: OAuthResponse) => {\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n acrValues\n };\n return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n .then((response: TokenResponse) => {\n // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n response.code = authorizationCode;\n response.state = state!;\n return response;\n });\n })\n .finally(() => {\n sdk.transactionManager.clear();\n });\n}"],"mappings":";;;AAeA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACO,SAASA,qBAAqB,CAACC,GAA2B,EAAEC,WAAwB,EAAEC,IAAiB,EAA0B;EACtIA,IAAI,GAAGA,IAAI,IAAI,IAAAC,kBAAY,EAACH,GAAG,EAAEC,WAAW,CAAC;EAC7C;EACAA,WAAW,GAAGG,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAAC,2BAAqB,EAACN,GAAG,CAAC,EAAE,IAAAO,YAAK,EAACN,WAAW,CAAC,CAAC;EAE/E,MAAM;IACJO,iBAAiB;IACjBC,eAAe;IACfC,YAAY;IACZC,QAAQ;IACRC,WAAW;IACXC,MAAM;IACNC,eAAe;IACfC,KAAK;IACLC;EACF,CAAC,GAAGf,WAAW;EAEf,IAAIgB,eAAe,GAAG;IACpBN,QAAQ;IACRC,WAAW;IACXJ,iBAAiB;IACjBC,eAAe;IACfC;EACF,CAAC;EAED,OAAO,IAAAQ,0BAAmB,EAAClB,GAAG,EAAEiB,eAAe,EAAEf,IAAI,CAAC,CACnDiB,IAAI,CAAEC,QAAuB,IAAK;IAEjC;IACA;IACA;IACA,MAAMC,YAAiC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,IAAIR,MAAM,CAAES,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE;MACpCD,YAAY,CAACE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACjC;;IACA,MAAMC,qBAAkC,GAAG;MACzCb,QAAQ;MACRC,WAAW;MACXC,MAAM;MACNQ,YAAY;MACZP,eAAe;MACfE;IACF,CAAC;IACD,OAAO,IAAAS,wCAAmB,EAACzB,GAAG,EAAEwB,qBAAqB,EAAEJ,QAAQ,EAAElB,IAAI,CAAE,CACpEiB,IAAI,CAAEC,QAAuB,IAAK;MACjC;MACAA,QAAQ,CAACM,IAAI,GAAGlB,iBAAiB;MACjCY,QAAQ,CAACL,KAAK,GAAGA,KAAM;MACvB,OAAOK,QAAQ;IACjB,CAAC,CAAC;EACN,CAAC,CAAC,CACDO,OAAO,CAAC,MAAM;IACb3B,GAAG,CAAC4B,kBAAkB,CAACC,KAAK,EAAE;EAChC,CAAC,CAAC;AACN"}
package/cjs/oidc/factory/OktaAuthOAuth.js CHANGED
@@ -1,17 +1,11 @@
1
1
  "use strict";
2
2
 
3
3
  exports.createOktaAuthOAuth = createOktaAuthOAuth;
4
-
5
4
  var _base = require("../../base");
6
-
7
5
  var _mixin = require("../../storage/mixin");
8
-
9
6
  var _mixin2 = require("../../session/mixin");
10
-
11
7
  var _mixin3 = require("../../http/mixin");
12
-
13
8
  var _mixin4 = require("../mixin");
14
-
15
9
  function createOktaAuthOAuth(StorageManagerConstructor, OptionsConstructor, TransactionManagerConstructor) {
16
10
  const Base = (0, _base.createOktaAuthBase)(OptionsConstructor);
17
11
  const WithStorage = (0, _mixin.mixinStorage)(Base, StorageManagerConstructor);
package/cjs/oidc/factory/OktaAuthOAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OktaAuthOAuth.js","names":["createOktaAuthOAuth","StorageManagerConstructor","OptionsConstructor","TransactionManagerConstructor","Base","createOktaAuthBase","WithStorage","mixinStorage","WithHttp","mixinHttp","WithSession","mixinSession","WithOAuth","mixinOAuth"],"sources":["../../../../lib/oidc/factory/OktaAuthOAuth.ts"],"sourcesContent":["import { StorageManagerConstructor } from '../../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../../base/types';\n\nimport { createOktaAuthBase } from '../../base';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinOAuth } from '../mixin';\nimport {\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../types';\n\nexport function createOktaAuthOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n return WithOAuth;\n}\n"],"mappings":";;;;AAGA;;AACA;;AACA;;AACA;;AACA;;AAWO,SAASA,mBAAT,CAQLC,yBARK,EASLC,kBATK,EAULC,6BAVK,EAYP;EACE,MAAMC,IAAI,GAAG,IAAAC,wBAAA,EAAmBH,kBAAnB,CAAb;EACA,MAAMI,WAAW,GAAG,IAAAC,mBAAA,EAAmBH,IAAnB,EAAyBH,yBAAzB,CAApB;EACA,MAAMO,QAAQ,GAAG,IAAAC,iBAAA,EAAgBH,WAAhB,CAAjB;EACA,MAAMI,WAAW,GAAG,IAAAC,oBAAA,EAAmBH,QAAnB,CAApB;EACA,MAAMI,SAAS,GAAG,IAAAC,kBAAA,EAAwBH,WAAxB,EAAqCP,6BAArC,CAAlB;EACA,OAAOS,SAAP;AACD"}
1
+ {"version":3,"file":"OktaAuthOAuth.js","names":["createOktaAuthOAuth","StorageManagerConstructor","OptionsConstructor","TransactionManagerConstructor","Base","createOktaAuthBase","WithStorage","mixinStorage","WithHttp","mixinHttp","WithSession","mixinSession","WithOAuth","mixinOAuth"],"sources":["../../../../lib/oidc/factory/OktaAuthOAuth.ts"],"sourcesContent":["import { StorageManagerConstructor } from '../../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../../base/types';\n\nimport { createOktaAuthBase } from '../../base';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinOAuth } from '../mixin';\nimport {\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../types';\n\nexport function createOktaAuthOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n return WithOAuth;\n}\n"],"mappings":";;;AAGA;AACA;AACA;AACA;AACA;AAWO,SAASA,mBAAmB,CAQjCC,yBAAuD,EACvDC,kBAAiD,EACjDC,6BAAgE,EAElE;EACE,MAAMC,IAAI,GAAG,IAAAC,wBAAkB,EAACH,kBAAkB,CAAC;EACnD,MAAMI,WAAW,GAAG,IAAAC,mBAAY,EAAOH,IAAI,EAAEH,yBAAyB,CAAC;EACvE,MAAMO,QAAQ,GAAG,IAAAC,iBAAS,EAAOH,WAAW,CAAC;EAC7C,MAAMI,WAAW,GAAG,IAAAC,oBAAY,EAAOH,QAAQ,CAAC;EAChD,MAAMI,SAAS,GAAG,IAAAC,kBAAU,EAAcH,WAAW,EAAEP,6BAA6B,CAAC;EACrF,OAAOS,SAAS;AAClB"}
package/cjs/oidc/factory/api.js CHANGED
@@ -1,35 +1,20 @@
1
1
  "use strict";
2
2
 
3
3
  exports.createTokenAPI = createTokenAPI;
4
-
5
4
  var _util = require("../../util");
6
-
7
5
  var _decodeToken = require("../decodeToken");
8
-
9
6
  var _exchangeCodeForTokens = require("../exchangeCodeForTokens");
10
-
11
7
  var _getUserInfo = require("../getUserInfo");
12
-
13
8
  var _getWithoutPrompt = require("../getWithoutPrompt");
14
-
15
9
  var _getWithPopup = require("../getWithPopup");
16
-
17
10
  var _getWithRedirect = require("../getWithRedirect");
18
-
19
11
  var _parseFromUrl = require("../parseFromUrl");
20
-
21
12
  var _renewToken = require("../renewToken");
22
-
23
13
  var _renewTokens = require("../renewTokens");
24
-
25
14
  var _renewTokensWithRefresh = require("../renewTokensWithRefresh");
26
-
27
15
  var _revokeToken = require("../revokeToken");
28
-
29
16
  var _util2 = require("../util");
30
-
31
17
  var _verifyToken = require("../verifyToken");
32
-
33
18
  /*!
34
19
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
35
20
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -42,12 +27,12 @@ var _verifyToken = require("../verifyToken");
42
27
  * See the License for the specific language governing permissions and limitations under the License.
43
28
  *
44
29
  */
30
+
45
31
  // Factory
46
32
  function createTokenAPI(sdk, queue) {
47
33
  const useQueue = method => {
48
34
  return _util.PromiseQueue.prototype.push.bind(queue, method, null);
49
35
  };
50
-
51
36
  const getWithRedirectFn = useQueue(_getWithRedirect.getWithRedirect.bind(null, sdk));
52
37
  const getWithRedirectApi = Object.assign(getWithRedirectFn, {
53
38
  // This is exposed so we can set window.location in our tests
@@ -58,8 +43,8 @@ function createTokenAPI(sdk, queue) {
58
43
  window.location = url;
59
44
  }
60
45
  }
61
- }); // eslint-disable-next-line max-len
62
-
46
+ });
47
+ // eslint-disable-next-line max-len
63
48
  const parseFromUrlFn = useQueue(_parseFromUrl.parseFromUrl.bind(null, sdk));
64
49
  const parseFromUrlApi = Object.assign(parseFromUrlFn, {
65
50
  // This is exposed so we can mock getting window.history in our tests
@@ -92,9 +77,10 @@ function createTokenAPI(sdk, queue) {
92
77
  },
93
78
  verify: _verifyToken.verifyToken.bind(null, sdk),
94
79
  isLoginRedirect: _util2.isLoginRedirect.bind(null, sdk)
95
- }; // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency
96
- // 'getWithRedirect' and 'parseFromUrl' are already wrapped
80
+ };
97
81
 
82
+ // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency
83
+ // 'getWithRedirect' and 'parseFromUrl' are already wrapped
98
84
  const toWrap = ['getWithoutPrompt', 'getWithPopup', 'revoke', 'renew', 'renewTokensWithRefresh', 'renewTokens'];
99
85
  toWrap.forEach(key => {
100
86
  token[key] = useQueue(token[key]);
package/cjs/oidc/factory/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","getWithRedirectApi","Object","assign","_setLocation","url","options","setLocation","window","location","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","toWrap","forEach","key"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectAPI,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: (url) => {\n if (sdk.options.setLocation) {\n sdk.options.setLocation(url);\n } else {\n window.location = url;\n }\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk)\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n"],"mappings":";;;;AAaA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAYA;;AACA;;AArCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA4BA;AACO,SAASA,cAAT,CAAwBC,GAAxB,EAAqDC,KAArD,EAAoF;EACzF,MAAMC,QAAQ,GAAIC,MAAD,IAAY;IAC3B,OAAOC,kBAAA,CAAaC,SAAb,CAAuBC,IAAvB,CAA4BC,IAA5B,CAAiCN,KAAjC,EAAwCE,MAAxC,EAAgD,IAAhD,CAAP;EACD,CAFD;;EAIA,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAA,CAAgBF,IAAhB,CAAqB,IAArB,EAA2BP,GAA3B,CAAD,CAAlC;EACA,MAAMU,kBAAsC,GAAGC,MAAM,CAACC,MAAP,CAAcJ,iBAAd,EAAiC;IAC9E;IACAK,YAAY,EAAGC,GAAD,IAAS;MACrB,IAAId,GAAG,CAACe,OAAJ,CAAYC,WAAhB,EAA6B;QAC3BhB,GAAG,CAACe,OAAJ,CAAYC,WAAZ,CAAwBF,GAAxB;MACD,CAFD,MAEO;QACLG,MAAM,CAACC,QAAP,GAAkBJ,GAAlB;MACD;IACF;EAR6E,CAAjC,CAA/C,CANyF,CAgBzF;;EACA,MAAMK,cAAc,GAAGjB,QAAQ,CAACkB,0BAAA,CAAab,IAAb,CAAkB,IAAlB,EAAwBP,GAAxB,CAAD,CAA/B;EACA,MAAMqB,eAAsC,GAAGV,MAAM,CAACC,MAAP,CAAcO,cAAd,EAA8B;IAC3E;IACAG,WAAW,EAAE,YAAW;MACtB,OAAOL,MAAM,CAACM,OAAd;IACD,CAJ0E;IAM3E;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOP,MAAM,CAACC,QAAd;IACD,CAT0E;IAW3E;IACAO,YAAY,EAAE,YAAW;MACvB,OAAOR,MAAM,CAACS,QAAd;IACD;EAd0E,CAA9B,CAA/C;EAiBA,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAA,CAAmBrB,IAAnB,CAAwB,IAAxB,EAA8BP,GAA9B,CADC;IAErB6B,qBAAqB,EAAEA,4CAAA,CAAsBtB,IAAtB,CAA2B,IAA3B,EAAiCP,GAAjC,CAFF;IAGrB8B,gBAAgB,EAAEA,kCAAA,CAAiBvB,IAAjB,CAAsB,IAAtB,EAA4BP,GAA5B,CAHG;IAIrB+B,YAAY,EAAEA,0BAAA,CAAaxB,IAAb,CAAkB,IAAlB,EAAwBP,GAAxB,CAJO;IAKrBS,eAAe,EAAEC,kBALI;IAMrBU,YAAY,EAAEC,eANO;IAOrBW,MAAM,EAAEC,wBAPa;IAQrBC,MAAM,EAAEC,wBAAA,CAAY5B,IAAZ,CAAiB,IAAjB,EAAuBP,GAAvB,CARa;IASrBoC,KAAK,EAAEC,sBAAA,CAAW9B,IAAX,CAAgB,IAAhB,EAAsBP,GAAtB,CATc;IAUrBsC,sBAAsB,EAAEA,8CAAA,CAAuB/B,IAAvB,CAA4B,IAA5B,EAAkCP,GAAlC,CAVH;IAWrBuC,WAAW,EAAEA,wBAAA,CAAYhC,IAAZ,CAAiB,IAAjB,EAAuBP,GAAvB,CAXQ;IAYrBwC,WAAW,EAAE,CACXC,iBADW,EAEXC,aAFW,KAGgB;MAC3B,OAAO,IAAAF,wBAAA,EAAYxC,GAAZ,EAAiByC,iBAAjB,EAAoCC,aAApC,CAAP;IACD,CAjBoB;IAkBrBC,MAAM,EAAEC,wBAAA,CAAYrC,IAAZ,CAAiB,IAAjB,EAAuBP,GAAvB,CAlBa;IAmBrB6C,eAAe,EAAEA,sBAAA,CAAgBtC,IAAhB,CAAqB,IAArB,EAA2BP,GAA3B;EAnBI,CAAvB,CAnCyF,CAyDzF;EACA;;EACA,MAAM8C,MAAM,GAAG,CACb,kBADa,EAEb,cAFa,EAGb,QAHa,EAIb,OAJa,EAKb,wBALa,EAMb,aANa,CAAf;EAQAA,MAAM,CAACC,OAAP,CAAeC,GAAG,IAAI;IACpBrB,KAAK,CAACqB,GAAD,CAAL,GAAa9C,QAAQ,CAACyB,KAAK,CAACqB,GAAD,CAAN,CAArB;EACD,CAFD;EAIA,OAAOrB,KAAP;AACD"}
1
+ {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","getWithRedirectApi","Object","assign","_setLocation","url","options","setLocation","window","location","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","toWrap","forEach","key"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectAPI,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: (url) => {\n if (sdk.options.setLocation) {\n sdk.options.setLocation(url);\n } else {\n window.location = url;\n }\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk)\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AArCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA4BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;EAC9F,MAAMU,kBAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,iBAAiB,EAAE;IAC9E;IACAK,YAAY,EAAGC,GAAG,IAAK;MACrB,IAAId,GAAG,CAACe,OAAO,CAACC,WAAW,EAAE;QAC3BhB,GAAG,CAACe,OAAO,CAACC,WAAW,CAACF,GAAG,CAAC;MAC9B,CAAC,MAAM;QACLG,MAAM,CAACC,QAAQ,GAAGJ,GAAG;MACvB;IACF;EACF,CAAC,CAAC;EACF;EACA,MAAMK,cAAc,GAAGjB,QAAQ,CAACkB,0BAAY,CAACb,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMqB,eAAsC,GAAGV,MAAM,CAACC,MAAM,CAACO,cAAc,EAAE;IAC3E;IACAG,WAAW,EAAE,YAAW;MACtB,OAAOL,MAAM,CAACM,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOP,MAAM,CAACC,QAAQ;IACxB,CAAC;IAED;IACAO,YAAY,EAAE,YAAW;MACvB,OAAOR,MAAM,CAACS,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAACrB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtD6B,qBAAqB,EAAEA,4CAAqB,CAACtB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5D8B,gBAAgB,EAAEA,kCAAgB,CAACvB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD+B,YAAY,EAAEA,0BAAY,CAACxB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC1CS,eAAe,EAAEC,kBAAkB;IACnCU,YAAY,EAAEC,eAAe;IAC7BW,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,CAAC5B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCoC,KAAK,EAAEC,sBAAU,CAAC9B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACjCsC,sBAAsB,EAAEA,8CAAsB,CAAC/B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC9DuC,WAAW,EAAEA,wBAAW,CAAChC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACxCwC,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,EAACxC,GAAG,EAAEyC,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,CAACrC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnC6C,eAAe,EAAEA,sBAAe,CAACtC,IAAI,CAAC,IAAI,EAAEP,GAAG;EACjD,CAAC;;EAED;EACA;EACA,MAAM8C,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;IACpBrB,KAAK,CAACqB,GAAG,CAAC,GAAG9C,QAAQ,CAACyB,KAAK,CAACqB,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,OAAOrB,KAAK;AACd"}
package/cjs/oidc/factory/index.js CHANGED
@@ -1,7 +1,6 @@
1
1
  "use strict";
2
2
 
3
3
  var _api = require("./api");
4
-
5
4
  Object.keys(_api).forEach(function (key) {
6
5
  if (key === "default" || key === "__esModule") return;
7
6
  if (key in exports && exports[key] === _api[key]) return;
@@ -12,9 +11,7 @@ Object.keys(_api).forEach(function (key) {
12
11
  }
13
12
  });
14
13
  });
15
-
16
14
  var _OktaAuthOAuth = require("./OktaAuthOAuth");
17
-
18
15
  Object.keys(_OktaAuthOAuth).forEach(function (key) {
19
16
  if (key === "default" || key === "__esModule") return;
20
17
  if (key in exports && exports[key] === _OktaAuthOAuth[key]) return;
package/cjs/oidc/factory/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/factory/index.ts"],"sourcesContent":["export * from './api';\nexport * from './OktaAuthOAuth';\n"],"mappings":";;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/factory/index.ts"],"sourcesContent":["export * from './api';\nexport * from './OktaAuthOAuth';\n"],"mappings":";;AAAA;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
package/cjs/oidc/getToken.js CHANGED
@@ -1,23 +1,14 @@
1
1
  "use strict";
2
2
 
3
3
  var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
4
-
5
4
  exports.getToken = getToken;
6
-
7
5
  var _util = require("./util");
8
-
9
6
  var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
10
-
11
7
  var _prepareTokenParams = require("./util/prepareTokenParams");
12
-
13
8
  var _authorize = require("./endpoints/authorize");
14
-
15
9
  var _handleOAuthResponse = require("./handleOAuthResponse");
16
-
17
10
  /* global document */
18
-
19
11
  /* eslint-disable complexity, max-statements */
20
-
21
12
  /*!
22
13
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
23
14
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -85,10 +76,10 @@ function getToken(sdk, options) {
85
76
  if (arguments.length > 2) {
86
77
  return Promise.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
87
78
  }
79
+ options = options || {};
88
80
 
89
- options = options || {}; // window object cannot be serialized, save for later use
81
+ // window object cannot be serialized, save for later use
90
82
  // TODO: move popup related params into a separate options object
91
-
92
83
  const popupWindow = options.popupWindow;
93
84
  options.popupWindow = undefined;
94
85
  return (0, _prepareTokenParams.prepareTokenParams)(sdk, options).then(function (tokenParams) {
@@ -101,31 +92,31 @@ function getToken(sdk, options) {
101
92
  var idpOverrides = {
102
93
  display: 'popup'
103
94
  };
104
-
105
95
  if (options.sessionToken) {
106
96
  Object.assign(tokenParams, sessionTokenOverrides);
107
97
  } else if (options.idp) {
108
98
  Object.assign(tokenParams, idpOverrides);
109
- } // Use the query params to build the authorize url
110
-
99
+ }
111
100
 
112
- var requestUrl, endpoint, urls; // Get authorizeUrl and issuer
101
+ // Use the query params to build the authorize url
102
+ var requestUrl, endpoint, urls;
113
103
 
104
+ // Get authorizeUrl and issuer
114
105
  urls = (0, _util.getOAuthUrls)(sdk, tokenParams);
115
106
  endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;
116
- requestUrl = endpoint + (0, _authorize.buildAuthorizeParams)(tokenParams); // Determine the flow type
107
+ requestUrl = endpoint + (0, _authorize.buildAuthorizeParams)(tokenParams);
117
108
 
109
+ // Determine the flow type
118
110
  var flowType;
119
-
120
111
  if (tokenParams.sessionToken || tokenParams.display === null) {
121
112
  flowType = 'IFRAME';
122
113
  } else if (tokenParams.display === 'popup') {
123
114
  flowType = 'POPUP';
124
115
  } else {
125
116
  flowType = 'IMPLICIT';
126
- } // Execute the flow type
127
-
117
+ }
128
118
 
119
+ // Execute the flow type
129
120
  switch (flowType) {
130
121
  case 'IFRAME':
131
122
  var iframePromise = (0, _util.addPostMessageListener)(sdk, options.timeout, tokenParams.state);
@@ -135,39 +126,37 @@ function getToken(sdk, options) {
135
126
  }).finally(function () {
136
127
  if (document.body.contains(iframeEl)) {
137
128
  var _iframeEl$parentEleme;
138
-
139
129
  (_iframeEl$parentEleme = iframeEl.parentElement) === null || _iframeEl$parentEleme === void 0 ? void 0 : _iframeEl$parentEleme.removeChild(iframeEl);
140
130
  }
141
131
  });
142
-
143
132
  case 'POPUP':
144
133
  var oauthPromise; // resolves with OAuth response
134
+
145
135
  // Add listener on postMessage before window creation, so
146
136
  // postMessage isn't triggered before we're listening
147
-
148
137
  if (tokenParams.responseMode === 'okta_post_message') {
149
138
  if (!sdk.features.isPopupPostMessageSupported()) {
150
139
  throw new _AuthSdkError.default('This browser doesn\'t have full postMessage support');
151
140
  }
152
-
153
141
  oauthPromise = (0, _util.addPostMessageListener)(sdk, options.timeout, tokenParams.state);
154
- } // Redirect for authorization
155
- // popupWindown can be null when popup is blocked
156
-
142
+ }
157
143
 
144
+ // Redirect for authorization
145
+ // popupWindown can be null when popup is blocked
158
146
  if (popupWindow) {
159
147
  popupWindow.location.assign(requestUrl);
160
- } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
161
-
148
+ }
162
149
 
150
+ // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
163
151
  var popupPromise = new Promise(function (resolve, reject) {
164
152
  var closePoller = setInterval(function () {
165
153
  if (!popupWindow || popupWindow.closed) {
166
154
  clearInterval(closePoller);
167
155
  reject(new _AuthSdkError.default('Unable to parse OAuth flow response'));
168
156
  }
169
- }, 100); // Proxy the OAuth promise results
157
+ }, 100);
170
158
 
159
+ // Proxy the OAuth promise results
171
160
  oauthPromise.then(function (res) {
172
161
  clearInterval(closePoller);
173
162
  resolve(res);
@@ -183,7 +172,6 @@ function getToken(sdk, options) {
183
172
  popupWindow.close();
184
173
  }
185
174
  });
186
-
187
175
  default:
188
176
  throw new _AuthSdkError.default('The full page redirect flow is not supported');
189
177
  }
package/cjs/oidc/getToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"mappings":";;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA+CC,OAA/C,EAAmF;EACxF,IAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,OAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;EACD;;EAEDL,OAAO,GAAGA,OAAO,IAAI,EAArB,CALwF,CAOxF;EACA;;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;EACAN,OAAO,CAACM,WAAR,GAAsBC,SAAtB;EAEA,OAAO,IAAAC,sCAAA,EAAmBT,GAAnB,EAAwBC,OAAxB,EACJS,IADI,CACC,UAAUC,WAAV,EAAoC;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MADkB;MAE1BC,YAAY,EAAE,mBAFY;MAG1BC,OAAO,EAAE;IAHiB,CAA5B;IAMA,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IADQ,CAAnB;;IAIA,IAAId,OAAO,CAACgB,YAAZ,EAA0B;MACxBC,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;IACD,CAFD,MAEO,IAAIX,OAAO,CAACmB,GAAZ,EAAiB;MACtBF,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;IACD,CAjBuC,CAmBxC;;;IACA,IAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;IACAA,IAAI,GAAG,IAAAC,kBAAA,EAAaxB,GAAb,EAAkBW,WAAlB,CAAP;IACAW,QAAQ,GAAGrB,OAAO,CAACwB,YAAR,GAAuBF,IAAI,CAACG,QAA5B,GAAuCH,IAAI,CAACI,YAAvD;IACAN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAA,EAAqBjB,WAArB,CAAxB,CA3BwC,CA6BxC;;IACA,IAAIkB,QAAJ;;IACA,IAAIlB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;MAC5Dc,QAAQ,GAAG,QAAX;IACD,CAFD,MAEO,IAAIlB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;MAC1Cc,QAAQ,GAAG,OAAX;IACD,CAFM,MAEA;MACLA,QAAQ,GAAG,UAAX;IACD,CArCuC,CAuCxC;;;IACA,QAAQA,QAAR;MACE,KAAK,QAAL;QACE,IAAIC,aAAa,GAAG,IAAAC,4BAAA,EAAuB/B,GAAvB,EAA4BC,OAAO,CAAC+B,OAApC,EAA6CrB,WAAW,CAACsB,KAAzD,CAApB;QACA,IAAIC,QAAQ,GAAG,IAAAC,eAAA,EAAUd,UAAV,CAAf;QACA,OAAOS,aAAa,CACjBpB,IADI,CACC,UAAU0B,GAAV,EAAe;UACnB,OAAO,IAAAC,wCAAA,EAAoBrC,GAApB,EAAyBW,WAAzB,EAAsCyB,GAAtC,EAA4Db,IAA5D,CAAP;QACD,CAHI,EAIJe,OAJI,CAII,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBP,QAAvB,CAAJ,EAAsC;YAAA;;YACpC,yBAAAA,QAAQ,CAACQ,aAAT,gFAAwBC,WAAxB,CAAoCT,QAApC;UACD;QACF,CARI,CAAP;;MAUF,KAAK,OAAL;QACE,IAAIU,YAAJ,CADF,CACoB;QAElB;QACA;;QACA,IAAIjC,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;YAC/C,MAAM,IAAIxC,qBAAJ,CAAiB,qDAAjB,CAAN;UACD;;UACDsC,YAAY,GAAG,IAAAb,4BAAA,EAAuB/B,GAAvB,EAA4BC,OAAO,CAAC+B,OAApC,EAA6CrB,WAAW,CAACsB,KAAzD,CAAf;QACD,CAVH,CAYE;QACA;;;QACA,IAAI1B,WAAJ,EAAiB;UACfA,WAAW,CAACwC,QAAZ,CAAqB5B,MAArB,CAA4BE,UAA5B;QACD,CAhBH,CAkBE;;;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAJ,CAAY,UAAU6C,OAAV,EAAmB5C,MAAnB,EAA2B;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAD,IAAgBA,WAAW,CAAC6C,MAAhC,EAAwC;cACtCC,aAAa,CAACH,WAAD,CAAb;cACA7C,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;YACD;UACF,CAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;UACAsC,YAAY,CACTlC,IADH,CACQ,UAAU0B,GAAV,EAAe;YACnBiB,aAAa,CAACH,WAAD,CAAb;YACAD,OAAO,CAACb,GAAD,CAAP;UACD,CAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;YACpBF,aAAa,CAACH,WAAD,CAAb;YACA7C,MAAM,CAACkD,GAAD,CAAN;UACD,CARH;QASD,CAlBkB,CAAnB;QAoBA,OAAOP,YAAY,CAChBtC,IADI,CACC,UAAU0B,GAAV,EAAe;UACnB,OAAO,IAAAC,wCAAA,EAAoBrC,GAApB,EAAyBW,WAAzB,EAAsCyB,GAAtC,EAA4Db,IAA5D,CAAP;QACD,CAHI,EAIJe,OAJI,CAII,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAhC,EAAwC;YACtC7C,WAAW,CAACiD,KAAZ;UACD;QACF,CARI,CAAP;;MAUF;QACE,MAAM,IAAIlD,qBAAJ,CAAiB,8CAAjB,CAAN;IAhEJ;EAkED,CA3GI,CAAP;AA4GD"}
1
+ {"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"mappings":";;;;AAeA;AAMA;AASA;AACA;AACA;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAQ;IACZ,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MAAM,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MAC1Cc,QAAQ,GAAG,OAAO;IACpB,CAAC,MAAM;MACLA,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIC,aAAa,GAAG,IAAAC,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACd,UAAU,CAAC;QACpC,OAAOS,aAAa,CACjBpB,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YAAA;YACpC,yBAAAA,QAAQ,CAACQ,aAAa,0DAAtB,sBAAwBC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIjC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIxC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAsC,YAAY,GAAG,IAAAb,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI1B,WAAW,EAAE;UACfA,WAAW,CAACwC,QAAQ,CAAC5B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAO,CAAC,UAAU6C,OAAO,EAAE5C,MAAM,EAAE;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAW,IAAIA,WAAW,CAAC6C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B7C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAsC,YAAY,CACTlC,IAAI,CAAC,UAAU0B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B7C,MAAM,CAACkD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBtC,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAM,EAAE;YACtC7C,WAAW,CAACiD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN;QACE,MAAM,IAAIlD,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}
package/cjs/oidc/getUserInfo.js CHANGED
@@ -1,17 +1,11 @@
1
1
  "use strict";
2
2
 
3
3
  exports.getUserInfo = getUserInfo;
4
-
5
4
  var _util = require("../util");
6
-
7
5
  var _errors = require("../errors");
8
-
9
6
  var _http = require("../http");
10
-
11
7
  var _types = require("./types");
12
-
13
8
  /* eslint-disable complexity */
14
-
15
9
  /*!
16
10
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
17
11
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -24,24 +18,21 @@ var _types = require("./types");
24
18
  * See the License for the specific language governing permissions and limitations under the License.
25
19
  *
26
20
  */
21
+
27
22
  async function getUserInfo(sdk, accessTokenObject, idTokenObject) {
28
23
  // If token objects were not passed, attempt to read from the TokenManager
29
24
  if (!accessTokenObject) {
30
25
  accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken;
31
26
  }
32
-
33
27
  if (!idTokenObject) {
34
28
  idTokenObject = (await sdk.tokenManager.getTokens()).idToken;
35
29
  }
36
-
37
30
  if (!accessTokenObject || !(0, _types.isAccessToken)(accessTokenObject)) {
38
31
  return Promise.reject(new _errors.AuthSdkError('getUserInfo requires an access token object'));
39
32
  }
40
-
41
33
  if (!idTokenObject || !(0, _types.isIDToken)(idTokenObject)) {
42
34
  return Promise.reject(new _errors.AuthSdkError('getUserInfo requires an ID token object'));
43
35
  }
44
-
45
36
  return (0, _http.httpRequest)(sdk, {
46
37
  url: accessTokenObject.userinfoUrl,
47
38
  method: 'GET',
@@ -51,30 +42,25 @@ async function getUserInfo(sdk, accessTokenObject, idTokenObject) {
51
42
  if (userInfo.sub === idTokenObject.claims.sub) {
52
43
  return userInfo;
53
44
  }
54
-
55
45
  return Promise.reject(new _errors.AuthSdkError('getUserInfo request was rejected due to token mismatch'));
56
46
  }).catch(function (err) {
57
47
  if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {
58
48
  var authenticateHeader;
59
-
60
49
  if (err.xhr.headers && (0, _util.isFunction)(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {
61
50
  authenticateHeader = err.xhr.headers.get('WWW-Authenticate');
62
51
  } else if ((0, _util.isFunction)(err.xhr.getResponseHeader)) {
63
52
  authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');
64
53
  }
65
-
66
54
  if (authenticateHeader) {
67
55
  var errorMatches = authenticateHeader.match(/error="(.*?)"/) || [];
68
56
  var errorDescriptionMatches = authenticateHeader.match(/error_description="(.*?)"/) || [];
69
57
  var error = errorMatches[1];
70
58
  var errorDescription = errorDescriptionMatches[1];
71
-
72
59
  if (error && errorDescription) {
73
60
  err = new _errors.OAuthError(error, errorDescription);
74
61
  }
75
62
  }
76
63
  }
77
-
78
64
  throw err;
79
65
  });
80
66
  }
package/cjs/oidc/getUserInfo.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getUserInfo.js","names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","isAccessToken","Promise","reject","AuthSdkError","isIDToken","httpRequest","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","isFunction","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"sources":["../../../lib/oidc/getUserInfo.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from './types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n sdk, accessTokenObject: AccessToken,\n idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n return httpRequest(sdk, {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n })\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n var authenticateHeader;\n if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n } else if (isFunction(err.xhr.getResponseHeader)) {\n authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n }\n if (authenticateHeader) {\n var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n var error = errorMatches[1];\n var errorDescription = errorDescriptionMatches[1];\n if (error && errorDescription) {\n err = new OAuthError(error, errorDescription);\n }\n }\n }\n throw err;\n });\n}\n"],"mappings":";;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CACLC,GADK,EACAC,iBADA,EAELC,aAFK,EAGmB;EACxB;EACA,IAAI,CAACD,iBAAL,EAAwB;IACtBA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;EACD;;EACD,IAAI,CAACH,aAAL,EAAoB;IAClBA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;EACD;;EAED,IAAI,CAACL,iBAAD,IAAsB,CAAC,IAAAM,oBAAA,EAAcN,iBAAd,CAA3B,EAA6D;IAC3D,OAAOO,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;EACD;;EAED,IAAI,CAACR,aAAD,IAAkB,CAAC,IAAAS,gBAAA,EAAUT,aAAV,CAAvB,EAAiD;IAC/C,OAAOM,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;EACD;;EAED,OAAO,IAAAE,iBAAA,EAAYZ,GAAZ,EAAiB;IACtBa,GAAG,EAAEZ,iBAAiB,CAACa,WADD;IAEtBC,MAAM,EAAE,KAFc;IAGtBV,WAAW,EAAEJ,iBAAiB,CAACI;EAHT,CAAjB,EAKJW,IALI,CAKCC,QAAQ,IAAI;IAChB;IACA,IAAIA,QAAQ,CAACC,GAAT,KAAiBhB,aAAa,CAACiB,MAAd,CAAqBD,GAA1C,EAA+C;MAC7C,OAAOD,QAAP;IACD;;IACD,OAAOT,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;EACD,CAXI,EAYJU,KAZI,CAYE,UAAUC,GAAV,EAAe;IACpB,IAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;MACjE,IAAIC,kBAAJ;;MACA,IAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,IAAAC,gBAAA,EAAWL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAA3B,CAAnB,IAAsDN,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;QACjGH,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBE,GAAhB,CAAoB,kBAApB,CAArB;MACD,CAFD,MAEO,IAAI,IAAAD,gBAAA,EAAWL,GAAG,CAACC,GAAJ,CAAQM,iBAAnB,CAAJ,EAA2C;QAChDJ,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQM,iBAAR,CAA0B,kBAA1B,CAArB;MACD;;MACD,IAAIJ,kBAAJ,EAAwB;QACtB,IAAIK,YAAY,GAAGL,kBAAkB,CAACM,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;QACA,IAAIC,uBAAuB,GAAGP,kBAAkB,CAACM,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;QACA,IAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;QACA,IAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;QACA,IAAIC,KAAK,IAAIC,gBAAb,EAA+B;UAC7BZ,GAAG,GAAG,IAAIa,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;QACD;MACF;IACF;;IACD,MAAMZ,GAAN;EACD,CA/BI,CAAP;AAgCD"}
1
+ {"version":3,"file":"getUserInfo.js","names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","isAccessToken","Promise","reject","AuthSdkError","isIDToken","httpRequest","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","isFunction","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"sources":["../../../lib/oidc/getUserInfo.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from './types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n sdk, accessTokenObject: AccessToken,\n idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n return httpRequest(sdk, {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n })\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n var authenticateHeader;\n if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n } else if (isFunction(err.xhr.getResponseHeader)) {\n authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n }\n if (authenticateHeader) {\n var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n var error = errorMatches[1];\n var errorDescription = errorDescriptionMatches[1];\n if (error && errorDescription) {\n err = new OAuthError(error, errorDescription);\n }\n }\n }\n throw err;\n });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,eAAeA,WAAW,CAC/BC,GAAG,EAAEC,iBAA8B,EACnCC,aAAsB,EACE;EACxB;EACA,IAAI,CAACD,iBAAiB,EAAE;IACtBA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAY,CAACC,SAAS,EAAE,EAAEC,WAA0B;EACrF;EACA,IAAI,CAACH,aAAa,EAAE;IAClBA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAY,CAACC,SAAS,EAAE,EAAEE,OAAkB;EACzE;EAEA,IAAI,CAACL,iBAAiB,IAAI,CAAC,IAAAM,oBAAa,EAACN,iBAAiB,CAAC,EAAE;IAC3D,OAAOO,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,6CAA6C,CAAC,CAAC;EACxF;EAEA,IAAI,CAACR,aAAa,IAAI,CAAC,IAAAS,gBAAS,EAACT,aAAa,CAAC,EAAE;IAC/C,OAAOM,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,yCAAyC,CAAC,CAAC;EACpF;EAEA,OAAO,IAAAE,iBAAW,EAACZ,GAAG,EAAE;IACtBa,GAAG,EAAEZ,iBAAiB,CAACa,WAAW;IAClCC,MAAM,EAAE,KAAK;IACbV,WAAW,EAAEJ,iBAAiB,CAACI;EACjC,CAAC,CAAC,CACCW,IAAI,CAACC,QAAQ,IAAI;IAChB;IACA,IAAIA,QAAQ,CAACC,GAAG,KAAKhB,aAAa,CAACiB,MAAM,CAACD,GAAG,EAAE;MAC7C,OAAOD,QAAQ;IACjB;IACA,OAAOT,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,wDAAwD,CAAC,CAAC;EACnG,CAAC,CAAC,CACDU,KAAK,CAAC,UAAUC,GAAG,EAAE;IACpB,IAAIA,GAAG,CAACC,GAAG,KAAKD,GAAG,CAACC,GAAG,CAACC,MAAM,KAAK,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,MAAM,KAAK,GAAG,CAAC,EAAE;MACjE,IAAIC,kBAAkB;MACtB,IAAIH,GAAG,CAACC,GAAG,CAACG,OAAO,IAAI,IAAAC,gBAAU,EAACL,GAAG,CAACC,GAAG,CAACG,OAAO,CAACE,GAAG,CAAC,IAAIN,GAAG,CAACC,GAAG,CAACG,OAAO,CAACE,GAAG,CAAC,kBAAkB,CAAC,EAAE;QACjGH,kBAAkB,GAAGH,GAAG,CAACC,GAAG,CAACG,OAAO,CAACE,GAAG,CAAC,kBAAkB,CAAC;MAC9D,CAAC,MAAM,IAAI,IAAAD,gBAAU,EAACL,GAAG,CAACC,GAAG,CAACM,iBAAiB,CAAC,EAAE;QAChDJ,kBAAkB,GAAGH,GAAG,CAACC,GAAG,CAACM,iBAAiB,CAAC,kBAAkB,CAAC;MACpE;MACA,IAAIJ,kBAAkB,EAAE;QACtB,IAAIK,YAAY,GAAGL,kBAAkB,CAACM,KAAK,CAAC,eAAe,CAAC,IAAI,EAAE;QAClE,IAAIC,uBAAuB,GAAGP,kBAAkB,CAACM,KAAK,CAAC,2BAA2B,CAAC,IAAI,EAAE;QACzF,IAAIE,KAAK,GAAGH,YAAY,CAAC,CAAC,CAAC;QAC3B,IAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAC,CAAC;QACjD,IAAIC,KAAK,IAAIC,gBAAgB,EAAE;UAC7BZ,GAAG,GAAG,IAAIa,kBAAU,CAACF,KAAK,EAAEC,gBAAgB,CAAC;QAC/C;MACF;IACF;IACA,MAAMZ,GAAG;EACX,CAAC,CAAC;AACN"}
package/cjs/oidc/getWithPopup.js CHANGED
@@ -1,15 +1,10 @@
1
1
  "use strict";
2
2
 
3
3
  exports.getWithPopup = getWithPopup;
4
-
5
4
  var _errors = require("../errors");
6
-
7
5
  var _util = require("../util");
8
-
9
6
  var _getToken = require("./getToken");
10
-
11
7
  var _util2 = require("./util");
12
-
13
8
  /*!
14
9
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
15
10
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -22,14 +17,15 @@ var _util2 = require("./util");
22
17
  * See the License for the specific language governing permissions and limitations under the License.
23
18
  *
24
19
  */
20
+
25
21
  function getWithPopup(sdk, options) {
26
22
  if (arguments.length > 2) {
27
23
  return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
28
- } // some browsers (safari, firefox) block popup if it's initialed from an async process
24
+ }
25
+
26
+ // some browsers (safari, firefox) block popup if it's initialed from an async process
29
27
  // here we create the popup window immediately after user interaction
30
28
  // then redirect to the /authorize endpoint when the requestUrl is available
31
-
32
-
33
29
  const popupWindow = (0, _util2.loadPopup)('/', options);
34
30
  options = (0, _util.clone)(options) || {};
35
31
  Object.assign(options, {