@okta/okta-auth-js 7.0.0 → 7.1.0

package/cjs/oidc/options/OAuthOptionsConstructor.js.map

@@ -1 +1 @@
-{"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n  OAuthResponseMode,\n  OAuthResponseType,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  SetLocationFunction,\n  TokenManagerOptions,\n  TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n  args = args || {};\n\n  var scopes = args.scopes;\n  if (scopes && !Array.isArray(scopes)) {\n    throw new AuthSdkError('scopes must be a array of strings. ' +\n      'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var issuer = args.issuer!;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n}\n\nexport function createOAuthOptionsConstructor() {\n  const HttpOptionsConstructor = createHttpOptionsConstructor();\n  return class OAuthOptionsConstructor\n    extends HttpOptionsConstructor\n    implements Required<OktaAuthOAuthOptions>\n  {\n    // CustomUrls\n    issuer: string;\n    authorizeUrl: string;\n    userinfoUrl: string;\n    tokenUrl: string;\n    revokeUrl: string;\n    logoutUrl: string;\n    \n    // TokenParams\n    pkce: boolean;\n    clientId: string;\n    redirectUri: string;\n    responseType: OAuthResponseType | OAuthResponseType[];\n    responseMode: OAuthResponseMode;\n    state: string;\n    scopes: string[];\n    ignoreSignature: boolean;\n    codeChallenge: string;\n    codeChallengeMethod: string;\n\n    // Additional options\n    tokenManager: TokenManagerOptions;\n    postLogoutRedirectUri: string;\n    restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n    transactionManager: TransactionManagerOptions;\n\n    // For server-side web applications ONLY!\n    clientSecret: string;\n    setLocation: SetLocationFunction;\n\n    // Workaround for bad client time/clock\n    ignoreLifetime: boolean;\n    maxClockSkew: number;\n\n\n    // eslint-disable-next-line max-statements\n    constructor(options: any) {\n      super(options);\n      \n      assertValidConfig(options);\n      \n      this.issuer = removeTrailingSlash(options.issuer);\n      this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n      this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n      this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n      this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n      this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n      this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n      this.clientId = options.clientId;\n      this.redirectUri = options.redirectUri;\n      if (isBrowser()) {\n        this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n      }\n      this.responseType = options.responseType;\n      this.responseMode = options.responseMode;\n      this.state = options.state;\n      this.scopes = options.scopes;\n      // Give the developer the ability to disable token signature validation.\n      this.ignoreSignature = !!options.ignoreSignature;\n      this.codeChallenge = options.codeChallenge;\n      this.codeChallengeMethod = options.codeChallengeMethod;\n\n      this.tokenManager = options.tokenManager;\n      this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n      this.restoreOriginalUri = options.restoreOriginalUri;\n      this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n      \n      this.clientSecret = options.clientSecret;\n      this.setLocation = options.setLocation;\n      \n      // As some end user's devices can have their date \n      // and time incorrectly set, allow for the disabling\n      // of the jwt liftetime validation\n      this.ignoreLifetime = !!options.ignoreLifetime;\n\n      // Digital clocks will drift over time, so the server\n      // can misalign with the time reported by the browser.\n      // The maxClockSkew allows relaxing the time-based\n      // validation of tokens (in seconds, not milliseconds).\n      // It currently defaults to 300, because 5 min is the\n      // default maximum tolerance allowed by Kerberos.\n      // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n      if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n        this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n      } else {\n        this.maxClockSkew = options.maxClockSkew;\n      }\n\n    }\n  };\n}\n"],"mappings":";;;;;;AAYA;;AACA;;AACA;;AACA;;AAUA;;AACA;;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAkBA,SAASA,iBAAT,CAA2BC,IAA3B,EAAiC;EAC/BA,IAAI,GAAGA,IAAI,IAAI,EAAf;EAEA,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAlB;;EACA,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,MAAd,CAAf,EAAsC;IACpC,MAAM,IAAIG,qBAAJ,CAAiB,wCACrB,6DADI,CAAN;EAED,CAP8B,CAS/B;;;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAlB;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,qBAAJ,CAAiB,sCACrB,8FADI,CAAN;EAED;;EAED,IAAIE,UAAU,GAAG,IAAIC,MAAJ,CAAW,eAAX,CAAjB;;EACA,IAAI,CAACD,UAAU,CAACE,IAAX,CAAgBH,MAAhB,CAAL,EAA8B;IAC5B,MAAM,IAAID,qBAAJ,CAAiB,iCACrB,8FADI,CAAN;EAED;;EAED,IAAIC,MAAM,CAACI,OAAP,CAAe,SAAf,MAA8B,CAAC,CAAnC,EAAsC;IACpC,MAAM,IAAIL,qBAAJ,CAAiB,sEACrB,uEADI,CAAN;EAED;AACF;;AAEM,SAASM,6BAAT,GAAyC;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAAA,GAA/B;EACA,OAAO,MAAMC,uBAAN,SACGF,sBADH,CAGP;IACE;IAQA;IAYA;IAMA;IAIA;IAKA;IACAG,WAAW,CAACC,OAAD,EAAe;MACxB,MAAMA,OAAN;MAEAhB,iBAAiB,CAACgB,OAAD,CAAjB;MAEA,KAAKV,MAAL,GAAc,IAAAW,wBAAA,EAAoBD,OAAO,CAACV,MAA5B,CAAd;MACA,KAAKY,QAAL,GAAgB,IAAAD,wBAAA,EAAoBD,OAAO,CAACE,QAA5B,CAAhB;MACA,KAAKC,YAAL,GAAoB,IAAAF,wBAAA,EAAoBD,OAAO,CAACG,YAA5B,CAApB;MACA,KAAKC,WAAL,GAAmB,IAAAH,wBAAA,EAAoBD,OAAO,CAACI,WAA5B,CAAnB;MACA,KAAKC,SAAL,GAAiB,IAAAJ,wBAAA,EAAoBD,OAAO,CAACK,SAA5B,CAAjB;MACA,KAAKC,SAAL,GAAiB,IAAAL,wBAAA,EAAoBD,OAAO,CAACM,SAA5B,CAAjB;MAEA,KAAKC,IAAL,GAAYP,OAAO,CAACO,IAAR,KAAiB,KAAjB,GAAyB,KAAzB,GAAiC,IAA7C,CAZwB,CAY2B;;MACnD,KAAKC,QAAL,GAAgBR,OAAO,CAACQ,QAAxB;MACA,KAAKC,WAAL,GAAmBT,OAAO,CAACS,WAA3B;;MACA,IAAI,IAAAC,mBAAA,GAAJ,EAAiB;QACf,KAAKD,WAAL,GAAmB,IAAAE,kBAAA,EAAcX,OAAO,CAACS,WAAtB,EAAmCG,MAAM,CAACC,QAAP,CAAgBC,MAAnD,CAAnB,CADe,CACgE;MAChF;;MACD,KAAKC,YAAL,GAAoBf,OAAO,CAACe,YAA5B;MACA,KAAKC,YAAL,GAAoBhB,OAAO,CAACgB,YAA5B;MACA,KAAKC,KAAL,GAAajB,OAAO,CAACiB,KAArB;MACA,KAAK/B,MAAL,GAAcc,OAAO,CAACd,MAAtB,CArBwB,CAsBxB;;MACA,KAAKgC,eAAL,GAAuB,CAAC,CAAClB,OAAO,CAACkB,eAAjC;MACA,KAAKC,aAAL,GAAqBnB,OAAO,CAACmB,aAA7B;MACA,KAAKC,mBAAL,GAA2BpB,OAAO,CAACoB,mBAAnC;MAEA,KAAKC,YAAL,GAAoBrB,OAAO,CAACqB,YAA5B;MACA,KAAKC,qBAAL,GAA6BtB,OAAO,CAACsB,qBAArC;MACA,KAAKC,kBAAL,GAA0BvB,OAAO,CAACuB,kBAAlC;MACA,KAAKC,kBAAL,GAA0B;QAAEC,mBAAmB,EAAnBA,yBAAF;QAAuB,GAAGzB,OAAO,CAACwB;MAAlC,CAA1B;MAEA,KAAKE,YAAL,GAAoB1B,OAAO,CAAC0B,YAA5B;MACA,KAAKC,WAAL,GAAmB3B,OAAO,CAAC2B,WAA3B,CAjCwB,CAmCxB;MACA;MACA;;MACA,KAAKC,cAAL,GAAsB,CAAC,CAAC5B,OAAO,CAAC4B,cAAhC,CAtCwB,CAwCxB;MACA;MACA;MACA;MACA;MACA;MACA;;MACA,IAAI,CAAC5B,OAAO,CAAC6B,YAAT,IAAyB7B,OAAO,CAAC6B,YAAR,KAAyB,CAAtD,EAAyD;QACvD,KAAKA,YAAL,GAAoBC,iCAApB;MACD,CAFD,MAEO;QACL,KAAKD,YAAL,GAAoB7B,OAAO,CAAC6B,YAA5B;MACD;IAEF;;EA1FH,CAHA;AA+FD"}
+{"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","acrValues","maxAge","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n  OAuthResponseMode,\n  OAuthResponseType,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  SetLocationFunction,\n  TokenManagerOptions,\n  TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n  args = args || {};\n\n  var scopes = args.scopes;\n  if (scopes && !Array.isArray(scopes)) {\n    throw new AuthSdkError('scopes must be a array of strings. ' +\n      'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var issuer = args.issuer!;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n}\n\nexport function createOAuthOptionsConstructor() {\n  const HttpOptionsConstructor = createHttpOptionsConstructor();\n  return class OAuthOptionsConstructor\n    extends HttpOptionsConstructor\n    implements Required<OktaAuthOAuthOptions>\n  {\n    // CustomUrls\n    issuer: string;\n    authorizeUrl: string;\n    userinfoUrl: string;\n    tokenUrl: string;\n    revokeUrl: string;\n    logoutUrl: string;\n    \n    // TokenParams\n    pkce: boolean;\n    clientId: string;\n    redirectUri: string;\n    responseType: OAuthResponseType | OAuthResponseType[];\n    responseMode: OAuthResponseMode;\n    state: string;\n    scopes: string[];\n    ignoreSignature: boolean;\n    codeChallenge: string;\n    codeChallengeMethod: string;\n    acrValues: string;\n    maxAge: string | number;\n\n    // Additional options\n    tokenManager: TokenManagerOptions;\n    postLogoutRedirectUri: string;\n    restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n    transactionManager: TransactionManagerOptions;\n\n    // For server-side web applications ONLY!\n    clientSecret: string;\n    setLocation: SetLocationFunction;\n\n    // Workaround for bad client time/clock\n    ignoreLifetime: boolean;\n    maxClockSkew: number;\n\n\n    // eslint-disable-next-line max-statements\n    constructor(options: any) {\n      super(options);\n      \n      assertValidConfig(options);\n      \n      this.issuer = removeTrailingSlash(options.issuer);\n      this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n      this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n      this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n      this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n      this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n      this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n      this.clientId = options.clientId;\n      this.redirectUri = options.redirectUri;\n      if (isBrowser()) {\n        this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n      }\n      this.responseType = options.responseType;\n      this.responseMode = options.responseMode;\n      this.state = options.state;\n      this.scopes = options.scopes;\n      // Give the developer the ability to disable token signature validation.\n      this.ignoreSignature = !!options.ignoreSignature;\n      this.codeChallenge = options.codeChallenge;\n      this.codeChallengeMethod = options.codeChallengeMethod;\n      this.acrValues = options.acrValues;\n      this.maxAge = options.maxAge;\n\n      this.tokenManager = options.tokenManager;\n      this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n      this.restoreOriginalUri = options.restoreOriginalUri;\n      this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n      \n      this.clientSecret = options.clientSecret;\n      this.setLocation = options.setLocation;\n      \n      // As some end user's devices can have their date \n      // and time incorrectly set, allow for the disabling\n      // of the jwt liftetime validation\n      this.ignoreLifetime = !!options.ignoreLifetime;\n\n      // Digital clocks will drift over time, so the server\n      // can misalign with the time reported by the browser.\n      // The maxClockSkew allows relaxing the time-based\n      // validation of tokens (in seconds, not milliseconds).\n      // It currently defaults to 300, because 5 min is the\n      // default maximum tolerance allowed by Kerberos.\n      // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n      if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n        this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n      } else {\n        this.maxClockSkew = options.maxClockSkew;\n      }\n\n    }\n  };\n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AAUA;AACA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA,SAASA,iBAAiB,CAACC,IAAI,EAAE;EAC/BA,IAAI,GAAGA,IAAI,IAAI,CAAC,CAAC;EAEjB,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAM;EACxB,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,MAAM,CAAC,EAAE;IACpC,MAAM,IAAIG,qBAAY,CAAC,qCAAqC,GAC1D,6DAA6D,CAAC;EAClE;;EAEA;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAO;EACzB,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,qBAAY,CAAC,mCAAmC,GACxD,8FAA8F,CAAC;EACnG;EAEA,IAAIE,UAAU,GAAG,IAAIC,MAAM,CAAC,eAAe,CAAC;EAC5C,IAAI,CAACD,UAAU,CAACE,IAAI,CAACH,MAAM,CAAC,EAAE;IAC5B,MAAM,IAAID,qBAAY,CAAC,8BAA8B,GACnD,8FAA8F,CAAC;EACnG;EAEA,IAAIC,MAAM,CAACI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE;IACpC,MAAM,IAAIL,qBAAY,CAAC,mEAAmE,GACxF,uEAAuE,CAAC;EAC5E;AACF;AAEO,SAASM,6BAA6B,GAAG;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAA4B,GAAE;EAC7D,OAAO,MAAMC,uBAAuB,SAC1BF,sBAAsB,CAEhC;IACE;;IAQA;;IAcA;;IAMA;;IAIA;;IAKA;IACAG,WAAW,CAACC,OAAY,EAAE;MACxB,KAAK,CAACA,OAAO,CAAC;MAEdhB,iBAAiB,CAACgB,OAAO,CAAC;MAE1B,IAAI,CAACV,MAAM,GAAG,IAAAW,wBAAmB,EAACD,OAAO,CAACV,MAAM,CAAC;MACjD,IAAI,CAACY,QAAQ,GAAG,IAAAD,wBAAmB,EAACD,OAAO,CAACE,QAAQ,CAAC;MACrD,IAAI,CAACC,YAAY,GAAG,IAAAF,wBAAmB,EAACD,OAAO,CAACG,YAAY,CAAC;MAC7D,IAAI,CAACC,WAAW,GAAG,IAAAH,wBAAmB,EAACD,OAAO,CAACI,WAAW,CAAC;MAC3D,IAAI,CAACC,SAAS,GAAG,IAAAJ,wBAAmB,EAACD,OAAO,CAACK,SAAS,CAAC;MACvD,IAAI,CAACC,SAAS,GAAG,IAAAL,wBAAmB,EAACD,OAAO,CAACM,SAAS,CAAC;MAEvD,IAAI,CAACC,IAAI,GAAGP,OAAO,CAACO,IAAI,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;MACnD,IAAI,CAACC,QAAQ,GAAGR,OAAO,CAACQ,QAAQ;MAChC,IAAI,CAACC,WAAW,GAAGT,OAAO,CAACS,WAAW;MACtC,IAAI,IAAAC,mBAAS,GAAE,EAAE;QACf,IAAI,CAACD,WAAW,GAAG,IAAAE,kBAAa,EAACX,OAAO,CAACS,WAAW,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC,CAAC,CAAC;MACjF;;MACA,IAAI,CAACC,YAAY,GAAGf,OAAO,CAACe,YAAY;MACxC,IAAI,CAACC,YAAY,GAAGhB,OAAO,CAACgB,YAAY;MACxC,IAAI,CAACC,KAAK,GAAGjB,OAAO,CAACiB,KAAK;MAC1B,IAAI,CAAC/B,MAAM,GAAGc,OAAO,CAACd,MAAM;MAC5B;MACA,IAAI,CAACgC,eAAe,GAAG,CAAC,CAAClB,OAAO,CAACkB,eAAe;MAChD,IAAI,CAACC,aAAa,GAAGnB,OAAO,CAACmB,aAAa;MAC1C,IAAI,CAACC,mBAAmB,GAAGpB,OAAO,CAACoB,mBAAmB;MACtD,IAAI,CAACC,SAAS,GAAGrB,OAAO,CAACqB,SAAS;MAClC,IAAI,CAACC,MAAM,GAAGtB,OAAO,CAACsB,MAAM;MAE5B,IAAI,CAACC,YAAY,GAAGvB,OAAO,CAACuB,YAAY;MACxC,IAAI,CAACC,qBAAqB,GAAGxB,OAAO,CAACwB,qBAAqB;MAC1D,IAAI,CAACC,kBAAkB,GAAGzB,OAAO,CAACyB,kBAAkB;MACpD,IAAI,CAACC,kBAAkB,GAAG;QAAEC,mBAAmB,EAAnBA,yBAAmB;QAAE,GAAG3B,OAAO,CAAC0B;MAAmB,CAAC;MAEhF,IAAI,CAACE,YAAY,GAAG5B,OAAO,CAAC4B,YAAY;MACxC,IAAI,CAACC,WAAW,GAAG7B,OAAO,CAAC6B,WAAW;;MAEtC;MACA;MACA;MACA,IAAI,CAACC,cAAc,GAAG,CAAC,CAAC9B,OAAO,CAAC8B,cAAc;;MAE9C;MACA;MACA;MACA;MACA;MACA;MACA;MACA,IAAI,CAAC9B,OAAO,CAAC+B,YAAY,IAAI/B,OAAO,CAAC+B,YAAY,KAAK,CAAC,EAAE;QACvD,IAAI,CAACA,YAAY,GAAGC,iCAAsB;MAC5C,CAAC,MAAM;QACL,IAAI,CAACD,YAAY,GAAG/B,OAAO,CAAC+B,YAAY;MAC1C;IAEF;EACF,CAAC;AACH"}

package/cjs/oidc/options/browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"browser.js","names":["enableSharedStorage"],"sources":["../../../../lib/oidc/options/browser.ts"],"sourcesContent":["export const enableSharedStorage = true;\n"],"mappings":";;;AAAO,MAAMA,mBAAmB,GAAG,IAA5B"}
+{"version":3,"file":"browser.js","names":["enableSharedStorage"],"sources":["../../../../lib/oidc/options/browser.ts"],"sourcesContent":["export const enableSharedStorage = true;\n"],"mappings":";;;AAAO,MAAMA,mBAAmB,GAAG,IAAI;AAAC"}

package/cjs/oidc/options/index.js

@@ -1,7 +1,6 @@
 "use strict";
 
 var _OAuthOptionsConstructor = require("./OAuthOptionsConstructor");
-
 Object.keys(_OAuthOptionsConstructor).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _OAuthOptionsConstructor[key]) return;

package/cjs/oidc/options/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/options/index.ts"],"sourcesContent":["export * from './OAuthOptionsConstructor';\n"],"mappings":";;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/options/index.ts"],"sourcesContent":["export * from './OAuthOptionsConstructor';\n"],"mappings":";;AAAA;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/cjs/oidc/options/node.js.map

@@ -1 +1 @@
-{"version":3,"file":"node.js","names":["enableSharedStorage"],"sources":["../../../../lib/oidc/options/node.ts"],"sourcesContent":["\nexport const enableSharedStorage = false;\n"],"mappings":";;;AACO,MAAMA,mBAAmB,GAAG,KAA5B"}
+{"version":3,"file":"node.js","names":["enableSharedStorage"],"sources":["../../../../lib/oidc/options/node.ts"],"sourcesContent":["\nexport const enableSharedStorage = false;\n"],"mappings":";;;AACO,MAAMA,mBAAmB,GAAG,KAAK;AAAC"}

package/cjs/oidc/parseFromUrl.js

@@ -4,17 +4,11 @@ exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
 exports.getResponseMode = getResponseMode;
 exports.parseFromUrl = parseFromUrl;
 exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
-
 var _errors = require("../errors");
-
 var _util = require("./util");
-
 var _util2 = require("../util");
-
 var _handleOAuthResponse = require("./handleOAuthResponse");
-
 /* eslint-disable complexity */
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -27,44 +21,35 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
+
 function removeHash(sdk) {
   var nativeHistory = sdk.token.parseFromUrl._getHistory();
-
   var nativeDoc = sdk.token.parseFromUrl._getDocument();
-
   var nativeLoc = sdk.token.parseFromUrl._getLocation();
-
   if (nativeHistory && nativeHistory.replaceState) {
     nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);
   } else {
     nativeLoc.hash = '';
   }
 }
-
 function removeSearch(sdk) {
   var nativeHistory = sdk.token.parseFromUrl._getHistory();
-
   var nativeDoc = sdk.token.parseFromUrl._getDocument();
-
   var nativeLoc = sdk.token.parseFromUrl._getLocation();
-
   if (nativeHistory && nativeHistory.replaceState) {
     nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);
   } else {
     nativeLoc.search = '';
   }
 }
-
 function getResponseMode(sdk) {
   // https://openid.net/specs/openid-connect-core-1_0.html#Authentication
   var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
   var responseMode = sdk.options.responseMode || defaultResponseMode;
   return responseMode;
 }
-
 function parseOAuthResponseFromUrl(sdk, options) {
   options = options || {};
-
   if ((0, _util2.isString)(options)) {
     options = {
       url: options
@@ -72,36 +57,27 @@ function parseOAuthResponseFromUrl(sdk, options) {
   } else {
     options = options;
   }
-
   var url = options.url;
   var responseMode = options.responseMode || getResponseMode(sdk);
-
   var nativeLoc = sdk.token.parseFromUrl._getLocation();
-
   var paramStr;
-
   if (responseMode === 'query') {
     paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;
   } else {
     paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;
   }
-
   if (!paramStr) {
     throw new _errors.AuthSdkError('Unable to parse a token from the url');
   }
-
   return (0, _util.urlParamsToObject)(paramStr);
 }
-
 function cleanOAuthResponseFromUrl(sdk, options) {
   // Clean hash or search from the url
   const responseMode = options.responseMode || getResponseMode(sdk);
   responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
 }
-
 async function parseFromUrl(sdk, options) {
   options = options || {};
-
   if ((0, _util2.isString)(options)) {
     options = {
       url: options
@@ -109,37 +85,30 @@ async function parseFromUrl(sdk, options) {
   } else {
     options = options;
   }
-
   const res = parseOAuthResponseFromUrl(sdk, options);
   const state = res.state;
   const oauthParams = sdk.transactionManager.load({
     state
   });
-
   if (!oauthParams) {
     if (sdk.options.pkce) {
       // eslint-disable-next-line max-len
       throw new _errors.AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);
     }
-
     throw new _errors.AuthSdkError('Unable to retrieve OAuth redirect params from storage');
   }
-
   const urls = oauthParams.urls;
   delete oauthParams.urls;
-
   if (!options.url) {
     // Clean hash or search from the url
     cleanOAuthResponseFromUrl(sdk, options);
   }
-
   return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, oauthParams, res, urls).catch(err => {
     if (!(0, _util.isInteractionRequiredError)(err)) {
       sdk.transactionManager.clear({
         state
       });
     }
-
     throw err;
   }).then(res => {
     sdk.transactionManager.clear({

package/cjs/oidc/parseFromUrl.js.map

@@ -1 +1 @@
-{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","isString","url","paramStr","substring","indexOf","AuthSdkError","urlParamsToObject","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","undefined","urls","handleOAuthResponse","catch","err","isInteractionRequiredError","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from './types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    state\n  });\n  if (!oauthParams) {\n    if (sdk.options.pkce) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n    }\n    throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;EACD,CAFD,MAEO;IACLL,SAAS,CAACM,IAAV,GAAiB,EAAjB;EACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;EACA,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;EACA,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;IAC/CR,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;EACD,CAFD,MAEO;IACLN,SAAS,CAACK,MAAV,GAAmB,EAAnB;EACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;EACA,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;EACA,OAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;EACnGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,IAAIK,GAAG,GAAGL,OAAO,CAACK,GAAlB;EACA,IAAIH,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;EACA,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;EACA,IAAIe,QAAJ;;EAEA,IAAIJ,YAAY,KAAK,OAArB,EAA8B;IAC5BI,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqClB,SAAS,CAACK,MAA7D;EACD,CAFD,MAEO;IACLW,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqClB,SAAS,CAACM,IAA7D;EACD;;EAED,IAAI,CAACU,QAAL,EAAe;IACb,MAAM,IAAIG,oBAAJ,CAAiB,sCAAjB,CAAN;EACD;;EAED,OAAO,IAAAC,uBAAA,EAAkBJ,QAAlB,CAAP;AACD;;AAEM,SAASK,yBAAT,CAAmC5B,GAAnC,EAAwCiB,OAAxC,EAAsE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;EACAmB,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;EACtGA,OAAO,GAAGA,OAAO,IAAI,EAArB;;EACA,IAAI,IAAAI,eAAA,EAASJ,OAAT,CAAJ,EAAuB;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAP,CAAV;EACD,CAFD,MAEO;IACLA,OAAO,GAAGA,OAAV;EACD;;EAED,MAAMY,GAAkB,GAAGT,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;EACA,MAAMa,KAAK,GAAGD,GAAG,CAACC,KAAlB;EACA,MAAMC,WAA4B,GAAG/B,GAAG,CAACgC,kBAAJ,CAAuBC,IAAvB,CAA4B;IAC/DH;EAD+D,CAA5B,CAArC;;EAGA,IAAI,CAACC,WAAL,EAAkB;IAChB,IAAI/B,GAAG,CAACiB,OAAJ,CAAYC,IAAhB,EAAsB;MACpB;MACA,MAAM,IAAIQ,oBAAJ,CAAiB,yJAAjB,EAA4KQ,SAA5K,CAAN;IACD;;IACD,MAAM,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAN;EACD;;EACD,MAAMS,IAAgB,GAAGJ,WAAW,CAACI,IAArC;EACA,OAAOJ,WAAW,CAACI,IAAnB;;EAEA,IAAI,CAAClB,OAAO,CAACK,GAAb,EAAkB;IAChB;IACAM,yBAAyB,CAAC5B,GAAD,EAAMiB,OAAN,CAAzB;EACD;;EAED,OAAO,IAAAmB,wCAAA,EAAoBpC,GAApB,EAAyB+B,WAAzB,EAAsCF,GAAtC,EAA2CM,IAA3C,EACJE,KADI,CACEC,GAAG,IAAI;IACZ,IAAI,CAAC,IAAAC,gCAAA,EAA2BD,GAA3B,CAAL,EAAsC;MACpCtC,GAAG,CAACgC,kBAAJ,CAAuBQ,KAAvB,CAA6B;QAC3BV;MAD2B,CAA7B;IAGD;;IACD,MAAMQ,GAAN;EACD,CARI,EASJG,IATI,CASCZ,GAAG,IAAI;IACX7B,GAAG,CAACgC,kBAAJ,CAAuBQ,KAAvB,CAA6B;MAC3BV;IAD2B,CAA7B;IAGA,OAAOD,GAAP;EACD,CAdI,CAAP;AAgBD"}
+{"version":3,"file":"parseFromUrl.js","names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","isString","url","paramStr","substring","indexOf","AuthSdkError","urlParamsToObject","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","undefined","urls","handleOAuthResponse","catch","err","isInteractionRequiredError","clear","then"],"sources":["../../../lib/oidc/parseFromUrl.ts"],"sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from './types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    state\n  });\n  if (!oauthParams) {\n    if (sdk.options.pkce) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n    }\n    throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"mappings":";;;;;;AAaA;AACA;AAQA;AACA;AAvBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAaA,SAASA,UAAU,CAACC,GAAG,EAAE;EACvB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAK,CAACC,YAAY,CAACC,WAAW,EAAE;EACxD,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAK,CAACC,YAAY,CAACG,YAAY,EAAE;EACrD,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAK,CAACC,YAAY,CAACK,YAAY,EAAE;EACrD,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAY,EAAE;IAC/CR,aAAa,CAACQ,YAAY,CAAC,IAAI,EAAEJ,SAAS,CAACK,KAAK,EAAEH,SAAS,CAACI,QAAQ,GAAGJ,SAAS,CAACK,MAAM,CAAC;EAC1F,CAAC,MAAM;IACLL,SAAS,CAACM,IAAI,GAAG,EAAE;EACrB;AACF;AAEA,SAASC,YAAY,CAACd,GAAG,EAAE;EACzB,IAAIC,aAAa,GAAGD,GAAG,CAACE,KAAK,CAACC,YAAY,CAACC,WAAW,EAAE;EACxD,IAAIC,SAAS,GAAGL,GAAG,CAACE,KAAK,CAACC,YAAY,CAACG,YAAY,EAAE;EACrD,IAAIC,SAAS,GAAGP,GAAG,CAACE,KAAK,CAACC,YAAY,CAACK,YAAY,EAAE;EACrD,IAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAY,EAAE;IAC/CR,aAAa,CAACQ,YAAY,CAAC,IAAI,EAAEJ,SAAS,CAACK,KAAK,EAAEH,SAAS,CAACI,QAAQ,GAAGJ,SAAS,CAACM,IAAI,CAAC;EACxF,CAAC,MAAM;IACLN,SAAS,CAACK,MAAM,GAAG,EAAE;EACvB;AACF;AAEO,SAASG,eAAe,CAACf,GAAG,EAAwB;EACzD;EACA,IAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAO,CAACC,IAAI,GAAG,OAAO,GAAG,UAAU;EACjE,IAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAO,CAACE,YAAY,IAAIH,mBAAmB;EAClE,OAAOG,YAAY;AACrB;AAEO,SAASC,yBAAyB,CAACpB,GAAG,EAAEiB,OAAqC,EAAiB;EACnGA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EACvB,IAAI,IAAAI,eAAQ,EAACJ,OAAO,CAAC,EAAE;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAQ,CAAwB;EACnD,CAAC,MAAM;IACLA,OAAO,GAAGA,OAA8B;EAC1C;EAEA,IAAIK,GAAG,GAAGL,OAAO,CAACK,GAAG;EACrB,IAAIH,YAAY,GAAGF,OAAO,CAACE,YAAY,IAAIJ,eAAe,CAACf,GAAG,CAAC;EAC/D,IAAIO,SAAS,GAAGP,GAAG,CAACE,KAAK,CAACC,YAAY,CAACK,YAAY,EAAE;EACrD,IAAIe,QAAQ;EAEZ,IAAIJ,YAAY,KAAK,OAAO,EAAE;IAC5BI,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAS,CAACF,GAAG,CAACG,OAAO,CAAC,GAAG,CAAC,CAAC,GAAGlB,SAAS,CAACK,MAAM;EACrE,CAAC,MAAM;IACLW,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAS,CAACF,GAAG,CAACG,OAAO,CAAC,GAAG,CAAC,CAAC,GAAGlB,SAAS,CAACM,IAAI;EACnE;EAEA,IAAI,CAACU,QAAQ,EAAE;IACb,MAAM,IAAIG,oBAAY,CAAC,sCAAsC,CAAC;EAChE;EAEA,OAAO,IAAAC,uBAAiB,EAACJ,QAAQ,CAAC;AACpC;AAEO,SAASK,yBAAyB,CAAC5B,GAAG,EAAEiB,OAA4B,EAAE;EAC3E;EACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAY,IAAIJ,eAAe,CAACf,GAAG,CAAC;EACjEmB,YAAY,KAAK,OAAO,GAAGL,YAAY,CAACd,GAAG,CAAC,GAAGD,UAAU,CAACC,GAAG,CAAC;AAChE;AAEO,eAAeG,YAAY,CAACH,GAAG,EAAEiB,OAAsC,EAA0B;EACtGA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EACvB,IAAI,IAAAI,eAAQ,EAACJ,OAAO,CAAC,EAAE;IACrBA,OAAO,GAAG;MAAEK,GAAG,EAAEL;IAAQ,CAAwB;EACnD,CAAC,MAAM;IACLA,OAAO,GAAGA,OAA8B;EAC1C;EAEA,MAAMY,GAAkB,GAAGT,yBAAyB,CAACpB,GAAG,EAAEiB,OAAO,CAAC;EAClE,MAAMa,KAAK,GAAGD,GAAG,CAACC,KAAK;EACvB,MAAMC,WAA4B,GAAG/B,GAAG,CAACgC,kBAAkB,CAACC,IAAI,CAAC;IAC/DH;EACF,CAAC,CAAC;EACF,IAAI,CAACC,WAAW,EAAE;IAChB,IAAI/B,GAAG,CAACiB,OAAO,CAACC,IAAI,EAAE;MACpB;MACA,MAAM,IAAIQ,oBAAY,CAAC,yJAAyJ,EAAEQ,SAAS,CAAC;IAC9L;IACA,MAAM,IAAIR,oBAAY,CAAC,uDAAuD,CAAC;EACjF;EACA,MAAMS,IAAgB,GAAGJ,WAAW,CAACI,IAAkB;EACvD,OAAOJ,WAAW,CAACI,IAAI;EAEvB,IAAI,CAAClB,OAAO,CAACK,GAAG,EAAE;IAChB;IACAM,yBAAyB,CAAC5B,GAAG,EAAEiB,OAAO,CAAC;EACzC;EAEA,OAAO,IAAAmB,wCAAmB,EAACpC,GAAG,EAAE+B,WAAW,EAAEF,GAAG,EAAEM,IAAI,CAAC,CACpDE,KAAK,CAACC,GAAG,IAAI;IACZ,IAAI,CAAC,IAAAC,gCAA0B,EAACD,GAAG,CAAC,EAAE;MACpCtC,GAAG,CAACgC,kBAAkB,CAACQ,KAAK,CAAC;QAC3BV;MACF,CAAC,CAAC;IACJ;IACA,MAAMQ,GAAG;EACX,CAAC,CAAC,CACDG,IAAI,CAACZ,GAAG,IAAI;IACX7B,GAAG,CAACgC,kBAAkB,CAACQ,KAAK,CAAC;MAC3BV;IACF,CAAC,CAAC;IACF,OAAOD,GAAG;EACZ,CAAC,CAAC;AAEN"}

package/cjs/oidc/renewToken.js

@@ -1,15 +1,10 @@
 "use strict";
 
 exports.renewToken = renewToken;
-
 var _errors = require("../errors");
-
 var _types = require("./types");
-
 var _getWithoutPrompt = require("./getWithoutPrompt");
-
 var _renewTokensWithRefresh = require("./renewTokensWithRefresh");
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -22,40 +17,35 @@ var _renewTokensWithRefresh = require("./renewTokensWithRefresh");
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
+
 function throwInvalidTokenError() {
   throw new _errors.AuthSdkError('Renew must be passed a token with an array of scopes and an accessToken or idToken');
-} // Multiple tokens may have come back. Return only the token which was requested.
-
+}
 
+// Multiple tokens may have come back. Return only the token which was requested.
 function getSingleToken(originalToken, tokens) {
   if ((0, _types.isIDToken)(originalToken)) {
     return tokens.idToken;
   }
-
   if ((0, _types.isAccessToken)(originalToken)) {
     return tokens.accessToken;
   }
-
   throwInvalidTokenError();
-} // If we have a refresh token, renew using that, otherwise getWithoutPrompt
-
+}
 
+// If we have a refresh token, renew using that, otherwise getWithoutPrompt
 async function renewToken(sdk, token) {
   if (!(0, _types.isIDToken)(token) && !(0, _types.isAccessToken)(token)) {
     throwInvalidTokenError();
   }
-
   let tokens = sdk.tokenManager.getTokensSync();
-
   if (tokens.refreshToken) {
     tokens = await (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, {
       scopes: token.scopes
     }, tokens.refreshToken);
     return getSingleToken(token, tokens);
   }
-
   var responseType;
-
   if (sdk.options.pkce) {
     responseType = 'code';
   } else if ((0, _types.isAccessToken)(token)) {
@@ -63,7 +53,6 @@ async function renewToken(sdk, token) {
   } else {
     responseType = 'id_token';
   }
-
   const {
     scopes,
     authorizeUrl,

package/cjs/oidc/renewToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;EAChC,MAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;EAC5D,IAAI,IAAAC,gBAAA,EAAUF,aAAV,CAAJ,EAA8B;IAC5B,OAAOC,MAAM,CAACE,OAAd;EACD;;EACD,IAAI,IAAAC,oBAAA,EAAcJ,aAAd,CAAJ,EAAkC;IAChC,OAAOC,MAAM,CAACI,WAAd;EACD;;EACDR,sBAAsB;AACvB,C,CAED;;;AACO,eAAeS,UAAf,CAA0BC,GAA1B,EAAuDC,KAAvD,EAAiG;EACtG,IAAI,CAAC,IAAAN,gBAAA,EAAUM,KAAV,CAAD,IAAqB,CAAC,IAAAJ,oBAAA,EAAcI,KAAd,CAA1B,EAAgD;IAC9CX,sBAAsB;EACvB;;EAED,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;EACA,IAAIT,MAAM,CAACU,YAAX,EAAyB;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAA,EAAuBL,GAAvB,EAA4B;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAD2B,CAA5B,EAEZZ,MAAM,CAACU,YAFK,CAAf;IAGA,OAAOZ,cAAc,CAACS,KAAD,EAAQP,MAAR,CAArB;EACD;;EAED,IAAIa,YAAJ;;EACA,IAAIP,GAAG,CAACQ,OAAJ,CAAYC,IAAhB,EAAsB;IACpBF,YAAY,GAAG,MAAf;EACD,CAFD,MAEO,IAAI,IAAAV,oBAAA,EAAcI,KAAd,CAAJ,EAA0B;IAC/BM,YAAY,GAAG,OAAf;EACD,CAFM,MAEA;IACLA,YAAY,GAAG,UAAf;EACD;;EAED,MAAM;IAAED,MAAF;IAAUI,YAAV;IAAwBC,WAAxB;IAAqCC;EAArC,IAAgDX,KAAtD;EACA,OAAO,IAAAY,kCAAA,EAAiBb,GAAjB,EAAsB;IAC3BO,YAD2B;IAE3BD,MAF2B;IAG3BI,YAH2B;IAI3BC,WAJ2B;IAK3BC;EAL2B,CAAtB,EAOJE,IAPI,CAOC,UAAUC,GAAV,EAAe;IACnB,OAAOvB,cAAc,CAACS,KAAD,EAAQc,GAAG,CAACrB,MAAZ,CAArB;EACD,CATI,CAAP;AAUD"}
+{"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"mappings":";;;AAYA;AACA;AACA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA,SAASA,sBAAsB,GAAG;EAChC,MAAM,IAAIC,oBAAY,CACpB,oFAAoF,CACrF;AACH;;AAEA;AACA,SAASC,cAAc,CAACC,aAAoB,EAAEC,MAAc,EAAE;EAC5D,IAAI,IAAAC,gBAAS,EAACF,aAAa,CAAC,EAAE;IAC5B,OAAOC,MAAM,CAACE,OAAO;EACvB;EACA,IAAI,IAAAC,oBAAa,EAACJ,aAAa,CAAC,EAAE;IAChC,OAAOC,MAAM,CAACI,WAAW;EAC3B;EACAR,sBAAsB,EAAE;AAC1B;;AAEA;AACO,eAAeS,UAAU,CAACC,GAA2B,EAAEC,KAAY,EAA8B;EACtG,IAAI,CAAC,IAAAN,gBAAS,EAACM,KAAK,CAAC,IAAI,CAAC,IAAAJ,oBAAa,EAACI,KAAK,CAAC,EAAE;IAC9CX,sBAAsB,EAAE;EAC1B;EAEA,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAY,CAACC,aAAa,EAAE;EAC7C,IAAIT,MAAM,CAACU,YAAY,EAAE;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAsB,EAACL,GAAG,EAAE;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAChB,CAAC,EAAEZ,MAAM,CAACU,YAAY,CAAC;IACvB,OAAOZ,cAAc,CAACS,KAAK,EAAEP,MAAM,CAAC;EACtC;EAEA,IAAIa,YAAY;EAChB,IAAIP,GAAG,CAACQ,OAAO,CAACC,IAAI,EAAE;IACpBF,YAAY,GAAG,MAAM;EACvB,CAAC,MAAM,IAAI,IAAAV,oBAAa,EAACI,KAAK,CAAC,EAAE;IAC/BM,YAAY,GAAG,OAAO;EACxB,CAAC,MAAM;IACLA,YAAY,GAAG,UAAU;EAC3B;EAEA,MAAM;IAAED,MAAM;IAAEI,YAAY;IAAEC,WAAW;IAAEC;EAAO,CAAC,GAAGX,KAAgC;EACtF,OAAO,IAAAY,kCAAgB,EAACb,GAAG,EAAE;IAC3BO,YAAY;IACZD,MAAM;IACNI,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,CAAC,CACCE,IAAI,CAAC,UAAUC,GAAG,EAAE;IACnB,OAAOvB,cAAc,CAACS,KAAK,EAAEc,GAAG,CAACrB,MAAM,CAAC;EAC1C,CAAC,CAAC;AACN"}

package/cjs/oidc/renewTokens.js

@@ -1,15 +1,10 @@
 "use strict";
 
 exports.renewTokens = renewTokens;
-
 var _errors = require("../errors");
-
 var _getWithoutPrompt = require("./getWithoutPrompt");
-
 var _renewTokensWithRefresh = require("./renewTokensWithRefresh");
-
 var _util = require("./util");
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -22,43 +17,37 @@ var _util = require("./util");
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
+
 // If we have a refresh token, renew using that, otherwise getWithoutPrompt
 // eslint-disable-next-line complexity
 async function renewTokens(sdk, options) {
   const tokens = sdk.tokenManager.getTokensSync();
-
   if (tokens.refreshToken) {
     return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options || {}, tokens.refreshToken);
   }
-
   if (!tokens.accessToken && !tokens.idToken) {
     throw new _errors.AuthSdkError('renewTokens() was called but there is no existing token');
   }
-
   const accessToken = tokens.accessToken || {};
   const idToken = tokens.idToken || {};
   const scopes = accessToken.scopes || idToken.scopes;
-
   if (!scopes) {
     throw new _errors.AuthSdkError('renewTokens: invalid tokens: could not read scopes');
   }
-
   const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;
-
   if (!authorizeUrl) {
     throw new _errors.AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');
   }
-
   const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
-  const issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
+  const issuer = idToken.issuer || sdk.options.issuer;
 
+  // Get tokens using the SSO cookie
   options = Object.assign({
     scopes,
     authorizeUrl,
     userinfoUrl,
     issuer
   }, options);
-
   if (sdk.options.pkce) {
     options.responseType = 'code';
   } else {
@@ -67,7 +56,6 @@ async function renewTokens(sdk, options) {
     } = (0, _util.getDefaultTokenParams)(sdk);
     options.responseType = responseType;
   }
-
   return (0, _getWithoutPrompt.getWithoutPrompt)(sdk, options).then(res => res.tokens);
 }
 //# sourceMappingURL=renewTokens.js.map

package/cjs/oidc/renewTokens.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;EACA,IAAIF,MAAM,CAACG,YAAX,EAAyB;IACvB,OAAO,IAAAC,8CAAA,EAAuBN,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;EACD;;EAED,IAAI,CAACH,MAAM,CAACK,WAAR,IAAuB,CAACL,MAAM,CAACM,OAAnC,EAA4C;IAC1C,MAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;EACD;;EAED,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAP,IAAsB,EAA1C;EACA,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAP,IAAkB,EAAlC;EACA,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;EACA,IAAI,CAACA,MAAL,EAAa;IACX,MAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;EACD;;EACD,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;EACA,IAAI,CAACA,YAAL,EAAmB;IACjB,MAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;EACD;;EACD,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BZ,GAAG,CAACC,OAAJ,CAAYW,WAA3D;EACA,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBb,GAAG,CAACC,OAAJ,CAAYY,MAA7C,CArB6E,CAuB7E;;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAP,CAAc;IACtBL,MADsB;IAEtBC,YAFsB;IAGtBC,WAHsB;IAItBC;EAJsB,CAAd,EAKPZ,OALO,CAAV;;EAOA,IAAID,GAAG,CAACC,OAAJ,CAAYe,IAAhB,EAAsB;IACpBf,OAAO,CAACgB,YAAR,GAAuB,MAAvB;EACD,CAFD,MAEO;IACL,MAAM;MAAEA;IAAF,IAAmB,IAAAC,2BAAA,EAAsBlB,GAAtB,CAAzB;IACAC,OAAO,CAACgB,YAAR,GAAuBA,YAAvB;EACD;;EAED,OAAO,IAAAE,kCAAA,EAAiBnB,GAAjB,EAAsBC,OAAtB,EACJmB,IADI,CACCC,GAAG,IAAIA,GAAG,CAACnB,MADZ,CAAP;AAGD"}
+{"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAAqB,EAAmB;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAC/C,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}

package/cjs/oidc/renewTokensWithRefresh.js

@@ -1,19 +1,12 @@
 "use strict";
 
 exports.renewTokensWithRefresh = renewTokensWithRefresh;
-
 var _errors = require("../errors");
-
 var _oauth = require("./util/oauth");
-
 var _refreshToken = require("./util/refreshToken");
-
 var _handleOAuthResponse = require("./handleOAuthResponse");
-
 var _token = require("./endpoints/token");
-
 var _errors2 = require("./util/errors");
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -26,15 +19,14 @@ var _errors2 = require("./util/errors");
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
+
 async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
   const {
     clientId
   } = sdk.options;
-
   if (!clientId) {
     throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
   }
-
   try {
     const renewTokenParams = Object.assign({}, tokenParams, {
       clientId
@@ -43,23 +35,21 @@ async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
     const urls = (0, _oauth.getOAuthUrls)(sdk, tokenParams);
     const {
       tokens
-    } = await (0, _handleOAuthResponse.handleOAuthResponse)(sdk, renewTokenParams, tokenResponse, urls); // Support rotating refresh tokens
+    } = await (0, _handleOAuthResponse.handleOAuthResponse)(sdk, renewTokenParams, tokenResponse, urls);
 
+    // Support rotating refresh tokens
     const {
       refreshToken
     } = tokens;
-
     if (refreshToken && !(0, _refreshToken.isSameRefreshToken)(refreshToken, refreshTokenObject)) {
       sdk.tokenManager.updateRefreshToken(refreshToken);
     }
-
     return tokens;
   } catch (err) {
     if ((0, _errors2.isRefreshTokenInvalidError)(err)) {
       // if the refresh token is invalid, remove it from storage
       sdk.tokenManager.removeRefreshToken();
     }
-
     throw err;
   }
 }

package/cjs/oidc/renewTokensWithRefresh.js.map

@@ -1 +1 @@
-{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","Object","assign","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;EACjB,MAAM;IAAEC;EAAF,IAAeH,GAAG,CAACI,OAAzB;;EACA,IAAI,CAACD,QAAL,EAAe;IACb,MAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;EACD;;EAED,IAAI;IACF,MAAMC,gBAA6B,GAAGC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBP,WAAlB,EAA+B;MACnEE;IADmE,CAA/B,CAAtC;IAGA,MAAMM,aAAa,GAAG,MAAM,IAAAC,uBAAA,EAAiBV,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;IACA,MAAMS,IAAI,GAAG,IAAAC,mBAAA,EAAaZ,GAAb,EAAkBC,WAAlB,CAAb;IACA,MAAM;MAAEY;IAAF,IAAa,MAAM,IAAAC,wCAAA,EAAoBd,GAApB,EAAyBM,gBAAzB,EAA2CG,aAA3C,EAA0DE,IAA1D,CAAzB,CANE,CAQF;;IACA,MAAM;MAAEI;IAAF,IAAmBF,MAAzB;;IACA,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAA,EAAmBD,YAAnB,EAAiCb,kBAAjC,CAArB,EAA2E;MACzEF,GAAG,CAACiB,YAAJ,CAAiBC,kBAAjB,CAAoCH,YAApC;IACD;;IAED,OAAOF,MAAP;EACD,CAfD,CAgBA,OAAOM,GAAP,EAAY;IACV,IAAI,IAAAC,mCAAA,EAA2BD,GAA3B,CAAJ,EAAqC;MACnC;MACAnB,GAAG,CAACiB,YAAJ,CAAiBI,kBAAjB;IACD;;IACD,MAAMF,GAAN;EACD;AACF"}
+{"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","Object","assign","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n"],"mappings":";;;AAYA;AACA;AACA;AAEA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASO,eAAeA,sBAAsB,CAC1CC,GAA2B,EAC3BC,WAAwB,EACxBC,kBAAgC,EACf;EACjB,MAAM;IAAEC;EAAS,CAAC,GAAGH,GAAG,CAACI,OAAO;EAChC,IAAI,CAACD,QAAQ,EAAE;IACb,MAAM,IAAIE,oBAAY,CAAC,0EAA0E,CAAC;EACpG;EAEA,IAAI;IACF,MAAMC,gBAA6B,GAAGC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEP,WAAW,EAAE;MACnEE;IACF,CAAC,CAAC;IACF,MAAMM,aAAa,GAAG,MAAM,IAAAC,uBAAgB,EAACV,GAAG,EAAEM,gBAAgB,EAAEJ,kBAAkB,CAAC;IACvF,MAAMS,IAAI,GAAG,IAAAC,mBAAY,EAACZ,GAAG,EAAEC,WAAW,CAAC;IAC3C,MAAM;MAAEY;IAAO,CAAC,GAAG,MAAM,IAAAC,wCAAmB,EAACd,GAAG,EAAEM,gBAAgB,EAAEG,aAAa,EAAEE,IAAI,CAAC;;IAExF;IACA,MAAM;MAAEI;IAAa,CAAC,GAAGF,MAAM;IAC/B,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAkB,EAACD,YAAY,EAAEb,kBAAkB,CAAC,EAAE;MACzEF,GAAG,CAACiB,YAAY,CAACC,kBAAkB,CAACH,YAAY,CAAC;IACnD;IAEA,OAAOF,MAAM;EACf,CAAC,CACD,OAAOM,GAAG,EAAE;IACV,IAAI,IAAAC,mCAA0B,EAACD,GAAG,CAAC,EAAE;MACnC;MACAnB,GAAG,CAACiB,YAAY,CAACI,kBAAkB,EAAE;IACvC;IACA,MAAMF,GAAG;EACX;AACF"}

package/cjs/oidc/revokeToken.js

@@ -1,19 +1,12 @@
 "use strict";
 
 var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
-
 exports.revokeToken = revokeToken;
-
 var _http = require("../http");
-
 var _util = require("../util");
-
 var _oauth = require("./util/oauth");
-
 var _crypto = require("../crypto");
-
 var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -28,28 +21,24 @@ var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
  */
 
 /* eslint complexity:[0,8] */
+
 // refresh tokens have precedence to be revoked if no token is specified
 async function revokeToken(sdk, token) {
   let accessToken = '';
   let refreshToken = '';
-
   if (token) {
     accessToken = token.accessToken;
     refreshToken = token.refreshToken;
   }
-
   if (!accessToken && !refreshToken) {
     throw new _AuthSdkError.default('A valid access or refresh token object is required');
   }
-
   var clientId = sdk.options.clientId;
   var clientSecret = sdk.options.clientSecret;
-
   if (!clientId) {
     throw new _AuthSdkError.default('A clientId must be specified in the OktaAuth constructor to revoke a token');
-  } // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-
-
+  }
+  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
   var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
   var args = (0, _util.toQueryString)({
     // eslint-disable-next-line camelcase