@okta/okta-auth-js 7.0.1 → 7.1.0

package/cjs/oidc/mixin/index.js

@@ -1,34 +1,20 @@
 "use strict";
 
 var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
-
 exports.mixinOAuth = mixinOAuth;
-
 var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
-
 var _http = require("../../http");
-
 var _util = require("../../util");
-
 var crypto = _interopRequireWildcard(require("../../crypto"));
-
 var _pkce = _interopRequireDefault(require("../util/pkce"));
-
 var _factory = require("../factory");
-
 var _TokenManager = require("../TokenManager");
-
 var _util2 = require("../util");
-
 var _node = require("./node");
-
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-
 function mixinOAuth(Base, TransactionManagerConstructor) {
   var _class;
-
   const WithOriginalUri = (0, _node.provideOriginalUri)(Base);
   return _class = class OktaAuthOAuth extends WithOriginalUri {
     constructor(...args) {
@@ -45,21 +31,23 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
         handleLogin: false
       };
       this._tokenQueue = new _util.PromiseQueue();
-      this.token = (0, _factory.createTokenAPI)(this, this._tokenQueue); // TokenManager
+      this.token = (0, _factory.createTokenAPI)(this, this._tokenQueue);
 
+      // TokenManager
       this.tokenManager = new _TokenManager.TokenManager(this, this.options.tokenManager);
-    } // inherited from subclass
-
+    }
 
+    // inherited from subclass
     clearStorage() {
-      super.clearStorage(); // Clear all local tokens
+      super.clearStorage();
 
+      // Clear all local tokens
       this.tokenManager.clear();
-    } // Returns true if both accessToken and idToken are not expired
+    }
+
+    // Returns true if both accessToken and idToken are not expired
     // If `autoRenew` option is set, will attempt to renew expired tokens before returning.
     // eslint-disable-next-line complexity
-
-
     async isAuthenticated(options = {}) {
       // TODO: remove dependency on tokenManager options in next major version - OKTA-473815
       const {
@@ -71,59 +59,50 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
       let {
         accessToken
       } = this.tokenManager.getTokensSync();
-
       if (accessToken && this.tokenManager.hasExpired(accessToken)) {
         accessToken = undefined;
-
         if (shouldRenew) {
           try {
             accessToken = await this.tokenManager.renew('accessToken');
-          } catch {// Renew errors will emit an "error" event 
+          } catch {
+            // Renew errors will emit an "error" event 
           }
         } else if (shouldRemove) {
           this.tokenManager.remove('accessToken');
         }
       }
-
       let {
         idToken
       } = this.tokenManager.getTokensSync();
-
       if (idToken && this.tokenManager.hasExpired(idToken)) {
         idToken = undefined;
-
         if (shouldRenew) {
           try {
             idToken = await this.tokenManager.renew('idToken');
-          } catch {// Renew errors will emit an "error" event 
+          } catch {
+            // Renew errors will emit an "error" event 
           }
         } else if (shouldRemove) {
           this.tokenManager.remove('idToken');
         }
       }
-
       return !!(accessToken && idToken);
     }
-
     async signInWithRedirect(opts = {}) {
       const {
         originalUri,
         ...additionalParams
       } = opts;
-
       if (this._pending.handleLogin) {
         // Don't trigger second round
         return;
       }
-
       this._pending.handleLogin = true;
-
       try {
         // Trigger default signIn redirect flow
         if (originalUri) {
           this.setOriginalUri(originalUri);
         }
-
         const params = Object.assign({
           // TODO: remove this line when default scopes are changed OKTA-343294
           scopes: this.options.scopes || ['openid', 'email', 'profile']
@@ -133,7 +112,6 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
         this._pending.handleLogin = false;
       }
     }
-
     async getUser() {
       const {
         idToken,
@@ -141,146 +119,123 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
       } = this.tokenManager.getTokensSync();
       return this.token.getUserInfo(accessToken, idToken);
     }
-
     getIdToken() {
       const {
         idToken
       } = this.tokenManager.getTokensSync();
       return idToken ? idToken.idToken : undefined;
     }
-
     getAccessToken() {
       const {
         accessToken
       } = this.tokenManager.getTokensSync();
       return accessToken ? accessToken.accessToken : undefined;
     }
-
     getRefreshToken() {
       const {
         refreshToken
       } = this.tokenManager.getTokensSync();
       return refreshToken ? refreshToken.refreshToken : undefined;
     }
+
     /**
      * Store parsed tokens from redirect url
      */
-
-
     async storeTokensFromRedirect() {
       const {
         tokens
       } = await this.token.parseFromUrl();
       this.tokenManager.setTokens(tokens);
     }
-
     isLoginRedirect() {
       return (0, _util2.isLoginRedirect)(this);
     }
-
     isPKCE() {
       return !!this.options.pkce;
     }
-
     hasResponseType(responseType) {
       let hasResponseType = false;
-
       if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
         hasResponseType = this.options.responseType.indexOf(responseType) >= 0;
       } else {
         hasResponseType = this.options.responseType === responseType;
       }
-
       return hasResponseType;
     }
-
     isAuthorizationCodeFlow() {
       return this.hasResponseType('code');
-    } // Escape hatch method to make arbitrary OKTA API call
-
+    }
 
+    // Escape hatch method to make arbitrary OKTA API call
     async invokeApiMethod(options) {
       if (!options.accessToken) {
         const accessToken = (await this.tokenManager.getTokens()).accessToken;
         options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
       }
-
       return (0, _http.httpRequest)(this, options);
-    } // Revokes the access token for the application session
-
+    }
 
+    // Revokes the access token for the application session
     async revokeAccessToken(accessToken) {
       if (!accessToken) {
         accessToken = (await this.tokenManager.getTokens()).accessToken;
         const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');
         this.tokenManager.remove(accessTokenKey);
-      } // Access token may have been removed. In this case, we will silently succeed.
-
-
+      }
+      // Access token may have been removed. In this case, we will silently succeed.
       if (!accessToken) {
         return Promise.resolve(null);
       }
-
       return this.token.revoke(accessToken);
-    } // Revokes the refresh token for the application session
-
+    }
 
+    // Revokes the refresh token for the application session
     async revokeRefreshToken(refreshToken) {
       if (!refreshToken) {
         refreshToken = (await this.tokenManager.getTokens()).refreshToken;
         const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');
         this.tokenManager.remove(refreshTokenKey);
-      } // Refresh token may have been removed. In this case, we will silently succeed.
-
-
+      }
+      // Refresh token may have been removed. In this case, we will silently succeed.
       if (!refreshToken) {
         return Promise.resolve(null);
       }
-
       return this.token.revoke(refreshToken);
     }
-
     getSignOutRedirectUrl(options = {}) {
       let {
         idToken,
         postLogoutRedirectUri,
         state
       } = options;
-
       if (!idToken) {
         idToken = this.tokenManager.getTokensSync().idToken;
       }
-
       if (!idToken) {
         return '';
       }
-
       if (!postLogoutRedirectUri) {
         postLogoutRedirectUri = this.options.postLogoutRedirectUri;
       }
-
       const logoutUrl = (0, _util2.getOAuthUrls)(this).logoutUrl;
       const idTokenHint = idToken.idToken; // a string
-
       let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);
-
       if (postLogoutRedirectUri) {
         logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);
-      } // State allows option parameters to be passed to logout redirect uri
-
-
+      }
+      // State allows option parameters to be passed to logout redirect uri
       if (state) {
         logoutUri += '&state=' + encodeURIComponent(state);
       }
-
       return logoutUri;
-    } // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.
-    // eslint-disable-next-line complexity
-
+    }
 
+    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.
+    // eslint-disable-next-line complexity
     async signOut(options) {
-      options = Object.assign({}, options); // postLogoutRedirectUri must be whitelisted in Okta Admin UI
+      options = Object.assign({}, options);
 
+      // postLogoutRedirectUri must be whitelisted in Okta Admin UI
       var defaultUri = window.location.origin;
       var currentUri = window.location.href;
       var postLogoutRedirectUri = options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
@@ -288,32 +243,27 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
       var refreshToken = options.refreshToken;
       var revokeAccessToken = options.revokeAccessToken !== false;
       var revokeRefreshToken = options.revokeRefreshToken !== false;
-
       if (revokeRefreshToken && typeof refreshToken === 'undefined') {
         refreshToken = this.tokenManager.getTokensSync().refreshToken;
       }
-
       if (revokeAccessToken && typeof accessToken === 'undefined') {
         accessToken = this.tokenManager.getTokensSync().accessToken;
       }
-
       if (!options.idToken) {
         options.idToken = this.tokenManager.getTokensSync().idToken;
       }
-
       if (revokeRefreshToken && refreshToken) {
         await this.revokeRefreshToken(refreshToken);
       }
-
       if (revokeAccessToken && accessToken) {
         await this.revokeAccessToken(accessToken);
       }
-
-      const logoutUri = this.getSignOutRedirectUrl({ ...options,
+      const logoutUri = this.getSignOutRedirectUrl({
+        ...options,
         postLogoutRedirectUri
-      }); // No logoutUri? This can happen if the storage was cleared.
+      });
+      // No logoutUri? This can happen if the storage was cleared.
       // Fallback to XHR signOut, then simulate a redirect to the post logout uri
-
       if (!logoutUri) {
         // local tokens are cleared once session is closed
         return this.closeSession() // can throw if the user cannot be signed out
@@ -330,13 +280,11 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
           this.tokenManager.clear();
         } else {
           this.tokenManager.addPendingRemoveFlags();
-        } // Flow ends with logout redirect
-
-
+        }
+        // Flow ends with logout redirect
         window.location.assign(logoutUri);
       }
     }
-
   }, (0, _defineProperty2.default)(_class, "crypto", crypto), _class;
 }
 //# sourceMappingURL=index.js.map

package/cjs/oidc/mixin/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","responseType","Array","isArray","length","indexOf","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","closeSession","then","reload","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens } = await this.token.parseFromUrl();\n      this.tokenManager.setTokens(tokens);\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n  \n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n  \n    hasResponseType(responseType: OAuthResponseType): boolean {\n      let hasResponseType = false;\n      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n      } else {\n        hasResponseType = this.options.responseType === responseType;\n      }\n      return hasResponseType;\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (!postLogoutRedirectUri) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity\n    async signOut(options?: SignoutOptions): Promise<void> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      var defaultUri = window.location.origin;\n      var currentUri = window.location.href;\n      var postLogoutRedirectUri = options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri;\n    \n      var accessToken = options.accessToken;\n      var refreshToken = options.refreshToken;\n      var revokeAccessToken = options.revokeAccessToken !== false;\n      var revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        return this.closeSession() // can throw if the user cannot be signed out\n        .then(function() {\n          if (postLogoutRedirectUri === currentUri) {\n            window.location.reload(); // force a hard reload if URI is not changing\n          } else {\n            window.location.assign(postLogoutRedirectUri);\n          }\n        });\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n      }\n    }\n\n  };\n\n}\n"],"mappings":";;;;;;;;AAAA;;AAEA;;AAIA;;AAsBA;;AACA;;AACA;;AACA;;AAGA;;;;;;AACO,SAASA,UAAT,CAULC,IAVK,EAWLC,6BAXK,EAaP;EAAA;;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAA,EAAmBH,IAAnB,CAAxB;EACA,gBAAO,MAAMI,aAAN,SAA4BF,eAA5B,CAEP;IAUEG,WAAW,CAAC,GAAGC,IAAJ,EAAiB;MAC1B,MAAM,GAAGA,IAAT;MAEA,KAAKC,kBAAL,GAA0B,IAAIN,6BAAJ,CAAkCO,MAAM,CAACC,MAAP,CAAc;QACxEC,cAAc,EAAE,KAAKA;MADmD,CAAd,EAEzD,KAAKC,OAAL,CAAaJ,kBAF4C,CAAlC,CAA1B;MAIA,KAAKK,IAAL,GAAY;QACVC,6BAA6B,EAAEC,aAAA,CAAKD,6BAD1B;QAEVE,gBAAgB,EAAED,aAAA,CAAKC,gBAFb;QAGVC,gBAAgB,EAAEF,aAAA,CAAKE;MAHb,CAAZ;MAMA,KAAKC,QAAL,GAAgB;QAAEC,WAAW,EAAE;MAAf,CAAhB;MAEA,KAAKC,WAAL,GAAmB,IAAIC,kBAAJ,EAAnB;MAEA,KAAKC,KAAL,GAAa,IAAAC,uBAAA,EAAe,IAAf,EAAqB,KAAKH,WAA1B,CAAb,CAjB0B,CAmB1B;;MACA,KAAKI,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB,KAAKb,OAAL,CAAaY,YAApC,CAApB;IACD,CA/BH,CAiCE;;;IACAE,YAAY,GAAS;MACnB,MAAMA,YAAN,GADmB,CAGnB;;MACA,KAAKF,YAAL,CAAkBG,KAAlB;IACD,CAvCH,CAyCE;IACA;IACA;;;IACqB,MAAfC,eAAe,CAAChB,OAA+B,GAAG,EAAnC,EAAyD;MAC5E;MACA,MAAM;QAAEiB,SAAF;QAAaC;MAAb,IAA4B,KAAKN,YAAL,CAAkBO,UAAlB,EAAlC;MAEA,MAAMC,WAAW,GAAGpB,OAAO,CAACqB,cAAR,GAAyBrB,OAAO,CAACqB,cAAR,KAA2B,OAApD,GAA8DJ,SAAlF;MACA,MAAMK,YAAY,GAAGtB,OAAO,CAACqB,cAAR,GAAyBrB,OAAO,CAACqB,cAAR,KAA2B,QAApD,GAA+DH,UAApF;MAEA,IAAI;QAAEK;MAAF,IAAkB,KAAKX,YAAL,CAAkBY,aAAlB,EAAtB;;MACA,IAAID,WAAW,IAAI,KAAKX,YAAL,CAAkBa,UAAlB,CAA6BF,WAA7B,CAAnB,EAA8D;QAC5DA,WAAW,GAAGG,SAAd;;QACA,IAAIN,WAAJ,EAAiB;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,KAAKX,YAAL,CAAkBe,KAAlB,CAAwB,aAAxB,CAApB;UACD,CAFD,CAEE,MAAM,CACN;UACD;QACF,CAND,MAMO,IAAIL,YAAJ,EAAkB;UACvB,KAAKV,YAAL,CAAkBgB,MAAlB,CAAyB,aAAzB;QACD;MACF;;MAED,IAAI;QAAEC;MAAF,IAAc,KAAKjB,YAAL,CAAkBY,aAAlB,EAAlB;;MACA,IAAIK,OAAO,IAAI,KAAKjB,YAAL,CAAkBa,UAAlB,CAA6BI,OAA7B,CAAf,EAAsD;QACpDA,OAAO,GAAGH,SAAV;;QACA,IAAIN,WAAJ,EAAiB;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,KAAKjB,YAAL,CAAkBe,KAAlB,CAAwB,SAAxB,CAAhB;UACD,CAFD,CAEE,MAAM,CACN;UACD;QACF,CAND,MAMO,IAAIL,YAAJ,EAAkB;UACvB,KAAKV,YAAL,CAAkBgB,MAAlB,CAAyB,SAAzB;QACD;MACF;;MAED,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAjB,CAAR;IACD;;IAGuB,MAAlBC,kBAAkB,CAACC,IAA+B,GAAG,EAAnC,EAAuC;MAC7D,MAAM;QAAEC,WAAF;QAAe,GAAGC;MAAlB,IAAuCF,IAA7C;;MACA,IAAG,KAAKzB,QAAL,CAAcC,WAAjB,EAA8B;QAC5B;QACA;MACD;;MAED,KAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;MACA,IAAI;QACF;QACA,IAAIyB,WAAJ,EAAiB;UACf,KAAKE,cAAL,CAAoBF,WAApB;QACD;;QACD,MAAMG,MAAM,GAAGtC,MAAM,CAACC,MAAP,CAAc;UAC3B;UACAsC,MAAM,EAAE,KAAKpC,OAAL,CAAaoC,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;QAFJ,CAAd,EAGZH,gBAHY,CAAf;QAIA,MAAM,KAAKvB,KAAL,CAAW2B,eAAX,CAA2BF,MAA3B,CAAN;MACD,CAVD,SAUU;QACR,KAAK7B,QAAL,CAAcC,WAAd,GAA4B,KAA5B;MACD;IACF;;IAEY,MAAP+B,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAF;QAAWN;MAAX,IAA2B,KAAKX,YAAL,CAAkBY,aAAlB,EAAjC;MACA,OAAO,KAAKd,KAAL,CAAW6B,WAAX,CAAuBhB,WAAvB,EAAoCM,OAApC,CAAP;IACD;;IAEDW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAF,IAAc,KAAKjB,YAAL,CAAkBY,aAAlB,EAApB;MACA,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBH,SAAnC;IACD;;IAEDe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAF,IAAkB,KAAKX,YAAL,CAAkBY,aAAlB,EAAxB;MACA,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BG,SAA/C;IACD;;IAEDgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAF,IAAmB,KAAK/B,YAAL,CAAkBY,aAAlB,EAAzB;MACA,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BjB,SAAlD;IACD;IAED;AACJ;AACA;;;IACiC,MAAvBkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC;MAAF,IAAa,MAAM,KAAKnC,KAAL,CAAWoC,YAAX,EAAzB;MACA,KAAKlC,YAAL,CAAkBmC,SAAlB,CAA4BF,MAA5B;IACD;;IAEDG,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAA,EAAgB,IAAhB,CAAP;IACD;;IAGDC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,KAAKjD,OAAL,CAAaC,IAAtB;IACD;;IAEDiD,eAAe,CAACC,YAAD,EAA2C;MACxD,IAAID,eAAe,GAAG,KAAtB;;MACA,IAAIE,KAAK,CAACC,OAAN,CAAc,KAAKrD,OAAL,CAAamD,YAA3B,KAA4C,KAAKnD,OAAL,CAAamD,YAAb,CAA0BG,MAA1E,EAAkF;QAChFJ,eAAe,GAAG,KAAKlD,OAAL,CAAamD,YAAb,CAA0BI,OAA1B,CAAkCJ,YAAlC,KAAmD,CAArE;MACD,CAFD,MAEO;QACLD,eAAe,GAAG,KAAKlD,OAAL,CAAamD,YAAb,KAA8BA,YAAhD;MACD;;MACD,OAAOD,eAAP;IACD;;IAEDM,uBAAuB,GAAY;MACjC,OAAO,KAAKN,eAAL,CAAqB,MAArB,CAAP;IACD,CA3JH,CA6JE;;;IACqB,MAAfO,eAAe,CAACzD,OAAD,EAA4C;MAC/D,IAAI,CAACA,OAAO,CAACuB,WAAb,EAA0B;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,KAAKX,YAAL,CAAkB8C,SAAlB,EAAP,EAAsCnC,WAA1D;QACAvB,OAAO,CAACuB,WAAR,GAAsBA,WAAtB,aAAsBA,WAAtB,uBAAsBA,WAAW,CAAEA,WAAnC;MACD;;MACD,OAAO,IAAAoC,iBAAA,EAAY,IAAZ,EAAkB3D,OAAlB,CAAP;IACD,CApKH,CAsKE;;;IACuB,MAAjB4D,iBAAiB,CAACrC,WAAD,EAA8C;MACnE,IAAI,CAACA,WAAL,EAAkB;QAChBA,WAAW,GAAG,CAAC,MAAM,KAAKX,YAAL,CAAkB8C,SAAlB,EAAP,EAAsCnC,WAApD;QACA,MAAMsC,cAAc,GAAG,KAAKjD,YAAL,CAAkBkD,mBAAlB,CAAsC,aAAtC,CAAvB;QACA,KAAKlD,YAAL,CAAkBgB,MAAlB,CAAyBiC,cAAzB;MACD,CALkE,CAMnE;;;MACA,IAAI,CAACtC,WAAL,EAAkB;QAChB,OAAOwC,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;MACD;;MACD,OAAO,KAAKtD,KAAL,CAAWuD,MAAX,CAAkB1C,WAAlB,CAAP;IACD,CAlLH,CAoLE;;;IACwB,MAAlB2C,kBAAkB,CAACvB,YAAD,EAAgD;MACtE,IAAI,CAACA,YAAL,EAAmB;QACjBA,YAAY,GAAG,CAAC,MAAM,KAAK/B,YAAL,CAAkB8C,SAAlB,EAAP,EAAsCf,YAArD;QACA,MAAMwB,eAAe,GAAG,KAAKvD,YAAL,CAAkBkD,mBAAlB,CAAsC,cAAtC,CAAxB;QACA,KAAKlD,YAAL,CAAkBgB,MAAlB,CAAyBuC,eAAzB;MACD,CALqE,CAMtE;;;MACA,IAAI,CAACxB,YAAL,EAAmB;QACjB,OAAOoB,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;MACD;;MACD,OAAO,KAAKtD,KAAL,CAAWuD,MAAX,CAAkBtB,YAAlB,CAAP;IACD;;IAEDyB,qBAAqB,CAACpE,OAAkC,GAAG,EAAtC,EAA0C;MAC7D,IAAI;QACF6B,OADE;QAEFwC,qBAFE;QAGFC;MAHE,IAIAtE,OAJJ;;MAKA,IAAI,CAAC6B,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKjB,YAAL,CAAkBY,aAAlB,GAAkCK,OAA5C;MACD;;MACD,IAAI,CAACA,OAAL,EAAc;QACZ,OAAO,EAAP;MACD;;MACD,IAAI,CAACwC,qBAAL,EAA4B;QAC1BA,qBAAqB,GAAG,KAAKrE,OAAL,CAAaqE,qBAArC;MACD;;MAED,MAAME,SAAS,GAAG,IAAAC,mBAAA,EAAa,IAAb,EAAmBD,SAArC;MACA,MAAME,WAAW,GAAG5C,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;MACrC,IAAI6C,SAAS,GAAGH,SAAS,GAAG,iBAAZ,GAAgCI,kBAAkB,CAACF,WAAD,CAAlE;;MACA,IAAIJ,qBAAJ,EAA2B;QACzBK,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;MACD,CArB4D,CAsB7D;;;MACA,IAAIC,KAAJ,EAAW;QACTI,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;MACD;;MAED,OAAOI,SAAP;IACD,CA9NH,CAgOE;IACA;;;IACa,MAAPE,OAAO,CAAC5E,OAAD,EAA0C;MACrDA,OAAO,GAAGH,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBE,OAAlB,CAAV,CADqD,CAGrD;;MACA,IAAI6E,UAAU,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAjC;MACA,IAAIC,UAAU,GAAGH,MAAM,CAACC,QAAP,CAAgBG,IAAjC;MACA,IAAIb,qBAAqB,GAAGrE,OAAO,CAACqE,qBAAR,IACvB,KAAKrE,OAAL,CAAaqE,qBADU,IAEvBQ,UAFL;MAIA,IAAItD,WAAW,GAAGvB,OAAO,CAACuB,WAA1B;MACA,IAAIoB,YAAY,GAAG3C,OAAO,CAAC2C,YAA3B;MACA,IAAIiB,iBAAiB,GAAG5D,OAAO,CAAC4D,iBAAR,KAA8B,KAAtD;MACA,IAAIM,kBAAkB,GAAGlE,OAAO,CAACkE,kBAAR,KAA+B,KAAxD;;MAEA,IAAIA,kBAAkB,IAAI,OAAOvB,YAAP,KAAwB,WAAlD,EAA+D;QAC7DA,YAAY,GAAG,KAAK/B,YAAL,CAAkBY,aAAlB,GAAkCmB,YAAjD;MACD;;MAED,IAAIiB,iBAAiB,IAAI,OAAOrC,WAAP,KAAuB,WAAhD,EAA6D;QAC3DA,WAAW,GAAG,KAAKX,YAAL,CAAkBY,aAAlB,GAAkCD,WAAhD;MACD;;MAED,IAAI,CAACvB,OAAO,CAAC6B,OAAb,EAAsB;QACpB7B,OAAO,CAAC6B,OAAR,GAAkB,KAAKjB,YAAL,CAAkBY,aAAlB,GAAkCK,OAApD;MACD;;MAED,IAAIqC,kBAAkB,IAAIvB,YAA1B,EAAwC;QACtC,MAAM,KAAKuB,kBAAL,CAAwBvB,YAAxB,CAAN;MACD;;MAED,IAAIiB,iBAAiB,IAAIrC,WAAzB,EAAsC;QACpC,MAAM,KAAKqC,iBAAL,CAAuBrC,WAAvB,CAAN;MACD;;MAED,MAAMmD,SAAS,GAAG,KAAKN,qBAAL,CAA2B,EAAE,GAAGpE,OAAL;QAAcqE;MAAd,CAA3B,CAAlB,CAnCqD,CAoCrD;MACA;;MACA,IAAI,CAACK,SAAL,EAAgB;QACd;QACA,OAAO,KAAKS,YAAL,GAAoB;QAApB,CACNC,IADM,CACD,YAAW;UACf,IAAIf,qBAAqB,KAAKY,UAA9B,EAA0C;YACxCH,MAAM,CAACC,QAAP,CAAgBM,MAAhB,GADwC,CACd;UAC3B,CAFD,MAEO;YACLP,MAAM,CAACC,QAAP,CAAgBjF,MAAhB,CAAuBuE,qBAAvB;UACD;QACF,CAPM,CAAP;MAQD,CAVD,MAUO;QACL,IAAIrE,OAAO,CAACsF,yBAAZ,EAAuC;UACrC;UACA,KAAK1E,YAAL,CAAkBG,KAAlB;QACD,CAHD,MAGO;UACL,KAAKH,YAAL,CAAkB2E,qBAAlB;QACD,CANI,CAOL;;;QACAT,MAAM,CAACC,QAAP,CAAgBjF,MAAhB,CAAuB4E,SAAvB;MACD;IACF;;EA5RH,CAFA,kDAG6Bc,MAH7B;AAkSD"}
+{"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","responseType","Array","isArray","length","indexOf","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","closeSession","then","reload","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens } = await this.token.parseFromUrl();\n      this.tokenManager.setTokens(tokens);\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n  \n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n  \n    hasResponseType(responseType: OAuthResponseType): boolean {\n      let hasResponseType = false;\n      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n      } else {\n        hasResponseType = this.options.responseType === responseType;\n      }\n      return hasResponseType;\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (!postLogoutRedirectUri) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity\n    async signOut(options?: SignoutOptions): Promise<void> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      var defaultUri = window.location.origin;\n      var currentUri = window.location.href;\n      var postLogoutRedirectUri = options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri;\n    \n      var accessToken = options.accessToken;\n      var refreshToken = options.refreshToken;\n      var revokeAccessToken = options.revokeAccessToken !== false;\n      var revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        return this.closeSession() // can throw if the user cannot be signed out\n        .then(function() {\n          if (postLogoutRedirectUri === currentUri) {\n            window.location.reload(); // force a hard reload if URI is not changing\n          } else {\n            window.location.assign(postLogoutRedirectUri);\n          }\n        });\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n      }\n    }\n\n  };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAsBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAUEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,uBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;IACvE;;IAEA;IACAE,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACF,YAAY,CAACG,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAChB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEiB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACN,YAAY,CAACO,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGpB,OAAO,CAACqB,cAAc,GAAGrB,OAAO,CAACqB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGtB,OAAO,CAACqB,cAAc,GAAGrB,OAAO,CAACqB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACX,YAAY,CAACa,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACX,YAAY,CAACe,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACV,YAAY,CAACgB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACjB,YAAY,CAACY,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACjB,YAAY,CAACa,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACjB,YAAY,CAACe,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACV,YAAY,CAACgB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAACzB,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAIyB,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGtC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAsC,MAAM,EAAE,IAAI,CAACpC,OAAO,CAACoC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACvB,KAAK,CAAC2B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC7B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAM+B,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,aAAa,EAAE;MAClE,OAAO,IAAI,CAACd,KAAK,CAAC6B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACjB,YAAY,CAACY,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAAC/B,YAAY,CAACY,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC;MAAO,CAAC,GAAG,MAAM,IAAI,CAACnC,KAAK,CAACoC,YAAY,EAAE;MAClD,IAAI,CAAClC,YAAY,CAACmC,SAAS,CAACF,MAAM,CAAC;IACrC;IAEAG,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAGAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACjD,OAAO,CAACC,IAAI;IAC5B;IAEAiD,eAAe,CAACC,YAA+B,EAAW;MACxD,IAAID,eAAe,GAAG,KAAK;MAC3B,IAAIE,KAAK,CAACC,OAAO,CAAC,IAAI,CAACrD,OAAO,CAACmD,YAAY,CAAC,IAAI,IAAI,CAACnD,OAAO,CAACmD,YAAY,CAACG,MAAM,EAAE;QAChFJ,eAAe,GAAG,IAAI,CAAClD,OAAO,CAACmD,YAAY,CAACI,OAAO,CAACJ,YAAY,CAAC,IAAI,CAAC;MACxE,CAAC,MAAM;QACLD,eAAe,GAAG,IAAI,CAAClD,OAAO,CAACmD,YAAY,KAAKA,YAAY;MAC9D;MACA,OAAOD,eAAe;IACxB;IAEAM,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACN,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAMO,eAAe,CAACzD,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACuB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACX,YAAY,CAAC8C,SAAS,EAAE,EAAEnC,WAA0B;QACpFvB,OAAO,CAACuB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAoC,iBAAW,EAAC,IAAI,EAAE3D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM4D,iBAAiB,CAACrC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACX,YAAY,CAAC8C,SAAS,EAAE,EAAEnC,WAA0B;QAC9E,MAAMsC,cAAc,GAAG,IAAI,CAACjD,YAAY,CAACkD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAAClD,YAAY,CAACgB,MAAM,CAACiC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACtC,WAAW,EAAE;QAChB,OAAOwC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACtD,KAAK,CAACuD,MAAM,CAAC1C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM2C,kBAAkB,CAACvB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAAC/B,YAAY,CAAC8C,SAAS,EAAE,EAAEf,YAA4B;QACjF,MAAMwB,eAAe,GAAG,IAAI,CAACvD,YAAY,CAACkD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAAClD,YAAY,CAACgB,MAAM,CAACuC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACxB,YAAY,EAAE;QACjB,OAAOoB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACtD,KAAK,CAACuD,MAAM,CAACtB,YAAY,CAAC;IACxC;IAEAyB,qBAAqB,CAACpE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF6B,OAAO;QACPwC,qBAAqB;QACrBC;MACF,CAAC,GAAGtE,OAAO;MACX,IAAI,CAAC6B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACjB,YAAY,CAACY,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAI,CAACwC,qBAAqB,EAAE;QAC1BA,qBAAqB,GAAG,IAAI,CAACrE,OAAO,CAACqE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG5C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI6C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC5E,OAAwB,EAAiB;MACrDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,IAAI6E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACvC,IAAIC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACrC,IAAIb,qBAAqB,GAAGrE,OAAO,CAACqE,qBAAqB,IACpD,IAAI,CAACrE,OAAO,CAACqE,qBAAqB,IAClCQ,UAAU;MAEf,IAAItD,WAAW,GAAGvB,OAAO,CAACuB,WAAW;MACrC,IAAIoB,YAAY,GAAG3C,OAAO,CAAC2C,YAAY;MACvC,IAAIiB,iBAAiB,GAAG5D,OAAO,CAAC4D,iBAAiB,KAAK,KAAK;MAC3D,IAAIM,kBAAkB,GAAGlE,OAAO,CAACkE,kBAAkB,KAAK,KAAK;MAE7D,IAAIA,kBAAkB,IAAI,OAAOvB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAAC/B,YAAY,CAACY,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIiB,iBAAiB,IAAI,OAAOrC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACX,YAAY,CAACY,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACvB,OAAO,CAAC6B,OAAO,EAAE;QACpB7B,OAAO,CAAC6B,OAAO,GAAG,IAAI,CAACjB,YAAY,CAACY,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIqC,kBAAkB,IAAIvB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACuB,kBAAkB,CAACvB,YAAY,CAAC;MAC7C;MAEA,IAAIiB,iBAAiB,IAAIrC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACqC,iBAAiB,CAACrC,WAAW,CAAC;MAC3C;MAEA,MAAMmD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGpE,OAAO;QAAEqE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,OAAO,IAAI,CAACS,YAAY,EAAE,CAAC;QAAA,CAC1BC,IAAI,CAAC,YAAW;UACf,IAAIf,qBAAqB,KAAKY,UAAU,EAAE;YACxCH,MAAM,CAACC,QAAQ,CAACM,MAAM,EAAE,CAAC,CAAC;UAC5B,CAAC,MAAM;YACLP,MAAM,CAACC,QAAQ,CAACjF,MAAM,CAACuE,qBAAqB,CAAC;UAC/C;QACF,CAAC,CAAC;MACJ,CAAC,MAAM;QACL,IAAIrE,OAAO,CAACsF,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC1E,YAAY,CAACG,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACH,YAAY,CAAC2E,qBAAqB,EAAE;QAC3C;QACA;QACAT,MAAM,CAACC,QAAQ,CAACjF,MAAM,CAAC4E,SAAS,CAAC;MACnC;IACF;EAEF,CAAC,kDA7R4Bc,MAAM;AA+RrC"}

package/cjs/oidc/mixin/node.js

@@ -1,44 +1,37 @@
 "use strict";
 
 exports.provideOriginalUri = provideOriginalUri;
-
-function provideOriginalUri(BaseClass) //: TBase & OktaAuthConstructor<O, I & OriginalUriApi>
+function provideOriginalUri(BaseClass)
+//: TBase & OktaAuthConstructor<O, I & OriginalUriApi>
 {
   return class NodeOriginalUri extends BaseClass {
     setOriginalUri(originalUri, state) {
       // to support multi-tab flows, set a state in constructor or pass as param
       state = state || this.options.state;
-
       if (state) {
         const sharedStorage = this.storageManager.getOriginalUriStorage();
         sharedStorage.setItem(state, originalUri);
       }
     }
-
     getOriginalUri(state) {
       // Prefer shared storage (if state is available)
       state = state || this.options.state;
-
       if (state) {
         const sharedStorage = this.storageManager.getOriginalUriStorage();
         const originalUri = sharedStorage.getItem(state);
-
         if (originalUri) {
           return originalUri;
         }
       }
     }
-
     removeOriginalUri(state) {
       // remove from shared storage
       state = state || this.options.state;
-
       if (state) {
         const sharedStorage = this.storageManager.getOriginalUriStorage();
         sharedStorage.removeItem && sharedStorage.removeItem(state);
       }
     }
-
   };
 }
 //# sourceMappingURL=node.js.map

package/cjs/oidc/mixin/node.js.map

@@ -1 +1 @@
-{"version":3,"file":"node.js","names":["provideOriginalUri","BaseClass","NodeOriginalUri","setOriginalUri","originalUri","state","options","sharedStorage","storageManager","getOriginalUriStorage","setItem","getOriginalUri","getItem","removeOriginalUri","removeItem"],"sources":["../../../../lib/oidc/mixin/node.ts"],"sourcesContent":["\nimport { OktaAuthStorageInterface } from '../../storage';\nimport { OktaAuthConstructor } from '../../base';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthOptions,\n  OriginalUriApi,\n  PKCETransactionMeta,\n} from '../types';\n\nexport function provideOriginalUri\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthStorageInterface<S, O>> \n>\n(BaseClass: TBase) //: TBase & OktaAuthConstructor<O, I & OriginalUriApi>\n{\n  return class NodeOriginalUri extends BaseClass implements OriginalUriApi {\n    setOriginalUri(originalUri: string, state?: string): void {\n      // to support multi-tab flows, set a state in constructor or pass as param\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        sharedStorage.setItem(state, originalUri);\n      }\n    }\n  \n    getOriginalUri(state?: string): string | undefined {\n      // Prefer shared storage (if state is available)\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        const originalUri = sharedStorage.getItem(state);\n        if (originalUri) {\n          return originalUri;\n        }\n      }\n    }\n  \n    removeOriginalUri(state?: string): void {\n      // remove from shared storage\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        sharedStorage.removeItem && sharedStorage.removeItem(state);\n      }\n    }\n  };\n}\n"],"mappings":";;;;AAWO,SAASA,kBAAT,CAQNC,SARM,EAQY;AACnB;EACE,OAAO,MAAMC,eAAN,SAA8BD,SAA9B,CAAkE;IACvEE,cAAc,CAACC,WAAD,EAAsBC,KAAtB,EAA4C;MACxD;MACAA,KAAK,GAAGA,KAAK,IAAI,KAAKC,OAAL,CAAaD,KAA9B;;MACA,IAAIA,KAAJ,EAAW;QACT,MAAME,aAAa,GAAG,KAAKC,cAAL,CAAoBC,qBAApB,EAAtB;QACAF,aAAa,CAACG,OAAd,CAAsBL,KAAtB,EAA6BD,WAA7B;MACD;IACF;;IAEDO,cAAc,CAACN,KAAD,EAAqC;MACjD;MACAA,KAAK,GAAGA,KAAK,IAAI,KAAKC,OAAL,CAAaD,KAA9B;;MACA,IAAIA,KAAJ,EAAW;QACT,MAAME,aAAa,GAAG,KAAKC,cAAL,CAAoBC,qBAApB,EAAtB;QACA,MAAML,WAAW,GAAGG,aAAa,CAACK,OAAd,CAAsBP,KAAtB,CAApB;;QACA,IAAID,WAAJ,EAAiB;UACf,OAAOA,WAAP;QACD;MACF;IACF;;IAEDS,iBAAiB,CAACR,KAAD,EAAuB;MACtC;MACAA,KAAK,GAAGA,KAAK,IAAI,KAAKC,OAAL,CAAaD,KAA9B;;MACA,IAAIA,KAAJ,EAAW;QACT,MAAME,aAAa,GAAG,KAAKC,cAAL,CAAoBC,qBAApB,EAAtB;QACAF,aAAa,CAACO,UAAd,IAA4BP,aAAa,CAACO,UAAd,CAAyBT,KAAzB,CAA5B;MACD;IACF;;EA7BsE,CAAzE;AA+BD"}
+{"version":3,"file":"node.js","names":["provideOriginalUri","BaseClass","NodeOriginalUri","setOriginalUri","originalUri","state","options","sharedStorage","storageManager","getOriginalUriStorage","setItem","getOriginalUri","getItem","removeOriginalUri","removeItem"],"sources":["../../../../lib/oidc/mixin/node.ts"],"sourcesContent":["\nimport { OktaAuthStorageInterface } from '../../storage';\nimport { OktaAuthConstructor } from '../../base';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthOptions,\n  OriginalUriApi,\n  PKCETransactionMeta,\n} from '../types';\n\nexport function provideOriginalUri\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthStorageInterface<S, O>> \n>\n(BaseClass: TBase) //: TBase & OktaAuthConstructor<O, I & OriginalUriApi>\n{\n  return class NodeOriginalUri extends BaseClass implements OriginalUriApi {\n    setOriginalUri(originalUri: string, state?: string): void {\n      // to support multi-tab flows, set a state in constructor or pass as param\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        sharedStorage.setItem(state, originalUri);\n      }\n    }\n  \n    getOriginalUri(state?: string): string | undefined {\n      // Prefer shared storage (if state is available)\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        const originalUri = sharedStorage.getItem(state);\n        if (originalUri) {\n          return originalUri;\n        }\n      }\n    }\n  \n    removeOriginalUri(state?: string): void {\n      // remove from shared storage\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        sharedStorage.removeItem && sharedStorage.removeItem(state);\n      }\n    }\n  };\n}\n"],"mappings":";;;AAWO,SAASA,kBAAkB,CAQjCC,SAAgB;AAAE;AACnB;EACE,OAAO,MAAMC,eAAe,SAASD,SAAS,CAA2B;IACvEE,cAAc,CAACC,WAAmB,EAAEC,KAAc,EAAQ;MACxD;MACAA,KAAK,GAAGA,KAAK,IAAI,IAAI,CAACC,OAAO,CAACD,KAAK;MACnC,IAAIA,KAAK,EAAE;QACT,MAAME,aAAa,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;QACjEF,aAAa,CAACG,OAAO,CAACL,KAAK,EAAED,WAAW,CAAC;MAC3C;IACF;IAEAO,cAAc,CAACN,KAAc,EAAsB;MACjD;MACAA,KAAK,GAAGA,KAAK,IAAI,IAAI,CAACC,OAAO,CAACD,KAAK;MACnC,IAAIA,KAAK,EAAE;QACT,MAAME,aAAa,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;QACjE,MAAML,WAAW,GAAGG,aAAa,CAACK,OAAO,CAACP,KAAK,CAAC;QAChD,IAAID,WAAW,EAAE;UACf,OAAOA,WAAW;QACpB;MACF;IACF;IAEAS,iBAAiB,CAACR,KAAc,EAAQ;MACtC;MACAA,KAAK,GAAGA,KAAK,IAAI,IAAI,CAACC,OAAO,CAACD,KAAK;MACnC,IAAIA,KAAK,EAAE;QACT,MAAME,aAAa,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;QACjEF,aAAa,CAACO,UAAU,IAAIP,aAAa,CAACO,UAAU,CAACT,KAAK,CAAC;MAC7D;IACF;EACF,CAAC;AACH"}

package/cjs/oidc/options/OAuthOptionsConstructor.js

@@ -1,21 +1,13 @@
 "use strict";
 
 var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
-
 exports.createOAuthOptionsConstructor = createOAuthOptionsConstructor;
-
 var _constants = require("../../constants");
-
 var _url = require("../../util/url");
-
 var _features = require("../../features");
-
 var _options = require("../../http/options");
-
 var _node = require("./node");
-
 var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -27,40 +19,40 @@ var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"))
  * 
  * See the License for the specific language governing permissions and limitations under the License.
  */
+
 function assertValidConfig(args) {
   args = args || {};
   var scopes = args.scopes;
-
   if (scopes && !Array.isArray(scopes)) {
     throw new _AuthSdkError.default('scopes must be a array of strings. ' + 'Required usage: new OktaAuth({scopes: ["openid", "email"]})');
-  } // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-
+  }
 
+  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
   var issuer = args.issuer;
-
   if (!issuer) {
     throw new _AuthSdkError.default('No issuer passed to constructor. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
   }
-
   var isUrlRegex = new RegExp('^http?s?://.+');
-
   if (!isUrlRegex.test(issuer)) {
     throw new _AuthSdkError.default('Issuer must be a valid URL. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
   }
-
   if (issuer.indexOf('-admin.') !== -1) {
     throw new _AuthSdkError.default('Issuer URL passed to constructor contains "-admin" in subdomain. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com})');
   }
 }
-
 function createOAuthOptionsConstructor() {
   const HttpOptionsConstructor = (0, _options.createHttpOptionsConstructor)();
   return class OAuthOptionsConstructor extends HttpOptionsConstructor {
     // CustomUrls
+
     // TokenParams
+
     // Additional options
+
     // For server-side web applications ONLY!
+
     // Workaround for bad client time/clock
+
     // eslint-disable-next-line max-statements
     constructor(options) {
       super(options);
@@ -72,10 +64,8 @@ function createOAuthOptionsConstructor() {
       this.revokeUrl = (0, _url.removeTrailingSlash)(options.revokeUrl);
       this.logoutUrl = (0, _url.removeTrailingSlash)(options.logoutUrl);
       this.pkce = options.pkce === false ? false : true; // PKCE defaults to true
-
       this.clientId = options.clientId;
       this.redirectUri = options.redirectUri;
-
       if ((0, _features.isBrowser)()) {
         this.redirectUri = (0, _url.toAbsoluteUrl)(options.redirectUri, window.location.origin); // allow relative URIs
       }
@@ -83,11 +73,13 @@ function createOAuthOptionsConstructor() {
       this.responseType = options.responseType;
       this.responseMode = options.responseMode;
       this.state = options.state;
-      this.scopes = options.scopes; // Give the developer the ability to disable token signature validation.
-
+      this.scopes = options.scopes;
+      // Give the developer the ability to disable token signature validation.
       this.ignoreSignature = !!options.ignoreSignature;
       this.codeChallenge = options.codeChallenge;
       this.codeChallengeMethod = options.codeChallengeMethod;
+      this.acrValues = options.acrValues;
+      this.maxAge = options.maxAge;
       this.tokenManager = options.tokenManager;
       this.postLogoutRedirectUri = options.postLogoutRedirectUri;
       this.restoreOriginalUri = options.restoreOriginalUri;
@@ -96,25 +88,26 @@ function createOAuthOptionsConstructor() {
         ...options.transactionManager
       };
       this.clientSecret = options.clientSecret;
-      this.setLocation = options.setLocation; // As some end user's devices can have their date 
+      this.setLocation = options.setLocation;
+
+      // As some end user's devices can have their date 
       // and time incorrectly set, allow for the disabling
       // of the jwt liftetime validation
+      this.ignoreLifetime = !!options.ignoreLifetime;
 
-      this.ignoreLifetime = !!options.ignoreLifetime; // Digital clocks will drift over time, so the server
+      // Digital clocks will drift over time, so the server
       // can misalign with the time reported by the browser.
       // The maxClockSkew allows relaxing the time-based
       // validation of tokens (in seconds, not milliseconds).
       // It currently defaults to 300, because 5 min is the
       // default maximum tolerance allowed by Kerberos.
       // (https://technet.microsoft.com/en-us/library/cc976357.aspx)
-
       if (!options.maxClockSkew && options.maxClockSkew !== 0) {
         this.maxClockSkew = _constants.DEFAULT_MAX_CLOCK_SKEW;
       } else {
         this.maxClockSkew = options.maxClockSkew;
       }
     }
-
   };
 }
 //# sourceMappingURL=OAuthOptionsConstructor.js.map