@okta/okta-auth-js 7.0.1 → 7.1.0

package/cjs/oidc/util/defaultTokenParams.js

@@ -1,15 +1,10 @@
 "use strict";
 
 exports.getDefaultTokenParams = getDefaultTokenParams;
-
 var _oauth = require("./oauth");
-
 var _features = require("../../features");
-
 var _util = require("../../util");
-
 /* global window */
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -22,6 +17,7 @@ var _util = require("../../util");
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
+
 function getDefaultTokenParams(sdk) {
   const {
     pkce,
@@ -30,6 +26,8 @@ function getDefaultTokenParams(sdk) {
     responseType,
     responseMode,
     scopes,
+    acrValues,
+    maxAge,
     state,
     ignoreSignature
   } = sdk.options;
@@ -43,6 +41,8 @@ function getDefaultTokenParams(sdk) {
     state: state || (0, _oauth.generateState)(),
     nonce: (0, _oauth.generateNonce)(),
     scopes: scopes || ['openid', 'email'],
+    acrValues,
+    maxAge,
     ignoreSignature
   });
 }

package/cjs/oidc/util/defaultTokenParams.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","isBrowser","window","location","href","undefined","removeNils","generateState","nonce","generateNonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    ignoreSignature\n  });\n}"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAAyE;EAC9E,MAAM;IACJC,IADI;IAEJC,QAFI;IAGJC,WAHI;IAIJC,YAJI;IAKJC,YALI;IAMJC,MANI;IAOJC,KAPI;IAQJC;EARI,IASFR,GAAG,CAACS,OATR;EAUA,MAAMC,kBAAkB,GAAG,IAAAC,mBAAA,MAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;EACA,OAAO,IAAAC,gBAAA,EAAW;IAChBf,IADgB;IAEhBC,QAFgB;IAGhBC,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;IAIhBN,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;IAKhBC,YALgB;IAMhBE,KAAK,EAAEA,KAAK,IAAI,IAAAU,oBAAA,GANA;IAOhBC,KAAK,EAAE,IAAAC,oBAAA,GAPS;IAQhBb,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;IAShBE;EATgB,CAAX,CAAP;AAWD"}
+{"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","acrValues","maxAge","state","ignoreSignature","options","defaultRedirectUri","isBrowser","window","location","href","undefined","removeNils","generateState","nonce","generateNonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    acrValues,\n    maxAge,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    acrValues,\n    maxAge,\n    ignoreSignature\n  });\n}"],"mappings":";;;AAcA;AAEA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,qBAAqB,CAACC,GAA2B,EAAe;EAC9E,MAAM;IACJC,IAAI;IACJC,QAAQ;IACRC,WAAW;IACXC,YAAY;IACZC,YAAY;IACZC,MAAM;IACNC,SAAS;IACTC,MAAM;IACNC,KAAK;IACLC;EACF,CAAC,GAAGV,GAAG,CAACW,OAAO;EACf,MAAMC,kBAAkB,GAAG,IAAAC,mBAAS,GAAE,GAAGC,MAAM,CAACC,QAAQ,CAACC,IAAI,GAAGC,SAAS;EACzE,OAAO,IAAAC,gBAAU,EAAC;IAChBjB,IAAI;IACJC,QAAQ;IACRC,WAAW,EAAEA,WAAW,IAAIS,kBAAkB;IAC9CR,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC;IACnDC,YAAY;IACZI,KAAK,EAAEA,KAAK,IAAI,IAAAU,oBAAa,GAAE;IAC/BC,KAAK,EAAE,IAAAC,oBAAa,GAAE;IACtBf,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC;IACrCC,SAAS;IACTC,MAAM;IACNE;EACF,CAAC,CAAC;AACJ"}

package/cjs/oidc/util/errors.js

@@ -3,9 +3,7 @@
 exports.isAuthorizationCodeError = isAuthorizationCodeError;
 exports.isInteractionRequiredError = isInteractionRequiredError;
 exports.isRefreshTokenInvalidError = isRefreshTokenInvalidError;
-
 var _errors = require("../../errors");
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -17,27 +15,24 @@ var _errors = require("../../errors");
  * 
  * See the License for the specific language governing permissions and limitations under the License.
  */
+
 function isInteractionRequiredError(error) {
   if (error.name !== 'OAuthError') {
     return false;
   }
-
   const oauthError = error;
   return oauthError.errorCode === 'interaction_required';
 }
-
 function isAuthorizationCodeError(sdk, error) {
   if (error.name !== 'AuthApiError') {
     return false;
   }
-
-  const authApiError = error; // xhr property doesn't seem to match XMLHttpRequest type
-
+  const authApiError = error;
+  // xhr property doesn't seem to match XMLHttpRequest type
   const errorResponse = authApiError.xhr;
   const responseJSON = errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.responseJSON;
   return sdk.options.pkce && (responseJSON === null || responseJSON === void 0 ? void 0 : responseJSON.error) === 'invalid_grant';
 }
-
 function isRefreshTokenInvalidError(error) {
   // error: {"error":"invalid_grant","error_description":"The refresh token is invalid or expired."}
   return (0, _errors.isOAuthError)(error) && error.errorCode === 'invalid_grant' && error.errorSummary === 'The refresh token is invalid or expired.';

package/cjs/oidc/util/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n  // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n  return isOAuthError(error) &&\n    error.errorCode === 'invalid_grant' &&\n    error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;EACvD,IAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;IAC/B,OAAO,KAAP;EACD;;EACD,MAAMC,UAAU,GAAGF,KAAnB;EACA,OAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAA+DL,KAA/D,EAA6E;EAClF,IAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;IACjC,OAAO,KAAP;EACD;;EACD,MAAMK,YAAY,GAAGN,KAArB,CAJkF,CAKlF;;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;EACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;EACA,OAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD;;AAEM,SAASY,0BAAT,CAAoCZ,KAApC,EAA6D;EAClE;EACA,OAAO,IAAAa,oBAAA,EAAab,KAAb,KACLA,KAAK,CAACG,SAAN,KAAoB,eADf,IAELH,KAAK,CAACc,YAAN,KAAuB,0CAFzB;AAGD"}
+{"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n  // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n  return isOAuthError(error) &&\n    error.errorCode === 'invalid_grant' &&\n    error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;AAcA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,0BAA0B,CAACC,KAAY,EAAE;EACvD,IAAIA,KAAK,CAACC,IAAI,KAAK,YAAY,EAAE;IAC/B,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAGF,KAAmB;EACtC,OAAQE,UAAU,CAACC,SAAS,KAAK,sBAAsB;AACzD;AAEO,SAASC,wBAAwB,CAACC,GAA2B,EAAEL,KAAY,EAAE;EAClF,IAAIA,KAAK,CAACC,IAAI,KAAK,cAAc,EAAE;IACjC,OAAO,KAAK;EACd;EACA,MAAMK,YAAY,GAAGN,KAAqB;EAC1C;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAyC;EAC5E,MAAMC,YAAY,GAAGF,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEE,YAAuC;EAC3E,OAAOJ,GAAG,CAACK,OAAO,CAACC,IAAI,IAAK,CAAAF,YAAY,aAAZA,YAAY,uBAAZA,YAAY,CAAET,KAAK,MAAe,eAAgB;AAChF;AAEO,SAASY,0BAA0B,CAACZ,KAAc,EAAW;EAClE;EACA,OAAO,IAAAa,oBAAY,EAACb,KAAK,CAAC,IACxBA,KAAK,CAACG,SAAS,KAAK,eAAe,IACnCH,KAAK,CAACc,YAAY,KAAK,0CAA0C;AACrE"}

package/cjs/oidc/util/index.js

@@ -1,7 +1,6 @@
 "use strict";
 
 var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
-
 var _exportNames = {
   pkce: true
 };
@@ -11,9 +10,7 @@ Object.defineProperty(exports, "pkce", {
     return _pkce.default;
   }
 });
-
 var _browser = require("./browser");
-
 Object.keys(_browser).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -25,9 +22,7 @@ Object.keys(_browser).forEach(function (key) {
     }
   });
 });
-
 var _defaultTokenParams = require("./defaultTokenParams");
-
 Object.keys(_defaultTokenParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -39,9 +34,7 @@ Object.keys(_defaultTokenParams).forEach(function (key) {
     }
   });
 });
-
 var _errors = require("./errors");
-
 Object.keys(_errors).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -53,9 +46,7 @@ Object.keys(_errors).forEach(function (key) {
     }
   });
 });
-
 var _loginRedirect = require("./loginRedirect");
-
 Object.keys(_loginRedirect).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -67,9 +58,7 @@ Object.keys(_loginRedirect).forEach(function (key) {
     }
   });
 });
-
 var _oauth = require("./oauth");
-
 Object.keys(_oauth).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -81,9 +70,7 @@ Object.keys(_oauth).forEach(function (key) {
     }
   });
 });
-
 var _oauthMeta = require("./oauthMeta");
-
 Object.keys(_oauthMeta).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -95,11 +82,8 @@ Object.keys(_oauthMeta).forEach(function (key) {
     }
   });
 });
-
 var _pkce = _interopRequireDefault(require("./pkce"));
-
 var _prepareTokenParams = require("./prepareTokenParams");
-
 Object.keys(_prepareTokenParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -111,9 +95,7 @@ Object.keys(_prepareTokenParams).forEach(function (key) {
     }
   });
 });
-
 var _refreshToken = require("./refreshToken");
-
 Object.keys(_refreshToken).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -125,9 +107,7 @@ Object.keys(_refreshToken).forEach(function (key) {
     }
   });
 });
-
 var _urlParams = require("./urlParams");
-
 Object.keys(_urlParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -139,9 +119,7 @@ Object.keys(_urlParams).forEach(function (key) {
     }
   });
 });
-
 var _validateClaims = require("./validateClaims");
-
 Object.keys(_validateClaims).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -153,9 +131,7 @@ Object.keys(_validateClaims).forEach(function (key) {
     }
   });
 });
-
 var _validateToken = require("./validateToken");
-
 Object.keys(_validateToken).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;

package/cjs/oidc/util/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/util/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"mappings":";;;;;;;;;;;;;;AAcA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAEA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../../lib/oidc/util/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"mappings":";;;;;;;;;;;;AAcA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAEA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/cjs/oidc/util/loginRedirect.js

@@ -9,7 +9,6 @@ exports.isCodeFlow = isCodeFlow;
 exports.isInteractionRequired = isInteractionRequired;
 exports.isLoginRedirect = isLoginRedirect;
 exports.isRedirectUri = isRedirectUri;
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -22,81 +21,70 @@ exports.isRedirectUri = isRedirectUri;
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
-
 /* global window */
-
 /* eslint-disable complexity, max-statements */
+
 function hasTokensInHash(hash) {
   return /((id|access)_token=)/i.test(hash);
-} // authorization_code
-
+}
 
+// authorization_code
 function hasAuthorizationCode(hashOrSearch) {
   return /(code=)/i.test(hashOrSearch);
-} // interaction_code
-
+}
 
+// interaction_code
 function hasInteractionCode(hashOrSearch) {
   return /(interaction_code=)/i.test(hashOrSearch);
 }
-
 function hasErrorInUrl(hashOrSearch) {
   return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);
 }
-
 function isRedirectUri(uri, sdk) {
   var authParams = sdk.options;
-
   if (!uri || !authParams.redirectUri) {
     return false;
   }
-
   return uri.indexOf(authParams.redirectUri) === 0;
 }
-
 function isCodeFlow(options) {
   return options.pkce || options.responseType === 'code' || options.responseMode === 'query';
 }
-
 function getHashOrSearch(options) {
   var codeFlow = isCodeFlow(options);
   var useQuery = codeFlow && options.responseMode !== 'fragment';
   return useQuery ? window.location.search : window.location.hash;
 }
+
 /**
  * Check if tokens or a code have been passed back into the url, which happens in
  * the OIDC (including social auth IDP) redirect flow.
  */
-
-
 function isLoginRedirect(sdk) {
   // First check, is this a redirect URI?
   if (!isRedirectUri(window.location.href, sdk)) {
     return false;
-  } // The location contains either a code, token, or an error + error_description
-
+  }
 
+  // The location contains either a code, token, or an error + error_description
   var codeFlow = isCodeFlow(sdk.options);
   var hashOrSearch = getHashOrSearch(sdk.options);
-
   if (hasErrorInUrl(hashOrSearch)) {
     return true;
   }
-
   if (codeFlow) {
     var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);
     return hasCode;
-  } // implicit flow, will always be hash fragment
-
+  }
 
+  // implicit flow, will always be hash fragment
   return hasTokensInHash(window.location.hash);
 }
+
 /**
  * Check if error=interaction_required has been passed back in the url, which happens in
  * the social auth IDP redirect flow.
  */
-
-
 function isInteractionRequired(sdk, hashOrSearch) {
   if (!hashOrSearch) {
     // web only
@@ -104,10 +92,8 @@ function isInteractionRequired(sdk, hashOrSearch) {
     if (!isLoginRedirect(sdk)) {
       return false;
     }
-
     hashOrSearch = getHashOrSearch(sdk.options);
   }
-
   return /(error=interaction_required)/i.test(hashOrSearch);
 }
 //# sourceMappingURL=loginRedirect.js.map

package/cjs/oidc/util/loginRedirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n  var authParams = sdk.options;\n  if (!uri || !authParams.redirectUri) {\n    return false;\n  }\n  return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;EACrD,OAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;EAClE,OAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;EAChE,OAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;EAC3D,OAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA0E;EAC/E,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;EACA,IAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;IACnC,OAAO,KAAP;EACD;;EACD,OAAOJ,GAAG,CAACK,OAAJ,CAAYH,UAAU,CAACE,WAAvB,MAAwC,CAA/C;AACD;;AAEM,SAASE,UAAT,CAAoBH,OAApB,EAAmD;EACxD,OAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBP,OAAzB,EAAwD;EAC7D,IAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;EACA,IAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;EACA,OAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAuD;EAC5D;EACA,IAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;IAC5C,OAAO,KAAP;EACD,CAJ2D,CAM5D;;;EACA,IAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;EACA,IAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;EAEA,IAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;IAC/B,OAAO,IAAP;EACD;;EAED,IAAIe,QAAJ,EAAc;IACZ,IAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;IACA,OAAOsB,OAAP;EACD,CAjB2D,CAmB5D;;;EACA,OAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA6DL,YAA7D,EAAoF;EACzF,IAAI,CAACA,YAAL,EAAmB;IAAE;IACnB;IACA,IAAI,CAACoB,eAAe,CAACf,GAAD,CAApB,EAA0B;MACxB,OAAO,KAAP;IACD;;IAEDL,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAA9B;EACD;;EACD,OAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD"}
+{"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n  var authParams = sdk.options;\n  if (!uri || !authParams.redirectUri) {\n    return false;\n  }\n  return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGO,SAASA,eAAe,CAACC,IAAY,EAAW;EACrD,OAAO,uBAAuB,CAACC,IAAI,CAACD,IAAI,CAAC;AAC3C;;AAEA;AACO,SAASE,oBAAoB,CAACC,YAAoB,EAAW;EAClE,OAAO,UAAU,CAACF,IAAI,CAACE,YAAY,CAAC;AACtC;;AAEA;AACO,SAASC,kBAAkB,CAACD,YAAoB,EAAW;EAChE,OAAO,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AAClD;AAEO,SAASE,aAAa,CAACF,YAAoB,EAAW;EAC3D,OAAO,WAAW,CAACF,IAAI,CAACE,YAAY,CAAC,IAAI,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AACpF;AAEO,SAASG,aAAa,CAACC,GAAW,EAAEC,GAA2B,EAAW;EAC/E,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAAO;EAC5B,IAAI,CAACH,GAAG,IAAI,CAACE,UAAU,CAACE,WAAW,EAAE;IACnC,OAAO,KAAK;EACd;EACA,OAAOJ,GAAG,CAACK,OAAO,CAACH,UAAU,CAACE,WAAW,CAAC,KAAK,CAAC;AAClD;AAEO,SAASE,UAAU,CAACH,OAA6B,EAAE;EACxD,OAAOA,OAAO,CAACI,IAAI,IAAIJ,OAAO,CAACK,YAAY,KAAK,MAAM,IAAIL,OAAO,CAACM,YAAY,KAAK,OAAO;AAC5F;AAEO,SAASC,eAAe,CAACP,OAA6B,EAAE;EAC7D,IAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAO,CAAC;EAClC,IAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAY,KAAK,UAAU;EAC9D,OAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM,GAAGF,MAAM,CAACC,QAAQ,CAACrB,IAAI;AACjE;;AAEA;AACA;AACA;AACA;AACO,SAASuB,eAAe,CAAEf,GAA2B,EAAE;EAC5D;EACA,IAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAQ,CAACG,IAAI,EAAEhB,GAAG,CAAC,EAAC;IAC5C,OAAO,KAAK;EACd;;EAEA;EACA,IAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAO,CAAC;EACtC,IAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAO,CAAC;EAE/C,IAAIL,aAAa,CAACF,YAAY,CAAC,EAAE;IAC/B,OAAO,IAAI;EACb;EAEA,IAAIe,QAAQ,EAAE;IACZ,IAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAY,CAAC,IAAIC,kBAAkB,CAACD,YAAY,CAAC;IACrF,OAAOsB,OAAO;EAChB;;EAEA;EACA,OAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAQ,CAACrB,IAAI,CAAC;AAC9C;;AAEA;AACA;AACA;AACA;AACO,SAAS0B,qBAAqB,CAAElB,GAA2B,EAAEL,YAAqB,EAAE;EACzF,IAAI,CAACA,YAAY,EAAE;IAAE;IACnB;IACA,IAAI,CAACoB,eAAe,CAACf,GAAG,CAAC,EAAC;MACxB,OAAO,KAAK;IACd;IAEAL,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAO,CAAC;EAC7C;EACA,OAAO,+BAA+B,CAACT,IAAI,CAACE,YAAY,CAAC;AAC3D"}

package/cjs/oidc/util/oauth.js

@@ -1,17 +1,13 @@
 "use strict";
 
 var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
-
 exports.generateNonce = generateNonce;
 exports.generateState = generateState;
 exports.getOAuthBaseUrl = getOAuthBaseUrl;
 exports.getOAuthDomain = getOAuthDomain;
 exports.getOAuthUrls = getOAuthUrls;
-
 var _util = require("../../util");
-
 var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -24,40 +20,35 @@ var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"))
  * See the License for the specific language governing permissions and limitations under the License.
  *
  */
-
 /* eslint-disable complexity, max-statements */
+
 function generateState() {
   return (0, _util.genRandomString)(64);
 }
-
 function generateNonce() {
   return (0, _util.genRandomString)(64);
 }
-
 function getIssuer(sdk, options = {}) {
   const issuer = (0, _util.removeTrailingSlash)(options.issuer) || sdk.options.issuer;
   return issuer;
 }
-
 function getOAuthBaseUrl(sdk, options = {}) {
   const issuer = getIssuer(sdk, options);
   const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';
   return baseUrl;
 }
-
 function getOAuthDomain(sdk, options = {}) {
   const issuer = getIssuer(sdk, options);
   const domain = issuer.split('/oauth2')[0];
   return domain;
 }
-
 function getOAuthUrls(sdk, options) {
   if (arguments.length > 2) {
     throw new _AuthSdkError.default('As of version 3.0, "getOAuthUrls" takes only a single set of options');
   }
+  options = options || {};
 
-  options = options || {}; // Get user-supplied arguments
-
+  // Get user-supplied arguments
   var authorizeUrl = (0, _util.removeTrailingSlash)(options.authorizeUrl) || sdk.options.authorizeUrl;
   var issuer = getIssuer(sdk, options);
   var userinfoUrl = (0, _util.removeTrailingSlash)(options.userinfoUrl) || sdk.options.userinfoUrl;

package/cjs/oidc/util/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","names":["generateState","genRandomString","generateNonce","getIssuer","sdk","options","issuer","removeTrailingSlash","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, CustomUrls } from '../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOAuthInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;EAC9B,OAAO,IAAAC,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;EAC9B,OAAO,IAAAD,qBAAA,EAAgB,EAAhB,CAAP;AACD;;AAED,SAASE,SAAT,CAAmBC,GAAnB,EAAgDC,OAAmB,GAAG,EAAtE,EAA0E;EACxE,MAAMC,MAAM,GAAG,IAAAC,yBAAA,EAAoBF,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;EACA,OAAOA,MAAP;AACD;;AAEM,SAASE,eAAT,CAAyBJ,GAAzB,EAAsDC,OAAmB,GAAG,EAA5E,EAAgF;EACrF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMI,OAAO,GAAGH,MAAM,CAACI,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCJ,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;EACA,OAAOG,OAAP;AACD;;AAEM,SAASE,cAAT,CAAwBP,GAAxB,EAAqDC,OAAmB,GAAG,EAA3E,EAA+E;EACpF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;EACA,MAAMO,MAAM,GAAGN,MAAM,CAACO,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;EACA,OAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBV,GAAtB,EAAmDC,OAAnD,EAAqF;EAC1F,IAAIU,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;IACxB,MAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;EACD;;EACDZ,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ0F,CAM1F;;EACA,IAAIa,YAAY,GAAG,IAAAX,yBAAA,EAAoBF,OAAO,CAACa,YAA5B,KAA6Cd,GAAG,CAACC,OAAJ,CAAYa,YAA5E;EACA,IAAIZ,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;EACA,IAAIc,WAAW,GAAG,IAAAZ,yBAAA,EAAoBF,OAAO,CAACc,WAA5B,KAA4Cf,GAAG,CAACC,OAAJ,CAAYc,WAA1E;EACA,IAAIC,QAAQ,GAAG,IAAAb,yBAAA,EAAoBF,OAAO,CAACe,QAA5B,KAAyChB,GAAG,CAACC,OAAJ,CAAYe,QAApE;EACA,IAAIC,SAAS,GAAG,IAAAd,yBAAA,EAAoBF,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;EACA,IAAIC,SAAS,GAAG,IAAAf,yBAAA,EAAoBF,OAAO,CAACiB,SAA5B,KAA0ClB,GAAG,CAACC,OAAJ,CAAYiB,SAAtE;EAEA,IAAIb,OAAO,GAAGD,eAAe,CAACJ,GAAD,EAAMC,OAAN,CAA7B;EAEAa,YAAY,GAAGA,YAAY,IAAIT,OAAO,GAAG,eAAzC;EACAU,WAAW,GAAGA,WAAW,IAAIV,OAAO,GAAG,cAAvC;EACAW,QAAQ,GAAGA,QAAQ,IAAIX,OAAO,GAAG,WAAjC;EACAa,SAAS,GAAGA,SAAS,IAAIb,OAAO,GAAG,YAAnC;EACAY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;EAEA,OAAO;IACLH,MAAM,EAAEA,MADH;IAELY,YAAY,EAAEA,YAFT;IAGLC,WAAW,EAAEA,WAHR;IAILC,QAAQ,EAAEA,QAJL;IAKLE,SAAS,EAAEA,SALN;IAMLD,SAAS,EAAEA;EANN,CAAP;AAQD"}
+{"version":3,"file":"oauth.js","names":["generateState","genRandomString","generateNonce","getIssuer","sdk","options","issuer","removeTrailingSlash","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"sources":["../../../../lib/oidc/util/oauth.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, CustomUrls } from '../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOAuthInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"mappings":";;;;;;;;AAaA;AACA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKO,SAASA,aAAa,GAAG;EAC9B,OAAO,IAAAC,qBAAe,EAAC,EAAE,CAAC;AAC5B;AAEO,SAASC,aAAa,GAAG;EAC9B,OAAO,IAAAD,qBAAe,EAAC,EAAE,CAAC;AAC5B;AAEA,SAASE,SAAS,CAACC,GAA2B,EAAEC,OAAmB,GAAG,CAAC,CAAC,EAAE;EACxE,MAAMC,MAAM,GAAG,IAAAC,yBAAmB,EAACF,OAAO,CAACC,MAAM,CAAC,IAAIF,GAAG,CAACC,OAAO,CAACC,MAAM;EACxE,OAAOA,MAAM;AACf;AAEO,SAASE,eAAe,CAACJ,GAA2B,EAAEC,OAAmB,GAAG,CAAC,CAAC,EAAE;EACrF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAG,EAAEC,OAAO,CAAC;EACtC,MAAMI,OAAO,GAAGH,MAAM,CAACI,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,GAAGJ,MAAM,GAAGA,MAAM,GAAG,SAAS;EAC3E,OAAOG,OAAO;AAChB;AAEO,SAASE,cAAc,CAACP,GAA2B,EAAEC,OAAmB,GAAG,CAAC,CAAC,EAAE;EACpF,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAG,EAAEC,OAAO,CAAC;EACtC,MAAMO,MAAM,GAAGN,MAAM,CAACO,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;EACzC,OAAOD,MAAM;AACf;AAEO,SAASE,YAAY,CAACV,GAA2B,EAAEC,OAAoB,EAAc;EAC1F,IAAIU,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,MAAM,IAAIC,qBAAY,CAAC,sEAAsE,CAAC;EAChG;EACAZ,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA,IAAIa,YAAY,GAAG,IAAAX,yBAAmB,EAACF,OAAO,CAACa,YAAY,CAAC,IAAId,GAAG,CAACC,OAAO,CAACa,YAAY;EACxF,IAAIZ,MAAM,GAAGH,SAAS,CAACC,GAAG,EAAEC,OAAO,CAAC;EACpC,IAAIc,WAAW,GAAG,IAAAZ,yBAAmB,EAACF,OAAO,CAACc,WAAW,CAAC,IAAIf,GAAG,CAACC,OAAO,CAACc,WAAW;EACrF,IAAIC,QAAQ,GAAG,IAAAb,yBAAmB,EAACF,OAAO,CAACe,QAAQ,CAAC,IAAIhB,GAAG,CAACC,OAAO,CAACe,QAAQ;EAC5E,IAAIC,SAAS,GAAG,IAAAd,yBAAmB,EAACF,OAAO,CAACgB,SAAS,CAAC,IAAIjB,GAAG,CAACC,OAAO,CAACgB,SAAS;EAC/E,IAAIC,SAAS,GAAG,IAAAf,yBAAmB,EAACF,OAAO,CAACiB,SAAS,CAAC,IAAIlB,GAAG,CAACC,OAAO,CAACiB,SAAS;EAE/E,IAAIb,OAAO,GAAGD,eAAe,CAACJ,GAAG,EAAEC,OAAO,CAAC;EAE3Ca,YAAY,GAAGA,YAAY,IAAIT,OAAO,GAAG,eAAe;EACxDU,WAAW,GAAGA,WAAW,IAAIV,OAAO,GAAG,cAAc;EACrDW,QAAQ,GAAGA,QAAQ,IAAIX,OAAO,GAAG,WAAW;EAC5Ca,SAAS,GAAGA,SAAS,IAAIb,OAAO,GAAG,YAAY;EAC/CY,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAY;EAE/C,OAAO;IACLH,MAAM,EAAEA,MAAM;IACdY,YAAY,EAAEA,YAAY;IAC1BC,WAAW,EAAEA,WAAW;IACxBC,QAAQ,EAAEA,QAAQ;IAClBE,SAAS,EAAEA,SAAS;IACpBD,SAAS,EAAEA;EACb,CAAC;AACH"}

package/cjs/oidc/util/oauthMeta.js

@@ -1,10 +1,9 @@
 "use strict";
 
 exports.createOAuthMeta = createOAuthMeta;
-
 var _oauth = require("./oauth");
-
 /* eslint-disable @typescript-eslint/no-non-null-assertion */
+
 function createOAuthMeta(sdk, tokenParams) {
   const issuer = sdk.options.issuer;
   const urls = (0, _oauth.getOAuthUrls)(sdk, tokenParams);
@@ -18,15 +17,15 @@ function createOAuthMeta(sdk, tokenParams) {
     scopes: tokenParams.scopes,
     state: tokenParams.state,
     nonce: tokenParams.nonce,
-    ignoreSignature: tokenParams.ignoreSignature
+    ignoreSignature: tokenParams.ignoreSignature,
+    acrValues: tokenParams.acrValues
   };
-
   if (tokenParams.pkce === false) {
     // Implicit flow or authorization_code without PKCE
     return oauthMeta;
   }
-
-  const pkceMeta = { ...oauthMeta,
+  const pkceMeta = {
+    ...oauthMeta,
     codeVerifier: tokenParams.codeVerifier,
     codeChallengeMethod: tokenParams.codeChallengeMethod,
     codeChallenge: tokenParams.codeChallenge

package/cjs/oidc/util/oauthMeta.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","getOAuthUrls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, PKCETransactionMeta, TokenParams } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOAuthInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;EACA,MAAME,IAAI,GAAG,IAAAC,mBAAA,EAAaL,GAAb,EAAkBC,WAAlB,CAAb;EACA,MAAMK,SAA+B,GAAG;IACtCJ,MADsC;IAEtCE,IAFsC;IAGtCG,QAAQ,EAAEN,WAAW,CAACM,QAHgB;IAItCC,WAAW,EAAEP,WAAW,CAACO,WAJa;IAKtCC,YAAY,EAAER,WAAW,CAACQ,YALY;IAMtCC,YAAY,EAAET,WAAW,CAACS,YANY;IAOtCC,MAAM,EAAEV,WAAW,CAACU,MAPkB;IAQtCC,KAAK,EAAEX,WAAW,CAACW,KARmB;IAStCC,KAAK,EAAEZ,WAAW,CAACY,KATmB;IAUtCC,eAAe,EAAEb,WAAW,CAACa;EAVS,CAAxC;;EAaA,IAAIb,WAAW,CAACc,IAAZ,KAAqB,KAAzB,EAAgC;IAC9B;IACA,OAAOT,SAAP;EACD;;EAED,MAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;IAEpCW,YAAY,EAAEhB,WAAW,CAACgB,YAFU;IAGpCC,mBAAmB,EAAEjB,WAAW,CAACiB,mBAHG;IAIpCC,aAAa,EAAElB,WAAW,CAACkB;EAJS,CAAtC;EAOA,OAAOH,QAAP;AACD"}
+{"version":3,"file":"oauthMeta.js","names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","getOAuthUrls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","acrValues","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, PKCETransactionMeta, TokenParams } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOAuthInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n    acrValues: tokenParams.acrValues,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"mappings":";;;AAEA;AAFA;;AAIO,SAASA,eAAe,CAC7BC,GAA2B,EAC3BC,WAAwB,EACoB;EAC5C,MAAMC,MAAM,GAAGF,GAAG,CAACG,OAAO,CAACD,MAAO;EAClC,MAAME,IAAI,GAAG,IAAAC,mBAAY,EAACL,GAAG,EAAEC,WAAW,CAAC;EAC3C,MAAMK,SAA+B,GAAG;IACtCJ,MAAM;IACNE,IAAI;IACJG,QAAQ,EAAEN,WAAW,CAACM,QAAS;IAC/BC,WAAW,EAAEP,WAAW,CAACO,WAAY;IACrCC,YAAY,EAAER,WAAW,CAACQ,YAAa;IACvCC,YAAY,EAAET,WAAW,CAACS,YAAa;IACvCC,MAAM,EAAEV,WAAW,CAACU,MAAO;IAC3BC,KAAK,EAAEX,WAAW,CAACW,KAAM;IACzBC,KAAK,EAAEZ,WAAW,CAACY,KAAM;IACzBC,eAAe,EAAEb,WAAW,CAACa,eAAgB;IAC7CC,SAAS,EAAEd,WAAW,CAACc;EACzB,CAAC;EAED,IAAId,WAAW,CAACe,IAAI,KAAK,KAAK,EAAE;IAC9B;IACA,OAAOV,SAAS;EAClB;EAEA,MAAMW,QAA6B,GAAG;IACpC,GAAGX,SAAS;IACZY,YAAY,EAAEjB,WAAW,CAACiB,YAAa;IACvCC,mBAAmB,EAAElB,WAAW,CAACkB,mBAAoB;IACrDC,aAAa,EAAEnB,WAAW,CAACmB;EAC7B,CAAC;EAED,OAAOH,QAAQ;AACjB"}

package/cjs/oidc/util/pkce.js

@@ -1,11 +1,8 @@
 "use strict";
 
 exports.default = void 0;
-
 var _crypto = require("../../crypto");
-
 var _constants = require("../../constants");
-
 /*!
  * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -20,39 +17,31 @@ var _constants = require("../../constants");
  */
 
 /* eslint-disable complexity, max-statements */
+
 function dec2hex(dec) {
   return ('0' + dec.toString(16)).substr(-2);
 }
-
 function getRandomString(length) {
   var a = new Uint8Array(Math.ceil(length / 2));
-
   _crypto.webcrypto.getRandomValues(a);
-
   var str = Array.from(a, dec2hex).join('');
   return str.slice(0, length);
 }
-
 function generateVerifier(prefix) {
   var verifier = prefix || '';
-
   if (verifier.length < _constants.MIN_VERIFIER_LENGTH) {
     verifier = verifier + getRandomString(_constants.MIN_VERIFIER_LENGTH - verifier.length);
   }
-
   return encodeURIComponent(verifier).slice(0, _constants.MAX_VERIFIER_LENGTH);
 }
-
 function computeChallenge(str) {
   var buffer = new TextEncoder().encode(str);
   return _crypto.webcrypto.subtle.digest('SHA-256', buffer).then(function (arrayBuffer) {
     var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));
     var b64u = (0, _crypto.stringToBase64Url)(hash); // url-safe base64 variant
-
     return b64u;
   });
 }
-
 var _default = {
   DEFAULT_CODE_CHALLENGE_METHOD: _constants.DEFAULT_CODE_CHALLENGE_METHOD,
   generateVerifier,

package/cjs/oidc/util/pkce.js.map

@@ -1 +1 @@
-{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","stringToBase64Url","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"mappings":";;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;EACrB,OAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;EACAK,iBAAA,CAAUC,eAAV,CAA0BL,CAA1B;;EACA,IAAIM,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWR,CAAX,EAAcN,OAAd,EAAuBe,IAAvB,CAA4B,EAA5B,CAAV;EACA,OAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaX,MAAb,CAAP;AACD;;AAED,SAASY,gBAAT,CAA0BC,MAA1B,EAAmD;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;EACA,IAAIC,QAAQ,CAACd,MAAT,GAAkBe,8BAAtB,EAA2C;IACzCD,QAAQ,GAAGA,QAAQ,GAAGf,eAAe,CAACgB,8BAAA,GAAsBD,QAAQ,CAACd,MAAhC,CAArC;EACD;;EACD,OAAOgB,kBAAkB,CAACF,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsCM,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BX,GAA1B,EAAyD;EACvD,IAAIY,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBd,GAAzB,CAAb;EACA,OAAOF,iBAAA,CAAUiB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAI3B,UAAJ,CAAeuB,WAAf,CAAhC,CAAX;IACA,IAAIK,IAAI,GAAG,IAAAC,yBAAA,EAAkBL,IAAlB,CAAX,CAF2E,CAEvC;;IACpC,OAAOI,IAAP;EACD,CAJM,CAAP;AAKD;;eAEc;EACbE,6BAA6B,EAA7BA,wCADa;EAEbpB,gBAFa;EAGbM;AAHa,C"}
+{"version":3,"file":"pkce.js","names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","stringToBase64Url","DEFAULT_CODE_CHALLENGE_METHOD"],"sources":["../../../../lib/oidc/util/pkce.ts"],"sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"mappings":";;;AAcA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;;AAID,SAASA,OAAO,CAAEC,GAAG,EAAE;EACrB,OAAO,CAAC,GAAG,GAAGA,GAAG,CAACC,QAAQ,CAAC,EAAE,CAAC,EAAEC,MAAM,CAAC,CAAC,CAAC,CAAC;AAC5C;AAEA,SAASC,eAAe,CAACC,MAAM,EAAE;EAC/B,IAAIC,CAAC,GAAG,IAAIC,UAAU,CAACC,IAAI,CAACC,IAAI,CAACJ,MAAM,GAAG,CAAC,CAAC,CAAC;EAC7CK,iBAAS,CAACC,eAAe,CAACL,CAAC,CAAC;EAC5B,IAAIM,GAAG,GAAGC,KAAK,CAACC,IAAI,CAACR,CAAC,EAAEN,OAAO,CAAC,CAACe,IAAI,CAAC,EAAE,CAAC;EACzC,OAAOH,GAAG,CAACI,KAAK,CAAC,CAAC,EAAEX,MAAM,CAAC;AAC7B;AAEA,SAASY,gBAAgB,CAACC,MAAe,EAAU;EACjD,IAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAE;EAC3B,IAAIC,QAAQ,CAACd,MAAM,GAAGe,8BAAmB,EAAE;IACzCD,QAAQ,GAAGA,QAAQ,GAAGf,eAAe,CAACgB,8BAAmB,GAAGD,QAAQ,CAACd,MAAM,CAAC;EAC9E;EACA,OAAOgB,kBAAkB,CAACF,QAAQ,CAAC,CAACH,KAAK,CAAC,CAAC,EAAEM,8BAAmB,CAAC;AACnE;AAEA,SAASC,gBAAgB,CAACX,GAAW,EAAoB;EACvD,IAAIY,MAAM,GAAG,IAAIC,WAAW,EAAE,CAACC,MAAM,CAACd,GAAG,CAAC;EAC1C,OAAOF,iBAAS,CAACiB,MAAM,CAACC,MAAM,CAAC,SAAS,EAAEJ,MAAM,CAAC,CAACK,IAAI,CAAC,UAASC,WAAW,EAAE;IAC3E,IAAIC,IAAI,GAAGC,MAAM,CAACC,YAAY,CAACC,KAAK,CAAC,IAAI,EAAE,IAAI3B,UAAU,CAACuB,WAAW,CAAC,CAAwB;IAC9F,IAAIK,IAAI,GAAG,IAAAC,yBAAiB,EAACL,IAAI,CAAC,CAAC,CAAC;IACpC,OAAOI,IAAI;EACb,CAAC,CAAC;AACJ;AAAC,eAEc;EACbE,6BAA6B,EAA7BA,wCAA6B;EAC7BpB,gBAAgB;EAChBM;AACF,CAAC;AAAA;AAAA"}