@okta/okta-auth-js 7.1.1 → 7.3.0

package/CHANGELOG.md

@@ -1,11 +1,44 @@
 # Changelog
 
+## 7.3.0
+
+### Features
+
+- [#1404](https://github.com/okta/okta-auth-js/pull/1404) Adds `react-native` to `package.json`
+- [#1395](https://github.com/okta/okta-auth-js/pull/1395) Changes resolve value of `closeSession()` and `signOut()` to boolean
+
+### Fixes
+
+- [#1398](https://github.com/okta/okta-auth-js/pull/1398) Fixes race condition in `LeaderElectionService` start
+
+## 7.2.0
+
+### Features
+
+- [#1333](https://github.com/okta/okta-auth-js/pull/1333) Adds support for MyAccount API password methods
+- [#1324](https://github.com/okta/okta-auth-js/pull/1324) Adds `endpoints.authorize.enrollAuthenticator`. Adds `handleRedirect` and deprecates `handleLoginRedirect`.
+
+### Fixes
+
+- [#1354](https://github.com/okta/okta-auth-js/pull/1354) Fixes token auto renew if token has expired before `AutoRenewService` start
+- [#1359](https://github.com/okta/okta-auth-js/pull/1359) IDX: removes statehandle check when load saved idxResponse
+
 ## 7.1.1
 
 ### Fixes
 
 - [#1355](https://github.com/okta/okta-auth-js/pull/1355) Adds missing type `currentAuthenticatorEnrollment` to `IdxContext`
 
+## 7.1.0
+
+### Features
+
+- [#1343](https://github.com/okta/okta-auth-js/pull/1343) Supports Step Up MFA against `/authorize` and `/interact` endpoints
+
+# Other
+
+- [#1342](https://github.com/okta/okta-auth-js/pull/1342) - fixes possible RCE in jsonpath-plus
+
 ## 7.0.2
 
 ### Fixes

package/README.md

@@ -225,7 +225,7 @@ var authClient = new OktaAuth(config);
 
 ### Running as a service
 
-By default, creating a new instance of `OktaAuth` will not create any asynchronous side-effects. However, certain features such as [token auto renew](#autorenew), [token auto remove](#autoremove) and [cross-tab synchronization](#syncstorage) require `OktaAuth` to be running as a service. This means timeouts are set in the background which will continue working until the service is stopped.  To start the `OktaAuth` service, simply call the `start` method right after creation and before calling other methods like [handleLoginRedirect](#handleloginredirecttokens). To terminate all background processes, call `stop`. See [Service Configuration](#services) for more info.
+By default, creating a new instance of `OktaAuth` will not create any asynchronous side-effects. However, certain features such as [token auto renew](#autorenew), [token auto remove](#autoremove) and [cross-tab synchronization](#syncstorage) require `OktaAuth` to be running as a service. This means timeouts are set in the background which will continue working until the service is stopped.  To start the `OktaAuth` service, simply call the `start` method right after creation and before calling other methods like [handleRedirect](#handleredirectoriginaluri). To terminate all background processes, call `stop`. See [Service Configuration](#services) for more info.
 
 ```javascript
   var authClient = new OktaAuth(config);
@@ -536,7 +536,7 @@ oktaAuth.authStateManager.updateAuthState();
 
 > :link: web browser only <br>
 
-Callback function. When [sdk.handleLoginRedirect](#handleloginredirecttokens) is called, by default it uses `window.location.replace` to redirect back to the [originalUri](#setoriginaluriuri). This option overrides the default behavior.
+Callback function. When [sdk.handleRedirect](#handleredirectoriginaluri) is called, by default it uses `window.location.replace` to redirect back to the [originalUri](#setoriginaluriuri). This option overrides the default behavior.
 
 ```javascript
 const config = {
@@ -552,7 +552,7 @@ const config = {
 const oktaAuth = new OktaAuth(config);
 if (oktaAuth.isLoginRedirect()) {
   try {
-    await oktaAuth.handleLoginRedirect();
+    await oktaAuth.handleRedirect();
   } catch (e) {
     // log or display error details
   }
@@ -891,7 +891,8 @@ This is accomplished by selecting a single tab to handle the network requests to
 * [getOriginalUri](#getoriginaluristate)
 * [removeOriginalUri](#removeoriginaluri)
 * [isLoginRedirect](#isloginredirect)
-* [handleLoginRedirect](#handleloginredirecttokens)
+* [handleLoginRedirect](#handleloginredirecttokens-originaluri)
+* [handleRedirect](#handleredirectoriginaluri)
 * [setHeaders](#setheaders)
 * [tx.resume](#txresume)
 * [tx.exists](#txexists)
@@ -903,6 +904,8 @@ This is accomplished by selecting a single tab to handle the network requests to
   * [session.refresh](#sessionrefresh)
 * [idx](#idx)
 * [myaccount](#myaccount)
+* [endpoints](#endpoints)
+  * [endpoints.autorize.enrollAuthenticator](#endpointsauthorizeenrollauthenticatoroptions)
 * [token](#token)
   * [token.getWithoutPrompt](#tokengetwithoutpromptoptions)
   * [token.getWithPopup](#tokengetwithpopupoptions)
@@ -966,7 +969,7 @@ You can use [storeTokensFromRedirect](#storetokensfromredirect) to store tokens
 ```javascript
 if (authClient.isLoginRedirect()) {
   try {
-    await authClient.handleLoginRedirect();
+    await authClient.handleRedirect();
   } catch (e) {
     // log or display error details
   }
@@ -988,6 +991,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 * Will redirect to an Okta-hosted page before returning to your app.
 * If a `postLogoutRedirectUri` has not been specified or configured, `window.location.origin` will be used as the return URI. This URI must be listed in the Okta application's [Login redirect URIs](#login-redirect-uris). If the URI is unknown or invalid the redirect will end on a 400 error page from Okta. This error will be visible to the user and cannot be handled by the app.
 * Requires a valid ID token. If an ID token is not available, `signOut` will fallback to using the XHR-based [closeSession](#closesession) method. This method may fail to sign the user out if 3rd-party cookies have been blocked by the browser.
+* If a fallback to [closeSession](#closesession) is used, `signOut()` returns a promise that resolves with the result of [closeSession](#closesession) (`true` if an existing Okta session have been closed or `false` if a session does not exist or has already been closed). Otherwise a promise resolves with `true`.
 * For more information, see [Logout](https://developer.okta.com/docs/reference/api/oidc/#logout) in the OIDC API documentation.
 
 `signOut` takes the following options:
@@ -1033,7 +1037,7 @@ authClient.signOut({
 > :warning: This method requires access to [third party cookies](#third-party-cookies) <br>
 > :hourglass: async
 
-Signs the user out of their current [Okta session](https://developer.okta.com/docs/api/resources/sessions) and clears all tokens stored locally in the `TokenManager`. This method is an XHR-based alternative to [signOut](#signout), which will redirect to Okta before returning to your application. Here are some points to consider when using this method:
+Signs the user out of their current [Okta session](https://developer.okta.com/docs/api/resources/sessions) and clears all tokens stored locally in the `TokenManager`. Returns a promise that resolves with `true` if an existing Okta session have been closed, or `false` if a session does not exist or has already been closed. This method is an XHR-based alternative to [signOut](#signout), which will redirect to Okta before returning to your application. Here are some points to consider when using this method:
 
 * Executes in the background. The user will see not any change to `window.location`.
 * The method will fail to sign the user out if 3rd-party cookies are blocked by the browser.
@@ -1044,8 +1048,12 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 ```javascript
 await authClient.revokeAccessToken(); // strongly recommended
 authClient.closeSession()
-  .then(() => {
-    window.location.reload(); // optional
+  .then((sessionClosed) => {
+    if (sessionClosed) {
+      window.location.reload(); // optional
+    } else {
+      // Session does not exist or has already been closed
+    }
   })
   .catch(e => {
     if (e.xhr && e.xhr.status === 429) {
@@ -1174,7 +1182,7 @@ Check `window.location` to verify if the app is in OAuth callback state or not.
 if (authClient.isLoginRedirect()) {
   // callback flow
   try {
-    await authClient.handleLoginRedirect();
+    await authClient.handleRedirect();
   } catch (e) {
     // log or display error details
   }
@@ -1186,12 +1194,23 @@ if (authClient.isLoginRedirect()) {
 ### `handleLoginRedirect(tokens?, originalUri?)`
 
 > :link: web browser only <br>
-> :hourglass: async
+> :hourglass: async <br>
+> :warning: Deprecated, this method could be removed in next major release, use [sdk.handleRedirect](#handleredirectoriginaluri) instead.
 
 Stores passed in tokens or tokens from redirect url into storage, then redirect users back to the [originalUri](#setoriginaluriuri). When using `PKCE` authorization code flow, this method also exchanges authorization code for tokens. By default it calls `window.location.replace` for the redirection. The default behavior can be overrided by providing [options.restoreOriginalUri](#configuration-options). By default, [originalUri](#getoriginaluristate) will be retrieved from storage, but this can be overridden by passing a value fro `originalUri` to this function in the 2nd parameter.
 
 > **Note:** `handleLoginRedirect` throws `OAuthError` or `AuthSdkError` in case there are errors during token retrieval.
 
+### `handleRedirect(originalUri?)`
+
+> :link: web browser only <br>
+> :hourglass: async
+
+Handle a redirect to the configured [redirectUri](#configuration-options) that happens on the end of [login](#signInWithRedirectoptions) flow, [enroll authenticator](#endpointsauthorizeenrollauthenticatoroptions) flow or on an error.  
+Stores tokens from redirect url into storage (for login flow), then redirect users back to the [originalUri](#setoriginaluriuri). When using `PKCE` authorization code flow, this method also exchanges authorization code for tokens. By default it calls `window.location.replace` for the redirection. The default behavior can be overrided by providing [options.restoreOriginalUri](#configuration-options). By default, [originalUri](#getoriginaluristate) will be retrieved from storage, but this can be overridden by specifying `originalUri` in the first parameter to this function.
+
+> **Note:** `handleRedirect` throws `OAuthError` or `AuthSdkError` in case there are errors during token retrieval or authenticator enrollment.
+
 ### `setHeaders()`
 
 Can set (or unset) request headers after construction.
@@ -1238,7 +1257,7 @@ See [authn API](docs/authn.md#sessionsetcookieandredirectsessiontoken-redirectur
 #### `session.exists()`
 
 > :link: web browser only <br>
-> :warning: This method requires access to [third party cookies] <br>(#third-party-cookies)
+> :warning: This method requires access to [third party cookies](#third-party-cookies) <br>
 > :hourglass: async
 
 Returns a promise that resolves with `true` if there is an existing Okta [session](https://developer.okta.com/docs/api/resources/sessions#example), or `false` if not.
@@ -1257,7 +1276,7 @@ authClient.session.exists()
 #### `session.get()`
 
 > :link: web browser only <br>
-> :warning: This method requires access to [third party cookies] <br>(#third-party-cookies)
+> :warning: This method requires access to [third party cookies](#third-party-cookies) <br>
 > :hourglass: async
 
 Gets the active [session](https://developer.okta.com/docs/api/resources/sessions#example).
@@ -1275,7 +1294,7 @@ authClient.session.get()
 #### `session.refresh()`
 
 > :link: web browser only <br>
-> :warning: This method requires access to [third party cookies] <br>(#third-party-cookies)
+> :warning: This method requires access to [third party cookies](#third-party-cookies) <br>
 > :hourglass: async
 
 Refresh the current session by extending its lifetime. This can be used as a keep-alive operation.
@@ -1298,8 +1317,7 @@ See detail in [IDX README](docs/idx.md)
 
 See detail in [MyAccount API README](docs/myaccount/README.md)
 
-
-### `token`
+### `endpoints`
 
 #### Authorize options
 
@@ -1315,39 +1333,71 @@ The following configuration options can be included in `token.getWithoutPrompt`,
 | `idp` | Identity provider to use if there is no Okta Session. |
 | `idpScope` | A space delimited list of scopes to be provided to the Social Identity Provider when performing [Social Login][social-login] These scopes are used in addition to the scopes already configured on the Identity Provider. |
 | `display` | The display parameter to be passed to the Social Identity Provider when performing [Social Login][social-login]. |
-| `prompt` | Determines whether the Okta login will be displayed on failure. Use `none` to prevent this behavior. Valid values: `none`, `consent`, `login`, or `consent login`. See [Parameter details](https://developer.okta.com/docs/reference/api/oidc/#parameter-details) for more information. |
+| `prompt` | Determines whether the Okta login will be displayed on failure. Use `none` to prevent this behavior. Valid values: `none`, `consent`, `login`, or `consent login`. See [Parameter details](https://developer.okta.com/docs/reference/api/oidc/#parameter-details) for more information.  Special value `enroll_authenticator` is used for [enrollAuthenticator](#endpointsauthorizeenrollauthenticatoroptions). |
 | `maxAge` | Allowable elapsed time, in seconds, since the last time the end user was actively authenticated by Okta. |
 | `acrValues` | [[EA][early-access]] Optional parameter to increase the level of user assurance. See [Predefined ACR values](https://developer.okta.com/docs/guides/step-up-authentication/main/#predefined-parameter-values) for more information. |
+| `enrollAmrValues` | [[EA][early-access]] List of [authentication methods](https://self-issued.info/docs/draft-jones-oauth-amr-values-00.html) used to enroll authenticators with [enrollAuthenticator](#endpointsauthorizeenrollauthenticatoroptions). See [Parameter details](https://developer.okta.com/docs/reference/api/oidc/#parameter-details) for more information. |
 | `loginHint` | A username to prepopulate if prompting for authentication. |
 
 For more details, see Okta's [Authorize Request API](https://developer.okta.com/docs/api/resources/oidc#request-parameters).
 
+#### `endpoints.authorize.enrollAuthenticator(options)`
+
+> :link: web browser only <br>
+> [Early Access][early-access]
+
+Enroll authenticators using a redirect to [authorizeUrl](#authorizeurl) with special parameters. After a successful enrollment, the browser will be redirected to the configured [redirectUri](#configuration-options). You can use [sdk.handleRedirect](#handleredirectoriginaluri) to handle the redirect on successful enrollment or an error.
+
+* `options` - See [Authorize options](#authorize-options)
+
+  Options that will be omitted: `scopes`, `nonce`. 
+
+  Options that will be overridden: `responseType: 'none', prompt: 'enroll_authenticator'`.
+
+  Required options:
+
+  * `enrollAmrValues` - list of [authentication methods](https://self-issued.info/docs/draft-jones-oauth-amr-values-00.html) to allow the user to enroll in.
+
+    List of AMR values:
+    | AMR Value     | Authenticator        |
+    | ------------- | -------------------- |
+    | `pwd`         | Okta Password        |
+    | `kba`         | Security question    |
+    | `email`       | Okta Email           |
+    | `sms`         | SMS                  |
+    | `tel`         | Voice call           |
+    | `duo`         | DUO                  |
+    | `symantec`    | Symantec VIP         |
+    | `google_otp`  | Google Authenticator |
+    | `okta_verify` | Okta Verify          |
+    | `swk`         | Custom App           |
+    | `pop`         | WebAuthn             |
+    | `oath_otp`    | On-Prem MFA          |
+    | `rsa`         | RSA SecurID          |
+    | `yubikey`     | Yubikey              |
+    | `otp`         | Custom HOTP          |
+    | `fed`         | External IdP         |
+    | `sc` + `swk`  | SmartCard/PIV        |
+
+  See [enroll_amr_values parameter details](https://developer.okta.com/docs/reference/api/oidc/#request-parameters) for more information.
+
+  * `acrValues` - must be `urn:okta:2fa:any:ifpossible`, which means the user is prompted for at least one factor before enrollment.
+
 ##### Example
 
 ```javascript
-authClient.token.getWithoutPrompt({
-  sessionToken: '00p8RhRDCh_8NxIin-wtF5M6ofFtRhfKWGBAbd2WmE',
-  scopes: [
-    'openid',
-    'email',
-    'profile'
-  ],
-  state: '8rFzn3MH5q',
-  nonce: '51GePTswrm',
-  // Use a custom IdP for social authentication
-  idp: '0oa62b57p7c8PaGpU0h7'
- })
-.then(function(res) {
-  var tokens = res.tokens;
-
-  // Do something with tokens, such as
-  authClient.tokenManager.setTokens(tokens);
-})
-.catch(function(err) {
-  // handle OAuthError or AuthSdkError
-});
+try {
+  authClient.endpoints.authorize.enrollAuthenticator({
+    enrollAmrValues: ['okta_verify'],
+    acrValues: 'urn:okta:2fa:any:ifpossible'
+  })
+} catch(err) {
+  // handle AuthSdkError
+}
 ```
 
+### `token`
+
 #### `token.getWithoutPrompt(options)`
 
 > :link: web browser only <br>
@@ -1358,11 +1408,22 @@ When you've obtained a sessionToken from the authorization flows, or a session a
 
 * `options` - See [Authorize options](#authorize-options)
 
+##### Example
+
 ```javascript
 authClient.token.getWithoutPrompt({
   responseType: 'id_token', // or array of types
   sessionToken: 'testSessionToken' // optional if the user has an existing Okta session
-})
+  scopes: [
+    'openid',
+    'email',
+    'profile'
+  ],
+  state: '8rFzn3MH5q',
+  nonce: '51GePTswrm',
+  // Use a custom IdP for social authentication
+  idp: '0oa62b57p7c8PaGpU0h7'
+ })
 .then(function(res) {
   var tokens = res.tokens;
 
@@ -1492,7 +1553,7 @@ console.log(decodedToken.header, decodedToken.payload, decodedToken.signature);
 
 #### `token.renew(tokenToRenew)`
 
-> :warning: This method requires access to [third party cookies](#third-party-cookies)
+> :warning: This method requires access to [third party cookies](#third-party-cookies) <br>
 > :hourglass: async
 
 Returns a new token if the Okta [session](https://developer.okta.com/docs/api/resources/sessions#example) is still valid.
@@ -1597,6 +1658,7 @@ Returns a `TokenParams` object. If `PKCE` is enabled, this object will contain v
 
 Used internally to perform the final step of the `PKCE` authorization code flow. Accepts a `TokenParams` object which should contain a `codeVerifier` and an `authorizationCode`.
 
+
 ### `tokenManager` API
 
 #### `tokenManager.add(key, token)`

package/cjs/core/mixin.js

@@ -28,6 +28,9 @@ function mixinCore(Base) {
       this.tokenManager.stop();
       await this.serviceManager.stop();
     }
+    async handleRedirect(originalUri) {
+      await this.handleLoginRedirect(undefined, originalUri);
+    }
 
     // eslint-disable-next-line complexity
     async handleLoginRedirect(tokens, originalUri) {

package/cjs/core/mixin.js.map

@@ -1 +1 @@
-{"version":3,"file":"mixin.js","names":["mixinCore","Base","OktaAuthCore","constructor","args","authStateManager","AuthStateManager","serviceManager","ServiceManager","options","services","start","tokenManager","token","isLoginRedirect","updateAuthState","stop","handleLoginRedirect","tokens","originalUri","state","setTokens","getOriginalUri","oAuthResponse","parseOAuthResponseFromUrl","storeTokensFromRedirect","e","removeOriginalUri","restoreOriginalUri","window","location","replace"],"sources":["../../../lib/core/mixin.ts"],"sourcesContent":["import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  PKCETransactionMeta,\n  Tokens,\n  TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\n\nexport function mixinCore\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n  return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n  {\n    authStateManager: AuthStateManager<M, S, O>;\n    serviceManager: ServiceManager<M, S, O>;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      // AuthStateManager\n      this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n      // ServiceManager\n      this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n    }\n\n    async start() {\n      await this.serviceManager.start();\n      // TODO: review tokenManager.start\n      this.tokenManager.start();\n      if (!this.token.isLoginRedirect()) {\n        await this.authStateManager.updateAuthState();\n      }\n    }\n  \n    async stop() {\n      // TODO: review tokenManager.stop\n      this.tokenManager.stop();\n      await this.serviceManager.stop();\n    }\n\n    // eslint-disable-next-line complexity\n    async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n      let state = this.options.state;\n  \n      // Store tokens and update AuthState by the emitted events\n      if (tokens) {\n        this.tokenManager.setTokens(tokens);\n        originalUri = originalUri || this.getOriginalUri(this.options.state);\n      } else if (this.isLoginRedirect()) {\n        try {\n          // For redirect flow, get state from the URL and use it to retrieve the originalUri\n          const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n          state = oAuthResponse.state;\n          originalUri = originalUri || this.getOriginalUri(state);\n          await this.storeTokensFromRedirect();\n        } catch(e) {\n          // auth state should be updated\n          await this.authStateManager.updateAuthState();\n          throw e;\n        }\n      } else {\n        return; // nothing to do\n      }\n      \n      // ensure auth state has been updated\n      await this.authStateManager.updateAuthState();\n  \n      // clear originalUri from storage\n      this.removeOriginalUri(state);\n  \n      // Redirect to originalUri\n      const { restoreOriginalUri } = this.options;\n      if (restoreOriginalUri) {\n        await restoreOriginalUri(this, originalUri);\n      } else if (originalUri) {\n        window.location.replace(originalUri);\n      }\n    }\n  };\n}\n"],"mappings":";;;AAAA;AAUA;AACA;AAGO,SAASA,SAAS,CASxBC,IAAW,EACZ;EACE,OAAO,MAAMC,YAAY,SAASD,IAAI,CACtC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;;MAEd;MACA,IAAI,CAACC,gBAAgB,GAAG,IAAIC,kCAAgB,CAAU,IAAI,CAAC;;MAE3D;MACA,IAAI,CAACC,cAAc,GAAG,IAAIC,8BAAc,CAAU,IAAI,EAAE,IAAI,CAACC,OAAO,CAACC,QAAQ,CAAC;IAChF;IAEA,MAAMC,KAAK,GAAG;MACZ,MAAM,IAAI,CAACJ,cAAc,CAACI,KAAK,EAAE;MACjC;MACA,IAAI,CAACC,YAAY,CAACD,KAAK,EAAE;MACzB,IAAI,CAAC,IAAI,CAACE,KAAK,CAACC,eAAe,EAAE,EAAE;QACjC,MAAM,IAAI,CAACT,gBAAgB,CAACU,eAAe,EAAE;MAC/C;IACF;IAEA,MAAMC,IAAI,GAAG;MACX;MACA,IAAI,CAACJ,YAAY,CAACI,IAAI,EAAE;MACxB,MAAM,IAAI,CAACT,cAAc,CAACS,IAAI,EAAE;IAClC;;IAEA;IACA,MAAMC,mBAAmB,CAACC,MAAe,EAAEC,WAAoB,EAAiB;MAC9E,IAAIC,KAAK,GAAG,IAAI,CAACX,OAAO,CAACW,KAAK;;MAE9B;MACA,IAAIF,MAAM,EAAE;QACV,IAAI,CAACN,YAAY,CAACS,SAAS,CAACH,MAAM,CAAC;QACnCC,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACG,cAAc,CAAC,IAAI,CAACb,OAAO,CAACW,KAAK,CAAC;MACtE,CAAC,MAAM,IAAI,IAAI,CAACN,eAAe,EAAE,EAAE;QACjC,IAAI;UACF;UACA,MAAMS,aAAa,GAAG,MAAM,IAAAC,uCAAyB,EAAC,IAAI,EAAE,CAAC,CAAC,CAAC;UAC/DJ,KAAK,GAAGG,aAAa,CAACH,KAAK;UAC3BD,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACG,cAAc,CAACF,KAAK,CAAC;UACvD,MAAM,IAAI,CAACK,uBAAuB,EAAE;QACtC,CAAC,CAAC,OAAMC,CAAC,EAAE;UACT;UACA,MAAM,IAAI,CAACrB,gBAAgB,CAACU,eAAe,EAAE;UAC7C,MAAMW,CAAC;QACT;MACF,CAAC,MAAM;QACL,OAAO,CAAC;MACV;;MAEA;MACA,MAAM,IAAI,CAACrB,gBAAgB,CAACU,eAAe,EAAE;;MAE7C;MACA,IAAI,CAACY,iBAAiB,CAACP,KAAK,CAAC;;MAE7B;MACA,MAAM;QAAEQ;MAAmB,CAAC,GAAG,IAAI,CAACnB,OAAO;MAC3C,IAAImB,kBAAkB,EAAE;QACtB,MAAMA,kBAAkB,CAAC,IAAI,EAAET,WAAW,CAAC;MAC7C,CAAC,MAAM,IAAIA,WAAW,EAAE;QACtBU,MAAM,CAACC,QAAQ,CAACC,OAAO,CAACZ,WAAW,CAAC;MACtC;IACF;EACF,CAAC;AACH"}
+{"version":3,"file":"mixin.js","names":["mixinCore","Base","OktaAuthCore","constructor","args","authStateManager","AuthStateManager","serviceManager","ServiceManager","options","services","start","tokenManager","token","isLoginRedirect","updateAuthState","stop","handleRedirect","originalUri","handleLoginRedirect","undefined","tokens","state","setTokens","getOriginalUri","oAuthResponse","parseOAuthResponseFromUrl","storeTokensFromRedirect","e","removeOriginalUri","restoreOriginalUri","window","location","replace"],"sources":["../../../lib/core/mixin.ts"],"sourcesContent":["import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  PKCETransactionMeta,\n  Tokens,\n  TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\n\nexport function mixinCore\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n  return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n  {\n    authStateManager: AuthStateManager<M, S, O>;\n    serviceManager: ServiceManager<M, S, O>;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      // AuthStateManager\n      this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n      // ServiceManager\n      this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n    }\n\n    async start() {\n      await this.serviceManager.start();\n      // TODO: review tokenManager.start\n      this.tokenManager.start();\n      if (!this.token.isLoginRedirect()) {\n        await this.authStateManager.updateAuthState();\n      }\n    }\n  \n    async stop() {\n      // TODO: review tokenManager.stop\n      this.tokenManager.stop();\n      await this.serviceManager.stop();\n    }\n\n    async handleRedirect(originalUri?: string): Promise<void> {\n      await this.handleLoginRedirect(undefined, originalUri);\n    }\n\n    // eslint-disable-next-line complexity\n    async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n      let state = this.options.state;\n  \n      // Store tokens and update AuthState by the emitted events\n      if (tokens) {\n        this.tokenManager.setTokens(tokens);\n        originalUri = originalUri || this.getOriginalUri(this.options.state);\n      } else if (this.isLoginRedirect()) {\n        try {\n          // For redirect flow, get state from the URL and use it to retrieve the originalUri\n          const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n          state = oAuthResponse.state;\n          originalUri = originalUri || this.getOriginalUri(state);\n          await this.storeTokensFromRedirect();\n        } catch(e) {\n          // auth state should be updated\n          await this.authStateManager.updateAuthState();\n          throw e;\n        }\n      } else {\n        return; // nothing to do\n      }\n      \n      // ensure auth state has been updated\n      await this.authStateManager.updateAuthState();\n  \n      // clear originalUri from storage\n      this.removeOriginalUri(state);\n  \n      // Redirect to originalUri\n      const { restoreOriginalUri } = this.options;\n      if (restoreOriginalUri) {\n        await restoreOriginalUri(this, originalUri);\n      } else if (originalUri) {\n        window.location.replace(originalUri);\n      }\n    }\n  };\n}\n"],"mappings":";;;AAAA;AAUA;AACA;AAGO,SAASA,SAAS,CASxBC,IAAW,EACZ;EACE,OAAO,MAAMC,YAAY,SAASD,IAAI,CACtC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;;MAEd;MACA,IAAI,CAACC,gBAAgB,GAAG,IAAIC,kCAAgB,CAAU,IAAI,CAAC;;MAE3D;MACA,IAAI,CAACC,cAAc,GAAG,IAAIC,8BAAc,CAAU,IAAI,EAAE,IAAI,CAACC,OAAO,CAACC,QAAQ,CAAC;IAChF;IAEA,MAAMC,KAAK,GAAG;MACZ,MAAM,IAAI,CAACJ,cAAc,CAACI,KAAK,EAAE;MACjC;MACA,IAAI,CAACC,YAAY,CAACD,KAAK,EAAE;MACzB,IAAI,CAAC,IAAI,CAACE,KAAK,CAACC,eAAe,EAAE,EAAE;QACjC,MAAM,IAAI,CAACT,gBAAgB,CAACU,eAAe,EAAE;MAC/C;IACF;IAEA,MAAMC,IAAI,GAAG;MACX;MACA,IAAI,CAACJ,YAAY,CAACI,IAAI,EAAE;MACxB,MAAM,IAAI,CAACT,cAAc,CAACS,IAAI,EAAE;IAClC;IAEA,MAAMC,cAAc,CAACC,WAAoB,EAAiB;MACxD,MAAM,IAAI,CAACC,mBAAmB,CAACC,SAAS,EAAEF,WAAW,CAAC;IACxD;;IAEA;IACA,MAAMC,mBAAmB,CAACE,MAAe,EAAEH,WAAoB,EAAiB;MAC9E,IAAII,KAAK,GAAG,IAAI,CAACb,OAAO,CAACa,KAAK;;MAE9B;MACA,IAAID,MAAM,EAAE;QACV,IAAI,CAACT,YAAY,CAACW,SAAS,CAACF,MAAM,CAAC;QACnCH,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACM,cAAc,CAAC,IAAI,CAACf,OAAO,CAACa,KAAK,CAAC;MACtE,CAAC,MAAM,IAAI,IAAI,CAACR,eAAe,EAAE,EAAE;QACjC,IAAI;UACF;UACA,MAAMW,aAAa,GAAG,MAAM,IAAAC,uCAAyB,EAAC,IAAI,EAAE,CAAC,CAAC,CAAC;UAC/DJ,KAAK,GAAGG,aAAa,CAACH,KAAK;UAC3BJ,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACM,cAAc,CAACF,KAAK,CAAC;UACvD,MAAM,IAAI,CAACK,uBAAuB,EAAE;QACtC,CAAC,CAAC,OAAMC,CAAC,EAAE;UACT;UACA,MAAM,IAAI,CAACvB,gBAAgB,CAACU,eAAe,EAAE;UAC7C,MAAMa,CAAC;QACT;MACF,CAAC,MAAM;QACL,OAAO,CAAC;MACV;;MAEA;MACA,MAAM,IAAI,CAACvB,gBAAgB,CAACU,eAAe,EAAE;;MAE7C;MACA,IAAI,CAACc,iBAAiB,CAACP,KAAK,CAAC;;MAE7B;MACA,MAAM;QAAEQ;MAAmB,CAAC,GAAG,IAAI,CAACrB,OAAO;MAC3C,IAAIqB,kBAAkB,EAAE;QACtB,MAAMA,kBAAkB,CAAC,IAAI,EAAEZ,WAAW,CAAC;MAC7C,CAAC,MAAM,IAAIA,WAAW,EAAE;QACtBa,MAAM,CAACC,QAAQ,CAACC,OAAO,CAACf,WAAW,CAAC;MACtC;IACF;EACF,CAAC;AACH"}

package/cjs/core/types/api.js.map

@@ -1 +1 @@
-{"version":3,"file":"api.js","names":[],"sources":["../../../../lib/core/types/api.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta,\n  Tokens,\n  TransactionManagerInterface\n} from '../../oidc/types';\n\nimport { ServiceManagerInterface, ServiceManagerOptions } from './Service';\nimport { AuthState, AuthStateManagerInterface } from './AuthState';\n\n\n// options passed to AuthJS constructor\nexport interface OktaAuthCoreOptions extends OktaAuthOAuthOptions\n{\n  services?: ServiceManagerOptions;\n  // eslint-disable-next-line no-use-before-define\n  transformAuthState?: (oktaAuth: OktaAuthCoreInterface, authState: AuthState) => Promise<AuthState>;\n}\n\nexport type CoreStorageManagerInterface<\n  M extends PKCETransactionMeta = PKCETransactionMeta\n> = OAuthStorageManagerInterface<M>;\n\n// an instance of AuthJS with OAuth and Services\nexport interface OktaAuthCoreInterface<\n  M extends PKCETransactionMeta = PKCETransactionMeta,\n  S extends CoreStorageManagerInterface<M> = CoreStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n> \nextends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  serviceManager: ServiceManagerInterface;\n  authStateManager: AuthStateManagerInterface;\n  start(): Promise<void>;\n  stop(): Promise<void>;\n  handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void>;\n}\n"],"mappings":""}
+{"version":3,"file":"api.js","names":[],"sources":["../../../../lib/core/types/api.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta,\n  Tokens,\n  TransactionManagerInterface\n} from '../../oidc/types';\n\nimport { ServiceManagerInterface, ServiceManagerOptions } from './Service';\nimport { AuthState, AuthStateManagerInterface } from './AuthState';\n\n\n// options passed to AuthJS constructor\nexport interface OktaAuthCoreOptions extends OktaAuthOAuthOptions\n{\n  services?: ServiceManagerOptions;\n  // eslint-disable-next-line no-use-before-define\n  transformAuthState?: (oktaAuth: OktaAuthCoreInterface, authState: AuthState) => Promise<AuthState>;\n}\n\nexport type CoreStorageManagerInterface<\n  M extends PKCETransactionMeta = PKCETransactionMeta\n> = OAuthStorageManagerInterface<M>;\n\n// an instance of AuthJS with OAuth and Services\nexport interface OktaAuthCoreInterface<\n  M extends PKCETransactionMeta = PKCETransactionMeta,\n  S extends CoreStorageManagerInterface<M> = CoreStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n> \nextends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  serviceManager: ServiceManagerInterface;\n  authStateManager: AuthStateManagerInterface;\n  start(): Promise<void>;\n  stop(): Promise<void>;\n  handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void>;\n  handleRedirect(originalUri?: string): Promise<void>;\n}\n"],"mappings":""}

package/cjs/http/OktaUserAgent.js

@@ -20,7 +20,7 @@ var _features = require("../features");
 class OktaUserAgent {
   constructor() {
     // add base sdk env
-    this.environments = [`okta-auth-js/${"7.1.1"}`];
+    this.environments = [`okta-auth-js/${"7.3.0"}`];
   }
   addEnvironment(env) {
     this.environments.push(env);
@@ -32,7 +32,7 @@ class OktaUserAgent {
     };
   }
   getVersion() {
-    return "7.1.1";
+    return "7.3.0";
   }
   maybeAddNodeEnvironment() {
     if ((0, _features.isBrowser)() || !process || !process.versions) {

package/cjs/idx/IdxTransactionManager.js

@@ -41,12 +41,8 @@ function createIdxTransactionManager() {
       }
       if (options) {
         const {
-          stateHandle,
           interactionHandle
         } = options;
-        if (stateHandle && storedValue.stateHandle !== stateHandle) {
-          return null;
-        }
         if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {
           return null;
         }

package/cjs/idx/IdxTransactionManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"IdxTransactionManager.js","names":["createIdxTransactionManager","TransactionManager","createTransactionManager","IdxTransactionManager","constructor","options","clear","clearIdxResponse","saveIdxResponse","data","saveLastResponse","storage","storageManager","getIdxResponseStorage","setStorage","loadIdxResponse","storedValue","getStorage","isRawIdxResponse","rawIdxResponse","stateHandle","interactionHandle","clearStorage"],"sources":["../../../lib/idx/IdxTransactionManager.ts"],"sourcesContent":["import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { stateHandle, interactionHandle } = options;\n        if (stateHandle && storedValue.stateHandle !== stateHandle) {\n          return null;\n        }\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n"],"mappings":";;;AACA;AAEA;AAGO,SAASA,2BAA2B,GAM3C;EACE,MAAMC,kBAAkB,GAAG,IAAAC,4CAAwB,GAAQ;EAC3D,OAAO,MAAMC,qBAAqB,SAASF,kBAAkB,CAC7D;IACEG,WAAW,CAACC,OAAkC,EAAE;MAC9C,KAAK,CAACA,OAAO,CAAC;IAChB;IAEAC,KAAK,CAACD,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,KAAK,CAACC,KAAK,CAACD,OAAO,CAAC;MAEpB,IAAIA,OAAO,CAACE,gBAAgB,KAAK,KAAK,EAAE;QACtC,IAAI,CAACA,gBAAgB,EAAE;MACzB;IACF;IAEAC,eAAe,CAACC,IAAsB,EAAQ;MAC5C,IAAI,CAAC,IAAI,CAACC,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ;MACF;MACAA,OAAO,CAACG,UAAU,CAACL,IAAI,CAAC;IAC1B;;IAEA;IACAM,eAAe,CAACV,OAA2B,EAA2B;MACpE,IAAI,CAAC,IAAI,CAACK,gBAAgB,EAAE;QAC1B,OAAO,IAAI;MACb;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ,OAAO,IAAI;MACb;MACA,MAAMK,WAAW,GAAGL,OAAO,CAACM,UAAU,EAAE;MACxC,IAAI,CAACD,WAAW,IAAI,CAAC,IAAAE,uBAAgB,EAACF,WAAW,CAACG,cAAc,CAAC,EAAE;QACjE,OAAO,IAAI;MACb;MAEA,IAAId,OAAO,EAAE;QACX,MAAM;UAAEe,WAAW;UAAEC;QAAkB,CAAC,GAAGhB,OAAO;QAClD,IAAIe,WAAW,IAAIJ,WAAW,CAACI,WAAW,KAAKA,WAAW,EAAE;UAC1D,OAAO,IAAI;QACb;QACA,IAAIC,iBAAiB,IAAIL,WAAW,CAACK,iBAAiB,KAAKA,iBAAiB,EAAE;UAC5E,OAAO,IAAI;QACb;MACF;MAEA,OAAOL,WAAW;IACpB;IAEAT,gBAAgB,GAAS;MACvB,IAAI,CAAC,IAAI,CAACG,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3DF,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEW,YAAY,EAAE;IACzB;EACF,CAAC;AACH"}
+{"version":3,"file":"IdxTransactionManager.js","names":["createIdxTransactionManager","TransactionManager","createTransactionManager","IdxTransactionManager","constructor","options","clear","clearIdxResponse","saveIdxResponse","data","saveLastResponse","storage","storageManager","getIdxResponseStorage","setStorage","loadIdxResponse","storedValue","getStorage","isRawIdxResponse","rawIdxResponse","interactionHandle","clearStorage"],"sources":["../../../lib/idx/IdxTransactionManager.ts"],"sourcesContent":["import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { interactionHandle } = options;\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n"],"mappings":";;;AACA;AAEA;AAGO,SAASA,2BAA2B,GAM3C;EACE,MAAMC,kBAAkB,GAAG,IAAAC,4CAAwB,GAAQ;EAC3D,OAAO,MAAMC,qBAAqB,SAASF,kBAAkB,CAC7D;IACEG,WAAW,CAACC,OAAkC,EAAE;MAC9C,KAAK,CAACA,OAAO,CAAC;IAChB;IAEAC,KAAK,CAACD,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,KAAK,CAACC,KAAK,CAACD,OAAO,CAAC;MAEpB,IAAIA,OAAO,CAACE,gBAAgB,KAAK,KAAK,EAAE;QACtC,IAAI,CAACA,gBAAgB,EAAE;MACzB;IACF;IAEAC,eAAe,CAACC,IAAsB,EAAQ;MAC5C,IAAI,CAAC,IAAI,CAACC,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ;MACF;MACAA,OAAO,CAACG,UAAU,CAACL,IAAI,CAAC;IAC1B;;IAEA;IACAM,eAAe,CAACV,OAA2B,EAA2B;MACpE,IAAI,CAAC,IAAI,CAACK,gBAAgB,EAAE;QAC1B,OAAO,IAAI;MACb;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ,OAAO,IAAI;MACb;MACA,MAAMK,WAAW,GAAGL,OAAO,CAACM,UAAU,EAAE;MACxC,IAAI,CAACD,WAAW,IAAI,CAAC,IAAAE,uBAAgB,EAACF,WAAW,CAACG,cAAc,CAAC,EAAE;QACjE,OAAO,IAAI;MACb;MAEA,IAAId,OAAO,EAAE;QACX,MAAM;UAAEe;QAAkB,CAAC,GAAGf,OAAO;QACrC,IAAIe,iBAAiB,IAAIJ,WAAW,CAACI,iBAAiB,KAAKA,iBAAiB,EAAE;UAC5E,OAAO,IAAI;QACb;MACF;MAEA,OAAOJ,WAAW;IACpB;IAEAT,gBAAgB,GAAS;MACvB,IAAI,CAAC,IAAI,CAACG,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3DF,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEU,YAAY,EAAE;IACzB;EACF,CAAC;AACH"}

package/cjs/idx/factory/OktaAuthIdx.js.map

@@ -1 +1 @@
-{"version":3,"file":"OktaAuthIdx.js","names":["createOktaAuthIdx","StorageManagerConstructor","OptionsConstructor","TransactionManagerConstructor","Core","createOktaAuthCore","WithIdx","mixinIdx"],"sources":["../../../../lib/idx/factory/OktaAuthIdx.ts"],"sourcesContent":["import { createOktaAuthCore } from '../../core/factory';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, OktaAuthIdxInterface } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { mixinIdx } from '../mixin';\nimport { TransactionManagerConstructor } from '../../oidc/types';\nimport { OktaAuthCoreInterface } from '../../core/types';\n\nexport function createOktaAuthIdx<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n  StorageManagerConstructor: StorageManagerConstructor<S>,\n  OptionsConstructor: OktaAuthOptionsConstructor<O>,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthConstructor<OktaAuthIdxInterface<M, S, O, TM> & OktaAuthCoreInterface<M, S, O, TM>>\n{\n  const Core = createOktaAuthCore<M, S, O, TM>(\n    StorageManagerConstructor,\n    OptionsConstructor,\n    TransactionManagerConstructor\n  );\n  const WithIdx = mixinIdx(Core);\n  return WithIdx;\n}\n"],"mappings":";;;AAAA;AAOA;AAIO,SAASA,iBAAiB,CAM/BC,yBAAuD,EACvDC,kBAAiD,EACjDC,6BAAgE,EAGlE;EACE,MAAMC,IAAI,GAAG,IAAAC,2BAAkB,EAC7BJ,yBAAyB,EACzBC,kBAAkB,EAClBC,6BAA6B,CAC9B;EACD,MAAMG,OAAO,GAAG,IAAAC,eAAQ,EAACH,IAAI,CAAC;EAC9B,OAAOE,OAAO;AAChB"}
+{"version":3,"file":"OktaAuthIdx.js","names":["createOktaAuthIdx","StorageManagerConstructor","OptionsConstructor","TransactionManagerConstructor","Core","createOktaAuthCore","WithIdx","mixinIdx"],"sources":["../../../../lib/idx/factory/OktaAuthIdx.ts"],"sourcesContent":["import { createOktaAuthCore } from '../../core/factory';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, OktaAuthIdxInterface, OktaAuthIdxConstructor } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { mixinIdx } from '../mixin';\nimport { TransactionManagerConstructor } from '../../oidc/types';\nimport { OktaAuthCoreInterface } from '../../core/types';\n\nexport function createOktaAuthIdx<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n  StorageManagerConstructor: StorageManagerConstructor<S>,\n  OptionsConstructor: OktaAuthOptionsConstructor<O>,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM> & OktaAuthCoreInterface<M, S, O, TM>>\n{\n  const Core = createOktaAuthCore<M, S, O, TM>(\n    StorageManagerConstructor,\n    OptionsConstructor,\n    TransactionManagerConstructor\n  );\n  const WithIdx = mixinIdx(Core);\n  return WithIdx;\n}\n"],"mappings":";;;AAAA;AAOA;AAIO,SAASA,iBAAiB,CAM/BC,yBAAuD,EACvDC,kBAAiD,EACjDC,6BAAgE,EAGlE;EACE,MAAMC,IAAI,GAAG,IAAAC,2BAAkB,EAC7BJ,yBAAyB,EACzBC,kBAAkB,EAClBC,6BAA6B,CAC9B;EACD,MAAMG,OAAO,GAAG,IAAAC,eAAQ,EAACH,IAAI,CAAC;EAC9B,OAAOE,OAAO;AAChB"}

package/cjs/idx/idxState/v1/idxResponseParser.js

@@ -4,7 +4,7 @@ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefau
 exports.parseNonRemediations = exports.parseIdxResponse = void 0;
 var _remediationParser = require("./remediationParser");
 var _generateIdxAction = _interopRequireDefault(require("./generateIdxAction"));
-var _jsonpathPlus = require("jsonpath-plus");
+var _jsonpath = require("../../../util/jsonpath");
 /*!
  * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -81,8 +81,7 @@ const expandRelatesTo = (idxResponse, value) => {
     if (k === 'relatesTo') {
       const query = Array.isArray(value[k]) ? value[k][0] : value[k];
       if (typeof query === 'string') {
-        // eslint-disable-next-line new-cap
-        const result = (0, _jsonpathPlus.JSONPath)({
+        const result = (0, _jsonpath.jsonpath)({
           path: query,
           json: idxResponse
         })[0];

package/cjs/idx/idxState/v1/idxResponseParser.js.map

@@ -1 +1 @@
-{"version":3,"file":"idxResponseParser.js","names":["SKIP_FIELDS","Object","fromEntries","map","field","parseNonRemediations","authClient","idxResponse","toPersist","actions","context","keys","filter","forEach","fieldIsObject","rel","name","generateIdxAction","value","fieldValue","type","info","entries","subField","expandRelatesTo","k","query","Array","isArray","result","JSONPath","path","json","innerValue","convertRemediationAction","remediation","remediationActions","generateRemediationFunctions","actionFn","action","parseIdxResponse","remediationData","remediations"],"sources":["../../../../../lib/idx/idxState/v1/idxResponseParser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { JSONPath } from 'jsonpath-plus';\n\nconst SKIP_FIELDS = Object.fromEntries([\n  'remediation', // remediations are put into proceed/neededToProceed\n  'context', // the API response of 'context' isn't externally useful.  We ignore it and put all non-action (contextual) info into idxState.context\n].map( (field) => [ field, !!'skip this field' ] ));\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ) {\n  const actions = {};\n  const context = {};\n\n  Object.keys(idxResponse)\n    .filter( field => !SKIP_FIELDS[field])\n    .forEach( field => {\n      const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n      if ( !fieldIsObject ) {\n        // simple fields are contextual info\n        context[field] = idxResponse[field];\n        return;\n      }\n\n      if ( idxResponse[field].rel ) {\n        // top level actions\n        actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n        return;\n      }\n\n      const { value: fieldValue, type, ...info} = idxResponse[field];\n      context[field] = { type, ...info}; // add the non-action parts as context\n\n      if ( type !== 'object' ) {\n        // only object values hold actions\n        context[field].value = fieldValue;\n        return;\n      }\n\n      // We are an object field containing an object value\n      context[field].value = {};\n      Object.entries(fieldValue)\n        .forEach( ([subField, value]) => {\n          if (value.rel) { // is [field].value[subField] an action?\n            // add any \"action\" value subfields to actions\n            actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n          } else {\n            // add non-action value subfields to context\n            context[field].value[subField] = value;\n          }\n        });\n    });\n\n  return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n  Object.keys(value).forEach(k => {\n    if (k === 'relatesTo') {\n      const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n      if (typeof query === 'string') {\n        // eslint-disable-next-line new-cap\n        const result = JSONPath({ path: query, json: idxResponse })[0];\n        if (result) {\n          value[k] = result;\n          return;\n        }\n      }\n    }\n    if (Array.isArray(value[k])) {\n      value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n    }\n  });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n  // Only remediation that has `rel` field (indicator for form submission) can have http action\n  if (remediation.rel) {\n    const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n    const actionFn = remediationActions[remediation.name];\n    return {\n      ...remediation,\n      action: actionFn,\n    };\n  }\n  \n  return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n  remediations: IdxRemediation[];\n  context: IdxContext;\n  actions: IdxActions;\n} {\n  const remediationData = idxResponse.remediation?.value || [];\n\n  remediationData.forEach(\n    remediation => expandRelatesTo(idxResponse, remediation)\n  );\n\n  const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n  const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n  return {\n    remediations,\n    context,\n    actions,\n  };\n};\n"],"mappings":";;;;AAgBA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACuD;;AAKvD,MAAMA,WAAW,GAAGC,MAAM,CAACC,WAAW,CAAC,CACrC,aAAa;AAAE;AACf,SAAS,CAAE;AAAA,CACZ,CAACC,GAAG,CAAGC,KAAK,IAAK,CAAEA,KAAK,EAAE,CAAC,CAAC,iBAAiB,CAAE,CAAE,CAAC;AAE5C,MAAMC,oBAAoB,GAAG,SAASA,oBAAoB,CAAEC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAAG;EACjI,MAAMC,OAAO,GAAG,CAAC,CAAC;EAClB,MAAMC,OAAO,GAAG,CAAC,CAAC;EAElBT,MAAM,CAACU,IAAI,CAACJ,WAAW,CAAC,CACrBK,MAAM,CAAER,KAAK,IAAI,CAACJ,WAAW,CAACI,KAAK,CAAC,CAAC,CACrCS,OAAO,CAAET,KAAK,IAAI;IACjB,MAAMU,aAAa,GAAG,OAAOP,WAAW,CAACH,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,CAACG,WAAW,CAACH,KAAK,CAAC;IAEpF,IAAK,CAACU,aAAa,EAAG;MACpB;MACAJ,OAAO,CAACN,KAAK,CAAC,GAAGG,WAAW,CAACH,KAAK,CAAC;MACnC;IACF;IAEA,IAAKG,WAAW,CAACH,KAAK,CAAC,CAACW,GAAG,EAAG;MAC5B;MACAN,OAAO,CAACF,WAAW,CAACH,KAAK,CAAC,CAACY,IAAI,CAAC,GAAG,IAAAC,0BAAiB,EAACX,UAAU,EAAEC,WAAW,CAACH,KAAK,CAAC,EAAEI,SAAS,CAAC;MAC/F;IACF;IAEA,MAAM;MAAEU,KAAK,EAAEC,UAAU;MAAEC,IAAI;MAAE,GAAGC;IAAI,CAAC,GAAGd,WAAW,CAACH,KAAK,CAAC;IAC9DM,OAAO,CAACN,KAAK,CAAC,GAAG;MAAEgB,IAAI;MAAE,GAAGC;IAAI,CAAC,CAAC,CAAC;;IAEnC,IAAKD,IAAI,KAAK,QAAQ,EAAG;MACvB;MACAV,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAGC,UAAU;MACjC;IACF;;IAEA;IACAT,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAG,CAAC,CAAC;IACzBjB,MAAM,CAACqB,OAAO,CAACH,UAAU,CAAC,CACvBN,OAAO,CAAE,CAAC,CAACU,QAAQ,EAAEL,KAAK,CAAC,KAAK;MAC/B,IAAIA,KAAK,CAACH,GAAG,EAAE;QAAE;QACf;QACAN,OAAO,CAAE,GAAEL,KAAM,IAAGmB,QAAQ,CAACP,IAAI,IAAIO,QAAS,EAAC,CAAC,GAAG,IAAAN,0BAAiB,EAACX,UAAU,EAAEY,KAAK,EAAEV,SAAS,CAAC;MACpG,CAAC,MAAM;QACL;QACAE,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,CAACK,QAAQ,CAAC,GAAGL,KAAK;MACxC;IACF,CAAC,CAAC;EACN,CAAC,CAAC;EAEJ,OAAO;IAAER,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;AAAC;AAEF,MAAMe,eAAe,GAAG,CAACjB,WAAW,EAAEW,KAAK,KAAK;EAC9CjB,MAAM,CAACU,IAAI,CAACO,KAAK,CAAC,CAACL,OAAO,CAACY,CAAC,IAAI;IAC9B,IAAIA,CAAC,KAAK,WAAW,EAAE;MACrB,MAAMC,KAAK,GAAGC,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC;MAC9D,IAAI,OAAOC,KAAK,KAAK,QAAQ,EAAE;QAC7B;QACA,MAAMG,MAAM,GAAG,IAAAC,sBAAQ,EAAC;UAAEC,IAAI,EAAEL,KAAK;UAAEM,IAAI,EAAEzB;QAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAIsB,MAAM,EAAE;UACVX,KAAK,CAACO,CAAC,CAAC,GAAGI,MAAM;UACjB;QACF;MACF;IACF;IACA,IAAIF,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,EAAE;MAC3BP,KAAK,CAACO,CAAC,CAAC,CAACZ,OAAO,CAACoB,UAAU,IAAIT,eAAe,CAACjB,WAAW,EAAE0B,UAAU,CAAC,CAAC;IAC1E;EACF,CAAC,CAAC;AACJ,CAAC;AAED,MAAMC,wBAAwB,GAAG,CAAC5B,UAAgC,EAAE6B,WAAW,EAAE3B,SAAS,KAAK;EAC7F;EACA,IAAI2B,WAAW,CAACpB,GAAG,EAAE;IACnB,MAAMqB,kBAAkB,GAAG,IAAAC,+CAA4B,EAAE/B,UAAU,EAAE,CAAC6B,WAAW,CAAC,EAAE3B,SAAS,CAAE;IAC/F,MAAM8B,QAAQ,GAAGF,kBAAkB,CAACD,WAAW,CAACnB,IAAI,CAAC;IACrD,OAAO;MACL,GAAGmB,WAAW;MACdI,MAAM,EAAED;IACV,CAAC;EACH;EAEA,OAAOH,WAAW;AACpB,CAAC;AAEM,MAAMK,gBAAgB,GAAG,SAASA,gBAAgB,CAAElC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAItH;EAAA;EACA,MAAMiC,eAAe,GAAG,0BAAAlC,WAAW,CAAC4B,WAAW,0DAAvB,sBAAyBjB,KAAK,KAAI,EAAE;EAE5DuB,eAAe,CAAC5B,OAAO,CACrBsB,WAAW,IAAIX,eAAe,CAACjB,WAAW,EAAE4B,WAAW,CAAC,CACzD;EAED,MAAMO,YAAY,GAAGD,eAAe,CAACtC,GAAG,CAACgC,WAAW,IAAID,wBAAwB,CAAE5B,UAAU,EAAE6B,WAAW,EAAE3B,SAAS,CAAE,CAAC;EAEvH,MAAM;IAAEE,OAAO;IAAED;EAAQ,CAAC,GAAGJ,oBAAoB,CAAEC,UAAU,EAAEC,WAAW,EAAEC,SAAS,CAAE;EAEvF,OAAO;IACLkC,YAAY;IACZhC,OAAO;IACPD;EACF,CAAC;AACH,CAAC;AAAC"}
+{"version":3,"file":"idxResponseParser.js","names":["SKIP_FIELDS","Object","fromEntries","map","field","parseNonRemediations","authClient","idxResponse","toPersist","actions","context","keys","filter","forEach","fieldIsObject","rel","name","generateIdxAction","value","fieldValue","type","info","entries","subField","expandRelatesTo","k","query","Array","isArray","result","jsonpath","path","json","innerValue","convertRemediationAction","remediation","remediationActions","generateRemediationFunctions","actionFn","action","parseIdxResponse","remediationData","remediations"],"sources":["../../../../../lib/idx/idxState/v1/idxResponseParser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { jsonpath } from '../../../util/jsonpath';\n\nconst SKIP_FIELDS = Object.fromEntries([\n  'remediation', // remediations are put into proceed/neededToProceed\n  'context', // the API response of 'context' isn't externally useful.  We ignore it and put all non-action (contextual) info into idxState.context\n].map( (field) => [ field, !!'skip this field' ] ));\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ) {\n  const actions = {};\n  const context = {};\n\n  Object.keys(idxResponse)\n    .filter( field => !SKIP_FIELDS[field])\n    .forEach( field => {\n      const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n      if ( !fieldIsObject ) {\n        // simple fields are contextual info\n        context[field] = idxResponse[field];\n        return;\n      }\n\n      if ( idxResponse[field].rel ) {\n        // top level actions\n        actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n        return;\n      }\n\n      const { value: fieldValue, type, ...info} = idxResponse[field];\n      context[field] = { type, ...info}; // add the non-action parts as context\n\n      if ( type !== 'object' ) {\n        // only object values hold actions\n        context[field].value = fieldValue;\n        return;\n      }\n\n      // We are an object field containing an object value\n      context[field].value = {};\n      Object.entries(fieldValue)\n        .forEach( ([subField, value]) => {\n          if (value.rel) { // is [field].value[subField] an action?\n            // add any \"action\" value subfields to actions\n            actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n          } else {\n            // add non-action value subfields to context\n            context[field].value[subField] = value;\n          }\n        });\n    });\n\n  return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n  Object.keys(value).forEach(k => {\n    if (k === 'relatesTo') {\n      const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n      if (typeof query === 'string') {\n        const result = jsonpath({ path: query, json: idxResponse })[0];\n        if (result) {\n          value[k] = result;\n          return;\n        }\n      }\n    }\n    if (Array.isArray(value[k])) {\n      value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n    }\n  });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n  // Only remediation that has `rel` field (indicator for form submission) can have http action\n  if (remediation.rel) {\n    const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n    const actionFn = remediationActions[remediation.name];\n    return {\n      ...remediation,\n      action: actionFn,\n    };\n  }\n\n  return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n  remediations: IdxRemediation[];\n  context: IdxContext;\n  actions: IdxActions;\n} {\n  const remediationData = idxResponse.remediation?.value || [];\n\n  remediationData.forEach(\n    remediation => expandRelatesTo(idxResponse, remediation)\n  );\n\n  const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n  const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n  return {\n    remediations,\n    context,\n    actions,\n  };\n};\n"],"mappings":";;;;AAgBA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACuD;;AAKvD,MAAMA,WAAW,GAAGC,MAAM,CAACC,WAAW,CAAC,CACrC,aAAa;AAAE;AACf,SAAS,CAAE;AAAA,CACZ,CAACC,GAAG,CAAGC,KAAK,IAAK,CAAEA,KAAK,EAAE,CAAC,CAAC,iBAAiB,CAAE,CAAE,CAAC;AAE5C,MAAMC,oBAAoB,GAAG,SAASA,oBAAoB,CAAEC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAAG;EACjI,MAAMC,OAAO,GAAG,CAAC,CAAC;EAClB,MAAMC,OAAO,GAAG,CAAC,CAAC;EAElBT,MAAM,CAACU,IAAI,CAACJ,WAAW,CAAC,CACrBK,MAAM,CAAER,KAAK,IAAI,CAACJ,WAAW,CAACI,KAAK,CAAC,CAAC,CACrCS,OAAO,CAAET,KAAK,IAAI;IACjB,MAAMU,aAAa,GAAG,OAAOP,WAAW,CAACH,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,CAACG,WAAW,CAACH,KAAK,CAAC;IAEpF,IAAK,CAACU,aAAa,EAAG;MACpB;MACAJ,OAAO,CAACN,KAAK,CAAC,GAAGG,WAAW,CAACH,KAAK,CAAC;MACnC;IACF;IAEA,IAAKG,WAAW,CAACH,KAAK,CAAC,CAACW,GAAG,EAAG;MAC5B;MACAN,OAAO,CAACF,WAAW,CAACH,KAAK,CAAC,CAACY,IAAI,CAAC,GAAG,IAAAC,0BAAiB,EAACX,UAAU,EAAEC,WAAW,CAACH,KAAK,CAAC,EAAEI,SAAS,CAAC;MAC/F;IACF;IAEA,MAAM;MAAEU,KAAK,EAAEC,UAAU;MAAEC,IAAI;MAAE,GAAGC;IAAI,CAAC,GAAGd,WAAW,CAACH,KAAK,CAAC;IAC9DM,OAAO,CAACN,KAAK,CAAC,GAAG;MAAEgB,IAAI;MAAE,GAAGC;IAAI,CAAC,CAAC,CAAC;;IAEnC,IAAKD,IAAI,KAAK,QAAQ,EAAG;MACvB;MACAV,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAGC,UAAU;MACjC;IACF;;IAEA;IACAT,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAG,CAAC,CAAC;IACzBjB,MAAM,CAACqB,OAAO,CAACH,UAAU,CAAC,CACvBN,OAAO,CAAE,CAAC,CAACU,QAAQ,EAAEL,KAAK,CAAC,KAAK;MAC/B,IAAIA,KAAK,CAACH,GAAG,EAAE;QAAE;QACf;QACAN,OAAO,CAAE,GAAEL,KAAM,IAAGmB,QAAQ,CAACP,IAAI,IAAIO,QAAS,EAAC,CAAC,GAAG,IAAAN,0BAAiB,EAACX,UAAU,EAAEY,KAAK,EAAEV,SAAS,CAAC;MACpG,CAAC,MAAM;QACL;QACAE,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,CAACK,QAAQ,CAAC,GAAGL,KAAK;MACxC;IACF,CAAC,CAAC;EACN,CAAC,CAAC;EAEJ,OAAO;IAAER,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;AAAC;AAEF,MAAMe,eAAe,GAAG,CAACjB,WAAW,EAAEW,KAAK,KAAK;EAC9CjB,MAAM,CAACU,IAAI,CAACO,KAAK,CAAC,CAACL,OAAO,CAACY,CAAC,IAAI;IAC9B,IAAIA,CAAC,KAAK,WAAW,EAAE;MACrB,MAAMC,KAAK,GAAGC,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC;MAC9D,IAAI,OAAOC,KAAK,KAAK,QAAQ,EAAE;QAC7B,MAAMG,MAAM,GAAG,IAAAC,kBAAQ,EAAC;UAAEC,IAAI,EAAEL,KAAK;UAAEM,IAAI,EAAEzB;QAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAIsB,MAAM,EAAE;UACVX,KAAK,CAACO,CAAC,CAAC,GAAGI,MAAM;UACjB;QACF;MACF;IACF;IACA,IAAIF,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,EAAE;MAC3BP,KAAK,CAACO,CAAC,CAAC,CAACZ,OAAO,CAACoB,UAAU,IAAIT,eAAe,CAACjB,WAAW,EAAE0B,UAAU,CAAC,CAAC;IAC1E;EACF,CAAC,CAAC;AACJ,CAAC;AAED,MAAMC,wBAAwB,GAAG,CAAC5B,UAAgC,EAAE6B,WAAW,EAAE3B,SAAS,KAAK;EAC7F;EACA,IAAI2B,WAAW,CAACpB,GAAG,EAAE;IACnB,MAAMqB,kBAAkB,GAAG,IAAAC,+CAA4B,EAAE/B,UAAU,EAAE,CAAC6B,WAAW,CAAC,EAAE3B,SAAS,CAAE;IAC/F,MAAM8B,QAAQ,GAAGF,kBAAkB,CAACD,WAAW,CAACnB,IAAI,CAAC;IACrD,OAAO;MACL,GAAGmB,WAAW;MACdI,MAAM,EAAED;IACV,CAAC;EACH;EAEA,OAAOH,WAAW;AACpB,CAAC;AAEM,MAAMK,gBAAgB,GAAG,SAASA,gBAAgB,CAAElC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAItH;EAAA;EACA,MAAMiC,eAAe,GAAG,0BAAAlC,WAAW,CAAC4B,WAAW,0DAAvB,sBAAyBjB,KAAK,KAAI,EAAE;EAE5DuB,eAAe,CAAC5B,OAAO,CACrBsB,WAAW,IAAIX,eAAe,CAACjB,WAAW,EAAE4B,WAAW,CAAC,CACzD;EAED,MAAMO,YAAY,GAAGD,eAAe,CAACtC,GAAG,CAACgC,WAAW,IAAID,wBAAwB,CAAE5B,UAAU,EAAE6B,WAAW,EAAE3B,SAAS,CAAE,CAAC;EAEvH,MAAM;IAAEE,OAAO;IAAED;EAAQ,CAAC,GAAGJ,oBAAoB,CAAEC,UAAU,EAAEC,WAAW,EAAEC,SAAS,CAAE;EAEvF,OAAO;IACLkC,YAAY;IACZhC,OAAO;IACPD;EACF,CAAC;AACH,CAAC;AAAC"}

package/cjs/idx/mixin.js.map

@@ -1 +1 @@
-{"version":3,"file":"mixin.js","names":["mixinIdx","Base","OktaAuthIdx","constructor","args","idx","createIdxAPI","webauthn"],"sources":["../../../lib/idx/mixin.ts"],"sourcesContent":["import { OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport { IdxAPI, IdxTransactionManagerInterface, OktaAuthIdxInterface, OktaAuthIdxOptions } from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport { WebauthnAPI } from './webauthn';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n  return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n  {\n    idx: IdxAPI;\n    static webauthn: WebauthnAPI = webauthn;\n    \n    constructor(...args: any[]) {\n      super(...args);\n      this.idx = createIdxAPI(this);\n    }\n  };\n}\n"],"mappings":";;;;;AAKA;AAEA;AAAuC;AAAA;AAEhC,SAASA,QAAQ,CASvBC,IAAW,EACZ;EAAA;EACE,gBAAO,MAAMC,WAAW,SAASD,IAAI,CACrC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MACd,IAAI,CAACC,GAAG,GAAG,IAAAC,iBAAY,EAAC,IAAI,CAAC;IAC/B;EACF,CAAC,oDANgCC,QAAQ;AAO3C"}
+{"version":3,"file":"mixin.js","names":["mixinIdx","Base","OktaAuthIdx","constructor","args","idx","createIdxAPI","webauthn"],"sources":["../../../lib/idx/mixin.ts"],"sourcesContent":["import { OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport {\n  IdxAPI, \n  IdxTransactionManagerInterface, \n  OktaAuthIdxInterface, \n  OktaAuthIdxConstructor, \n  OktaAuthIdxOptions, \n  WebauthnAPI\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n  return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n  {\n    idx: IdxAPI;\n    static webauthn: WebauthnAPI = webauthn;\n    \n    constructor(...args: any[]) {\n      super(...args);\n      this.idx = createIdxAPI(this);\n    }\n  };\n}\n"],"mappings":";;;;;AAYA;AACA;AAAuC;AAAA;AAEhC,SAASA,QAAQ,CASvBC,IAAW,EACZ;EAAA;EACE,gBAAO,MAAMC,WAAW,SAASD,IAAI,CACrC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MACd,IAAI,CAACC,GAAG,GAAG,IAAAC,iBAAY,EAAC,IAAI,CAAC;IAC/B;EACF,CAAC,oDANgCC,QAAQ;AAO3C"}

package/cjs/idx/types/api.js.map

@@ -1 +1 @@
-{"version":3,"file":"api.js","names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"sources":["../../../../lib/idx/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n  OktaAuthOAuthInterface,\n  Tokens,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n  IdxToPersist,\n} from './idx-js';\nimport {\n  AccountUnlockOptions,\n  AuthenticationOptions,\n  CancelOptions,\n  InteractOptions,\n  IntrospectOptions,\n  OktaAuthIdxOptions,\n  PasswordRecoveryOptions,\n  ProceedOptions,\n  RegistrationOptions,\n  StartOptions,\n  IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  mutable?: boolean;\n  visible?: boolean;\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  refresh?: number;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n  channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n  state: string;\n  otp: string;\n}\n\nexport interface IdxAPI {\n  // lowest level api\n  interact: (options?: InteractOptions) => Promise<InteractResponse>;\n  introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n  makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n  // flow entrypoints\n  authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n  register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n  recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n  unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n  poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n  // flow control\n  start: (options?: StartOptions) => Promise<IdxTransaction>;\n  canProceed(options?: ProceedOptions): boolean;\n  proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n  cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n  getFlow(): FlowIdentifier | undefined;\n  setFlow(flow: FlowIdentifier): void;\n\n  // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n  startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n  // redirect callbacks\n  isInteractionRequired: (hashOrSearch?: string) => boolean;\n  isInteractionRequiredError: (error: Error) => boolean; \n  handleInteractionCodeRedirect: (url: string) => Promise<void>;\n  isEmailVerifyCallback: (search: string) => boolean;\n  parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n  handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n  isEmailVerifyCallbackError: (error: Error) => boolean;\n\n  // transaction meta\n  getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n  createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  saveTransactionMeta: (meta: unknown) => void;\n  clearTransactionMeta: () => void;\n  isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n  saveIdxResponse(data: SavedIdxResponse): void;\n  loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n  clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface OktaAuthIdxInterface\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n  extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  idx: IdxAPI;\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IAkDYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAQTC,gBAAgB;AAAA;AAAA,WAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;AAAA,GAAhBA,gBAAgB,gCAAhBA,gBAAgB;AAAA,IAkDhBC,UAAU;AAAA;AAAA,WAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;AAAA,GAAVA,UAAU,0BAAVA,UAAU;AAsCf,SAASC,eAAe,CAACC,GAAQ,EAAwB;EAC9D,OAAOA,GAAG,KAAKA,GAAG,CAACC,GAAG,IAAID,GAAG,CAACE,EAAE,CAAC;AACnC"}
+{"version":3,"file":"api.js","names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"sources":["../../../../lib/idx/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n  OktaAuthOAuthInterface,\n  Tokens,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n  IdxToPersist,\n  ChallengeData,\n  ActivationData,\n} from './idx-js';\nimport {\n  AccountUnlockOptions,\n  AuthenticationOptions,\n  CancelOptions,\n  InteractOptions,\n  IntrospectOptions,\n  OktaAuthIdxOptions,\n  PasswordRecoveryOptions,\n  ProceedOptions,\n  RegistrationOptions,\n  StartOptions,\n  IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n  WebauthnEnrollValues,\n  WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor } from '../../base/types';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  mutable?: boolean;\n  visible?: boolean;\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  refresh?: number;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n  channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n  state: string;\n  otp: string;\n}\n\nexport interface IdxAPI {\n  // lowest level api\n  interact: (options?: InteractOptions) => Promise<InteractResponse>;\n  introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n  makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n  // flow entrypoints\n  authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n  register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n  recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n  unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n  poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n  // flow control\n  start: (options?: StartOptions) => Promise<IdxTransaction>;\n  canProceed(options?: ProceedOptions): boolean;\n  proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n  cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n  getFlow(): FlowIdentifier | undefined;\n  setFlow(flow: FlowIdentifier): void;\n\n  // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n  startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n  // redirect callbacks\n  isInteractionRequired: (hashOrSearch?: string) => boolean;\n  isInteractionRequiredError: (error: Error) => boolean; \n  handleInteractionCodeRedirect: (url: string) => Promise<void>;\n  isEmailVerifyCallback: (search: string) => boolean;\n  parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n  handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n  isEmailVerifyCallbackError: (error: Error) => boolean;\n\n  // transaction meta\n  getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n  createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  saveTransactionMeta: (meta: unknown) => void;\n  clearTransactionMeta: () => void;\n  isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n  saveIdxResponse(data: SavedIdxResponse): void;\n  loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n  clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n  getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n  getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n  buildCredentialRequestOptions(\n    challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialRequestOptions;\n  buildCredentialCreationOptions(\n    activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialCreationOptions;\n}\n\nexport interface OktaAuthIdxInterface\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n  extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  idx: IdxAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n  I extends OktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n  new(...args: any[]): I;\n  webauthn: WebauthnAPI;\n}\n\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IAyDYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAQTC,gBAAgB;AAAA;AAAA,WAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;AAAA,GAAhBA,gBAAgB,gCAAhBA,gBAAgB;AAAA,IAkDhBC,UAAU;AAAA;AAAA,WAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;AAAA,GAAVA,UAAU,0BAAVA,UAAU;AAsCf,SAASC,eAAe,CAACC,GAAQ,EAAwB;EAC9D,OAAOA,GAAG,KAAKA,GAAG,CAACC,GAAG,IAAID,GAAG,CAACE,EAAE,CAAC;AACnC"}

package/cjs/idx/webauthn.js.map

@@ -1 +1 @@
-{"version":3,"file":"webauthn.js","names":["getEnrolledCredentials","authenticatorEnrollments","credentials","forEach","enrollement","key","push","type","id","base64UrlToBuffer","credentialId","buildCredentialCreationOptions","activationData","publicKey","rp","user","name","displayName","challenge","pubKeyCredParams","attestation","authenticatorSelection","excludeCredentials","buildCredentialRequestOptions","challengeData","userVerification","allowCredentials","getAttestation","credential","response","clientData","bufferToBase64Url","clientDataJSON","attestationObject","getAssertion","authenticatorData","signatureData","signature"],"sources":["../../../lib/idx/webauthn.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { base64UrlToBuffer, bufferToBase64Url } from '../crypto/base64';\nimport {\n  ActivationData,\n  ChallengeData,\n  IdxAuthenticator,\n  WebauthnEnrollValues,\n  WebauthnVerificationValues\n} from './types';\n\n\nexport interface WebauthnAPI {\n  getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n  getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n  buildCredentialRequestOptions(\n    challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialRequestOptions;\n  buildCredentialCreationOptions(\n    activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialCreationOptions;\n}\n\n\n// Get known credentials from list of enrolled authenticators\nconst getEnrolledCredentials = (authenticatorEnrollments: IdxAuthenticator[] = []) => {\n  const credentials: PublicKeyCredentialDescriptor[] = [];\n  authenticatorEnrollments.forEach((enrollement) => {\n    if (enrollement.key === 'webauthn') {\n      credentials.push({\n        type: 'public-key',\n        id: base64UrlToBuffer(enrollement.credentialId),\n      });\n    }\n  });\n  return credentials;\n};\n\n// Build options for navigator.credentials.create\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create\nexport const buildCredentialCreationOptions = (\n  activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n  return {\n    publicKey: {\n      rp: activationData.rp,\n      user: {\n        id: base64UrlToBuffer(activationData.user.id),\n        name: activationData.user.name,\n        displayName: activationData.user.displayName\n      },\n      challenge: base64UrlToBuffer(activationData.challenge),\n      pubKeyCredParams: activationData.pubKeyCredParams,\n      attestation: activationData.attestation,\n      authenticatorSelection: activationData.authenticatorSelection,\n      excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),\n    }\n  } as CredentialCreationOptions;\n};\n\n\n// Build options for navigator.credentials.get\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get\nexport const buildCredentialRequestOptions = (\n  challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n  return {\n    publicKey: {\n      challenge: base64UrlToBuffer(challengeData.challenge),\n      userVerification: challengeData.userVerification,\n      allowCredentials: getEnrolledCredentials(authenticatorEnrollments),\n    }\n  } as CredentialRequestOptions;\n};\n\n// Build attestation for webauthn enroll\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse\nexport const getAttestation = (credential: PublicKeyCredential) => {\n  const response = credential.response as AuthenticatorAttestationResponse;\n  const id = credential.id;\n  const clientData = bufferToBase64Url(response.clientDataJSON);\n  const attestation = bufferToBase64Url(response.attestationObject);\n  return {\n    id,\n    clientData,\n    attestation\n  };\n};\n\n// Build assertion for webauthn verification\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse\nexport const getAssertion = (credential: PublicKeyCredential) => {\n  const response = credential.response as AuthenticatorAssertionResponse;\n  const id = credential.id;\n  const clientData = bufferToBase64Url(response.clientDataJSON);\n  const authenticatorData = bufferToBase64Url(response.authenticatorData);\n  const signatureData = bufferToBase64Url(response.signature);\n  return {\n    id,\n    clientData,\n    authenticatorData,\n    signatureData\n  };\n};\n"],"mappings":";;;AAYA;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAwBA;AACA,MAAMA,sBAAsB,GAAG,CAACC,wBAA4C,GAAG,EAAE,KAAK;EACpF,MAAMC,WAA4C,GAAG,EAAE;EACvDD,wBAAwB,CAACE,OAAO,CAAEC,WAAW,IAAK;IAChD,IAAIA,WAAW,CAACC,GAAG,KAAK,UAAU,EAAE;MAClCH,WAAW,CAACI,IAAI,CAAC;QACfC,IAAI,EAAE,YAAY;QAClBC,EAAE,EAAE,IAAAC,uBAAiB,EAACL,WAAW,CAACM,YAAY;MAChD,CAAC,CAAC;IACJ;EACF,CAAC,CAAC;EACF,OAAOR,WAAW;AACpB,CAAC;;AAED;AACA;AACO,MAAMS,8BAA8B,GAAG,CAC5CC,cAA8B,EAAEX,wBAA4C,KACzE;EACH,OAAO;IACLY,SAAS,EAAE;MACTC,EAAE,EAAEF,cAAc,CAACE,EAAE;MACrBC,IAAI,EAAE;QACJP,EAAE,EAAE,IAAAC,uBAAiB,EAACG,cAAc,CAACG,IAAI,CAACP,EAAE,CAAC;QAC7CQ,IAAI,EAAEJ,cAAc,CAACG,IAAI,CAACC,IAAI;QAC9BC,WAAW,EAAEL,cAAc,CAACG,IAAI,CAACE;MACnC,CAAC;MACDC,SAAS,EAAE,IAAAT,uBAAiB,EAACG,cAAc,CAACM,SAAS,CAAC;MACtDC,gBAAgB,EAAEP,cAAc,CAACO,gBAAgB;MACjDC,WAAW,EAAER,cAAc,CAACQ,WAAW;MACvCC,sBAAsB,EAAET,cAAc,CAACS,sBAAsB;MAC7DC,kBAAkB,EAAEtB,sBAAsB,CAACC,wBAAwB;IACrE;EACF,CAAC;AACH,CAAC;;AAGD;AACA;AAAA;AACO,MAAMsB,6BAA6B,GAAG,CAC3CC,aAA4B,EAAEvB,wBAA4C,KACvE;EACH,OAAO;IACLY,SAAS,EAAE;MACTK,SAAS,EAAE,IAAAT,uBAAiB,EAACe,aAAa,CAACN,SAAS,CAAC;MACrDO,gBAAgB,EAAED,aAAa,CAACC,gBAAgB;MAChDC,gBAAgB,EAAE1B,sBAAsB,CAACC,wBAAwB;IACnE;EACF,CAAC;AACH,CAAC;;AAED;AACA;AAAA;AACO,MAAM0B,cAAc,GAAIC,UAA+B,IAAK;EACjE,MAAMC,QAAQ,GAAGD,UAAU,CAACC,QAA4C;EACxE,MAAMrB,EAAE,GAAGoB,UAAU,CAACpB,EAAE;EACxB,MAAMsB,UAAU,GAAG,IAAAC,uBAAiB,EAACF,QAAQ,CAACG,cAAc,CAAC;EAC7D,MAAMZ,WAAW,GAAG,IAAAW,uBAAiB,EAACF,QAAQ,CAACI,iBAAiB,CAAC;EACjE,OAAO;IACLzB,EAAE;IACFsB,UAAU;IACVV;EACF,CAAC;AACH,CAAC;;AAED;AACA;AAAA;AACO,MAAMc,YAAY,GAAIN,UAA+B,IAAK;EAC/D,MAAMC,QAAQ,GAAGD,UAAU,CAACC,QAA0C;EACtE,MAAMrB,EAAE,GAAGoB,UAAU,CAACpB,EAAE;EACxB,MAAMsB,UAAU,GAAG,IAAAC,uBAAiB,EAACF,QAAQ,CAACG,cAAc,CAAC;EAC7D,MAAMG,iBAAiB,GAAG,IAAAJ,uBAAiB,EAACF,QAAQ,CAACM,iBAAiB,CAAC;EACvE,MAAMC,aAAa,GAAG,IAAAL,uBAAiB,EAACF,QAAQ,CAACQ,SAAS,CAAC;EAC3D,OAAO;IACL7B,EAAE;IACFsB,UAAU;IACVK,iBAAiB;IACjBC;EACF,CAAC;AACH,CAAC;AAAC"}
+{"version":3,"file":"webauthn.js","names":["getEnrolledCredentials","authenticatorEnrollments","credentials","forEach","enrollement","key","push","type","id","base64UrlToBuffer","credentialId","buildCredentialCreationOptions","activationData","publicKey","rp","user","name","displayName","challenge","pubKeyCredParams","attestation","authenticatorSelection","excludeCredentials","buildCredentialRequestOptions","challengeData","userVerification","allowCredentials","getAttestation","credential","response","clientData","bufferToBase64Url","clientDataJSON","attestationObject","getAssertion","authenticatorData","signatureData","signature"],"sources":["../../../lib/idx/webauthn.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { base64UrlToBuffer, bufferToBase64Url } from '../crypto/base64';\nimport {\n  ActivationData,\n  ChallengeData,\n  IdxAuthenticator,\n} from './types';\n\n\n// Get known credentials from list of enrolled authenticators\nconst getEnrolledCredentials = (authenticatorEnrollments: IdxAuthenticator[] = []) => {\n  const credentials: PublicKeyCredentialDescriptor[] = [];\n  authenticatorEnrollments.forEach((enrollement) => {\n    if (enrollement.key === 'webauthn') {\n      credentials.push({\n        type: 'public-key',\n        id: base64UrlToBuffer(enrollement.credentialId),\n      });\n    }\n  });\n  return credentials;\n};\n\n// Build options for navigator.credentials.create\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create\nexport const buildCredentialCreationOptions = (\n  activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n  return {\n    publicKey: {\n      rp: activationData.rp,\n      user: {\n        id: base64UrlToBuffer(activationData.user.id),\n        name: activationData.user.name,\n        displayName: activationData.user.displayName\n      },\n      challenge: base64UrlToBuffer(activationData.challenge),\n      pubKeyCredParams: activationData.pubKeyCredParams,\n      attestation: activationData.attestation,\n      authenticatorSelection: activationData.authenticatorSelection,\n      excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),\n    }\n  } as CredentialCreationOptions;\n};\n\n\n// Build options for navigator.credentials.get\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get\nexport const buildCredentialRequestOptions = (\n  challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n  return {\n    publicKey: {\n      challenge: base64UrlToBuffer(challengeData.challenge),\n      userVerification: challengeData.userVerification,\n      allowCredentials: getEnrolledCredentials(authenticatorEnrollments),\n    }\n  } as CredentialRequestOptions;\n};\n\n// Build attestation for webauthn enroll\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse\nexport const getAttestation = (credential: PublicKeyCredential) => {\n  const response = credential.response as AuthenticatorAttestationResponse;\n  const id = credential.id;\n  const clientData = bufferToBase64Url(response.clientDataJSON);\n  const attestation = bufferToBase64Url(response.attestationObject);\n  return {\n    id,\n    clientData,\n    attestation\n  };\n};\n\n// Build assertion for webauthn verification\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse\nexport const getAssertion = (credential: PublicKeyCredential) => {\n  const response = credential.response as AuthenticatorAssertionResponse;\n  const id = credential.id;\n  const clientData = bufferToBase64Url(response.clientDataJSON);\n  const authenticatorData = bufferToBase64Url(response.authenticatorData);\n  const signatureData = bufferToBase64Url(response.signature);\n  return {\n    id,\n    clientData,\n    authenticatorData,\n    signatureData\n  };\n};\n"],"mappings":";;;AAYA;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAUA;AACA,MAAMA,sBAAsB,GAAG,CAACC,wBAA4C,GAAG,EAAE,KAAK;EACpF,MAAMC,WAA4C,GAAG,EAAE;EACvDD,wBAAwB,CAACE,OAAO,CAAEC,WAAW,IAAK;IAChD,IAAIA,WAAW,CAACC,GAAG,KAAK,UAAU,EAAE;MAClCH,WAAW,CAACI,IAAI,CAAC;QACfC,IAAI,EAAE,YAAY;QAClBC,EAAE,EAAE,IAAAC,uBAAiB,EAACL,WAAW,CAACM,YAAY;MAChD,CAAC,CAAC;IACJ;EACF,CAAC,CAAC;EACF,OAAOR,WAAW;AACpB,CAAC;;AAED;AACA;AACO,MAAMS,8BAA8B,GAAG,CAC5CC,cAA8B,EAAEX,wBAA4C,KACzE;EACH,OAAO;IACLY,SAAS,EAAE;MACTC,EAAE,EAAEF,cAAc,CAACE,EAAE;MACrBC,IAAI,EAAE;QACJP,EAAE,EAAE,IAAAC,uBAAiB,EAACG,cAAc,CAACG,IAAI,CAACP,EAAE,CAAC;QAC7CQ,IAAI,EAAEJ,cAAc,CAACG,IAAI,CAACC,IAAI;QAC9BC,WAAW,EAAEL,cAAc,CAACG,IAAI,CAACE;MACnC,CAAC;MACDC,SAAS,EAAE,IAAAT,uBAAiB,EAACG,cAAc,CAACM,SAAS,CAAC;MACtDC,gBAAgB,EAAEP,cAAc,CAACO,gBAAgB;MACjDC,WAAW,EAAER,cAAc,CAACQ,WAAW;MACvCC,sBAAsB,EAAET,cAAc,CAACS,sBAAsB;MAC7DC,kBAAkB,EAAEtB,sBAAsB,CAACC,wBAAwB;IACrE;EACF,CAAC;AACH,CAAC;;AAGD;AACA;AAAA;AACO,MAAMsB,6BAA6B,GAAG,CAC3CC,aAA4B,EAAEvB,wBAA4C,KACvE;EACH,OAAO;IACLY,SAAS,EAAE;MACTK,SAAS,EAAE,IAAAT,uBAAiB,EAACe,aAAa,CAACN,SAAS,CAAC;MACrDO,gBAAgB,EAAED,aAAa,CAACC,gBAAgB;MAChDC,gBAAgB,EAAE1B,sBAAsB,CAACC,wBAAwB;IACnE;EACF,CAAC;AACH,CAAC;;AAED;AACA;AAAA;AACO,MAAM0B,cAAc,GAAIC,UAA+B,IAAK;EACjE,MAAMC,QAAQ,GAAGD,UAAU,CAACC,QAA4C;EACxE,MAAMrB,EAAE,GAAGoB,UAAU,CAACpB,EAAE;EACxB,MAAMsB,UAAU,GAAG,IAAAC,uBAAiB,EAACF,QAAQ,CAACG,cAAc,CAAC;EAC7D,MAAMZ,WAAW,GAAG,IAAAW,uBAAiB,EAACF,QAAQ,CAACI,iBAAiB,CAAC;EACjE,OAAO;IACLzB,EAAE;IACFsB,UAAU;IACVV;EACF,CAAC;AACH,CAAC;;AAED;AACA;AAAA;AACO,MAAMc,YAAY,GAAIN,UAA+B,IAAK;EAC/D,MAAMC,QAAQ,GAAGD,UAAU,CAACC,QAA0C;EACtE,MAAMrB,EAAE,GAAGoB,UAAU,CAACpB,EAAE;EACxB,MAAMsB,UAAU,GAAG,IAAAC,uBAAiB,EAACF,QAAQ,CAACG,cAAc,CAAC;EAC7D,MAAMG,iBAAiB,GAAG,IAAAJ,uBAAiB,EAACF,QAAQ,CAACM,iBAAiB,CAAC;EACvE,MAAMC,aAAa,GAAG,IAAAL,uBAAiB,EAACF,QAAQ,CAACQ,SAAS,CAAC;EAC3D,OAAO;IACL7B,EAAE;IACFsB,UAAU;IACVK,iBAAiB;IACjBC;EACF,CAAC;AACH,CAAC;AAAC"}