npm - @okta/okta-auth-js - Versions diffs - 7.11.0 → 7.12.0-rc1 - Mend

@okta/okta-auth-js 7.11.0 → 7.12.0-rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

package/CHANGELOG.md +14 -0
package/README.md +59 -0
package/cjs/core/mixin.js +14 -0
package/cjs/core/mixin.js.map +1 -1
package/cjs/http/OktaUserAgent.js +2 -2
package/cjs/http/OktaUserAgent.js.map +1 -1
package/cjs/myaccount/request.js +24 -5
package/cjs/myaccount/request.js.map +1 -1
package/cjs/myaccount/transactions/Base.js.map +1 -1
package/cjs/myaccount/types.js.map +1 -1
package/cjs/oidc/factory/api.js +1 -0
package/cjs/oidc/factory/api.js.map +1 -1
package/cjs/oidc/getToken.js +17 -3
package/cjs/oidc/getToken.js.map +1 -1
package/cjs/oidc/getWithPopup.js +48 -0
package/cjs/oidc/getWithPopup.js.map +1 -1
package/cjs/oidc/handleOAuthResponse.js.map +1 -1
package/cjs/oidc/index.js +7 -0
package/cjs/oidc/index.js.map +1 -1
package/cjs/oidc/types/api.js.map +1 -1
package/cjs/oidc/util/browser.js +27 -1
package/cjs/oidc/util/browser.js.map +1 -1
package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
package/dist/okta-auth-js.authn.min.js +1 -1
package/dist/okta-auth-js.authn.min.js.map +1 -1
package/dist/okta-auth-js.core.min.analyzer.html +2 -2
package/dist/okta-auth-js.core.min.js +1 -1
package/dist/okta-auth-js.core.min.js.map +1 -1
package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
package/dist/okta-auth-js.idx.min.js +1 -1
package/dist/okta-auth-js.idx.min.js.map +1 -1
package/dist/okta-auth-js.min.analyzer.html +2 -2
package/dist/okta-auth-js.min.js +1 -1
package/dist/okta-auth-js.min.js.map +1 -1
package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
package/dist/okta-auth-js.myaccount.min.js +1 -1
package/dist/okta-auth-js.myaccount.min.js.map +1 -1
package/esm/browser/core/mixin.js +13 -0
package/esm/browser/core/mixin.js.map +1 -1
package/esm/browser/exports/exports/authn.js +2 -2
package/esm/browser/exports/exports/core.js +2 -2
package/esm/browser/exports/exports/default.js +2 -2
package/esm/browser/exports/exports/idx.js +2 -2
package/esm/browser/exports/exports/myaccount.js +2 -2
package/esm/browser/http/OktaUserAgent.js +2 -2
package/esm/browser/http/OktaUserAgent.js.map +1 -1
package/esm/browser/myaccount/request.js +21 -3
package/esm/browser/myaccount/request.js.map +1 -1
package/esm/browser/myaccount/transactions/Base.js.map +1 -1
package/esm/browser/myaccount/types.js.map +1 -1
package/esm/browser/oidc/factory/api.js +2 -1
package/esm/browser/oidc/factory/api.js.map +1 -1
package/esm/browser/oidc/getToken.js +15 -3
package/esm/browser/oidc/getToken.js.map +1 -1
package/esm/browser/oidc/getWithPopup.js +46 -1
package/esm/browser/oidc/getWithPopup.js.map +1 -1
package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
package/esm/browser/oidc/util/browser.js +25 -2
package/esm/browser/oidc/util/browser.js.map +1 -1
package/esm/browser/package.json +1 -1
package/esm/node/core/mixin.js +13 -0
package/esm/node/core/mixin.js.map +1 -1
package/esm/node/exports/exports/authn.js +2 -2
package/esm/node/exports/exports/core.js +2 -2
package/esm/node/exports/exports/default.js +2 -2
package/esm/node/exports/exports/idx.js +2 -2
package/esm/node/exports/exports/myaccount.js +2 -2
package/esm/node/http/OktaUserAgent.js +2 -2
package/esm/node/http/OktaUserAgent.js.map +1 -1
package/esm/node/myaccount/request.js +21 -3
package/esm/node/myaccount/request.js.map +1 -1
package/esm/node/myaccount/transactions/Base.js.map +1 -1
package/esm/node/myaccount/types.js.map +1 -1
package/esm/node/oidc/factory/api.js +2 -1
package/esm/node/oidc/factory/api.js.map +1 -1
package/esm/node/oidc/getToken.js +15 -3
package/esm/node/oidc/getToken.js.map +1 -1
package/esm/node/oidc/getWithPopup.js +46 -1
package/esm/node/oidc/getWithPopup.js.map +1 -1
package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
package/esm/node/oidc/util/browser.js +25 -2
package/esm/node/oidc/util/browser.js.map +1 -1
package/esm/node/package.json +1 -1
package/package.json +3 -3
package/types/lib/myaccount/request.d.ts +2 -2
package/types/lib/myaccount/transactions/Base.d.ts +2 -1
package/types/lib/myaccount/types.d.ts +2 -2
package/types/lib/oidc/getWithPopup.d.ts +6 -0
package/types/lib/oidc/index.d.ts +1 -1
package/types/lib/oidc/types/api.d.ts +6 -0
package/types/lib/oidc/util/browser.d.ts +1 -0
package/umd/authn.js +1 -1
package/umd/authn.js.map +1 -1
package/umd/core.js +1 -1
package/umd/core.js.map +1 -1
package/umd/default.js +1 -1
package/umd/default.js.map +1 -1
package/umd/idx.js +1 -1
package/umd/idx.js.map +1 -1
package/umd/myaccount.js +1 -1
package/umd/myaccount.js.map +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,19 @@
 # Changelog
+# 7.12.0
+### Features
+- [#1573](https://github.com/okta/okta-auth-js/pull/1573) feat: adds `token.getWithIDPPopup()` method
+  - A [`Cross-Origin-Opener-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy) resilient method of acquiring tokens using via external IDPs.
+  - See [documentation](https://github.com/okta/okta-auth-js?tab=readme-ov-file#tokengetwithidppopupoptions) for more detailed explanation
+# 7.11.1
+### Fixes
+- [#1572](https://github.com/okta/okta-auth-js/pull/1572) fix: adds DPoP support to MyAccount API client
 # 7.11.0
 ### Features

package/README.md CHANGED Viewed

@@ -1036,6 +1036,7 @@ The amount of time, in seconds, a tab needs to be inactive for the `RenewOnTabAc
 * [token](#token)
   * [token.getWithoutPrompt](#tokengetwithoutpromptoptions)
   * [token.getWithPopup](#tokengetwithpopupoptions)
+  * [token.getWithIDPPopup](#tokengetwithidppopupoptions)
   * [token.getWithRedirect](#tokengetwithredirectoptions)
   * [token.parseFromUrl](#tokenparsefromurloptions)
   * [token.decode](#tokendecodeidtokenstring)
@@ -1342,6 +1343,13 @@ Stores tokens from redirect url into storage (for login flow), then redirect use
 > **Note:** `handleRedirect` throws `OAuthError` or `AuthSdkError` in case there are errors during token retrieval or authenticator enrollment.
+### `handleIDPPopupRedirect(url?)`
+> :link: web browser only <br>
+> :hourglass: async
+Used in conjunction with [`token.getWithIDPPopup`](#tokengetwithidppopupoptions). Handles the redirect from the Authorization Server back to the web application. This method relays the resulting OAuth2 response from the popup window to the main window.
 ### `setHeaders()`
 Can set (or unset) request headers after construction.
@@ -1621,6 +1629,57 @@ authClient.token.getWithPopup(options)
 });
 ```
+#### `token.getWithIDPPopup(options)`
+> :exclamation: Read tradeoffs carefully, this method has user experience implications
+> :link: web browser only <br>
+> :hourglass: async
+Using [External Identity Providers](https://developer.okta.com/docs/concepts/identity-providers/) in conjunction with [`token.getWithPopup`](#tokengetwithpopupoptions) can fail when an external (non-Okta) IDP sets their [`Cross-Origin-Opener-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy) to something other than `unsafe-none` on _any_ document loaded in the authentication flow. This causes the spawned popup window and main browser window to run in isolated `Browser Context Groups` ([BCG](https://developer.mozilla.org/en-US/docs/Glossary/Browsing_context)); this results in the following
+1. The popup and main window can no longer communicate via [`window.postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)
+2. The main window can no longer detect if the popup window is closed
+[`token.getWithIDPPopup`](#tokengetwithidppopupoptions) is designed for deployments which require the use of a popup window _and_ rely on external IDPs. This method can authenticate a user regardless of the IDP's [`Cross-Origin-Opener-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy), however it does come with some tradeoffs (see [Tradeoffs](#tradeoffs) below)
+##### Comparison of `token.getWithPopup(options)` vs `token.getWithIDPPopup(options)`
+Both methods invoke the [`/authorize`](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/authorizeCustomAS) endpoint of the target authorization server in a popup window, however they differ in their [`responseMode`](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/authorizeCustomAS!in=query&path=response_mode&t=request) parameter
+* [`token.getWithPopup`](#tokengetwithpopupoptions) utilizes `okta_post_message`, which enables cross-origin communication via [`window.postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage). After successful authentication, the resulting authorization code is broadcast from the popup window to the main window to complete the authentication flow.
+    * This approach requires the main and popup windows to share a [BCG](https://developer.mozilla.org/en-US/docs/Glossary/Browsing_context)
+* [`token.getWithIDPPopup`](#tokengetwithidppopupoptions) utilizes `query` instead. After successful authentication, a redirect to the provided `redirectUri` is performed. In order for the authentication flow to complete, the `redirectUri` must relay the OAuth2 response from the popup to the main window via [`handleIDPPopupRedirect`](#handleidppopupredirecturl).
+    * This approach does not require a shared [BCG](https://developer.mozilla.org/en-US/docs/Glossary/Browsing_context) and therefore is resilient to stricter [`Cross-Origin-Opener-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy) policies, however the lack of communication capabilities between the main and popup windows may result in an awkward user experience (see [Tradeoffs](#tradeoffs) below)
+> :exclamation: [`token.getWithPopup`](#tokengetwithpopupoptions) is always the preferred method. [`token.getWithIDPPopup`](#tokengetwithidppopupoptions) should only be used if your Okta configuration includes external IDPs
+##### Usage
+```javascript
+const { promise, cancel } = authClient.token.getWithIDPPopup({
+  redirectUri: 'http://localhost:8080/popup/callback',
+});
+const { tokens } = await promise;
+authClient.tokenManager.setTokens(tokens);
+```
+#### Tradeoffs
+1. Since [`window.postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) can no longer be relied upon, the popup window's flow needs to end on the same origin as the application requesting tokens. After successful authentication, the popup window will be redirect to the provided `redirectUri`, which needs to call `authClient.handleIDPPopupRedirect()`. In Single Page Apps (with a router), it's recommended to host a dedicated route, but this logic can be performed on the main page as well.
+> NOTE: this will _not_ use the same value as `redirectUri` passed via the `OktaAuth` constructor
+```javascript
+// example implementation
+// (loaded within popup as result of redirect to the `redirectUri`)
+authClient.handleIDPPopupRedirect();
+window.close();     // recommended, closes the popup window
+```
+2. As mentioned above, the main window cannot detect when the popup window is closed. If a user manually closes the popup window before completing authentication, the resulting `promise` variable will still be `pending` (until a configurable timeout). A `cancel` method is provided to prevent awaiting for the promise to timeout, however this may still result in an awkward user experience.
+    1. It's important to provide a button on the page to invoke `cancel`. If the user closes the popup window without invoking `cancel`, the `promise` will eventually timeout. This could result in a poor user experience.
+    2. However, assuming a `cancel` button is available on the page, it's possible for a user to select the `cancel` action on the main window without closing the popup window. If the user _then_ completes the authentication flow in the popup window, this will _not_ result in tokens being issued to the main window (application). This may also result in a poor user experience.
+> Carefully consider these user experience tradeoffs before choosing to implement this method!
 #### `token.getWithRedirect(options)`
 > :link: web browser only <br>

package/cjs/core/mixin.js CHANGED Viewed

@@ -4,6 +4,7 @@ exports.mixinCore = mixinCore;
 var _parseFromUrl = require("../oidc/parseFromUrl");
 var _AuthStateManager = require("./AuthStateManager");
 var _ServiceManager = require("./ServiceManager");
+var _errors = require("../errors");
 function mixinCore(Base) {
   return class OktaAuthCore extends Base {
     constructor(...args) {
@@ -72,6 +73,19 @@ function mixinCore(Base) {
         window.location.replace(originalUri);
       }
     }
+    handleIDPPopupRedirect(url = window.location.href) {
+      const res = (0, _parseFromUrl.parseOAuthResponseFromUrl)(this, {
+        responseMode: 'query',
+        url
+      });
+      if (res.state) {
+        const channel = new BroadcastChannel(`popup-callback:${res.state}`);
+        channel.postMessage(res);
+        channel.close();
+      } else {
+        throw new _errors.AuthSdkError('Unable to parse auth code params');
+      }
+    }
   };
 }
 //# sourceMappingURL=mixin.js.map

package/cjs/core/mixin.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mixin.js","names":["mixinCore","Base","OktaAuthCore","constructor","args","authStateManager","AuthStateManager","serviceManager","ServiceManager","options","services","start","tokenManager","token","isLoginRedirect","updateAuthState","stop","handleRedirect","originalUri","handleLoginRedirect","undefined","tokens","state","setTokens","getOriginalUri","oAuthResponse","parseOAuthResponseFromUrl","storeTokensFromRedirect","e","removeOriginalUri","restoreOriginalUri","window","location","replace"],"sources":["../../../lib/core/mixin.ts"],"sourcesContent":["import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n PKCETransactionMeta,\n Tokens,\n TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\n\nexport function mixinCore\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n {\n authStateManager: AuthStateManager<M, S, O>;\n serviceManager: ServiceManager<M, S, O>;\n \n constructor(...args: any[]) {\n super(...args);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n }\n\n async start() {\n await this.serviceManager.start();\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n await this.authStateManager.updateAuthState();\n }\n }\n \n async stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n await this.serviceManager.stop();\n }\n\n async handleRedirect(originalUri?: string): Promise<void> {\n await this.handleLoginRedirect(undefined, originalUri);\n }\n\n // eslint-disable-next-line complexity\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n \n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri \|\| this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri \|\| this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n \n // clear originalUri from storage\n this.removeOriginalUri(state);\n \n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n };\n}\n"],"mappings":";;;AAAA;AAUA;AACA;~~AAGO~~,SAASA,SAAS,CASxBC,IAAW,EACZ;EACE,OAAO,MAAMC,YAAY,SAASD,IAAI,CACtC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;;MAEd;MACA,IAAI,CAACC,gBAAgB,GAAG,IAAIC,kCAAgB,CAAU,IAAI,CAAC;;MAE3D;MACA,IAAI,CAACC,cAAc,GAAG,IAAIC,8BAAc,CAAU,IAAI,EAAE,IAAI,CAACC,OAAO,CAACC,QAAQ,CAAC;IAChF;IAEA,MAAMC,KAAK,GAAG;MACZ,MAAM,IAAI,CAACJ,cAAc,CAACI,KAAK,EAAE;MACjC;MACA,IAAI,CAACC,YAAY,CAACD,KAAK,EAAE;MACzB,IAAI,CAAC,IAAI,CAACE,KAAK,CAACC,eAAe,EAAE,EAAE;QACjC,MAAM,IAAI,CAACT,gBAAgB,CAACU,eAAe,EAAE;MAC/C;IACF;IAEA,MAAMC,IAAI,GAAG;MACX;MACA,IAAI,CAACJ,YAAY,CAACI,IAAI,EAAE;MACxB,MAAM,IAAI,CAACT,cAAc,CAACS,IAAI,EAAE;IAClC;IAEA,MAAMC,cAAc,CAACC,WAAoB,EAAiB;MACxD,MAAM,IAAI,CAACC,mBAAmB,CAACC,SAAS,EAAEF,WAAW,CAAC;IACxD;;IAEA;IACA,MAAMC,mBAAmB,CAACE,MAAe,EAAEH,WAAoB,EAAiB;MAC9E,IAAII,KAAK,GAAG,IAAI,CAACb,OAAO,CAACa,KAAK;;MAE9B;MACA,IAAID,MAAM,EAAE;QACV,IAAI,CAACT,YAAY,CAACW,SAAS,CAACF,MAAM,CAAC;QACnCH,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACM,cAAc,CAAC,IAAI,CAACf,OAAO,CAACa,KAAK,CAAC;MACtE,CAAC,MAAM,IAAI,IAAI,CAACR,eAAe,EAAE,EAAE;QACjC,IAAI;UACF;UACA,MAAMW,aAAa,GAAG,MAAM,IAAAC,uCAAyB,EAAC,IAAI,EAAE,CAAC,CAAC,CAAC;UAC/DJ,KAAK,GAAGG,aAAa,CAACH,KAAK;UAC3BJ,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACM,cAAc,CAACF,KAAK,CAAC;UACvD,MAAM,IAAI,CAACK,uBAAuB,EAAE;QACtC,CAAC,CAAC,OAAMC,CAAC,EAAE;UACT;UACA,MAAM,IAAI,CAACvB,gBAAgB,CAACU,eAAe,EAAE;UAC7C,MAAMa,CAAC;QACT;MACF,CAAC,MAAM;QACL,OAAO,CAAC;MACV;;MAEA;MACA,MAAM,IAAI,CAACvB,gBAAgB,CAACU,eAAe,EAAE;;MAE7C;MACA,IAAI,CAACc,iBAAiB,CAACP,KAAK,CAAC;;MAE7B;MACA,MAAM;QAAEQ;MAAmB,CAAC,GAAG,IAAI,CAACrB,OAAO;MAC3C,IAAIqB,kBAAkB,EAAE;QACtB,MAAMA,kBAAkB,CAAC,IAAI,EAAEZ,WAAW,CAAC;MAC7C,CAAC,MAAM,IAAIA,WAAW,EAAE;QACtBa,MAAM,CAACC,QAAQ,CAACC,OAAO,CAACf,WAAW,CAAC;MACtC;IACF;EACF,CAAC;AACH"}
1	+ {"version":3,"file":"mixin.js","names":["mixinCore","Base","OktaAuthCore","constructor","args","authStateManager","AuthStateManager","serviceManager","ServiceManager","options","services","start","tokenManager","token","isLoginRedirect","updateAuthState","stop","handleRedirect","originalUri","handleLoginRedirect","undefined","tokens","state","setTokens","getOriginalUri","oAuthResponse","parseOAuthResponseFromUrl","storeTokensFromRedirect","e","removeOriginalUri","restoreOriginalUri","window","location","replace","handleIDPPopupRedirect","url","href","res","responseMode","channel","BroadcastChannel","postMessage","close","AuthSdkError"],"sources":["../../../lib/core/mixin.ts"],"sourcesContent":["import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n PKCETransactionMeta,\n Tokens,\n TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\nimport { AuthSdkError } from '../errors';\n\nexport function mixinCore\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n {\n authStateManager: AuthStateManager<M, S, O>;\n serviceManager: ServiceManager<M, S, O>;\n \n constructor(...args: any[]) {\n super(...args);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n }\n\n async start() {\n await this.serviceManager.start();\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n await this.authStateManager.updateAuthState();\n }\n }\n \n async stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n await this.serviceManager.stop();\n }\n\n async handleRedirect(originalUri?: string): Promise<void> {\n await this.handleLoginRedirect(undefined, originalUri);\n }\n\n // eslint-disable-next-line complexity\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n \n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri \|\| this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri \|\| this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n \n // clear originalUri from storage\n this.removeOriginalUri(state);\n \n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n handleIDPPopupRedirect (url = window.location.href) {\n const res = parseOAuthResponseFromUrl(this, { responseMode: 'query', url });\n if (res.state) {\n const channel = new BroadcastChannel(`popup-callback:${res.state}`);\n channel.postMessage(res);\n channel.close();\n }\n else {\n throw new AuthSdkError('Unable to parse auth code params');\n }\n }\n };\n}\n"],"mappings":";;;AAAA;AAUA;AACA;AAEA;AAEO,SAASA,SAAS,CASxBC,IAAW,EACZ;EACE,OAAO,MAAMC,YAAY,SAASD,IAAI,CACtC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;;MAEd;MACA,IAAI,CAACC,gBAAgB,GAAG,IAAIC,kCAAgB,CAAU,IAAI,CAAC;;MAE3D;MACA,IAAI,CAACC,cAAc,GAAG,IAAIC,8BAAc,CAAU,IAAI,EAAE,IAAI,CAACC,OAAO,CAACC,QAAQ,CAAC;IAChF;IAEA,MAAMC,KAAK,GAAG;MACZ,MAAM,IAAI,CAACJ,cAAc,CAACI,KAAK,EAAE;MACjC;MACA,IAAI,CAACC,YAAY,CAACD,KAAK,EAAE;MACzB,IAAI,CAAC,IAAI,CAACE,KAAK,CAACC,eAAe,EAAE,EAAE;QACjC,MAAM,IAAI,CAACT,gBAAgB,CAACU,eAAe,EAAE;MAC/C;IACF;IAEA,MAAMC,IAAI,GAAG;MACX;MACA,IAAI,CAACJ,YAAY,CAACI,IAAI,EAAE;MACxB,MAAM,IAAI,CAACT,cAAc,CAACS,IAAI,EAAE;IAClC;IAEA,MAAMC,cAAc,CAACC,WAAoB,EAAiB;MACxD,MAAM,IAAI,CAACC,mBAAmB,CAACC,SAAS,EAAEF,WAAW,CAAC;IACxD;;IAEA;IACA,MAAMC,mBAAmB,CAACE,MAAe,EAAEH,WAAoB,EAAiB;MAC9E,IAAII,KAAK,GAAG,IAAI,CAACb,OAAO,CAACa,KAAK;;MAE9B;MACA,IAAID,MAAM,EAAE;QACV,IAAI,CAACT,YAAY,CAACW,SAAS,CAACF,MAAM,CAAC;QACnCH,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACM,cAAc,CAAC,IAAI,CAACf,OAAO,CAACa,KAAK,CAAC;MACtE,CAAC,MAAM,IAAI,IAAI,CAACR,eAAe,EAAE,EAAE;QACjC,IAAI;UACF;UACA,MAAMW,aAAa,GAAG,MAAM,IAAAC,uCAAyB,EAAC,IAAI,EAAE,CAAC,CAAC,CAAC;UAC/DJ,KAAK,GAAGG,aAAa,CAACH,KAAK;UAC3BJ,WAAW,GAAGA,WAAW,IAAI,IAAI,CAACM,cAAc,CAACF,KAAK,CAAC;UACvD,MAAM,IAAI,CAACK,uBAAuB,EAAE;QACtC,CAAC,CAAC,OAAMC,CAAC,EAAE;UACT;UACA,MAAM,IAAI,CAACvB,gBAAgB,CAACU,eAAe,EAAE;UAC7C,MAAMa,CAAC;QACT;MACF,CAAC,MAAM;QACL,OAAO,CAAC;MACV;;MAEA;MACA,MAAM,IAAI,CAACvB,gBAAgB,CAACU,eAAe,EAAE;;MAE7C;MACA,IAAI,CAACc,iBAAiB,CAACP,KAAK,CAAC;;MAE7B;MACA,MAAM;QAAEQ;MAAmB,CAAC,GAAG,IAAI,CAACrB,OAAO;MAC3C,IAAIqB,kBAAkB,EAAE;QACtB,MAAMA,kBAAkB,CAAC,IAAI,EAAEZ,WAAW,CAAC;MAC7C,CAAC,MAAM,IAAIA,WAAW,EAAE;QACtBa,MAAM,CAACC,QAAQ,CAACC,OAAO,CAACf,WAAW,CAAC;MACtC;IACF;IAEAgB,sBAAsB,CAAEC,GAAG,GAAGJ,MAAM,CAACC,QAAQ,CAACI,IAAI,EAAE;MAClD,MAAMC,GAAG,GAAG,IAAAX,uCAAyB,EAAC,IAAI,EAAE;QAAEY,YAAY,EAAE,OAAO;QAAEH;MAAI,CAAC,CAAC;MAC3E,IAAIE,GAAG,CAACf,KAAK,EAAE;QACb,MAAMiB,OAAO,GAAG,IAAIC,gBAAgB,CAAE,kBAAiBH,GAAG,CAACf,KAAM,EAAC,CAAC;QACnEiB,OAAO,CAACE,WAAW,CAACJ,GAAG,CAAC;QACxBE,OAAO,CAACG,KAAK,EAAE;MACjB,CAAC,MACI;QACH,MAAM,IAAIC,oBAAY,CAAC,kCAAkC,CAAC;MAC5D;IACF;EACF,CAAC;AACH"}

package/cjs/http/OktaUserAgent.js CHANGED Viewed

@@ -20,7 +20,7 @@ var _features = require("../features");
 class OktaUserAgent {
   constructor() {
     // add base sdk env
-    this.environments = [`okta-auth-js/${"7.11.0"}`];
+    this.environments = [`okta-auth-js/${"7.12.0-rc1"}`];
     this.maybeAddNodeEnvironment();
   }
   addEnvironment(env) {
@@ -32,7 +32,7 @@ class OktaUserAgent {
     };
   }
   getVersion() {
-    return "7.11.0";
+    return "7.12.0-rc1";
   }
   maybeAddNodeEnvironment() {
     if ((0, _features.isBrowser)() || !process || !process.versions) {

package/cjs/http/OktaUserAgent.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"OktaUserAgent.js","names":["OktaUserAgent","constructor","environments","maybeAddNodeEnvironment","addEnvironment","env","push","getHttpHeader","join","getVersion","isBrowser","process","versions","node","version"],"sources":["../../../lib/http/OktaUserAgent.ts"],"sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n/* global SDK_VERSION */\n\nimport { isBrowser } from '../features';\nexport class OktaUserAgent {\n environments: string[];\n\n constructor() {\n // add base sdk env\n this.environments = [`okta-auth-js/${SDK_VERSION}`];\n this.maybeAddNodeEnvironment();\n }\n\n addEnvironment(env: string) {\n this.environments.push(env);\n }\n\n getHttpHeader() {\n return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n }\n\n getVersion() {\n return SDK_VERSION;\n }\n\n maybeAddNodeEnvironment() {\n if (isBrowser() \|\| !process \|\| !process.versions) {\n return;\n }\n const { node: version } = process.versions;\n this.environments.push(`nodejs/${version}`);\n }\n}\n"],"mappings":";;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAGO,MAAMA,aAAa,CAAC;EAGzBC,WAAW,GAAG;IACZ;IACA,IAAI,CAACC,YAAY,GAAG,CAAE,gBAAa,~~QAAc~~,EAAC,CAAC;IACnD,IAAI,CAACC,uBAAuB,EAAE;EAChC;EAEAC,cAAc,CAACC,GAAW,EAAE;IAC1B,IAAI,CAACH,YAAY,CAACI,IAAI,CAACD,GAAG,CAAC;EAC7B;EAEAE,aAAa,GAAG;IACd,OAAO;MAAE,4BAA4B,EAAE,IAAI,CAACL,YAAY,CAACM,IAAI,CAAC,GAAG;IAAE,CAAC;EACtE;EAEAC,UAAU,GAAG;IACX;EACF;EAEAN,uBAAuB,GAAG;IACxB,IAAI,IAAAO,mBAAS,GAAE,IAAI,CAACC,OAAO,IAAI,CAACA,OAAO,CAACC,QAAQ,EAAE;MAChD;IACF;IACA,MAAM;MAAEC,IAAI,EAAEC;IAAQ,CAAC,GAAGH,OAAO,CAACC,QAAQ;IAC1C,IAAI,CAACV,YAAY,CAACI,IAAI,CAAE,UAASQ,OAAQ,EAAC,CAAC;EAC7C;AACF;AAAC"}
1	+ {"version":3,"file":"OktaUserAgent.js","names":["OktaUserAgent","constructor","environments","maybeAddNodeEnvironment","addEnvironment","env","push","getHttpHeader","join","getVersion","isBrowser","process","versions","node","version"],"sources":["../../../lib/http/OktaUserAgent.ts"],"sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n/* global SDK_VERSION */\n\nimport { isBrowser } from '../features';\nexport class OktaUserAgent {\n environments: string[];\n\n constructor() {\n // add base sdk env\n this.environments = [`okta-auth-js/${SDK_VERSION}`];\n this.maybeAddNodeEnvironment();\n }\n\n addEnvironment(env: string) {\n this.environments.push(env);\n }\n\n getHttpHeader() {\n return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n }\n\n getVersion() {\n return SDK_VERSION;\n }\n\n maybeAddNodeEnvironment() {\n if (isBrowser() \|\| !process \|\| !process.versions) {\n return;\n }\n const { node: version } = process.versions;\n this.environments.push(`nodejs/${version}`);\n }\n}\n"],"mappings":";;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAGO,MAAMA,aAAa,CAAC;EAGzBC,WAAW,GAAG;IACZ;IACA,IAAI,CAACC,YAAY,GAAG,CAAE,gBAAa,YAAc,EAAC,CAAC;IACnD,IAAI,CAACC,uBAAuB,EAAE;EAChC;EAEAC,cAAc,CAACC,GAAW,EAAE;IAC1B,IAAI,CAACH,YAAY,CAACI,IAAI,CAACD,GAAG,CAAC;EAC7B;EAEAE,aAAa,GAAG;IACd,OAAO;MAAE,4BAA4B,EAAE,IAAI,CAACL,YAAY,CAACM,IAAI,CAAC,GAAG;IAAE,CAAC;EACtE;EAEAC,UAAU,GAAG;IACX;EACF;EAEAN,uBAAuB,GAAG;IACxB,IAAI,IAAAO,mBAAS,GAAE,IAAI,CAACC,OAAO,IAAI,CAACA,OAAO,CAACC,QAAQ,EAAE;MAChD;IACF;IACA,MAAM;MAAEC,IAAI,EAAEC;IAAQ,CAAC,GAAGH,OAAO,CAACC,QAAQ;IAC1C,IAAI,CAACV,YAAY,CAACI,IAAI,CAAE,UAASQ,OAAQ,EAAC,CAAC;EAC7C;AACF;AAAC"}

package/cjs/myaccount/request.js CHANGED Viewed

@@ -11,7 +11,7 @@ async function sendRequest(oktaAuth, options, TransactionClass = _Base.default)
   const {
     accessToken: accessTokenObj
   } = oktaAuth.tokenManager.getTokensSync();
-  const accessToken = options.accessToken || accessTokenObj?.accessToken;
+  const atToken = options.accessToken || accessTokenObj;
   const issuer = oktaAuth.getIssuerOrigin();
   const {
     url,
@@ -19,20 +19,39 @@ async function sendRequest(oktaAuth, options, TransactionClass = _Base.default)
     payload
   } = options;
   const requestUrl = url.startsWith(issuer) ? url : `${issuer}${url}`;
-  if (!accessToken) {
+  if (!atToken) {
     throw new _errors.AuthSdkError('AccessToken is required to request MyAccount API endpoints.');
   }
-  const res = await (0, _http.httpRequest)(oktaAuth, {
+  let accessToken = atToken;
+  const httpOptions = {
     headers: {
       'Accept': '*/*;okta-version=1.0.0'
     },
-    accessToken,
     url: requestUrl,
     method,
     ...(payload && {
       args: payload
     })
-  });
+  };
+  if (oktaAuth.options.dpop) {
+    if (typeof accessToken === 'string') {
+      throw new _errors.AuthSdkError('AccessToken object must be provided when using dpop');
+    }
+    const {
+      Authorization,
+      Dpop
+    } = await oktaAuth.getDPoPAuthorizationHeaders({
+      method,
+      url: requestUrl,
+      accessToken
+    });
+    httpOptions.headers.Authorization = Authorization;
+    httpOptions.headers.Dpop = Dpop;
+  } else {
+    accessToken = typeof accessToken === 'string' ? accessToken : accessToken.accessToken;
+    httpOptions.accessToken = accessToken;
+  }
+  const res = await (0, _http.httpRequest)(oktaAuth, httpOptions);
   let ret;
   if (Array.isArray(res)) {
     ret = res.map(item => new TransactionClass(oktaAuth, {

package/cjs/myaccount/request.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"request.js","names":["sendRequest","oktaAuth","options","TransactionClass","BaseTransaction","accessToken","accessTokenObj","tokenManager","getTokensSync","issuer","getIssuerOrigin","url","method","payload","requestUrl","startsWith","AuthSdkError","~~res~~","~~httpRequest~~","~~headers~~","~~args~~","ret","Array","isArray","map","item","generateRequestFnFromLinks","methodName","links","toLowerCase","link","self","href","hints","allow"],"sources":["../../../lib/myaccount/request.ts"],"sourcesContent":["import { \n default as BaseTransaction,\n TransactionType,\n TransactionLinks\n} from './transactions/Base';\nimport { httpRequest } from '../http';\nimport { AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\n\ntype SendRequestOptions = RequestOptions & {\n url: string;\n method: string;\n}\n\n/* eslint-disable complexity /\nexport async function sendRequest<\n T extends BaseTransaction = BaseTransaction,\n N extends 'plural' \| 'single' = 'single',\n NT = N extends 'plural' ? T[] : T\n> (\n oktaAuth: OktaAuthOAuthInterface, \n options: SendRequestOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): Promise<NT> {\n const {\n accessToken: accessTokenObj\n } = oktaAuth.tokenManager.getTokensSync();\n \n const ~~accessToken~~ = options.accessToken \|\| accessTokenObj~~?.accessToken~~;\n const issuer = oktaAuth.getIssuerOrigin();\n const { url, method, payload } = options;\n const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n if (!~~accessToken~~) {\n throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n }\n \n const ~~res~~ = ~~await httpRequest(oktaAuth,~~ {\n headers: { 'Accept': '/;okta-version=1.0.0' },\n ~~accessToken,\n~~ url: requestUrl,\n method,\n ...(payload && { args: payload })\n });\n\n let ret: T \| T[];\n if (Array.isArray(res)) {\n ret = res.map(item => new TransactionClass(oktaAuth, { \n res: item, \n accessToken\n }));\n } else {\n ret = new TransactionClass(oktaAuth, { \n res, \n accessToken\n });\n }\n return ret as NT;\n}\n/ eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n oktaAuth: OktaAuthOAuthInterface;\n accessToken: string;\n methodName: string;\n links: TransactionLinks;\n}\n\ntype IRequestFnFromLinks<T extends BaseTransaction> = (payload?) => Promise<T>;\n\nexport function generateRequestFnFromLinks<T extends BaseTransaction>(\n {\n oktaAuth, \n accessToken,\n methodName,\n links,\n }: GenerateRequestFnFromLinksOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): IRequestFnFromLinks<T> {\n for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n if (method.toLowerCase() === methodName) {\n const link = links.self;\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method,\n payload,\n }, TransactionClass));\n }\n }\n \n const link = links[methodName];\n if (!link) {\n throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n }\n\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method: link.hints!.allow![0],\n payload,\n }, TransactionClass));\n}\n"],"mappings":";;;;;AAAA;AAKA;AACA;~~AASA~~;AACO,eAAeA,WAAW,CAK/BC,QAAgC,EAChCC,OAA2B,EAC3BC,gBAAoC,GAAGC,aAAqC,EAC/D;EACb,MAAM;IACJC,WAAW,EAAEC;EACf,CAAC,GAAGL,QAAQ,CAACM,YAAY,CAACC,aAAa,EAAE;EAEzC,~~MAAMH~~,~~WAAW~~,~~GAAGH~~,OAAO,CAACG,WAAW,IAAIC,cAAc~~,EAAED,WAAW~~;~~EACtE~~,MAAMI,MAAM,~~GAAGR~~,QAAQ,~~CAACS~~,eAAe,EAAE;EACzC,MAAM;IAAEC,GAAG;IAAEC,MAAM;IAAEC;EAAQ,CAAC,~~GAAGX~~,OAAO;EACxC,~~MAAMY~~,UAAU,GAAGH,GAAG,CAACI,UAAU,CAACN,MAAM,CAAE,GAAGE,GAAG,GAAI,GAAEF,MAAO,GAAEE,GAAI,EAAC;EAEpE,IAAI,~~CAACN~~,~~WAAW~~,EAAE;~~IAChB~~,MAAM,~~IAAIW~~,oBAAY,CAAC,6DAA6D,CAAC;EACvF;EAEA,~~MAAMC~~,~~GAAG~~,~~GAAG~~,~~MAAM~~,~~IAAAC~~,~~iBAAW~~,~~EAACjB,QAAQ,EAAE~~;~~IACtCkB~~,OAAO,EAAE;MAAE,QAAQ,EAAE;IAAyB,CAAC;IAC/Cd,~~WAAW;IACXM,~~GAAG,EAAEG,UAAU;IACfF,MAAM;IACN,IAAIC,OAAO,IAAI;~~MAAEO~~,IAAI,~~EAAEP~~;IAAQ,CAAC;EAClC,CAAC,CAAC;~~EAEF~~,~~IAAIQ~~,GAAY;EAChB,IAAIC,KAAK,CAACC,OAAO,~~CAACN~~,GAAG,CAAC,EAAE;~~IACtBI~~,GAAG,~~GAAGJ~~,GAAG,~~CAACO~~,GAAG,CAACC,IAAI,IAAI,~~IAAItB~~,gBAAgB,CAACF,QAAQ,EAAE;~~MACnDgB~~,GAAG,~~EAAEQ~~,IAAI;~~MACTpB~~;IACF,CAAC,CAAC,CAAC;EACL,CAAC,MAAM;~~IACLgB~~,GAAG,GAAG,~~IAAIlB~~,gBAAgB,CAACF,QAAQ,EAAE;~~MACnCgB~~,GAAG;~~MACHZ~~;IACF,CAAC,CAAC;EACJ;EACA,~~OAAOgB~~,GAAG;AACZ;AACA;;AAWO,SAASK,0BAA0B,CACxC;~~EACEzB~~,QAAQ;EACRI,WAAW;~~EACXsB~~,UAAU;EACVC;AACiC,CAAC,~~EACpCzB~~,gBAAoC,GAAGC,aAAqC,EACpD;EACxB,KAAK,~~MAAMQ~~,MAAM,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE;IACrD,IAAIA,MAAM,~~CAACiB~~,WAAW,EAAE,KAAKF,UAAU,EAAE;MACvC,MAAMG,IAAI,GAAGF,KAAK,CAACG,IAAI;MACvB,OAAQ,~~MAAOlB~~,OAAQ,~~IAAKb~~,WAAW,CAAcC,QAAQ,EAAE;QAC7DI,WAAW;~~QACXM~~,GAAG,~~EAAEmB~~,IAAI,CAACE,IAAI;~~QACdpB~~,MAAM;QACNC;MACF,CAAC,~~EAAEV~~,gBAAgB,CAAC;IACtB;EACF;EAEA,~~MAAM2B~~,IAAI,GAAGF,KAAK,CAACD,UAAU,CAAC;EAC9B,IAAI,CAACG,IAAI,EAAE;IACT,MAAM,~~IAAId~~,oBAAY,CAAE,~~qCAAoCW~~,UAAW,EAAC,CAAC;EAC3E;EAEA,OAAQ,~~MAAOd~~,OAAQ,~~IAAKb~~,WAAW,CAAcC,QAAQ,EAAE;IAC7DI,WAAW;~~IACXM~~,GAAG,~~EAAEmB~~,IAAI,CAACE,IAAI;~~IACdpB~~,MAAM,~~EAAEkB~~,IAAI,CAACG,KAAK,CAAEC,KAAK,CAAE,CAAC,CAAC;~~IAC7BrB~~;EACF,CAAC,~~EAAEV~~,gBAAgB,CAAC;AACtB"}
1	+ {"version":3,"file":"request.js","names":["sendRequest","oktaAuth","options","TransactionClass","BaseTransaction","accessToken","accessTokenObj","tokenManager","getTokensSync","atToken","issuer","getIssuerOrigin","url","method","payload","requestUrl","startsWith","AuthSdkError","httpOptions","headers","args","dpop","Authorization","Dpop","getDPoPAuthorizationHeaders","res","httpRequest","ret","Array","isArray","map","item","generateRequestFnFromLinks","methodName","links","toLowerCase","link","self","href","hints","allow"],"sources":["../../../lib/myaccount/request.ts"],"sourcesContent":["import { \n default as BaseTransaction,\n TransactionType,\n TransactionLinks\n} from './transactions/Base';\nimport { httpRequest } from '../http';\nimport { AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { RequestOptions as HttpRequestOptions } from '../http/types';\nimport { AccessToken, OktaAuthOAuthInterface } from '../oidc/types';\n\ntype SendRequestOptions = RequestOptions & {\n url: string;\n method: string;\n}\n\n/* eslint-disable complexity /\nexport async function sendRequest<\n T extends BaseTransaction = BaseTransaction,\n N extends 'plural' \| 'single' = 'single',\n NT = N extends 'plural' ? T[] : T\n> (\n oktaAuth: OktaAuthOAuthInterface, \n options: SendRequestOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): Promise<NT> {\n const {\n accessToken: accessTokenObj\n } = oktaAuth.tokenManager.getTokensSync();\n\n const atToken = options.accessToken \|\| accessTokenObj;\n const issuer = oktaAuth.getIssuerOrigin();\n const { url, method, payload } = options;\n const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n if (!atToken) {\n throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n }\n\n let accessToken: string \| AccessToken = atToken;\n\n const httpOptions: HttpRequestOptions = {\n headers: { 'Accept': '/;okta-version=1.0.0' },\n url: requestUrl,\n method,\n ...(payload && { args: payload })\n };\n\n if (oktaAuth.options.dpop) {\n if (typeof accessToken === 'string') {\n throw new AuthSdkError('AccessToken object must be provided when using dpop');\n }\n\n const { Authorization, Dpop } = await oktaAuth.getDPoPAuthorizationHeaders({\n method,\n url: requestUrl,\n accessToken\n });\n httpOptions.headers!.Authorization = Authorization;\n httpOptions.headers!.Dpop = Dpop;\n }\n else {\n accessToken = typeof accessToken === 'string' ? accessToken : accessToken.accessToken;\n httpOptions.accessToken = accessToken;\n }\n\n const res = await httpRequest(oktaAuth, httpOptions);\n\n let ret: T \| T[];\n if (Array.isArray(res)) {\n ret = res.map(item => new TransactionClass(oktaAuth, { \n res: item, \n accessToken\n }));\n } else {\n ret = new TransactionClass(oktaAuth, { \n res, \n accessToken\n });\n }\n return ret as NT;\n}\n/ eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n oktaAuth: OktaAuthOAuthInterface;\n accessToken: string \| AccessToken;\n methodName: string;\n links: TransactionLinks;\n}\n\ntype IRequestFnFromLinks<T extends BaseTransaction> = (payload?) => Promise<T>;\n\nexport function generateRequestFnFromLinks<T extends BaseTransaction>(\n {\n oktaAuth, \n accessToken,\n methodName,\n links,\n }: GenerateRequestFnFromLinksOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): IRequestFnFromLinks<T> {\n for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n if (method.toLowerCase() === methodName) {\n const link = links.self;\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method,\n payload,\n }, TransactionClass));\n }\n }\n \n const link = links[methodName];\n if (!link) {\n throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n }\n\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method: link.hints!.allow![0],\n payload,\n }, TransactionClass));\n}\n"],"mappings":";;;;;AAAA;AAKA;AACA;AAUA;AACO,eAAeA,WAAW,CAK/BC,QAAgC,EAChCC,OAA2B,EAC3BC,gBAAoC,GAAGC,aAAqC,EAC/D;EACb,MAAM;IACJC,WAAW,EAAEC;EACf,CAAC,GAAGL,QAAQ,CAACM,YAAY,CAACC,aAAa,EAAE;EAEzC,MAAMC,OAAO,GAAGP,OAAO,CAACG,WAAW,IAAIC,cAAc;EACrD,MAAMI,MAAM,GAAGT,QAAQ,CAACU,eAAe,EAAE;EACzC,MAAM;IAAEC,GAAG;IAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGZ,OAAO;EACxC,MAAMa,UAAU,GAAGH,GAAG,CAACI,UAAU,CAACN,MAAM,CAAE,GAAGE,GAAG,GAAI,GAAEF,MAAO,GAAEE,GAAI,EAAC;EAEpE,IAAI,CAACH,OAAO,EAAE;IACZ,MAAM,IAAIQ,oBAAY,CAAC,6DAA6D,CAAC;EACvF;EAEA,IAAIZ,WAAiC,GAAGI,OAAO;EAE/C,MAAMS,WAA+B,GAAG;IACtCC,OAAO,EAAE;MAAE,QAAQ,EAAE;IAAyB,CAAC;IAC/CP,GAAG,EAAEG,UAAU;IACfF,MAAM;IACN,IAAIC,OAAO,IAAI;MAAEM,IAAI,EAAEN;IAAQ,CAAC;EAClC,CAAC;EAED,IAAIb,QAAQ,CAACC,OAAO,CAACmB,IAAI,EAAE;IACzB,IAAI,OAAOhB,WAAW,KAAK,QAAQ,EAAE;MACnC,MAAM,IAAIY,oBAAY,CAAC,qDAAqD,CAAC;IAC/E;IAEA,MAAM;MAAEK,aAAa;MAAEC;IAAK,CAAC,GAAG,MAAMtB,QAAQ,CAACuB,2BAA2B,CAAC;MACzEX,MAAM;MACND,GAAG,EAAEG,UAAU;MACfV;IACF,CAAC,CAAC;IACFa,WAAW,CAACC,OAAO,CAAEG,aAAa,GAAGA,aAAa;IAClDJ,WAAW,CAACC,OAAO,CAAEI,IAAI,GAAGA,IAAI;EAClC,CAAC,MACI;IACHlB,WAAW,GAAG,OAAOA,WAAW,KAAK,QAAQ,GAAGA,WAAW,GAAGA,WAAW,CAACA,WAAW;IACrFa,WAAW,CAACb,WAAW,GAAGA,WAAW;EACvC;EAEA,MAAMoB,GAAG,GAAG,MAAM,IAAAC,iBAAW,EAACzB,QAAQ,EAAEiB,WAAW,CAAC;EAEpD,IAAIS,GAAY;EAChB,IAAIC,KAAK,CAACC,OAAO,CAACJ,GAAG,CAAC,EAAE;IACtBE,GAAG,GAAGF,GAAG,CAACK,GAAG,CAACC,IAAI,IAAI,IAAI5B,gBAAgB,CAACF,QAAQ,EAAE;MACnDwB,GAAG,EAAEM,IAAI;MACT1B;IACF,CAAC,CAAC,CAAC;EACL,CAAC,MAAM;IACLsB,GAAG,GAAG,IAAIxB,gBAAgB,CAACF,QAAQ,EAAE;MACnCwB,GAAG;MACHpB;IACF,CAAC,CAAC;EACJ;EACA,OAAOsB,GAAG;AACZ;AACA;;AAWO,SAASK,0BAA0B,CACxC;EACE/B,QAAQ;EACRI,WAAW;EACX4B,UAAU;EACVC;AACiC,CAAC,EACpC/B,gBAAoC,GAAGC,aAAqC,EACpD;EACxB,KAAK,MAAMS,MAAM,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE;IACrD,IAAIA,MAAM,CAACsB,WAAW,EAAE,KAAKF,UAAU,EAAE;MACvC,MAAMG,IAAI,GAAGF,KAAK,CAACG,IAAI;MACvB,OAAQ,MAAOvB,OAAQ,IAAKd,WAAW,CAAcC,QAAQ,EAAE;QAC7DI,WAAW;QACXO,GAAG,EAAEwB,IAAI,CAACE,IAAI;QACdzB,MAAM;QACNC;MACF,CAAC,EAAEX,gBAAgB,CAAC;IACtB;EACF;EAEA,MAAMiC,IAAI,GAAGF,KAAK,CAACD,UAAU,CAAC;EAC9B,IAAI,CAACG,IAAI,EAAE;IACT,MAAM,IAAInB,oBAAY,CAAE,qCAAoCgB,UAAW,EAAC,CAAC;EAC3E;EAEA,OAAQ,MAAOnB,OAAQ,IAAKd,WAAW,CAAcC,QAAQ,EAAE;IAC7DI,WAAW;IACXO,GAAG,EAAEwB,IAAI,CAACE,IAAI;IACdzB,MAAM,EAAEuB,IAAI,CAACG,KAAK,CAAEC,KAAK,CAAE,CAAC,CAAC;IAC7B1B;EACF,CAAC,EAAEX,gBAAgB,CAAC;AACtB"}

package/cjs/myaccount/transactions/Base.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Base.js","names":["BaseTransaction","constructor","oktaAuth","options","res","headers","rest","Object","keys","forEach","key"],"sources":["../../../../lib/myaccount/transactions/Base.ts"],"sourcesContent":["import { OktaAuthHttpInterface } from '../../http/types';\n\nexport type TransactionLink = {\n href: string;\n hints?: {\n allow?: string[];\n };\n}\n\nexport type TransactionLinks = {\n self: TransactionLink;\n [property: string]: TransactionLink;\n}\n\ntype TransactionOptions = {\n // TODO: move res type to http module\n res: {\n headers: Record<string, string>;\n _links?: Record<string, TransactionLink>;\n [property: string]: unknown;\n };\n accessToken: string;\n};\n\nexport default class BaseTransaction {\n // Deprecated\n headers?: Record<string, string>;\n\n constructor(oktaAuth: OktaAuthHttpInterface, options: TransactionOptions) {\n const { res } = options;\n const { headers, ...rest } = res;\n \n // assign required fields from res\n if (headers) {\n this.headers = headers;\n }\n\n // add all rest fields from res\n Object.keys(rest).forEach(key => {\n if (key === '_links') {\n return;\n }\n this[key] = rest[key];\n });\n }\n}\n\nexport interface TransactionType<T extends BaseTransaction = BaseTransaction> extends Function {\n new (oktaAuth: OktaAuthHttpInterface, options: TransactionOptions): T;\n prototype: T;\n}\n"],"mappings":";;;~~AAwBe~~,MAAMA,eAAe,CAAC;EACnC;;EAGAC,WAAW,CAACC,QAA+B,EAAEC,OAA2B,EAAE;IACxE,MAAM;MAAEC;IAAI,CAAC,GAAGD,OAAO;IACvB,MAAM;MAAEE,OAAO;MAAE,GAAGC;IAAK,CAAC,GAAGF,GAAG;;IAEhC;IACA,IAAIC,OAAO,EAAE;MACX,IAAI,CAACA,OAAO,GAAGA,OAAO;IACxB;;IAEA;IACAE,MAAM,CAACC,IAAI,CAACF,IAAI,CAAC,CAACG,OAAO,CAACC,GAAG,IAAI;MAC/B,IAAIA,GAAG,KAAK,QAAQ,EAAE;QACpB;MACF;MACA,IAAI,CAACA,GAAG,CAAC,GAAGJ,IAAI,CAACI,GAAG,CAAC;IACvB,CAAC,CAAC;EACJ;AACF;AAAC;AAAA"}
1	+ {"version":3,"file":"Base.js","names":["BaseTransaction","constructor","oktaAuth","options","res","headers","rest","Object","keys","forEach","key"],"sources":["../../../../lib/myaccount/transactions/Base.ts"],"sourcesContent":["import { OktaAuthHttpInterface } from '../../http/types';\nimport { AccessToken } from '../../oidc/types';\n\nexport type TransactionLink = {\n href: string;\n hints?: {\n allow?: string[];\n };\n}\n\nexport type TransactionLinks = {\n self: TransactionLink;\n [property: string]: TransactionLink;\n}\n\ntype TransactionOptions = {\n // TODO: move res type to http module\n res: {\n headers: Record<string, string>;\n _links?: Record<string, TransactionLink>;\n [property: string]: unknown;\n };\n accessToken: string \| AccessToken;\n};\n\nexport default class BaseTransaction {\n // Deprecated\n headers?: Record<string, string>;\n\n constructor(oktaAuth: OktaAuthHttpInterface, options: TransactionOptions) {\n const { res } = options;\n const { headers, ...rest } = res;\n \n // assign required fields from res\n if (headers) {\n this.headers = headers;\n }\n\n // add all rest fields from res\n Object.keys(rest).forEach(key => {\n if (key === '_links') {\n return;\n }\n this[key] = rest[key];\n });\n }\n}\n\nexport interface TransactionType<T extends BaseTransaction = BaseTransaction> extends Function {\n new (oktaAuth: OktaAuthHttpInterface, options: TransactionOptions): T;\n prototype: T;\n}\n"],"mappings":";;;AAyBe,MAAMA,eAAe,CAAC;EACnC;;EAGAC,WAAW,CAACC,QAA+B,EAAEC,OAA2B,EAAE;IACxE,MAAM;MAAEC;IAAI,CAAC,GAAGD,OAAO;IACvB,MAAM;MAAEE,OAAO;MAAE,GAAGC;IAAK,CAAC,GAAGF,GAAG;;IAEhC;IACA,IAAIC,OAAO,EAAE;MACX,IAAI,CAACA,OAAO,GAAGA,OAAO;IACxB;;IAEA;IACAE,MAAM,CAACC,IAAI,CAACF,IAAI,CAAC,CAACG,OAAO,CAACC,GAAG,IAAI;MAC/B,IAAIA,GAAG,KAAK,QAAQ,EAAE;QACpB;MACF;MACA,IAAI,CAACA,GAAG,CAAC,GAAGJ,IAAI,CAACI,GAAG,CAAC;IACvB,CAAC,CAAC;EACJ;AACF;AAAC;AAAA"}

package/cjs/myaccount/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.js","names":["EmailRole","Status","PasswordStatus"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta\n} from '../oidc/types';\n\nexport type { \n EmailTransaction, \n EmailStatusTransaction,\n EmailChallengeTransaction,\n PhoneTransaction,\n ProfileTransaction,\n ProfileSchemaTransaction,\n PasswordTransaction,\n BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n PRIMARY = 'PRIMARY',\n SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n VERIFIED = 'VERIFIED',\n UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n NOT_ENROLLED = 'NOT_ENROLLED',\n ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n email: string;\n}\n\nexport type AddEmailPayload = {\n profile: {\n email: string;\n };\n sendEmail: boolean;\n role: EmailRole;\n}\n\nexport type PhoneProfile = {\n profile: {\n phoneNumber: string;\n };\n}\n\nexport type AddPhonePayload = {\n profile: {\n phoneNumber: string;\n };\n sendCode: boolean;\n method: string;\n};\n\nexport type ChallengePhonePayload = {\n method: string;\n}\n\nexport type VerificationPayload = {\n verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n profile: {\n password: string;\n }\n}\n\nexport type UpdatePasswordPayload = {\n profile: {\n password: string;\n currentPassword?: string;\n }\n}\n\nexport type UpdateProfilePayload = {\n profile: {\n firstName?: string;\n lastName?: string;\n email?: string;\n login?: string;\n [property: string]: any;\n };\n};\n\nexport type MyAccountRequestOptions = {\n id?: string;\n emailId?: string;\n challengeId?: string;\n payload?: AddEmailPayload \n \| AddPhonePayload \n \| ChallengePhonePayload\n \| VerificationPayload \n \| UpdateProfilePayload\n \| EnrollPasswordPayload\n \| UpdatePasswordPayload;\n accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n oktaAuth: OktaAuthOAuthInterface, \n options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n extends OktaAuthOAuthInterface<M, S, O>\n{\n myaccount;\n}\n"],"mappings":";;;~~IAmBYA~~,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAKTC,MAAM;AAAA;AAAA,WAANA,MAAM;EAANA,MAAM;EAANA,MAAM;AAAA,GAANA,MAAM,sBAANA,MAAM;AAAA,IAKNC,cAAc;AAAA;AAAA,WAAdA,cAAc;EAAdA,cAAc;EAAdA,cAAc;AAAA,GAAdA,cAAc,8BAAdA,cAAc"}
1	+ {"version":3,"file":"types.js","names":["EmailRole","Status","PasswordStatus"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n AccessToken\n} from '../oidc/types';\n\nexport type { \n EmailTransaction, \n EmailStatusTransaction,\n EmailChallengeTransaction,\n PhoneTransaction,\n ProfileTransaction,\n ProfileSchemaTransaction,\n PasswordTransaction,\n BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n PRIMARY = 'PRIMARY',\n SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n VERIFIED = 'VERIFIED',\n UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n NOT_ENROLLED = 'NOT_ENROLLED',\n ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n email: string;\n}\n\nexport type AddEmailPayload = {\n profile: {\n email: string;\n };\n sendEmail: boolean;\n role: EmailRole;\n}\n\nexport type PhoneProfile = {\n profile: {\n phoneNumber: string;\n };\n}\n\nexport type AddPhonePayload = {\n profile: {\n phoneNumber: string;\n };\n sendCode: boolean;\n method: string;\n};\n\nexport type ChallengePhonePayload = {\n method: string;\n}\n\nexport type VerificationPayload = {\n verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n profile: {\n password: string;\n }\n}\n\nexport type UpdatePasswordPayload = {\n profile: {\n password: string;\n currentPassword?: string;\n }\n}\n\nexport type UpdateProfilePayload = {\n profile: {\n firstName?: string;\n lastName?: string;\n email?: string;\n login?: string;\n [property: string]: any;\n };\n};\n\nexport type MyAccountRequestOptions = {\n id?: string;\n emailId?: string;\n challengeId?: string;\n payload?: AddEmailPayload \n \| AddPhonePayload \n \| ChallengePhonePayload\n \| VerificationPayload \n \| UpdateProfilePayload\n \| EnrollPasswordPayload\n \| UpdatePasswordPayload;\n accessToken?: string \| AccessToken;\n}\n\nexport type IAPIFunction<T> = (\n oktaAuth: OktaAuthOAuthInterface, \n options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n extends OktaAuthOAuthInterface<M, S, O>\n{\n myaccount;\n}\n"],"mappings":";;;IAoBYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAKTC,MAAM;AAAA;AAAA,WAANA,MAAM;EAANA,MAAM;EAANA,MAAM;AAAA,GAANA,MAAM,sBAANA,MAAM;AAAA,IAKNC,cAAc;AAAA;AAAA,WAAdA,cAAc;EAAdA,cAAc;EAAdA,cAAc;AAAA,GAAdA,cAAc,8BAAdA,cAAc"}

package/cjs/oidc/factory/api.js CHANGED Viewed

@@ -59,6 +59,7 @@ function createTokenAPI(sdk, queue) {
     exchangeCodeForTokens: _exchangeCodeForTokens.exchangeCodeForTokens.bind(null, sdk),
     getWithoutPrompt: _getWithoutPrompt.getWithoutPrompt.bind(null, sdk),
     getWithPopup: _getWithPopup.getWithPopup.bind(null, sdk),
+    getWithIDPPopup: _getWithPopup.getWithIDPPopup.bind(null, sdk),
     getWithRedirect: getWithRedirectFn,
     parseFromUrl: parseFromUrlApi,
     decode: _decodeToken.decodeToken,

package/cjs/oidc/factory/api.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","Object","assign","_getHistory","window","history","_getLocation","location","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","introspect","oidcIntrospect","toWrap","forEach","key","createEndpoints","authorize","enrollAuthenticator"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk),\n introspect: oidcIntrospect.bind(null, sdk),\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n"],"mappings":";;;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AACA;AAvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA8BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;;EAE9F;EACA,MAAMU,cAAc,GAAGR,QAAQ,CAACS,0BAAY,CAACJ,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMY,eAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,cAAc,EAAE;IAC3E;IACAK,WAAW,EAAE,YAAW;MACtB,OAAOC,MAAM,CAACC,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOF,MAAM,CAACG,QAAQ;IACxB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOJ,MAAM,CAACK,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAAChB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtDwB,qBAAqB,EAAEA,4CAAqB,CAACjB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5DyB,gBAAgB,EAAEA,kCAAgB,CAAClB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD0B,YAAY,EAAEA,0BAAY,CAACnB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IAC1CS~~,eAAe,EAAED,iBAAiB;IAClCG,YAAY,EAAEC,eAAe;~~IAC7Be~~,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,~~CAACvB~~,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IACnC+B~~,KAAK,EAAEC,sBAAU,~~CAACzB~~,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IACjCiC~~,sBAAsB,EAAEA,8CAAsB,~~CAAC1B~~,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IAC9DkC~~,WAAW,EAAEA,wBAAW,~~CAAC3B~~,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IACxCmC~~,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,~~EAACnC~~,GAAG,~~EAAEoC~~,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,~~CAAChC~~,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IACnCwC~~,eAAe,EAAEA,sBAAe,~~CAACjC~~,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;~~IAChDyC~~,UAAU,EAAEC,0BAAc,~~CAACnC~~,IAAI,CAAC,IAAI,EAAEP,GAAG;EAC3C,CAAC;;EAED;EACA;EACA,~~MAAM2C~~,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;~~IACpBvB~~,KAAK,~~CAACuB~~,GAAG,CAAC,~~GAAG3C~~,QAAQ,CAACoB,KAAK,~~CAACuB~~,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,~~OAAOvB~~,KAAK;AACd;AAEO,~~SAASwB~~,eAAe,~~CAAC9C~~,GAA2B,EAAa;EACtE,OAAO;~~IACL+C~~,SAAS,EAAE;MACTC,mBAAmB,EAAEA,wCAAmB,~~CAACzC~~,IAAI,CAAC,IAAI,EAAEP,GAAG;IACzD;EACF,CAAC;AACH"}
1	+ {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","Object","assign","_getHistory","window","history","_getLocation","location","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","getWithIDPPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","introspect","oidcIntrospect","toWrap","forEach","key","createEndpoints","authorize","enrollAuthenticator"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup, getWithIDPPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithIDPPopup: getWithIDPPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk),\n introspect: oidcIntrospect.bind(null, sdk),\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n"],"mappings":";;;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AACA;AAvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA8BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;;EAE9F;EACA,MAAMU,cAAc,GAAGR,QAAQ,CAACS,0BAAY,CAACJ,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMY,eAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,cAAc,EAAE;IAC3E;IACAK,WAAW,EAAE,YAAW;MACtB,OAAOC,MAAM,CAACC,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOF,MAAM,CAACG,QAAQ;IACxB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOJ,MAAM,CAACK,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAAChB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtDwB,qBAAqB,EAAEA,4CAAqB,CAACjB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5DyB,gBAAgB,EAAEA,kCAAgB,CAAClB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD0B,YAAY,EAAEA,0BAAY,CAACnB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC1C2B,eAAe,EAAEA,6BAAe,CAACpB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAChDS,eAAe,EAAED,iBAAiB;IAClCG,YAAY,EAAEC,eAAe;IAC7BgB,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,CAACxB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCgC,KAAK,EAAEC,sBAAU,CAAC1B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACjCkC,sBAAsB,EAAEA,8CAAsB,CAAC3B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC9DmC,WAAW,EAAEA,wBAAW,CAAC5B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACxCoC,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,EAACpC,GAAG,EAAEqC,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,CAACjC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCyC,eAAe,EAAEA,sBAAe,CAAClC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAChD0C,UAAU,EAAEC,0BAAc,CAACpC,IAAI,CAAC,IAAI,EAAEP,GAAG;EAC3C,CAAC;;EAED;EACA;EACA,MAAM4C,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;IACpBxB,KAAK,CAACwB,GAAG,CAAC,GAAG5C,QAAQ,CAACoB,KAAK,CAACwB,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,OAAOxB,KAAK;AACd;AAEO,SAASyB,eAAe,CAAC/C,GAA2B,EAAa;EACtE,OAAO;IACLgD,SAAS,EAAE;MACTC,mBAAmB,EAAEA,wCAAmB,CAAC1C,IAAI,CAAC,IAAI,EAAEP,GAAG;IACzD;EACF,CAAC;AACH"}

package/cjs/oidc/getToken.js CHANGED Viewed

@@ -107,11 +107,11 @@ function getToken(sdk, options) {
     requestUrl = endpoint + (0, _authorize.buildAuthorizeParams)(tokenParams);
     // Determine the flow type
-    var flowType;
+    var flowType = 'IMPLICIT';
     if (tokenParams.sessionToken || tokenParams.display === null) {
       flowType = 'IFRAME';
     } else if (tokenParams.display === 'popup') {
-      flowType = 'POPUP';
+      flowType = options.idpPopup ? 'IDP_POPUP' : 'POPUP';
     } else {
       flowType = 'IMPLICIT';
     }
@@ -141,7 +141,7 @@ function getToken(sdk, options) {
         }
         // Redirect for authorization
-        // popupWindown can be null when popup is blocked
+        // popupWindow can be null when popup is blocked
         if (popupWindow) {
           popupWindow.location.assign(requestUrl);
         }
@@ -171,6 +171,20 @@ function getToken(sdk, options) {
             popupWindow.close();
           }
         });
+      case 'IDP_POPUP':
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        var idpPromise = (0, _util.addIDPPopupLisenter)(sdk, options.timeout, options.channel, tokenParams.state);
+        // Redirect for authorization
+        // popupWindow can be null when popup is blocked
+        if (popupWindow) {
+          popupWindow.location.assign(requestUrl);
+        } else {
+          throw new _AuthSdkError.default('Unable to open popup window');
+        }
+        return idpPromise.then(function (res) {
+          return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
+        });
       default:
         throw new _AuthSdkError.default('The full page redirect flow is not supported');
     }

package/cjs/oidc/getToken.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document /\n/ eslint-disable complexity, max-statements /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/\n Retrieve an idToken from an Okta or a third party idp\n \n Two main flows:\n \n 1) Exchange a sessionToken for a token\n \n Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n \n Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n \n Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n \n 2) Get a token from an idp\n \n Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n \n Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n \n Forced:\n * display: 'popup'\n \n Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n \n @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n \n @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options \|\| {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken \|\| tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow \|\| popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"mappings":";;;;AAeA;AAMA;AASA;AACA;AACA;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAQ;IACZ,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MAAM,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MAC1Cc,QAAQ,GAAG,OAAO;IACpB,CAAC,MAAM;MACLA,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIC,aAAa,GAAG,IAAAC,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACd,UAAU,CAAC;QACpC,OAAOS,aAAa,CACjBpB,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YACpCA,QAAQ,CAACQ,aAAa,EAAEC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIjC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIxC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAsC,YAAY,GAAG,IAAAb,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI1B,WAAW,EAAE;UACfA,WAAW,CAACwC,QAAQ,CAAC5B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAO,CAAC,UAAU6C,OAAO,EAAE5C,MAAM,EAAE;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAW,IAAIA,WAAW,CAAC6C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B7C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAsC,YAAY,CACTlC,IAAI,CAAC,UAAU0B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B7C,MAAM,CAACkD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBtC,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAM,EAAE;YACtC7C,WAAW,CAACiD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN;QACE,MAAM,IAAIlD,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}
1	+ {"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","idpPopup","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close","idpPromise","addIDPPopupLisenter","channel"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document /\n/ eslint-disable complexity, max-statements /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener,\n addIDPPopupLisenter\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/\n Retrieve an idToken from an Okta or a third party idp\n \n Two main flows:\n \n 1) Exchange a sessionToken for a token\n \n Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n \n Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n \n Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n \n 2) Get a token from an idp\n \n Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n \n Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n \n Forced:\n * display: 'popup'\n \n Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n \n @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n \n @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options \|\| {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType: 'IFRAME' \| 'POPUP' \| 'IDP_POPUP' \| 'IMPLICIT' = 'IMPLICIT';\n if (tokenParams.sessionToken \|\| tokenParams.display === null) {\n flowType = 'IFRAME';\n }\n else if (tokenParams.display === 'popup') {\n flowType = options.idpPopup ? 'IDP_POPUP' : 'POPUP';\n }\n else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindow can be null when popup is blocked\n if (popupWindow) {\n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow \|\| popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n case 'IDP_POPUP':\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var idpPromise = addIDPPopupLisenter(sdk, options.timeout, options.channel!, tokenParams.state!);\n\n // Redirect for authorization\n // popupWindow can be null when popup is blocked\n if (popupWindow) {\n popupWindow.location.assign(requestUrl);\n }\n else {\n throw new AuthSdkError('Unable to open popup window');\n }\n\n return idpPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"mappings":";;;;AAeA;AAOA;AASA;AACA;AACA;AAhCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAuD,GAAG,UAAU;IACxE,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MACI,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MACxCc,QAAQ,GAAG5B,OAAO,CAAC6B,QAAQ,GAAG,WAAW,GAAG,OAAO;IACrD,CAAC,MACI;MACHD,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIE,aAAa,GAAG,IAAAC,4BAAsB,EAAChC,GAAG,EAAEC,OAAO,CAACgC,OAAO,EAAEtB,WAAW,CAACuB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACf,UAAU,CAAC;QACpC,OAAOU,aAAa,CACjBrB,IAAI,CAAC,UAAU2B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACtC,GAAG,EAAEW,WAAW,EAAE0B,GAAG,EAAmBd,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDgB,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YACpCA,QAAQ,CAACQ,aAAa,EAAEC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIlC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC8C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIzC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAuC,YAAY,GAAG,IAAAb,4BAAsB,EAAChC,GAAG,EAAEC,OAAO,CAACgC,OAAO,EAAEtB,WAAW,CAACuB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI3B,WAAW,EAAE;UACfA,WAAW,CAACyC,QAAQ,CAAC7B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI4B,YAAY,GAAG,IAAI7C,OAAO,CAAC,UAAU8C,OAAO,EAAE7C,MAAM,EAAE;UACxD,IAAI8C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC7C,WAAW,IAAIA,WAAW,CAAC8C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B9C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAuC,YAAY,CACTnC,IAAI,CAAC,UAAU2B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B9C,MAAM,CAACmD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBvC,IAAI,CAAC,UAAU2B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACtC,GAAG,EAAEW,WAAW,EAAE0B,GAAG,EAAmBd,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDgB,OAAO,CAAC,YAAY;UACnB,IAAIhC,WAAW,IAAI,CAACA,WAAW,CAAC8C,MAAM,EAAE;YACtC9C,WAAW,CAACkD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN,KAAK,WAAW;QACd;QACA,IAAIC,UAAU,GAAG,IAAAC,yBAAmB,EAAC3D,GAAG,EAAEC,OAAO,CAACgC,OAAO,EAAEhC,OAAO,CAAC2D,OAAO,EAAGjD,WAAW,CAACuB,KAAK,CAAE;;QAEhG;QACA;QACA,IAAI3B,WAAW,EAAE;UACfA,WAAW,CAACyC,QAAQ,CAAC7B,MAAM,CAACE,UAAU,CAAC;QACzC,CAAC,MACI;UACH,MAAM,IAAIf,qBAAY,CAAC,6BAA6B,CAAC;QACvD;QAEA,OAAOoD,UAAU,CAChBhD,IAAI,CAAC,UAAU2B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACtC,GAAG,EAAEW,WAAW,EAAE0B,GAAG,EAAmBd,IAAI,CAAC;QAC1E,CAAC,CAAC;MAEJ;QACE,MAAM,IAAIjB,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}

package/cjs/oidc/getWithPopup.js CHANGED Viewed

@@ -1,5 +1,6 @@
 "use strict";
+exports.getWithIDPPopup = getWithIDPPopup;
 exports.getWithPopup = getWithPopup;
 var _errors = require("../errors");
 var _util = require("../util");
@@ -35,4 +36,51 @@ function getWithPopup(sdk, options) {
   });
   return (0, _getToken.getToken)(sdk, options);
 }
+function getWithIDPPopup(sdk, options) {
+  try {
+    // eslint-disable-next-line compat/compat
+    if (!BroadcastChannel) {
+      throw new _errors.AuthSdkError('Modern browser with `BroadcastChannel` support is required to use this method');
+    }
+    if (!options.redirectUri) {
+      throw new _errors.AuthSdkError('`redirectUri` is a required param for `getWithIDPPopup`');
+    }
+    if (!options.state) {
+      options.state = (0, _util2.generateState)();
+    }
+    // some browsers (safari, firefox) block popup if it's initialed from an async process
+    // here we create the popup window immediately after user interaction
+    // then redirect to the /authorize endpoint when the requestUrl is available
+    const popupWindow = (0, _util2.loadPopup)('/', options);
+    // eslint-disable-next-line compat/compat
+    const channel = new BroadcastChannel(`popup-callback:${options.state}`);
+    options = (0, _util.clone)(options) || {};
+    Object.assign(options, {
+      display: 'popup',
+      responseMode: 'query',
+      popupWindow,
+      idpPopup: true,
+      channel
+    });
+    let cancelPromise;
+    const promise = new Promise((resolve, reject) => {
+      cancelPromise = reject;
+      return (0, _getToken.getToken)(sdk, options).then(res => resolve(res)).catch(err => reject(err));
+    });
+    const cancel = () => {
+      channel.close();
+      cancelPromise(new _errors.AuthSdkError('Popup flow canceled'));
+    };
+    return {
+      promise,
+      cancel
+    };
+  } catch (err) {
+    return {
+      promise: Promise.reject(err),
+      cancel: () => {} // noop, no need to for method when error is thrown
+    };
+  }
+}
 //# sourceMappingURL=getWithPopup.js.map

package/cjs/oidc/getWithPopup.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getWithPopup.js","names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","loadPopup","clone","Object","assign","display","responseMode","getToken"],"sources":["../../../lib/oidc/getWithPopup.ts"],"sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) \|\| {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"mappings":"~~;;;~~AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOO,SAASA,YAAY,CAACC,GAA2B,EAAEC,OAAoB,EAA0B;EACtG,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,sEAAsE,CAAC,CAAC;EACjH;;EAEA;EACA;EACA;EACA,MAAMC,WAAW,GAAG,IAAAC,gBAAS,EAAC,GAAG,EAAEP,OAAO,CAAC;EAC3CA,OAAO,GAAG,IAAAQ,WAAK,EAACR,OAAO,CAAC,IAAI,CAAC,CAAC;EAC9BS,MAAM,CAACC,MAAM,CAACV,OAAO,EAAE;IACrBW,OAAO,EAAE,OAAO;IAChBC,YAAY,EAAE,mBAAmB;IACjCN;EACF,CAAC,CAAC;EACF,OAAO,IAAAO,kBAAQ,EAACd,GAAG,EAAEC,OAAO,CAAC;AAC/B"}
1	+ {"version":3,"file":"getWithPopup.js","names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","loadPopup","clone","Object","assign","display","responseMode","getToken","getWithIDPPopup","BroadcastChannel","redirectUri","state","generateState","channel","idpPopup","cancelPromise","promise","resolve","then","res","catch","err","cancel","close"],"sources":["../../../lib/oidc/getWithPopup.ts"],"sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup, generateState } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) \|\| {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n\nexport function getWithIDPPopup(\n sdk: OktaAuthOAuthInterface,\n options: Omit<TokenParams, 'redirectUri'> & { redirectUri: string }\n): { cancel: () => void, promise: Promise<TokenResponse> } {\n try {\n // eslint-disable-next-line compat/compat\n if (!BroadcastChannel) {\n throw new AuthSdkError('Modern browser with `BroadcastChannel` support is required to use this method');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('`redirectUri` is a required param for `getWithIDPPopup`');\n }\n\n if (!options.state) {\n options.state = generateState();\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n // eslint-disable-next-line compat/compat\n const channel = new BroadcastChannel(`popup-callback:${options.state}`);\n\n options = clone(options) \|\| {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'query',\n popupWindow,\n idpPopup: true,\n channel,\n });\n\n let cancelPromise;\n const promise = new Promise<TokenResponse>((resolve, reject) => {\n cancelPromise = reject;\n return getToken(sdk, options)\n .then((res) => resolve(res))\n .catch(err => reject(err));\n });\n\n const cancel = () => {\n channel.close();\n cancelPromise(new AuthSdkError('Popup flow canceled'));\n };\n\n return {\n promise,\n cancel\n };\n }\n catch (err) {\n return {\n promise: Promise.reject(err),\n cancel: () => {} // noop, no need to for method when error is thrown\n };\n }\n}\n"],"mappings":";;;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOO,SAASA,YAAY,CAACC,GAA2B,EAAEC,OAAoB,EAA0B;EACtG,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,sEAAsE,CAAC,CAAC;EACjH;;EAEA;EACA;EACA;EACA,MAAMC,WAAW,GAAG,IAAAC,gBAAS,EAAC,GAAG,EAAEP,OAAO,CAAC;EAC3CA,OAAO,GAAG,IAAAQ,WAAK,EAACR,OAAO,CAAC,IAAI,CAAC,CAAC;EAC9BS,MAAM,CAACC,MAAM,CAACV,OAAO,EAAE;IACrBW,OAAO,EAAE,OAAO;IAChBC,YAAY,EAAE,mBAAmB;IACjCN;EACF,CAAC,CAAC;EACF,OAAO,IAAAO,kBAAQ,EAACd,GAAG,EAAEC,OAAO,CAAC;AAC/B;AAEO,SAASc,eAAe,CAC7Bf,GAA2B,EAC3BC,OAAmE,EACV;EAC1D,IAAI;IACF;IACA,IAAI,CAACe,gBAAgB,EAAE;MACtB,MAAM,IAAIV,oBAAY,CAAC,+EAA+E,CAAC;IACzG;IAEA,IAAI,CAACL,OAAO,CAACgB,WAAW,EAAE;MACxB,MAAM,IAAIX,oBAAY,CAAC,yDAAyD,CAAC;IACnF;IAEA,IAAI,CAACL,OAAO,CAACiB,KAAK,EAAE;MAClBjB,OAAO,CAACiB,KAAK,GAAG,IAAAC,oBAAa,GAAE;IACjC;;IAEA;IACA;IACA;IACA,MAAMZ,WAAW,GAAG,IAAAC,gBAAS,EAAC,GAAG,EAAEP,OAAO,CAAC;IAC3C;IACA,MAAMmB,OAAO,GAAG,IAAIJ,gBAAgB,CAAE,kBAAiBf,OAAO,CAACiB,KAAM,EAAC,CAAC;IAEvEjB,OAAO,GAAG,IAAAQ,WAAK,EAACR,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9BS,MAAM,CAACC,MAAM,CAACV,OAAO,EAAE;MACrBW,OAAO,EAAE,OAAO;MAChBC,YAAY,EAAE,OAAO;MACrBN,WAAW;MACXc,QAAQ,EAAE,IAAI;MACdD;IACF,CAAC,CAAC;IAEF,IAAIE,aAAa;IACjB,MAAMC,OAAO,GAAG,IAAInB,OAAO,CAAgB,CAACoB,OAAO,EAAEnB,MAAM,KAAK;MAC9DiB,aAAa,GAAGjB,MAAM;MACtB,OAAO,IAAAS,kBAAQ,EAACd,GAAG,EAAEC,OAAO,CAAC,CAC5BwB,IAAI,CAAEC,GAAG,IAAKF,OAAO,CAACE,GAAG,CAAC,CAAC,CAC3BC,KAAK,CAACC,GAAG,IAAIvB,MAAM,CAACuB,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAG,MAAM;MACnBT,OAAO,CAACU,KAAK,EAAE;MACfR,aAAa,CAAC,IAAIhB,oBAAY,CAAC,qBAAqB,CAAC,CAAC;IACxD,CAAC;IAED,OAAO;MACLiB,OAAO;MACPM;IACF,CAAC;EACF,CAAC,CACD,OAAOD,GAAG,EAAE;IACX,OAAO;MACLL,OAAO,EAAEnB,OAAO,CAACC,MAAM,CAACuB,GAAG,CAAC;MAC5BC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAI;IACtB,CAAC;EACF;AACD"}