@okta/okta-auth-js 7.3.0 → 7.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/CHANGELOG.md +30 -1
  2. package/README.md +2 -2
  3. package/cjs/http/OktaUserAgent.js +2 -2
  4. package/cjs/idx/authenticator/util.js +1 -1
  5. package/cjs/idx/authenticator/util.js.map +1 -1
  6. package/cjs/idx/idxState/v1/idxResponseParser.js +3 -0
  7. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  8. package/cjs/idx/remediate.js +2 -2
  9. package/cjs/idx/remediate.js.map +1 -1
  10. package/cjs/idx/remediators/Base/Remediator.js +1 -1
  11. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  12. package/cjs/idx/remediators/Base/SelectAuthenticator.js +9 -3
  13. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  14. package/cjs/idx/types/api.js.map +1 -1
  15. package/cjs/idx/util.js +7 -3
  16. package/cjs/idx/util.js.map +1 -1
  17. package/cjs/oidc/TokenManager.js.map +1 -1
  18. package/cjs/oidc/factory/api.js +3 -1
  19. package/cjs/oidc/factory/api.js.map +1 -1
  20. package/cjs/oidc/index.js +9 -1
  21. package/cjs/oidc/index.js.map +1 -1
  22. package/cjs/oidc/introspect.js +70 -0
  23. package/cjs/oidc/introspect.js.map +1 -0
  24. package/cjs/oidc/mixin/index.js +26 -17
  25. package/cjs/oidc/mixin/index.js.map +1 -1
  26. package/cjs/oidc/renewTokens.js +2 -1
  27. package/cjs/oidc/renewTokens.js.map +1 -1
  28. package/cjs/oidc/types/Token.js +8 -2
  29. package/cjs/oidc/types/Token.js.map +1 -1
  30. package/cjs/oidc/types/TokenManager.js.map +1 -1
  31. package/cjs/oidc/types/api.js.map +1 -1
  32. package/cjs/oidc/types/options.js.map +1 -1
  33. package/cjs/oidc/types/proto.js.map +1 -1
  34. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  35. package/dist/okta-auth-js.authn.min.js +1 -1
  36. package/dist/okta-auth-js.authn.min.js.map +1 -1
  37. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  38. package/dist/okta-auth-js.core.min.js +1 -1
  39. package/dist/okta-auth-js.core.min.js.map +1 -1
  40. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  41. package/dist/okta-auth-js.idx.min.js +1 -1
  42. package/dist/okta-auth-js.idx.min.js.map +1 -1
  43. package/dist/okta-auth-js.min.analyzer.html +2 -2
  44. package/dist/okta-auth-js.min.js +1 -1
  45. package/dist/okta-auth-js.min.js.map +1 -1
  46. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  47. package/dist/okta-auth-js.myaccount.min.js +1 -1
  48. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  49. package/dist/okta-auth-js.polyfill.js +1 -1
  50. package/dist/okta-auth-js.polyfill.js.map +1 -1
  51. package/esm/browser/browser/fingerprint.js +1 -0
  52. package/esm/browser/browser/fingerprint.js.map +1 -1
  53. package/esm/browser/core/AuthStateManager.js +1 -0
  54. package/esm/browser/core/AuthStateManager.js.map +1 -1
  55. package/esm/browser/core/options.js +1 -0
  56. package/esm/browser/core/options.js.map +1 -1
  57. package/esm/browser/exports/exports/authn.js +2 -1
  58. package/esm/browser/exports/exports/authn.js.map +1 -1
  59. package/esm/browser/exports/exports/core.js +2 -1
  60. package/esm/browser/exports/exports/core.js.map +1 -1
  61. package/esm/browser/exports/exports/default.js +2 -1
  62. package/esm/browser/exports/exports/default.js.map +1 -1
  63. package/esm/browser/exports/exports/idx.js +2 -1
  64. package/esm/browser/exports/exports/idx.js.map +1 -1
  65. package/esm/browser/exports/exports/myaccount.js +2 -1
  66. package/esm/browser/exports/exports/myaccount.js.map +1 -1
  67. package/esm/browser/http/OktaUserAgent.js +2 -2
  68. package/esm/browser/idx/authenticator/util.js +1 -1
  69. package/esm/browser/idx/authenticator/util.js.map +1 -1
  70. package/esm/browser/idx/factory/api.js +1 -0
  71. package/esm/browser/idx/factory/api.js.map +1 -1
  72. package/esm/browser/idx/idxState/v1/idxResponseParser.js +4 -0
  73. package/esm/browser/idx/idxState/v1/idxResponseParser.js.map +1 -1
  74. package/esm/browser/idx/interact.js +1 -0
  75. package/esm/browser/idx/interact.js.map +1 -1
  76. package/esm/browser/idx/introspect.js +1 -0
  77. package/esm/browser/idx/introspect.js.map +1 -1
  78. package/esm/browser/idx/remediate.js +2 -2
  79. package/esm/browser/idx/remediate.js.map +1 -1
  80. package/esm/browser/idx/remediators/Base/Remediator.js +1 -1
  81. package/esm/browser/idx/remediators/Base/Remediator.js.map +1 -1
  82. package/esm/browser/idx/remediators/Base/SelectAuthenticator.js +8 -3
  83. package/esm/browser/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  84. package/esm/browser/idx/transactionMeta.js +1 -0
  85. package/esm/browser/idx/transactionMeta.js.map +1 -1
  86. package/esm/browser/idx/types/api.js.map +1 -1
  87. package/esm/browser/idx/util.js +4 -3
  88. package/esm/browser/idx/util.js.map +1 -1
  89. package/esm/browser/oidc/TokenManager.js.map +1 -1
  90. package/esm/browser/oidc/TransactionManager.js +1 -0
  91. package/esm/browser/oidc/TransactionManager.js.map +1 -1
  92. package/esm/browser/oidc/enrollAuthenticator.js +1 -0
  93. package/esm/browser/oidc/enrollAuthenticator.js.map +1 -1
  94. package/esm/browser/oidc/exchangeCodeForTokens.js +1 -0
  95. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  96. package/esm/browser/oidc/factory/api.js +4 -1
  97. package/esm/browser/oidc/factory/api.js.map +1 -1
  98. package/esm/browser/oidc/getToken.js +1 -0
  99. package/esm/browser/oidc/getToken.js.map +1 -1
  100. package/esm/browser/oidc/getWithPopup.js +1 -0
  101. package/esm/browser/oidc/getWithPopup.js.map +1 -1
  102. package/esm/browser/oidc/getWithRedirect.js +1 -0
  103. package/esm/browser/oidc/getWithRedirect.js.map +1 -1
  104. package/esm/browser/oidc/handleOAuthResponse.js +1 -0
  105. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  106. package/esm/browser/oidc/introspect.js +67 -0
  107. package/esm/browser/oidc/introspect.js.map +1 -0
  108. package/esm/browser/oidc/mixin/index.js +25 -20
  109. package/esm/browser/oidc/mixin/index.js.map +1 -1
  110. package/esm/browser/oidc/parseFromUrl.js +1 -0
  111. package/esm/browser/oidc/parseFromUrl.js.map +1 -1
  112. package/esm/browser/oidc/renewTokens.js +3 -1
  113. package/esm/browser/oidc/renewTokens.js.map +1 -1
  114. package/esm/browser/oidc/types/Token.js +7 -1
  115. package/esm/browser/oidc/types/Token.js.map +1 -1
  116. package/esm/browser/oidc/types/TokenManager.js.map +1 -1
  117. package/esm/browser/oidc/util/sharedStorage.js +1 -0
  118. package/esm/browser/oidc/util/sharedStorage.js.map +1 -1
  119. package/esm/browser/oidc/verifyToken.js +1 -0
  120. package/esm/browser/oidc/verifyToken.js.map +1 -1
  121. package/esm/browser/package.json +1 -1
  122. package/esm/browser/services/SyncStorageService.js +1 -0
  123. package/esm/browser/services/SyncStorageService.js.map +1 -1
  124. package/esm/node/browser/fingerprint.js +1 -0
  125. package/esm/node/browser/fingerprint.js.map +1 -1
  126. package/esm/node/core/AuthStateManager.js +1 -0
  127. package/esm/node/core/AuthStateManager.js.map +1 -1
  128. package/esm/node/core/options.js +1 -0
  129. package/esm/node/core/options.js.map +1 -1
  130. package/esm/node/exports/exports/authn.js +2 -1
  131. package/esm/node/exports/exports/authn.js.map +1 -1
  132. package/esm/node/exports/exports/core.js +2 -1
  133. package/esm/node/exports/exports/core.js.map +1 -1
  134. package/esm/node/exports/exports/default.js +2 -1
  135. package/esm/node/exports/exports/default.js.map +1 -1
  136. package/esm/node/exports/exports/idx.js +2 -1
  137. package/esm/node/exports/exports/idx.js.map +1 -1
  138. package/esm/node/exports/exports/myaccount.js +2 -1
  139. package/esm/node/exports/exports/myaccount.js.map +1 -1
  140. package/esm/node/http/OktaUserAgent.js +2 -2
  141. package/esm/node/idx/authenticator/util.js +1 -1
  142. package/esm/node/idx/authenticator/util.js.map +1 -1
  143. package/esm/node/idx/factory/api.js +1 -0
  144. package/esm/node/idx/factory/api.js.map +1 -1
  145. package/esm/node/idx/idxState/v1/idxResponseParser.js +4 -0
  146. package/esm/node/idx/idxState/v1/idxResponseParser.js.map +1 -1
  147. package/esm/node/idx/interact.js +1 -0
  148. package/esm/node/idx/interact.js.map +1 -1
  149. package/esm/node/idx/introspect.js +1 -0
  150. package/esm/node/idx/introspect.js.map +1 -1
  151. package/esm/node/idx/remediate.js +2 -2
  152. package/esm/node/idx/remediate.js.map +1 -1
  153. package/esm/node/idx/remediators/Base/Remediator.js +1 -1
  154. package/esm/node/idx/remediators/Base/Remediator.js.map +1 -1
  155. package/esm/node/idx/remediators/Base/SelectAuthenticator.js +8 -3
  156. package/esm/node/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  157. package/esm/node/idx/transactionMeta.js +1 -0
  158. package/esm/node/idx/transactionMeta.js.map +1 -1
  159. package/esm/node/idx/types/api.js.map +1 -1
  160. package/esm/node/idx/util.js +4 -3
  161. package/esm/node/idx/util.js.map +1 -1
  162. package/esm/node/oidc/TokenManager.js.map +1 -1
  163. package/esm/node/oidc/TransactionManager.js +1 -0
  164. package/esm/node/oidc/TransactionManager.js.map +1 -1
  165. package/esm/node/oidc/enrollAuthenticator.js +1 -0
  166. package/esm/node/oidc/enrollAuthenticator.js.map +1 -1
  167. package/esm/node/oidc/exchangeCodeForTokens.js +1 -0
  168. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  169. package/esm/node/oidc/factory/api.js +4 -1
  170. package/esm/node/oidc/factory/api.js.map +1 -1
  171. package/esm/node/oidc/getToken.js +1 -0
  172. package/esm/node/oidc/getToken.js.map +1 -1
  173. package/esm/node/oidc/getWithPopup.js +1 -0
  174. package/esm/node/oidc/getWithPopup.js.map +1 -1
  175. package/esm/node/oidc/getWithRedirect.js +1 -0
  176. package/esm/node/oidc/getWithRedirect.js.map +1 -1
  177. package/esm/node/oidc/handleOAuthResponse.js +1 -0
  178. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  179. package/esm/node/oidc/introspect.js +67 -0
  180. package/esm/node/oidc/introspect.js.map +1 -0
  181. package/esm/node/oidc/mixin/index.js +25 -20
  182. package/esm/node/oidc/mixin/index.js.map +1 -1
  183. package/esm/node/oidc/parseFromUrl.js +1 -0
  184. package/esm/node/oidc/parseFromUrl.js.map +1 -1
  185. package/esm/node/oidc/renewTokens.js +3 -1
  186. package/esm/node/oidc/renewTokens.js.map +1 -1
  187. package/esm/node/oidc/types/Token.js +7 -1
  188. package/esm/node/oidc/types/Token.js.map +1 -1
  189. package/esm/node/oidc/types/TokenManager.js.map +1 -1
  190. package/esm/node/oidc/util/sharedStorage.js +1 -0
  191. package/esm/node/oidc/util/sharedStorage.js.map +1 -1
  192. package/esm/node/oidc/verifyToken.js +1 -0
  193. package/esm/node/oidc/verifyToken.js.map +1 -1
  194. package/esm/node/package.json +1 -1
  195. package/package.json +9 -5
  196. package/types/lib/idx/remediators/Base/Remediator.d.ts +1 -1
  197. package/types/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -3
  198. package/types/lib/idx/types/api.d.ts +1 -0
  199. package/types/lib/idx/util.d.ts +2 -2
  200. package/types/lib/oidc/TokenManager.d.ts +2 -2
  201. package/types/lib/oidc/index.d.ts +1 -0
  202. package/types/lib/oidc/introspect.d.ts +14 -0
  203. package/types/lib/oidc/renewTokens.d.ts +2 -2
  204. package/types/lib/oidc/types/Token.d.ts +5 -0
  205. package/types/lib/oidc/types/TokenManager.d.ts +2 -2
  206. package/types/lib/oidc/types/api.d.ts +5 -4
  207. package/types/lib/oidc/types/options.d.ts +4 -0
  208. package/types/lib/oidc/types/proto.d.ts +1 -0
  209. package/umd/authn.js +1 -1
  210. package/umd/authn.js.map +1 -1
  211. package/umd/core.js +1 -1
  212. package/umd/core.js.map +1 -1
  213. package/umd/default.js +1 -1
  214. package/umd/default.js.map +1 -1
  215. package/umd/idx.js +1 -1
  216. package/umd/idx.js.map +1 -1
  217. package/umd/myaccount.js +1 -1
  218. package/umd/myaccount.js.map +1 -1
package/cjs/idx/util.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.js","names":["isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","name","canResendFn","Object","keys","actions","actionName","includes","getMessagesFromIdxRemediationValue","value","Array","isArray","reduce","messages","form","messagesFromForm","options","optionValues","forEach","option","messagesFromOptions","getMessagesFromResponse","rawIdxState","globalMessages","map","message","useGenericRemediator","remediation","fieldMessages","seen","filtered","key","i18n","getEnabledFeatures","res","push","IdxFeature","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","authClient","remediatorMap","values","remediators","remediatorClass","remediationName","T","getRemediatorClass","remediator","getNextStep","context","entries","stepObj","action","params","idx","proceed","startsWith","part1","part2","split2","actionObj","href","method","rel","accepts","produces","rest","filter","item","filterValuesForRemediation","remediations","find","r","warn","valuesForRemediation","entry","undefined","GenericRemediator","getRemediator","idxRemediations","step","remediatorCandidates","isRemeditionInFlow","canRemediate","nextStep","canSkip","canResend","handleFailedResponse","terminal"],"sources":["../../../lib/idx/util.ts"],"sourcesContent":["import { warn, split2 } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { OktaAuthIdxInterface, IdxFeature, NextStep, RemediateOptions, RemediationResponse, RunOptions } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n const { neededToProceed, interactionCode } = idxResponse;\n return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n if (!value || !Array.isArray(value)) {\n return;\n }\n return value.reduce((messages, value) => {\n if (value.messages) {\n messages = [...messages, ...value.messages.value] as never;\n }\n if (value.form) {\n const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n messages = [...messages, ...messagesFromForm] as never;\n } \n if (value.options) {\n let optionValues = [];\n value.options.forEach(option => {\n if (!option.value || typeof option.value === 'string') {\n return;\n }\n optionValues = [...optionValues, option.value] as never;\n });\n const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n messages = [...messages, ...messagesFromOptions] as never;\n }\n return messages;\n }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n let messages: IdxMessage[] = [];\n const { rawIdxState, neededToProceed } = idxResponse;\n\n // Handle global messages\n const globalMessages = rawIdxState.messages?.value.map(message => message);\n if (globalMessages) {\n messages = [...messages, ...globalMessages] as never;\n }\n\n // Handle field messages for current flow\n // Preserve existing logic for general cases, remove in the next major version\n // Follow ion response format for top level messages when useGenericRemediator is true\n if (!options.useGenericRemediator) {\n for (let remediation of neededToProceed) {\n const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n if (fieldMessages) {\n messages = [...messages, ...fieldMessages] as never;\n }\n }\n }\n\n // API may return identical error on same field, filter by i18n key\n const seen = {};\n messages = messages.reduce((filtered, message) => {\n const key = message.i18n?.key;\n if (key && seen[key]) {\n return filtered;\n }\n seen[key] = message;\n filtered = [...filtered, message] as never;\n return filtered;\n }, []);\n return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n }\n\n return res;\n}\n\nexport function getAvailableSteps(\n authClient: OktaAuthIdxInterface, \n idxResponse: IdxResponse, \n useGenericRemediator?: boolean\n): NextStep[] {\n const res: NextStep[] = [];\n\n const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n .reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of idxResponse.neededToProceed) {\n const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n if (T) {\n const remediator: Remediator = new T(remediation);\n res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n }\n }\n\n for (const [name] of Object.entries((idxResponse.actions || {}))) {\n let stepObj = {\n name, \n action: async (params?) => {\n return authClient.idx.proceed({ \n actions: [{ name, params }] \n });\n }\n };\n if (name.startsWith('currentAuthenticator')) {\n const [part1, part2] = split2(name, '-');\n const actionObj = idxResponse.rawIdxState[part1].value[part2];\n /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n const {\n href, \n method, \n rel, \n accepts, \n produces, \n ...rest\n } = actionObj;\n /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n stepObj = { \n ...rest, \n ...(value && { value }),\n ...stepObj,\n };\n }\n res.push(stepObj);\n }\n\n return res;\n}\n\nexport function filterValuesForRemediation(\n idxResponse: IdxResponse,\n remediationName: string,\n values: RemediationValues\n): RemediationValues {\n const remediations = idxResponse.neededToProceed || [];\n const remediation = remediations.find(r => r.name === remediationName);\n if (!remediation) {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n return values;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n const { name, value } = entry;\n if (name === 'stateHandle') {\n res[name] = value; // use the stateHandle value in the remediation\n } else {\n res[name] = values[name]; // use the value provided by the caller\n }\n return res;\n }, {});\n return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n const { useGenericRemediator, remediators } = options;\n \n if (!remediation) {\n return undefined;\n }\n\n if (useGenericRemediator) {\n return GenericRemediator;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n idxRemediations: IdxRemediation[],\n values: RemediationValues,\n options: RemediateOptions,\n): Remediator | undefined {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediators = options.remediators!;\n const useGenericRemediator = options.useGenericRemediator;\n\n let remediator: Remediator;\n // remediation name specified by caller - fast-track remediator lookup \n if (options.step) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n if (remediation) {\n const T = getRemediatorClass(remediation, options);\n return T ? new T(remediation, values, options) : undefined;\n } else {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`step \"${options.step}\" did not match any remediations`);\n return;\n }\n }\n\n const remediatorCandidates: Remediator[] = [];\n if (useGenericRemediator) {\n // always pick the first remediation for when use GenericRemediator\n remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n } else {\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const T = getRemediatorClass(remediation, options)!;\n remediator = new T(remediation, values, options);\n if (remediator.canRemediate()) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator); \n }\n }\n \n return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nexport function handleFailedResponse(\n authClient: OktaAuthIdxInterface,\n idxResponse: IdxResponse,\n options = {}\n): RemediationResponse {\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse, options);\n if (terminal) {\n return { idxResponse, terminal, messages };\n } else {\n const remediator = getRemediator(idxResponse.neededToProceed, {}, options);\n const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n return {\n idxResponse,\n messages,\n ...(nextStep && { nextStep }),\n };\n }\n \n}\n"],"mappings":";;;;;;;;;;;;;AAAA;AACA;AAEA;AACA;AAAwH;AAAA;AAGjH,SAASA,kBAAkB,CAACC,WAAwB,EAAE;EAC3D,MAAM;IAAEC,eAAe;IAAEC;EAAgB,CAAC,GAAGF,WAAW;EACxD,OAAO,CAACC,eAAe,CAACE,MAAM,IAAI,CAACD,eAAe;AACpD;AAEO,SAASE,SAAS,CAACJ,WAAwB,EAAE;EAClD,OAAOA,WAAW,CAACC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,MAAM,CAAC;AACxE;AAEO,SAASC,WAAW,CAACP,WAAwB,EAAE;EACpD,OAAOQ,MAAM,CAACC,IAAI,CAACT,WAAW,CAACU,OAAO,CAAC,CAACL,IAAI,CAACM,UAAU,IAAIA,UAAU,CAACC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3F;AAEO,SAASC,kCAAkC,CAChDC,KAA6B,EACH;EAC1B,IAAI,CAACA,KAAK,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,EAAE;IACnC;EACF;EACA,OAAOA,KAAK,CAACG,MAAM,CAAC,CAACC,QAAQ,EAAEJ,KAAK,KAAK;IACvC,IAAIA,KAAK,CAACI,QAAQ,EAAE;MAClBA,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGJ,KAAK,CAACI,QAAQ,CAACJ,KAAK,CAAU;IAC5D;IACA,IAAIA,KAAK,CAACK,IAAI,EAAE;MACd,MAAMC,gBAAgB,GAAGP,kCAAkC,CAACC,KAAK,CAACK,IAAI,CAACL,KAAK,CAAC,IAAI,EAAE;MACnFI,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGE,gBAAgB,CAAU;IACxD;IACA,IAAIN,KAAK,CAACO,OAAO,EAAE;MACjB,IAAIC,YAAY,GAAG,EAAE;MACrBR,KAAK,CAACO,OAAO,CAACE,OAAO,CAACC,MAAM,IAAI;QAC9B,IAAI,CAACA,MAAM,CAACV,KAAK,IAAI,OAAOU,MAAM,CAACV,KAAK,KAAK,QAAQ,EAAE;UACrD;QACF;QACAQ,YAAY,GAAG,CAAC,GAAGA,YAAY,EAAEE,MAAM,CAACV,KAAK,CAAU;MACzD,CAAC,CAAC;MACF,MAAMW,mBAAmB,GAAGZ,kCAAkC,CAACS,YAAY,CAAC,IAAI,EAAE;MAClFJ,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGO,mBAAmB,CAAU;IAC3D;IACA,OAAOP,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;AACR;AAEO,SAASQ,uBAAuB,CAAC1B,WAAwB,EAAEqB,OAAmB,EAAgB;EAAA;EACnG,IAAIH,QAAsB,GAAG,EAAE;EAC/B,MAAM;IAAES,WAAW;IAAE1B;EAAgB,CAAC,GAAGD,WAAW;;EAEpD;EACA,MAAM4B,cAAc,4BAAGD,WAAW,CAACT,QAAQ,0DAApB,sBAAsBJ,KAAK,CAACe,GAAG,CAACC,OAAO,IAAIA,OAAO,CAAC;EAC1E,IAAIF,cAAc,EAAE;IAClBV,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGU,cAAc,CAAU;EACtD;;EAEA;EACA;EACA;EACA,IAAI,CAACP,OAAO,CAACU,oBAAoB,EAAE;IACjC,KAAK,IAAIC,WAAW,IAAI/B,eAAe,EAAE;MACvC,MAAMgC,aAAa,GAAGpB,kCAAkC,CAACmB,WAAW,CAAClB,KAAK,CAAC;MAC3E,IAAImB,aAAa,EAAE;QACjBf,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGe,aAAa,CAAU;MACrD;IACF;EACF;;EAEA;EACA,MAAMC,IAAI,GAAG,CAAC,CAAC;EACfhB,QAAQ,GAAGA,QAAQ,CAACD,MAAM,CAAC,CAACkB,QAAQ,EAAEL,OAAO,KAAK;IAAA;IAChD,MAAMM,GAAG,oBAAGN,OAAO,CAACO,IAAI,kDAAZ,cAAcD,GAAG;IAC7B,IAAIA,GAAG,IAAIF,IAAI,CAACE,GAAG,CAAC,EAAE;MACpB,OAAOD,QAAQ;IACjB;IACAD,IAAI,CAACE,GAAG,CAAC,GAAGN,OAAO;IACnBK,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAEL,OAAO,CAAU;IAC1C,OAAOK,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;EACN,OAAOjB,QAAQ;AACjB;AAGO,SAASoB,kBAAkB,CAACtC,WAAwB,EAAgB;EACzE,MAAMuC,GAAG,GAAG,EAAE;EACd,MAAM;IAAE7B,OAAO;IAAET;EAAgB,CAAC,GAAGD,WAAW;EAEhD,IAAIU,OAAO,CAAC,8BAA8B,CAAC,EAAE;IAC3C6B,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACC,iBAAiB,CAAU;EACjD;EAEA,IAAIzC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,uBAAuB,CAAC,EAAE;IACxEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACE,YAAY,CAAU;EAC5C;EAEA,IAAI1C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,cAAc,CAAC,EAAE;IAC/DiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACG,UAAU,CAAU;EAC1C;EAEA,IAAI3C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,gBAAgB,CAAC,EAAE;IACjEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACI,cAAc,CAAU;EAC9C;EAEA,OAAON,GAAG;AACZ;AAEO,SAASO,iBAAiB,CAC/BC,UAAgC,EAChC/C,WAAwB,EACxB+B,oBAA8B,EAClB;EACZ,MAAMQ,GAAe,GAAG,EAAE;EAE1B,MAAMS,aAAoD,GAAGxC,MAAM,CAACyC,MAAM,CAACC,WAAW,CAAC,CACpFjC,MAAM,CAAC,CAACY,GAAG,EAAEsB,eAAe,KAAK;IAChC;IACA,IAAIA,eAAe,CAACC,eAAe,EAAE;MACnCvB,GAAG,CAACsB,eAAe,CAACC,eAAe,CAAC,GAAGD,eAAe;IACxD;IACA,OAAOtB,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EAER,KAAK,IAAIG,WAAW,IAAIhC,WAAW,CAACC,eAAe,EAAE;IACnD,MAAMoD,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAE;MAAED,oBAAoB;MAAEmB,WAAW,EAAEF;IAAc,CAAC,CAAC;IAC/F,IAAIK,CAAC,EAAE;MACL,MAAME,UAAsB,GAAG,IAAIF,CAAC,CAACrB,WAAW,CAAC;MACjDO,GAAG,CAACC,IAAI,CAAEe,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC,CAAU;IAC7E;EACF;EAEA,KAAK,MAAM,CAACnD,IAAI,CAAC,IAAIE,MAAM,CAACkD,OAAO,CAAE1D,WAAW,CAACU,OAAO,IAAI,CAAC,CAAC,CAAE,EAAE;IAChE,IAAIiD,OAAO,GAAG;MACZrD,IAAI;MACJsD,MAAM,EAAE,MAAOC,MAAO,IAAK;QACzB,OAAOd,UAAU,CAACe,GAAG,CAACC,OAAO,CAAC;UAC5BrD,OAAO,EAAE,CAAC;YAAEJ,IAAI;YAAEuD;UAAO,CAAC;QAC5B,CAAC,CAAC;MACJ;IACF,CAAC;IACD,IAAIvD,IAAI,CAAC0D,UAAU,CAAC,sBAAsB,CAAC,EAAE;MAAA;MAC3C,MAAM,CAACC,KAAK,EAAEC,KAAK,CAAC,GAAG,IAAAC,YAAM,EAAC7D,IAAI,EAAE,GAAG,CAAC;MACxC,MAAM8D,SAAS,GAAGpE,WAAW,CAAC2B,WAAW,CAACsC,KAAK,CAAC,CAACnD,KAAK,CAACoD,KAAK,CAAC;MAC7D;MACA,MAAM;QACJG,IAAI;QACJC,MAAM;QACNC,GAAG;QACHC,OAAO;QACPC,QAAQ;QACR,GAAGC;MACL,CAAC,GAAGN,SAAS;MACb;MACA,MAAMtD,KAAK,uBAAGsD,SAAS,CAACtD,KAAK,qDAAf,iBAAiB6D,MAAM,CAACC,IAAI,IAAIA,IAAI,CAACtE,IAAI,KAAK,aAAa,CAAC;MAC1EqD,OAAO,GAAG;QACR,GAAGe,IAAI;QACP,IAAI5D,KAAK,IAAI;UAAEA;QAAM,CAAC,CAAC;QACvB,GAAG6C;MACL,CAAC;IACH;IACApB,GAAG,CAACC,IAAI,CAACmB,OAAO,CAAC;EACnB;EAEA,OAAOpB,GAAG;AACZ;AAEO,SAASsC,0BAA0B,CACxC7E,WAAwB,EACxBoD,eAAuB,EACvBH,MAAyB,EACN;EACnB,MAAM6B,YAAY,GAAG9E,WAAW,CAACC,eAAe,IAAI,EAAE;EACtD,MAAM+B,WAAW,GAAG8C,YAAY,CAACC,IAAI,CAACC,CAAC,IAAIA,CAAC,CAAC1E,IAAI,KAAK8C,eAAe,CAAC;EACtE,IAAI,CAACpB,WAAW,EAAE;IAChB;IACA,IAAAiD,UAAI,EAAE,gCAA+B7B,eAAgB,kCAAiC,CAAC;IACvF,OAAOH,MAAM;EACf;;EAEA;EACA,MAAMiC,oBAAoB,GAAGlD,WAAW,CAAClB,KAAK,CAAEG,MAAM,CAAC,CAACsB,GAAG,EAAE4C,KAAK,KAAK;IACrE,MAAM;MAAE7E,IAAI;MAAEQ;IAAM,CAAC,GAAGqE,KAAK;IAC7B,IAAI7E,IAAI,KAAK,aAAa,EAAE;MAC1BiC,GAAG,CAACjC,IAAI,CAAC,GAAGQ,KAAK,CAAC,CAAC;IACrB,CAAC,MAAM;MACLyB,GAAG,CAACjC,IAAI,CAAC,GAAG2C,MAAM,CAAC3C,IAAI,CAAC,CAAC,CAAC;IAC5B;;IACA,OAAOiC,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EACN,OAAO2C,oBAAoB;AAC7B;AAEA,SAAS5B,kBAAkB,CAACtB,WAA2B,EAAEX,OAAyB,EAAE;EAClF,MAAM;IAAEU,oBAAoB;IAAEmB;EAAY,CAAC,GAAG7B,OAAO;EAErD,IAAI,CAACW,WAAW,EAAE;IAChB,OAAOoD,SAAS;EAClB;EAEA,IAAIrD,oBAAoB,EAAE;IACxB,OAAOsD,oCAAiB;EAC1B;;EAEA;EACA,OAAOnC,WAAW,CAAElB,WAAW,CAAC1B,IAAI,CAAC;AACvC;;AAEA;AACA;AACO,SAASgF,aAAa,CAC3BC,eAAiC,EACjCtC,MAAyB,EACzB5B,OAAyB,EACD;EACxB;EACA,MAAM6B,WAAW,GAAG7B,OAAO,CAAC6B,WAAY;EACxC,MAAMnB,oBAAoB,GAAGV,OAAO,CAACU,oBAAoB;EAEzD,IAAIwB,UAAsB;EAC1B;EACA,IAAIlC,OAAO,CAACmE,IAAI,EAAE;IAChB;IACA,MAAMxD,WAAW,GAAGuD,eAAe,CAACR,IAAI,CAAC,CAAC;MAAEzE;IAAK,CAAC,KAAKA,IAAI,KAAKe,OAAO,CAACmE,IAAI,CAAE;IAC9E,IAAIxD,WAAW,EAAE;MACf,MAAMqB,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAC;MAClD,OAAOgC,CAAC,GAAG,IAAIA,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC,GAAG+D,SAAS;IAC5D,CAAC,MAAM;MACL;MACA,IAAAH,UAAI,EAAE,SAAQ5D,OAAO,CAACmE,IAAK,kCAAiC,CAAC;MAC7D;IACF;EACF;EAEA,MAAMC,oBAAkC,GAAG,EAAE;EAC7C,IAAI1D,oBAAoB,EAAE;IACxB;IACA0D,oBAAoB,CAACjD,IAAI,CAAC,IAAI6C,oCAAiB,CAACE,eAAe,CAAC,CAAC,CAAC,EAAEtC,MAAM,EAAE5B,OAAO,CAAC,CAAC;EACvF,CAAC,MAAM;IACL,KAAK,IAAIW,WAAW,IAAIuD,eAAe,EAAE;MACvC,MAAMG,kBAAkB,GAAGlF,MAAM,CAACC,IAAI,CAACyC,WAAW,CAAW,CAACtC,QAAQ,CAACoB,WAAW,CAAC1B,IAAI,CAAC;MACxF,IAAI,CAACoF,kBAAkB,EAAE;QACvB;MACF;;MAEA;MACA,MAAMrC,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAE;MACnDkC,UAAU,GAAG,IAAIF,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC;MAChD,IAAIkC,UAAU,CAACoC,YAAY,EAAE,EAAE;QAC7B;QACA,OAAOpC,UAAU;MACnB;MACA;MACA;MACAkC,oBAAoB,CAACjD,IAAI,CAACe,UAAU,CAAC;IACvC;EACF;EAEA,OAAOkC,oBAAoB,CAAC,CAAC,CAAC;AAChC;AAGO,SAASjC,WAAW,CACzBT,UAAgC,EAAEQ,UAAsB,EAAEvD,WAAwB,EACxE;EACV,MAAM4F,QAAQ,GAAGrC,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC;EACxE,MAAMoC,OAAO,GAAGzF,SAAS,CAACJ,WAAW,CAAC;EACtC,MAAM8F,SAAS,GAAGvF,WAAW,CAACP,WAAW,CAAC;EAC1C,OAAO;IACL,GAAG4F,QAAQ;IACX,IAAIC,OAAO,IAAI;MAACA;IAAO,CAAC,CAAC;IACzB,IAAIC,SAAS,IAAI;MAACA;IAAS,CAAC;EAC9B,CAAC;AACH;AAEO,SAASC,oBAAoB,CAClChD,UAAgC,EAChC/C,WAAwB,EACxBqB,OAAO,GAAG,CAAC,CAAC,EACS;EACrB,MAAM2E,QAAQ,GAAGjG,kBAAkB,CAACC,WAAW,CAAC;EAChD,MAAMkB,QAAQ,GAAGQ,uBAAuB,CAAC1B,WAAW,EAAEqB,OAAO,CAAC;EAC9D,IAAI2E,QAAQ,EAAE;IACZ,OAAO;MAAEhG,WAAW;MAAEgG,QAAQ;MAAE9E;IAAS,CAAC;EAC5C,CAAC,MAAM;IACL,MAAMqC,UAAU,GAAG+B,aAAa,CAACtF,WAAW,CAACC,eAAe,EAAE,CAAC,CAAC,EAAEoB,OAAO,CAAC;IAC1E,MAAMuE,QAAQ,GAAGrC,UAAU,IAAIC,WAAW,CAACT,UAAU,EAAEQ,UAAU,EAAEvD,WAAW,CAAC;IAC/E,OAAO;MACLA,WAAW;MACXkB,QAAQ;MACR,IAAI0E,QAAQ,IAAI;QAAEA;MAAS,CAAC;IAC9B,CAAC;EACH;AAEF"}
1
+ {"version":3,"file":"util.js","names":["isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","name","canResendFn","Object","keys","actions","actionName","includes","getMessagesFromIdxRemediationValue","value","Array","isArray","reduce","messages","form","messagesFromForm","options","optionValues","forEach","option","messagesFromOptions","getMessagesFromResponse","rawIdxState","globalMessages","map","message","useGenericRemediator","remediation","fieldMessages","seen","filtered","key","i18n","getEnabledFeatures","res","push","IdxFeature","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","authClient","remediatorMap","values","remediators","remediatorClass","remediationName","T","getRemediatorClass","remediator","getNextStep","context","entries","stepObj","action","params","idx","proceed","startsWith","part1","part2","split2","actionObj","href","method","rel","accepts","produces","rest","filter","item","filterValuesForRemediation","remediations","find","r","warn","valuesForRemediation","entry","undefined","GenericRemediator","getRemediator","idxRemediations","step","remediatorCandidates","isRemeditionInFlow","canRemediate","nextStep","canSkip","canResend","handleFailedResponse","terminal"],"sources":["../../../lib/idx/util.ts"],"sourcesContent":["import { warn, split2 } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { OktaAuthIdxInterface, IdxFeature, NextStep, RemediateOptions, RemediationResponse, RunOptions } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n const { neededToProceed, interactionCode } = idxResponse;\n return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n if (!value || !Array.isArray(value)) {\n return;\n }\n return value.reduce((messages, value) => {\n if (value.messages) {\n messages = [...messages, ...value.messages.value] as never;\n }\n if (value.form) {\n const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n messages = [...messages, ...messagesFromForm] as never;\n } \n if (value.options) {\n let optionValues = [];\n value.options.forEach(option => {\n if (!option.value || typeof option.value === 'string') {\n return;\n }\n optionValues = [...optionValues, option.value] as never;\n });\n const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n messages = [...messages, ...messagesFromOptions] as never;\n }\n return messages;\n }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n let messages: IdxMessage[] = [];\n const { rawIdxState, neededToProceed } = idxResponse;\n\n // Handle global messages\n const globalMessages = rawIdxState.messages?.value.map(message => message);\n if (globalMessages) {\n messages = [...messages, ...globalMessages] as never;\n }\n\n // Handle field messages for current flow\n // Preserve existing logic for general cases, remove in the next major version\n // Follow ion response format for top level messages when useGenericRemediator is true\n if (!options.useGenericRemediator) {\n for (let remediation of neededToProceed) {\n const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n if (fieldMessages) {\n messages = [...messages, ...fieldMessages] as never;\n }\n }\n }\n\n // API may return identical error on same field, filter by i18n key\n const seen = {};\n messages = messages.reduce((filtered, message) => {\n const key = message.i18n?.key;\n if (key && seen[key]) {\n return filtered;\n }\n seen[key] = message;\n filtered = [...filtered, message] as never;\n return filtered;\n }, []);\n return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n }\n\n return res;\n}\n\nexport function getAvailableSteps(\n authClient: OktaAuthIdxInterface, \n idxResponse: IdxResponse, \n useGenericRemediator?: boolean\n): NextStep[] {\n const res: NextStep[] = [];\n\n const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n .reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of idxResponse.neededToProceed) {\n const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n if (T) {\n const remediator: Remediator = new T(remediation);\n res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n }\n }\n\n for (const [name] of Object.entries((idxResponse.actions || {}))) {\n let stepObj = {\n name, \n action: async (params?) => {\n return authClient.idx.proceed({ \n actions: [{ name, params }] \n });\n }\n };\n if (name.startsWith('currentAuthenticator')) {\n const [part1, part2] = split2(name, '-');\n const actionObj = idxResponse.rawIdxState[part1].value[part2];\n /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n const {\n href, \n method, \n rel, \n accepts, \n produces, \n ...rest\n } = actionObj;\n /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n stepObj = { \n ...rest, \n ...(value && { value }),\n ...stepObj,\n };\n }\n res.push(stepObj);\n }\n\n return res;\n}\n\nexport function filterValuesForRemediation(\n idxResponse: IdxResponse,\n remediationName: string,\n values: RemediationValues\n): RemediationValues {\n const remediations = idxResponse.neededToProceed || [];\n const remediation = remediations.find(r => r.name === remediationName);\n if (!remediation) {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n return values;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n const { name, value } = entry;\n if (name === 'stateHandle') {\n res[name] = value; // use the stateHandle value in the remediation\n } else {\n res[name] = values[name]; // use the value provided by the caller\n }\n return res;\n }, {});\n return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n const { useGenericRemediator, remediators } = options;\n \n if (!remediation) {\n return undefined;\n }\n\n if (useGenericRemediator) {\n return GenericRemediator;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions,\n): Remediator | undefined {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediators = options.remediators!;\n const useGenericRemediator = options.useGenericRemediator;\n const {neededToProceed: idxRemediations, context} = idxResponse;\n\n let remediator: Remediator;\n // remediation name specified by caller - fast-track remediator lookup \n if (options.step) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n if (remediation) {\n const T = getRemediatorClass(remediation, options);\n return T ? new T(remediation, values, options) : undefined;\n } else {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`step \"${options.step}\" did not match any remediations`);\n return;\n }\n }\n\n const remediatorCandidates: Remediator[] = [];\n if (useGenericRemediator) {\n // always pick the first remediation for when use GenericRemediator\n remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n } else {\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const T = getRemediatorClass(remediation, options)!;\n remediator = new T(remediation, values, options);\n if (remediator.canRemediate(context)) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator); \n }\n }\n \n return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nexport function handleFailedResponse(\n authClient: OktaAuthIdxInterface,\n idxResponse: IdxResponse,\n options = {}\n): RemediationResponse {\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse, options);\n if (terminal) {\n return { idxResponse, terminal, messages };\n } else {\n const remediator = getRemediator(idxResponse, {}, options);\n const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n return {\n idxResponse,\n messages,\n ...(nextStep && { nextStep }),\n };\n }\n \n}\n"],"mappings":";;;;;;;;;;;;;AAAA;AACA;AAEA;AACA;AAAwH;AAAA;AAGjH,SAASA,kBAAkB,CAACC,WAAwB,EAAE;EAC3D,MAAM;IAAEC,eAAe;IAAEC;EAAgB,CAAC,GAAGF,WAAW;EACxD,OAAO,CAACC,eAAe,CAACE,MAAM,IAAI,CAACD,eAAe;AACpD;AAEO,SAASE,SAAS,CAACJ,WAAwB,EAAE;EAClD,OAAOA,WAAW,CAACC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,MAAM,CAAC;AACxE;AAEO,SAASC,WAAW,CAACP,WAAwB,EAAE;EACpD,OAAOQ,MAAM,CAACC,IAAI,CAACT,WAAW,CAACU,OAAO,CAAC,CAACL,IAAI,CAACM,UAAU,IAAIA,UAAU,CAACC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3F;AAEO,SAASC,kCAAkC,CAChDC,KAA6B,EACH;EAC1B,IAAI,CAACA,KAAK,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,EAAE;IACnC;EACF;EACA,OAAOA,KAAK,CAACG,MAAM,CAAC,CAACC,QAAQ,EAAEJ,KAAK,KAAK;IACvC,IAAIA,KAAK,CAACI,QAAQ,EAAE;MAClBA,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGJ,KAAK,CAACI,QAAQ,CAACJ,KAAK,CAAU;IAC5D;IACA,IAAIA,KAAK,CAACK,IAAI,EAAE;MACd,MAAMC,gBAAgB,GAAGP,kCAAkC,CAACC,KAAK,CAACK,IAAI,CAACL,KAAK,CAAC,IAAI,EAAE;MACnFI,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGE,gBAAgB,CAAU;IACxD;IACA,IAAIN,KAAK,CAACO,OAAO,EAAE;MACjB,IAAIC,YAAY,GAAG,EAAE;MACrBR,KAAK,CAACO,OAAO,CAACE,OAAO,CAACC,MAAM,IAAI;QAC9B,IAAI,CAACA,MAAM,CAACV,KAAK,IAAI,OAAOU,MAAM,CAACV,KAAK,KAAK,QAAQ,EAAE;UACrD;QACF;QACAQ,YAAY,GAAG,CAAC,GAAGA,YAAY,EAAEE,MAAM,CAACV,KAAK,CAAU;MACzD,CAAC,CAAC;MACF,MAAMW,mBAAmB,GAAGZ,kCAAkC,CAACS,YAAY,CAAC,IAAI,EAAE;MAClFJ,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGO,mBAAmB,CAAU;IAC3D;IACA,OAAOP,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;AACR;AAEO,SAASQ,uBAAuB,CAAC1B,WAAwB,EAAEqB,OAAmB,EAAgB;EAAA;EACnG,IAAIH,QAAsB,GAAG,EAAE;EAC/B,MAAM;IAAES,WAAW;IAAE1B;EAAgB,CAAC,GAAGD,WAAW;;EAEpD;EACA,MAAM4B,cAAc,4BAAGD,WAAW,CAACT,QAAQ,0DAApB,sBAAsBJ,KAAK,CAACe,GAAG,CAACC,OAAO,IAAIA,OAAO,CAAC;EAC1E,IAAIF,cAAc,EAAE;IAClBV,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGU,cAAc,CAAU;EACtD;;EAEA;EACA;EACA;EACA,IAAI,CAACP,OAAO,CAACU,oBAAoB,EAAE;IACjC,KAAK,IAAIC,WAAW,IAAI/B,eAAe,EAAE;MACvC,MAAMgC,aAAa,GAAGpB,kCAAkC,CAACmB,WAAW,CAAClB,KAAK,CAAC;MAC3E,IAAImB,aAAa,EAAE;QACjBf,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGe,aAAa,CAAU;MACrD;IACF;EACF;;EAEA;EACA,MAAMC,IAAI,GAAG,CAAC,CAAC;EACfhB,QAAQ,GAAGA,QAAQ,CAACD,MAAM,CAAC,CAACkB,QAAQ,EAAEL,OAAO,KAAK;IAAA;IAChD,MAAMM,GAAG,oBAAGN,OAAO,CAACO,IAAI,kDAAZ,cAAcD,GAAG;IAC7B,IAAIA,GAAG,IAAIF,IAAI,CAACE,GAAG,CAAC,EAAE;MACpB,OAAOD,QAAQ;IACjB;IACAD,IAAI,CAACE,GAAG,CAAC,GAAGN,OAAO;IACnBK,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAEL,OAAO,CAAU;IAC1C,OAAOK,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;EACN,OAAOjB,QAAQ;AACjB;AAGO,SAASoB,kBAAkB,CAACtC,WAAwB,EAAgB;EACzE,MAAMuC,GAAG,GAAG,EAAE;EACd,MAAM;IAAE7B,OAAO;IAAET;EAAgB,CAAC,GAAGD,WAAW;EAEhD,IAAIU,OAAO,CAAC,8BAA8B,CAAC,EAAE;IAC3C6B,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACC,iBAAiB,CAAU;EACjD;EAEA,IAAIzC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,uBAAuB,CAAC,EAAE;IACxEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACE,YAAY,CAAU;EAC5C;EAEA,IAAI1C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,cAAc,CAAC,EAAE;IAC/DiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACG,UAAU,CAAU;EAC1C;EAEA,IAAI3C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,gBAAgB,CAAC,EAAE;IACjEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACI,cAAc,CAAU;EAC9C;EAEA,OAAON,GAAG;AACZ;AAEO,SAASO,iBAAiB,CAC/BC,UAAgC,EAChC/C,WAAwB,EACxB+B,oBAA8B,EAClB;EACZ,MAAMQ,GAAe,GAAG,EAAE;EAE1B,MAAMS,aAAoD,GAAGxC,MAAM,CAACyC,MAAM,CAACC,WAAW,CAAC,CACpFjC,MAAM,CAAC,CAACY,GAAG,EAAEsB,eAAe,KAAK;IAChC;IACA,IAAIA,eAAe,CAACC,eAAe,EAAE;MACnCvB,GAAG,CAACsB,eAAe,CAACC,eAAe,CAAC,GAAGD,eAAe;IACxD;IACA,OAAOtB,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EAER,KAAK,IAAIG,WAAW,IAAIhC,WAAW,CAACC,eAAe,EAAE;IACnD,MAAMoD,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAE;MAAED,oBAAoB;MAAEmB,WAAW,EAAEF;IAAc,CAAC,CAAC;IAC/F,IAAIK,CAAC,EAAE;MACL,MAAME,UAAsB,GAAG,IAAIF,CAAC,CAACrB,WAAW,CAAC;MACjDO,GAAG,CAACC,IAAI,CAAEe,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC,CAAU;IAC7E;EACF;EAEA,KAAK,MAAM,CAACnD,IAAI,CAAC,IAAIE,MAAM,CAACkD,OAAO,CAAE1D,WAAW,CAACU,OAAO,IAAI,CAAC,CAAC,CAAE,EAAE;IAChE,IAAIiD,OAAO,GAAG;MACZrD,IAAI;MACJsD,MAAM,EAAE,MAAOC,MAAO,IAAK;QACzB,OAAOd,UAAU,CAACe,GAAG,CAACC,OAAO,CAAC;UAC5BrD,OAAO,EAAE,CAAC;YAAEJ,IAAI;YAAEuD;UAAO,CAAC;QAC5B,CAAC,CAAC;MACJ;IACF,CAAC;IACD,IAAIvD,IAAI,CAAC0D,UAAU,CAAC,sBAAsB,CAAC,EAAE;MAAA;MAC3C,MAAM,CAACC,KAAK,EAAEC,KAAK,CAAC,GAAG,IAAAC,YAAM,EAAC7D,IAAI,EAAE,GAAG,CAAC;MACxC,MAAM8D,SAAS,GAAGpE,WAAW,CAAC2B,WAAW,CAACsC,KAAK,CAAC,CAACnD,KAAK,CAACoD,KAAK,CAAC;MAC7D;MACA,MAAM;QACJG,IAAI;QACJC,MAAM;QACNC,GAAG;QACHC,OAAO;QACPC,QAAQ;QACR,GAAGC;MACL,CAAC,GAAGN,SAAS;MACb;MACA,MAAMtD,KAAK,uBAAGsD,SAAS,CAACtD,KAAK,qDAAf,iBAAiB6D,MAAM,CAACC,IAAI,IAAIA,IAAI,CAACtE,IAAI,KAAK,aAAa,CAAC;MAC1EqD,OAAO,GAAG;QACR,GAAGe,IAAI;QACP,IAAI5D,KAAK,IAAI;UAAEA;QAAM,CAAC,CAAC;QACvB,GAAG6C;MACL,CAAC;IACH;IACApB,GAAG,CAACC,IAAI,CAACmB,OAAO,CAAC;EACnB;EAEA,OAAOpB,GAAG;AACZ;AAEO,SAASsC,0BAA0B,CACxC7E,WAAwB,EACxBoD,eAAuB,EACvBH,MAAyB,EACN;EACnB,MAAM6B,YAAY,GAAG9E,WAAW,CAACC,eAAe,IAAI,EAAE;EACtD,MAAM+B,WAAW,GAAG8C,YAAY,CAACC,IAAI,CAACC,CAAC,IAAIA,CAAC,CAAC1E,IAAI,KAAK8C,eAAe,CAAC;EACtE,IAAI,CAACpB,WAAW,EAAE;IAChB;IACA,IAAAiD,UAAI,EAAE,gCAA+B7B,eAAgB,kCAAiC,CAAC;IACvF,OAAOH,MAAM;EACf;;EAEA;EACA,MAAMiC,oBAAoB,GAAGlD,WAAW,CAAClB,KAAK,CAAEG,MAAM,CAAC,CAACsB,GAAG,EAAE4C,KAAK,KAAK;IACrE,MAAM;MAAE7E,IAAI;MAAEQ;IAAM,CAAC,GAAGqE,KAAK;IAC7B,IAAI7E,IAAI,KAAK,aAAa,EAAE;MAC1BiC,GAAG,CAACjC,IAAI,CAAC,GAAGQ,KAAK,CAAC,CAAC;IACrB,CAAC,MAAM;MACLyB,GAAG,CAACjC,IAAI,CAAC,GAAG2C,MAAM,CAAC3C,IAAI,CAAC,CAAC,CAAC;IAC5B;;IACA,OAAOiC,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EACN,OAAO2C,oBAAoB;AAC7B;AAEA,SAAS5B,kBAAkB,CAACtB,WAA2B,EAAEX,OAAyB,EAAE;EAClF,MAAM;IAAEU,oBAAoB;IAAEmB;EAAY,CAAC,GAAG7B,OAAO;EAErD,IAAI,CAACW,WAAW,EAAE;IAChB,OAAOoD,SAAS;EAClB;EAEA,IAAIrD,oBAAoB,EAAE;IACxB,OAAOsD,oCAAiB;EAC1B;;EAEA;EACA,OAAOnC,WAAW,CAAElB,WAAW,CAAC1B,IAAI,CAAC;AACvC;;AAEA;AACA;AACO,SAASgF,aAAa,CAC3BtF,WAAwB,EACxBiD,MAAyB,EACzB5B,OAAyB,EACD;EACxB;EACA,MAAM6B,WAAW,GAAG7B,OAAO,CAAC6B,WAAY;EACxC,MAAMnB,oBAAoB,GAAGV,OAAO,CAACU,oBAAoB;EACzD,MAAM;IAAC9B,eAAe,EAAEsF,eAAe;IAAE9B;EAAO,CAAC,GAAGzD,WAAW;EAE/D,IAAIuD,UAAsB;EAC1B;EACA,IAAIlC,OAAO,CAACmE,IAAI,EAAE;IAChB;IACA,MAAMxD,WAAW,GAAGuD,eAAe,CAACR,IAAI,CAAC,CAAC;MAAEzE;IAAK,CAAC,KAAKA,IAAI,KAAKe,OAAO,CAACmE,IAAI,CAAE;IAC9E,IAAIxD,WAAW,EAAE;MACf,MAAMqB,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAC;MAClD,OAAOgC,CAAC,GAAG,IAAIA,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC,GAAG+D,SAAS;IAC5D,CAAC,MAAM;MACL;MACA,IAAAH,UAAI,EAAE,SAAQ5D,OAAO,CAACmE,IAAK,kCAAiC,CAAC;MAC7D;IACF;EACF;EAEA,MAAMC,oBAAkC,GAAG,EAAE;EAC7C,IAAI1D,oBAAoB,EAAE;IACxB;IACA0D,oBAAoB,CAACjD,IAAI,CAAC,IAAI6C,oCAAiB,CAACE,eAAe,CAAC,CAAC,CAAC,EAAEtC,MAAM,EAAE5B,OAAO,CAAC,CAAC;EACvF,CAAC,MAAM;IACL,KAAK,IAAIW,WAAW,IAAIuD,eAAe,EAAE;MACvC,MAAMG,kBAAkB,GAAGlF,MAAM,CAACC,IAAI,CAACyC,WAAW,CAAW,CAACtC,QAAQ,CAACoB,WAAW,CAAC1B,IAAI,CAAC;MACxF,IAAI,CAACoF,kBAAkB,EAAE;QACvB;MACF;;MAEA;MACA,MAAMrC,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAE;MACnDkC,UAAU,GAAG,IAAIF,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC;MAChD,IAAIkC,UAAU,CAACoC,YAAY,CAAClC,OAAO,CAAC,EAAE;QACpC;QACA,OAAOF,UAAU;MACnB;MACA;MACA;MACAkC,oBAAoB,CAACjD,IAAI,CAACe,UAAU,CAAC;IACvC;EACF;EAEA,OAAOkC,oBAAoB,CAAC,CAAC,CAAC;AAChC;AAGO,SAASjC,WAAW,CACzBT,UAAgC,EAAEQ,UAAsB,EAAEvD,WAAwB,EACxE;EACV,MAAM4F,QAAQ,GAAGrC,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC;EACxE,MAAMoC,OAAO,GAAGzF,SAAS,CAACJ,WAAW,CAAC;EACtC,MAAM8F,SAAS,GAAGvF,WAAW,CAACP,WAAW,CAAC;EAC1C,OAAO;IACL,GAAG4F,QAAQ;IACX,IAAIC,OAAO,IAAI;MAACA;IAAO,CAAC,CAAC;IACzB,IAAIC,SAAS,IAAI;MAACA;IAAS,CAAC;EAC9B,CAAC;AACH;AAEO,SAASC,oBAAoB,CAClChD,UAAgC,EAChC/C,WAAwB,EACxBqB,OAAO,GAAG,CAAC,CAAC,EACS;EACrB,MAAM2E,QAAQ,GAAGjG,kBAAkB,CAACC,WAAW,CAAC;EAChD,MAAMkB,QAAQ,GAAGQ,uBAAuB,CAAC1B,WAAW,EAAEqB,OAAO,CAAC;EAC9D,IAAI2E,QAAQ,EAAE;IACZ,OAAO;MAAEhG,WAAW;MAAEgG,QAAQ;MAAE9E;IAAS,CAAC;EAC5C,CAAC,MAAM;IACL,MAAMqC,UAAU,GAAG+B,aAAa,CAACtF,WAAW,EAAE,CAAC,CAAC,EAAEqB,OAAO,CAAC;IAC1D,MAAMuE,QAAQ,GAAGrC,UAAU,IAAIC,WAAW,CAACT,UAAU,EAAEQ,UAAU,EAAEvD,WAAW,CAAC;IAC/E,OAAO;MACLA,WAAW;MACXkB,QAAQ;MACR,IAAI0E,QAAQ,IAAI;QAAEA;MAAS,CAAC;IAC9B,CAAC;EACH;AAEF"}
package/cjs/oidc/TokenManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","e","Promise","reject","renewTokens","then","tokenType","catch","err","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n Token, \n Tokens, \n TokenType, \n TokenManagerOptions, \n isIDToken, \n isAccessToken,\n isRefreshToken,\n TokenManagerErrorEventHandler,\n TokenManagerSetStorageEventHandler,\n TokenManagerRenewEventHandler,\n TokenManagerEventHandler,\n TokenManagerInterface,\n RefreshToken,\n AccessTokenCallback,\n IDTokenCallback,\n RefreshTokenCallback,\n EVENT_RENEWED,\n EVENT_ADDED,\n EVENT_ERROR,\n EVENT_EXPIRED,\n EVENT_REMOVED,\n EVENT_SET_STORAGE,\n TokenManagerAnyEventHandler,\n TokenManagerAnyEvent,\n OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n // TODO: remove in next major version - OKTA-473815\n autoRenew: true,\n autoRemove: true,\n syncStorage: true,\n // --- //\n clearPendingRemoveTokens: true,\n storage: undefined, // will use value from storageManager config\n expireEarlySeconds: 30,\n storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n expireTimeouts: Record<string, unknown>;\n renewPromise: Promise<Token | undefined> | null;\n started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n return {\n expireTimeouts: {},\n renewPromise: null\n };\n}\nexport class TokenManager implements TokenManagerInterface {\n private sdk: OktaAuthOAuthInterface;\n private clock: SdkClock;\n private emitter: EventEmitter;\n private storage: StorageProvider;\n private state: TokenManagerState;\n private options: TokenManagerOptions;\n\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler: TokenManagerEventHandler, context?: object): void;\n on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n if (context) {\n this.emitter.on(event, handler, context);\n } else {\n this.emitter.on(event, handler);\n }\n }\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler?: TokenManagerEventHandler): void;\n off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n if (handler) {\n this.emitter.off(event, handler);\n } else {\n this.emitter.off(event);\n }\n }\n\n // eslint-disable-next-line complexity\n constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n this.sdk = sdk;\n this.emitter = (sdk as any).emitter;\n if (!this.emitter) {\n throw new AuthSdkError('Emitter should be initialized before TokenManager');\n }\n \n options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n if (!isLocalhost()) {\n options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n }\n\n this.options = options;\n\n const storageOptions: StorageOptions = removeNils({\n storageKey: options.storageKey,\n secure: options.secure,\n });\n if (typeof options.storage === 'object') {\n // A custom storage provider must implement getItem(key) and setItem(key, val)\n storageOptions.storageProvider = options.storage;\n } else if (options.storage) {\n storageOptions.storageType = options.storage as StorageType;\n }\n\n this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n this.clock = SdkClock.create(/* sdk, options */);\n this.state = defaultState();\n }\n\n start() {\n if (this.options.clearPendingRemoveTokens) {\n this.clearPendingRemoveTokens();\n }\n this.setExpireEventTimeoutAll();\n this.state.started = true;\n }\n \n stop() {\n this.clearExpireEventTimeoutAll();\n this.state.started = false;\n }\n\n isStarted() {\n return !!this.state.started;\n }\n\n getOptions(): TokenManagerOptions {\n return clone(this.options);\n }\n \n getExpireTime(token) {\n const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n var expireTime = token.expiresAt - expireEarlySeconds;\n return expireTime;\n }\n \n hasExpired(token) {\n var expireTime = this.getExpireTime(token);\n return expireTime <= this.clock.now();\n }\n \n emitExpired(key, token) {\n this.emitter.emit(EVENT_EXPIRED, key, token);\n }\n \n emitRenewed(key, freshToken, oldToken) {\n this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n }\n \n emitAdded(key, token) {\n this.emitter.emit(EVENT_ADDED, key, token);\n }\n \n emitRemoved(key, token?) {\n this.emitter.emit(EVENT_REMOVED, key, token);\n }\n \n emitError(error) {\n this.emitter.emit(EVENT_ERROR, error);\n }\n \n clearExpireEventTimeout(key) {\n clearTimeout(this.state.expireTimeouts[key] as any);\n delete this.state.expireTimeouts[key];\n \n // Remove the renew promise (if it exists)\n this.state.renewPromise = null;\n }\n \n clearExpireEventTimeoutAll() {\n var expireTimeouts = this.state.expireTimeouts;\n for (var key in expireTimeouts) {\n if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n continue;\n }\n this.clearExpireEventTimeout(key);\n }\n }\n \n setExpireEventTimeout(key, token) {\n if (isRefreshToken(token)) {\n return;\n }\n\n var expireTime = this.getExpireTime(token);\n var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n \n // Clear any existing timeout\n this.clearExpireEventTimeout(key);\n \n var expireEventTimeout = setTimeout(() => {\n this.emitExpired(key, token);\n }, expireEventWait);\n \n // Add a new timeout\n this.state.expireTimeouts[key] = expireEventTimeout;\n }\n \n setExpireEventTimeoutAll() {\n var tokenStorage = this.storage.getStorage();\n for(var key in tokenStorage) {\n if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n continue;\n }\n var token = tokenStorage[key];\n this.setExpireEventTimeout(key, token);\n }\n }\n \n // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n resetExpireEventTimeoutAll() {\n this.clearExpireEventTimeoutAll();\n this.setExpireEventTimeoutAll();\n }\n \n add(key, token: Token) {\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n }\n \n getSync(key): Token {\n var tokenStorage = this.storage.getStorage();\n return tokenStorage[key];\n }\n \n async get(key): Promise<Token> {\n return this.getSync(key);\n }\n \n getTokensSync(): Tokens {\n const tokens = {} as Tokens;\n const tokenStorage = this.storage.getStorage();\n Object.keys(tokenStorage).forEach(key => {\n const token = tokenStorage[key];\n if (isAccessToken(token)) {\n tokens.accessToken = token;\n } else if (isIDToken(token)) {\n tokens.idToken = token;\n } else if (isRefreshToken(token)) { \n tokens.refreshToken = token;\n }\n });\n return tokens;\n }\n \n async getTokens(): Promise<Tokens> {\n return this.getTokensSync();\n }\n\n getStorageKeyByType(type: TokenType): string {\n const tokenStorage = this.storage.getStorage();\n const key = Object.keys(tokenStorage).filter(key => {\n const token = tokenStorage[key];\n return (isAccessToken(token) && type === 'accessToken') \n || (isIDToken(token) && type === 'idToken')\n || (isRefreshToken(token) && type === 'refreshToken');\n })[0];\n return key;\n }\n\n private getTokenType(token: Token): TokenType {\n if (isAccessToken(token)) {\n return 'accessToken';\n }\n if (isIDToken(token)) {\n return 'idToken';\n }\n if(isRefreshToken(token)) {\n return 'refreshToken';\n }\n throw new AuthSdkError('Unknown token type');\n }\n\n // for synchronization of LocalStorage cross tabs for IE11\n private emitSetStorageEvent() {\n if (isIE11OrLess()) {\n const storage = this.storage.getStorage();\n this.emitter.emit(EVENT_SET_STORAGE, storage);\n }\n }\n\n // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n public getStorage() {\n return this.storage;\n }\n\n setTokens(\n tokens: Tokens,\n // TODO: callbacks can be removed in the next major version OKTA-407224\n accessTokenCb?: AccessTokenCallback, \n idTokenCb?: IDTokenCallback,\n refreshTokenCb?: RefreshTokenCallback\n ): void {\n const handleTokenCallback = (key, token) => {\n const type = this.getTokenType(token);\n if (type === 'accessToken') {\n accessTokenCb && accessTokenCb(key, token);\n } else if (type === 'idToken') {\n idTokenCb && idTokenCb(key, token);\n } else if (type === 'refreshToken') {\n refreshTokenCb && refreshTokenCb(key, token);\n }\n };\n const handleAdded = (key, token) => {\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRenewed = (key, token, oldToken) => {\n this.emitRenewed(key, token, oldToken);\n this.clearExpireEventTimeout(key);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRemoved = (key, token) => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, token);\n handleTokenCallback(key, token);\n };\n \n const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n const existingTokens = this.getTokensSync();\n\n // valid tokens\n types.forEach((type) => {\n const token = tokens[type];\n if (token) {\n validateToken(token, type);\n }\n });\n \n // add token to storage\n const storage = types.reduce((storage, type) => {\n const token = tokens[type];\n if (token) {\n const storageKey = this.getStorageKeyByType(type) || type;\n storage[storageKey] = token;\n }\n return storage;\n }, {});\n this.storage.setStorage(storage);\n this.emitSetStorageEvent();\n\n // emit event and start expiration timer\n types.forEach(type => {\n const newToken = tokens[type];\n const existingToken = existingTokens[type];\n const storageKey = this.getStorageKeyByType(type) || type;\n if (newToken && existingToken) { // renew\n // call handleRemoved first, since it clears timers\n handleRemoved(storageKey, existingToken);\n handleAdded(storageKey, newToken);\n handleRenewed(storageKey, newToken, existingToken);\n } else if (newToken) { // add\n handleAdded(storageKey, newToken);\n } else if (existingToken) { //remove\n handleRemoved(storageKey, existingToken);\n }\n });\n }\n \n remove(key) {\n // Clear any listener for this token\n this.clearExpireEventTimeout(key);\n \n var tokenStorage = this.storage.getStorage();\n var removedToken = tokenStorage[key];\n delete tokenStorage[key];\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n \n this.emitRemoved(key, removedToken);\n }\n \n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n async renewToken(token) {\n return this.sdk.token?.renew(token);\n }\n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n validateToken(token: Token) {\n return validateToken(token);\n }\n\n // TODO: renew method should take no param, change in the next major version OKTA-407224\n renew(key): Promise<Token | undefined> {\n // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n if (this.state.renewPromise) {\n return this.state.renewPromise;\n }\n \n try {\n var token = this.getSync(key);\n if (!token) {\n throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n }\n } catch (e) {\n return Promise.reject(e);\n }\n \n // Remove existing autoRenew timeout\n this.clearExpireEventTimeout(key);\n \n // A refresh token means a replace instead of renewal\n // Store the renew promise state, to avoid renewing again\n const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n .then(tokens => {\n this.setTokens(tokens);\n\n // resolve token based on the key\n const tokenType = this.getTokenType(token);\n return tokens[tokenType];\n })\n .catch(err => {\n // If renew fails, remove token from storage and emit error\n this.remove(key);\n err.tokenKey = key;\n this.emitError(err);\n throw err;\n })\n .finally(() => {\n // Remove existing promise key\n this.state.renewPromise = null;\n });\n \n return renewPromise;\n }\n \n clear() {\n const tokens = this.getTokensSync();\n this.clearExpireEventTimeoutAll();\n this.storage.clearStorage();\n this.emitSetStorageEvent();\n\n Object.keys(tokens).forEach(key => {\n this.emitRemoved(key, tokens[key]);\n });\n }\n\n clearPendingRemoveTokens() {\n const tokenStorage = this.storage.getStorage();\n const removedTokens = {};\n Object.keys(tokenStorage).forEach(key => {\n if (tokenStorage[key].pendingRemove) {\n removedTokens[key] = tokenStorage[key];\n delete tokenStorage[key];\n }\n });\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n Object.keys(removedTokens).forEach(key => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, removedTokens[key]);\n });\n }\n\n updateRefreshToken(token: RefreshToken) {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n // do not emit any event\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n }\n\n removeRefreshToken () {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n this.remove(key);\n }\n\n addPendingRemoveFlags() {\n const tokens = this.getTokensSync();\n Object.keys(tokens).forEach(key => {\n tokens[key].pendingRemove = true;\n });\n this.setTokens(tokens);\n }\n \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAS;IAClB,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAAkB;IAC7B,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,CAAC,EAAE;MACV,OAAOC,OAAO,CAACC,MAAM,CAACF,CAAC,CAAC;IAC1B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAC;MAC1C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACC,GAAG,IAAI;MACZ;MACA,IAAI,CAACX,MAAM,CAAChE,GAAG,CAAC;MAChB2E,GAAG,CAACC,QAAQ,GAAG5E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACgE,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDE,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC7F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAwH,KAAK,GAAG;IACN,MAAM1C,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAACgI,YAAY,EAAE;IAC3B,IAAI,CAAC/C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMqD,aAAa,GAAG,CAAC,CAAC;IACxB9G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACiF,aAAa,EAAE;QACnCD,aAAa,CAAChF,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC2C,aAAa,CAAC,CAAC1C,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEgF,aAAa,CAAChF,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAkF,kBAAkB,CAACxF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;;IAEjF;IACA,IAAIzD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAoD,kBAAkB,GAAI;IACpB,MAAMpF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;IACjF,IAAI,CAACnB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAqF,qBAAqB,GAAG;IACtB,MAAMjD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACiF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC9B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}
1
+ {"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","e","Promise","reject","renewTokens","then","tokenType","catch","err","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n Token, \n Tokens, \n TokenType, \n TokenManagerOptions, \n isIDToken, \n isAccessToken,\n isRefreshToken,\n TokenManagerErrorEventHandler,\n TokenManagerSetStorageEventHandler,\n TokenManagerRenewEventHandler,\n TokenManagerEventHandler,\n TokenManagerInterface,\n RefreshToken,\n AccessTokenCallback,\n IDTokenCallback,\n RefreshTokenCallback,\n EVENT_RENEWED,\n EVENT_ADDED,\n EVENT_ERROR,\n EVENT_EXPIRED,\n EVENT_REMOVED,\n EVENT_SET_STORAGE,\n TokenManagerAnyEventHandler,\n TokenManagerAnyEvent,\n OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n // TODO: remove in next major version - OKTA-473815\n autoRenew: true,\n autoRemove: true,\n syncStorage: true,\n // --- //\n clearPendingRemoveTokens: true,\n storage: undefined, // will use value from storageManager config\n expireEarlySeconds: 30,\n storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n expireTimeouts: Record<string, unknown>;\n renewPromise: Promise<Token | undefined> | null;\n started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n return {\n expireTimeouts: {},\n renewPromise: null\n };\n}\nexport class TokenManager implements TokenManagerInterface {\n private sdk: OktaAuthOAuthInterface;\n private clock: SdkClock;\n private emitter: EventEmitter;\n private storage: StorageProvider;\n private state: TokenManagerState;\n private options: TokenManagerOptions;\n\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler: TokenManagerEventHandler, context?: object): void;\n on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n if (context) {\n this.emitter.on(event, handler, context);\n } else {\n this.emitter.on(event, handler);\n }\n }\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler?: TokenManagerEventHandler): void;\n off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n if (handler) {\n this.emitter.off(event, handler);\n } else {\n this.emitter.off(event);\n }\n }\n\n // eslint-disable-next-line complexity\n constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n this.sdk = sdk;\n this.emitter = (sdk as any).emitter;\n if (!this.emitter) {\n throw new AuthSdkError('Emitter should be initialized before TokenManager');\n }\n \n options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n if (!isLocalhost()) {\n options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n }\n\n this.options = options;\n\n const storageOptions: StorageOptions = removeNils({\n storageKey: options.storageKey,\n secure: options.secure,\n });\n if (typeof options.storage === 'object') {\n // A custom storage provider must implement getItem(key) and setItem(key, val)\n storageOptions.storageProvider = options.storage;\n } else if (options.storage) {\n storageOptions.storageType = options.storage as StorageType;\n }\n\n this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n this.clock = SdkClock.create(/* sdk, options */);\n this.state = defaultState();\n }\n\n start() {\n if (this.options.clearPendingRemoveTokens) {\n this.clearPendingRemoveTokens();\n }\n this.setExpireEventTimeoutAll();\n this.state.started = true;\n }\n \n stop() {\n this.clearExpireEventTimeoutAll();\n this.state.started = false;\n }\n\n isStarted() {\n return !!this.state.started;\n }\n\n getOptions(): TokenManagerOptions {\n return clone(this.options);\n }\n \n getExpireTime(token) {\n const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n var expireTime = token.expiresAt - expireEarlySeconds;\n return expireTime;\n }\n \n hasExpired(token) {\n var expireTime = this.getExpireTime(token);\n return expireTime <= this.clock.now();\n }\n \n emitExpired(key, token) {\n this.emitter.emit(EVENT_EXPIRED, key, token);\n }\n \n emitRenewed(key, freshToken, oldToken) {\n this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n }\n \n emitAdded(key, token) {\n this.emitter.emit(EVENT_ADDED, key, token);\n }\n \n emitRemoved(key, token?) {\n this.emitter.emit(EVENT_REMOVED, key, token);\n }\n \n emitError(error) {\n this.emitter.emit(EVENT_ERROR, error);\n }\n \n clearExpireEventTimeout(key) {\n clearTimeout(this.state.expireTimeouts[key] as any);\n delete this.state.expireTimeouts[key];\n \n // Remove the renew promise (if it exists)\n this.state.renewPromise = null;\n }\n \n clearExpireEventTimeoutAll() {\n var expireTimeouts = this.state.expireTimeouts;\n for (var key in expireTimeouts) {\n if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n continue;\n }\n this.clearExpireEventTimeout(key);\n }\n }\n \n setExpireEventTimeout(key, token) {\n if (isRefreshToken(token)) {\n return;\n }\n\n var expireTime = this.getExpireTime(token);\n var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n \n // Clear any existing timeout\n this.clearExpireEventTimeout(key);\n \n var expireEventTimeout = setTimeout(() => {\n this.emitExpired(key, token);\n }, expireEventWait);\n \n // Add a new timeout\n this.state.expireTimeouts[key] = expireEventTimeout;\n }\n \n setExpireEventTimeoutAll() {\n var tokenStorage = this.storage.getStorage();\n for(var key in tokenStorage) {\n if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n continue;\n }\n var token = tokenStorage[key];\n this.setExpireEventTimeout(key, token);\n }\n }\n \n // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n resetExpireEventTimeoutAll() {\n this.clearExpireEventTimeoutAll();\n this.setExpireEventTimeoutAll();\n }\n \n add(key, token: Token) {\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n }\n \n getSync(key): Token | undefined {\n var tokenStorage = this.storage.getStorage();\n return tokenStorage[key];\n }\n \n async get(key): Promise<Token | undefined> {\n return this.getSync(key);\n }\n \n getTokensSync(): Tokens {\n const tokens = {} as Tokens;\n const tokenStorage = this.storage.getStorage();\n Object.keys(tokenStorage).forEach(key => {\n const token = tokenStorage[key];\n if (isAccessToken(token)) {\n tokens.accessToken = token;\n } else if (isIDToken(token)) {\n tokens.idToken = token;\n } else if (isRefreshToken(token)) { \n tokens.refreshToken = token;\n }\n });\n return tokens;\n }\n \n async getTokens(): Promise<Tokens> {\n return this.getTokensSync();\n }\n\n getStorageKeyByType(type: TokenType): string {\n const tokenStorage = this.storage.getStorage();\n const key = Object.keys(tokenStorage).filter(key => {\n const token = tokenStorage[key];\n return (isAccessToken(token) && type === 'accessToken') \n || (isIDToken(token) && type === 'idToken')\n || (isRefreshToken(token) && type === 'refreshToken');\n })[0];\n return key;\n }\n\n private getTokenType(token: Token): TokenType {\n if (isAccessToken(token)) {\n return 'accessToken';\n }\n if (isIDToken(token)) {\n return 'idToken';\n }\n if(isRefreshToken(token)) {\n return 'refreshToken';\n }\n throw new AuthSdkError('Unknown token type');\n }\n\n // for synchronization of LocalStorage cross tabs for IE11\n private emitSetStorageEvent() {\n if (isIE11OrLess()) {\n const storage = this.storage.getStorage();\n this.emitter.emit(EVENT_SET_STORAGE, storage);\n }\n }\n\n // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n public getStorage() {\n return this.storage;\n }\n\n setTokens(\n tokens: Tokens,\n // TODO: callbacks can be removed in the next major version OKTA-407224\n accessTokenCb?: AccessTokenCallback, \n idTokenCb?: IDTokenCallback,\n refreshTokenCb?: RefreshTokenCallback\n ): void {\n const handleTokenCallback = (key, token) => {\n const type = this.getTokenType(token);\n if (type === 'accessToken') {\n accessTokenCb && accessTokenCb(key, token);\n } else if (type === 'idToken') {\n idTokenCb && idTokenCb(key, token);\n } else if (type === 'refreshToken') {\n refreshTokenCb && refreshTokenCb(key, token);\n }\n };\n const handleAdded = (key, token) => {\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRenewed = (key, token, oldToken) => {\n this.emitRenewed(key, token, oldToken);\n this.clearExpireEventTimeout(key);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRemoved = (key, token) => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, token);\n handleTokenCallback(key, token);\n };\n \n const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n const existingTokens = this.getTokensSync();\n\n // valid tokens\n types.forEach((type) => {\n const token = tokens[type];\n if (token) {\n validateToken(token, type);\n }\n });\n \n // add token to storage\n const storage = types.reduce((storage, type) => {\n const token = tokens[type];\n if (token) {\n const storageKey = this.getStorageKeyByType(type) || type;\n storage[storageKey] = token;\n }\n return storage;\n }, {});\n this.storage.setStorage(storage);\n this.emitSetStorageEvent();\n\n // emit event and start expiration timer\n types.forEach(type => {\n const newToken = tokens[type];\n const existingToken = existingTokens[type];\n const storageKey = this.getStorageKeyByType(type) || type;\n if (newToken && existingToken) { // renew\n // call handleRemoved first, since it clears timers\n handleRemoved(storageKey, existingToken);\n handleAdded(storageKey, newToken);\n handleRenewed(storageKey, newToken, existingToken);\n } else if (newToken) { // add\n handleAdded(storageKey, newToken);\n } else if (existingToken) { //remove\n handleRemoved(storageKey, existingToken);\n }\n });\n }\n \n remove(key) {\n // Clear any listener for this token\n this.clearExpireEventTimeout(key);\n \n var tokenStorage = this.storage.getStorage();\n var removedToken = tokenStorage[key];\n delete tokenStorage[key];\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n \n this.emitRemoved(key, removedToken);\n }\n \n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n async renewToken(token) {\n return this.sdk.token?.renew(token);\n }\n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n validateToken(token: Token) {\n return validateToken(token);\n }\n\n // TODO: renew method should take no param, change in the next major version OKTA-407224\n renew(key): Promise<Token | undefined> {\n // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n if (this.state.renewPromise) {\n return this.state.renewPromise;\n }\n \n try {\n var token = this.getSync(key);\n if (!token) {\n throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n }\n } catch (e) {\n return Promise.reject(e);\n }\n \n // Remove existing autoRenew timeout\n this.clearExpireEventTimeout(key);\n \n // A refresh token means a replace instead of renewal\n // Store the renew promise state, to avoid renewing again\n const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n .then(tokens => {\n this.setTokens(tokens);\n\n // resolve token based on the key\n const tokenType = this.getTokenType(token!);\n return tokens[tokenType];\n })\n .catch(err => {\n // If renew fails, remove token from storage and emit error\n this.remove(key);\n err.tokenKey = key;\n this.emitError(err);\n throw err;\n })\n .finally(() => {\n // Remove existing promise key\n this.state.renewPromise = null;\n });\n \n return renewPromise;\n }\n \n clear() {\n const tokens = this.getTokensSync();\n this.clearExpireEventTimeoutAll();\n this.storage.clearStorage();\n this.emitSetStorageEvent();\n\n Object.keys(tokens).forEach(key => {\n this.emitRemoved(key, tokens[key]);\n });\n }\n\n clearPendingRemoveTokens() {\n const tokenStorage = this.storage.getStorage();\n const removedTokens = {};\n Object.keys(tokenStorage).forEach(key => {\n if (tokenStorage[key].pendingRemove) {\n removedTokens[key] = tokenStorage[key];\n delete tokenStorage[key];\n }\n });\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n Object.keys(removedTokens).forEach(key => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, removedTokens[key]);\n });\n }\n\n updateRefreshToken(token: RefreshToken) {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n // do not emit any event\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n }\n\n removeRefreshToken () {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n this.remove(key);\n }\n\n addPendingRemoveFlags() {\n const tokens = this.getTokensSync();\n Object.keys(tokens).forEach(key => {\n tokens[key].pendingRemove = true;\n });\n this.setTokens(tokens);\n }\n \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAqB;IAC9B,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAA8B;IACzC,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,CAAC,EAAE;MACV,OAAOC,OAAO,CAACC,MAAM,CAACF,CAAC,CAAC;IAC1B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAE;MAC3C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACC,GAAG,IAAI;MACZ;MACA,IAAI,CAACX,MAAM,CAAChE,GAAG,CAAC;MAChB2E,GAAG,CAACC,QAAQ,GAAG5E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACgE,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDE,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC7F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAwH,KAAK,GAAG;IACN,MAAM1C,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAACgI,YAAY,EAAE;IAC3B,IAAI,CAAC/C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMqD,aAAa,GAAG,CAAC,CAAC;IACxB9G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACiF,aAAa,EAAE;QACnCD,aAAa,CAAChF,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC2C,aAAa,CAAC,CAAC1C,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEgF,aAAa,CAAChF,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAkF,kBAAkB,CAACxF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;;IAEjF;IACA,IAAIzD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAoD,kBAAkB,GAAI;IACpB,MAAMpF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;IACjF,IAAI,CAACnB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAqF,qBAAqB,GAAG;IACtB,MAAMjD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACiF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC9B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}
package/cjs/oidc/factory/api.js CHANGED
@@ -14,6 +14,7 @@ var _renewToken = require("../renewToken");
14
14
  var _renewTokens = require("../renewTokens");
15
15
  var _renewTokensWithRefresh = require("../renewTokensWithRefresh");
16
16
  var _revokeToken = require("../revokeToken");
17
+ var _introspect = require("../introspect");
17
18
  var _util2 = require("../util");
18
19
  var _verifyToken = require("../verifyToken");
19
20
  var _enrollAuthenticator = require("../enrollAuthenticator");
@@ -69,7 +70,8 @@ function createTokenAPI(sdk, queue) {
69
70
  return (0, _getUserInfo.getUserInfo)(sdk, accessTokenObject, idTokenObject);
70
71
  },
71
72
  verify: _verifyToken.verifyToken.bind(null, sdk),
72
- isLoginRedirect: _util2.isLoginRedirect.bind(null, sdk)
73
+ isLoginRedirect: _util2.isLoginRedirect.bind(null, sdk),
74
+ introspect: _introspect.oidcIntrospect.bind(null, sdk)
73
75
  };
74
76
 
75
77
  // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency
package/cjs/oidc/factory/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","Object","assign","_getHistory","window","history","_getLocation","location","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","toWrap","forEach","key","createEndpoints","authorize","enrollAuthenticator"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk)\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n"],"mappings":";;;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AACA;AAtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA6BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;;EAE9F;EACA,MAAMU,cAAc,GAAGR,QAAQ,CAACS,0BAAY,CAACJ,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMY,eAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,cAAc,EAAE;IAC3E;IACAK,WAAW,EAAE,YAAW;MACtB,OAAOC,MAAM,CAACC,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOF,MAAM,CAACG,QAAQ;IACxB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOJ,MAAM,CAACK,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAAChB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtDwB,qBAAqB,EAAEA,4CAAqB,CAACjB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5DyB,gBAAgB,EAAEA,kCAAgB,CAAClB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD0B,YAAY,EAAEA,0BAAY,CAACnB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC1CS,eAAe,EAAED,iBAAiB;IAClCG,YAAY,EAAEC,eAAe;IAC7Be,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,CAACvB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnC+B,KAAK,EAAEC,sBAAU,CAACzB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACjCiC,sBAAsB,EAAEA,8CAAsB,CAAC1B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC9DkC,WAAW,EAAEA,wBAAW,CAAC3B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACxCmC,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,EAACnC,GAAG,EAAEoC,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,CAAChC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCwC,eAAe,EAAEA,sBAAe,CAACjC,IAAI,CAAC,IAAI,EAAEP,GAAG;EACjD,CAAC;;EAED;EACA;EACA,MAAMyC,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;IACpBrB,KAAK,CAACqB,GAAG,CAAC,GAAGzC,QAAQ,CAACoB,KAAK,CAACqB,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,OAAOrB,KAAK;AACd;AAEO,SAASsB,eAAe,CAAC5C,GAA2B,EAAa;EACtE,OAAO;IACL6C,SAAS,EAAE;MACTC,mBAAmB,EAAEA,wCAAmB,CAACvC,IAAI,CAAC,IAAI,EAAEP,GAAG;IACzD;EACF,CAAC;AACH"}
1
+ {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","Object","assign","_getHistory","window","history","_getLocation","location","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","introspect","oidcIntrospect","toWrap","forEach","key","createEndpoints","authorize","enrollAuthenticator"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk),\n introspect: oidcIntrospect.bind(null, sdk),\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n"],"mappings":";;;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AACA;AAvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA8BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;;EAE9F;EACA,MAAMU,cAAc,GAAGR,QAAQ,CAACS,0BAAY,CAACJ,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMY,eAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,cAAc,EAAE;IAC3E;IACAK,WAAW,EAAE,YAAW;MACtB,OAAOC,MAAM,CAACC,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOF,MAAM,CAACG,QAAQ;IACxB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOJ,MAAM,CAACK,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAAChB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtDwB,qBAAqB,EAAEA,4CAAqB,CAACjB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5DyB,gBAAgB,EAAEA,kCAAgB,CAAClB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD0B,YAAY,EAAEA,0BAAY,CAACnB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC1CS,eAAe,EAAED,iBAAiB;IAClCG,YAAY,EAAEC,eAAe;IAC7Be,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,CAACvB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnC+B,KAAK,EAAEC,sBAAU,CAACzB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACjCiC,sBAAsB,EAAEA,8CAAsB,CAAC1B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC9DkC,WAAW,EAAEA,wBAAW,CAAC3B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACxCmC,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,EAACnC,GAAG,EAAEoC,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,CAAChC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCwC,eAAe,EAAEA,sBAAe,CAACjC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAChDyC,UAAU,EAAEC,0BAAc,CAACnC,IAAI,CAAC,IAAI,EAAEP,GAAG;EAC3C,CAAC;;EAED;EACA;EACA,MAAM2C,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;IACpBvB,KAAK,CAACuB,GAAG,CAAC,GAAG3C,QAAQ,CAACoB,KAAK,CAACuB,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,OAAOvB,KAAK;AACd;AAEO,SAASwB,eAAe,CAAC9C,GAA2B,EAAa;EACtE,OAAO;IACL+C,SAAS,EAAE;MACTC,mBAAmB,EAAEA,wCAAmB,CAACzC,IAAI,CAAC,IAAI,EAAEP,GAAG;IACzD;EACF,CAAC;AACH"}
package/cjs/oidc/index.js CHANGED
@@ -14,7 +14,8 @@ var _exportNames = {
14
14
  getWithoutPrompt: true,
15
15
  getWithPopup: true,
16
16
  getWithRedirect: true,
17
- parseFromUrl: true
17
+ parseFromUrl: true,
18
+ oidcIntrospect: true
18
19
  };
19
20
  Object.defineProperty(exports, "decodeToken", {
20
21
  enumerable: true,
@@ -64,6 +65,12 @@ Object.defineProperty(exports, "handleOAuthResponse", {
64
65
  return _handleOAuthResponse.handleOAuthResponse;
65
66
  }
66
67
  });
68
+ Object.defineProperty(exports, "oidcIntrospect", {
69
+ enumerable: true,
70
+ get: function () {
71
+ return _introspect.oidcIntrospect;
72
+ }
73
+ });
67
74
  Object.defineProperty(exports, "parseFromUrl", {
68
75
  enumerable: true,
69
76
  get: function () {
@@ -222,4 +229,5 @@ var _getWithoutPrompt = require("./getWithoutPrompt");
222
229
  var _getWithPopup = require("./getWithPopup");
223
230
  var _getWithRedirect = require("./getWithRedirect");
224
231
  var _parseFromUrl = require("./parseFromUrl");
232
+ var _introspect = require("./introspect");
225
233
  //# sourceMappingURL=index.js.map
package/cjs/oidc/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../lib/oidc/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './endpoints';\nexport * from './options';\nexport * from './types';\nexport * from './TokenManager';\nexport * from './TransactionManager';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA"}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../lib/oidc/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './endpoints';\nexport * from './options';\nexport * from './types';\nexport * from './TokenManager';\nexport * from './TransactionManager';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\nexport { oidcIntrospect } from './introspect';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA"}
package/cjs/oidc/introspect.js ADDED
@@ -0,0 +1,70 @@
1
+ "use strict";
2
+
3
+ exports.oidcIntrospect = oidcIntrospect;
4
+ var _errors = require("../errors");
5
+ var _wellKnown = require("./endpoints/well-known");
6
+ var _http = require("../http");
7
+ var _util = require("../util");
8
+ var _crypto = require("../crypto");
9
+ var _types = require("./types");
10
+ /*!
11
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
12
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
13
+ *
14
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
15
+ * Unless required by applicable law or agreed to in writing, software
16
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
+ *
19
+ * See the License for the specific language governing permissions and limitations under the License.
20
+ *
21
+ */
22
+
23
+ const hintMap = {
24
+ accessToken: 'access_token',
25
+ idToken: 'id_token',
26
+ refreshToken: 'refresh_token'
27
+ };
28
+
29
+ /* eslint complexity: [2, 9] */
30
+ async function oidcIntrospect(sdk, kind, token) {
31
+ let issuer;
32
+ let clientId = sdk.options.clientId;
33
+ let clientSecret = sdk.options.clientSecret;
34
+ if (!token) {
35
+ token = sdk.tokenManager.getTokens()[kind];
36
+ }
37
+ if (!token) {
38
+ throw new _errors.AuthSdkError(`unable to find ${kind} in storage or fn params`);
39
+ }
40
+ if (kind !== _types.TokenKind.ACCESS) {
41
+ var _token;
42
+ issuer = (_token = token) === null || _token === void 0 ? void 0 : _token.issuer;
43
+ } else {
44
+ var _token2, _token2$claims;
45
+ issuer = (_token2 = token) === null || _token2 === void 0 ? void 0 : (_token2$claims = _token2.claims) === null || _token2$claims === void 0 ? void 0 : _token2$claims.iss;
46
+ }
47
+ issuer ?? (issuer = sdk.options.issuer);
48
+ if (!clientId) {
49
+ throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');
50
+ }
51
+ if (!issuer) {
52
+ throw new _errors.AuthSdkError('Unable to find issuer');
53
+ }
54
+ const {
55
+ introspection_endpoint: introspectUrl
56
+ } = await (0, _wellKnown.getWellKnown)(sdk, issuer);
57
+ const authHeader = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
58
+ const args = (0, _util.toQueryString)({
59
+ // eslint-disable-next-line camelcase
60
+ token_type_hint: hintMap[kind],
61
+ token: token[kind] // extract raw token string from token object
62
+ }).slice(1);
63
+ return (0, _http.post)(sdk, introspectUrl, args, {
64
+ headers: {
65
+ 'Content-Type': 'application/x-www-form-urlencoded',
66
+ 'Authorization': 'Basic ' + authHeader
67
+ }
68
+ });
69
+ }
70
+ //# sourceMappingURL=introspect.js.map
package/cjs/oidc/introspect.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"introspect.js","names":["hintMap","accessToken","idToken","refreshToken","oidcIntrospect","sdk","kind","token","issuer","clientId","options","clientSecret","tokenManager","getTokens","AuthSdkError","TokenKind","ACCESS","claims","iss","introspection_endpoint","introspectUrl","getWellKnown","authHeader","btoa","args","toQueryString","token_type_hint","slice","post","headers"],"sources":["../../../lib/oidc/introspect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n accessToken: 'access_token',\n idToken: 'id_token',\n refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n let issuer: string;\n let clientId: string = sdk.options.clientId;\n let clientSecret: string | undefined = sdk.options.clientSecret;\n\n if (!token) {\n token = sdk.tokenManager.getTokens()[kind];\n }\n\n if (!token) {\n throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n }\n\n if (kind !== TokenKind.ACCESS) {\n issuer = (token as any)?.issuer;\n }\n else {\n issuer = (token as any)?.claims?.iss;\n }\n issuer ??= sdk.options.issuer;\n\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n }\n if (!issuer) {\n throw new AuthSdkError('Unable to find issuer');\n }\n\n const { introspection_endpoint: introspectUrl } = await getWellKnown(sdk, issuer);\n const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n const args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: hintMap[kind],\n token: token[kind] // extract raw token string from token object\n }).slice(1);\n return post(sdk, introspectUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + authHeader\n }\n });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA,MAAMA,OAAO,GAAG;EACdC,WAAW,EAAE,cAAc;EAC3BC,OAAO,EAAE,UAAU;EACnBC,YAAY,EAAE;AAChB,CAAC;;AAED;AACO,eAAeC,cAAc,CAAEC,GAAG,EAAEC,IAAe,EAAEC,KAAa,EAAE;EACzE,IAAIC,MAAc;EAClB,IAAIC,QAAgB,GAAGJ,GAAG,CAACK,OAAO,CAACD,QAAQ;EAC3C,IAAIE,YAAgC,GAAGN,GAAG,CAACK,OAAO,CAACC,YAAY;EAE/D,IAAI,CAACJ,KAAK,EAAE;IACVA,KAAK,GAAGF,GAAG,CAACO,YAAY,CAACC,SAAS,EAAE,CAACP,IAAI,CAAC;EAC5C;EAEA,IAAI,CAACC,KAAK,EAAE;IACV,MAAM,IAAIO,oBAAY,CAAE,kBAAiBR,IAAK,0BAAyB,CAAC;EAC1E;EAEA,IAAIA,IAAI,KAAKS,gBAAS,CAACC,MAAM,EAAE;IAAA;IAC7BR,MAAM,aAAID,KAAK,2CAAN,OAAgBC,MAAM;EACjC,CAAC,MACI;IAAA;IACHA,MAAM,cAAID,KAAK,8DAAN,QAAgBU,MAAM,mDAAtB,eAAwBC,GAAG;EACtC;EACAV,MAAM,KAANA,MAAM,GAAKH,GAAG,CAACK,OAAO,CAACF,MAAM;EAE7B,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIK,oBAAY,CAAC,gFAAgF,CAAC;EAC1G;EACA,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIM,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,MAAM;IAAEK,sBAAsB,EAAEC;EAAc,CAAC,GAAI,MAAM,IAAAC,uBAAY,EAAChB,GAAG,EAAEG,MAAM,CAAC;EAClF,MAAMc,UAAU,GAAGX,YAAY,GAAG,IAAAY,YAAI,EAAE,GAAEd,QAAS,IAAGE,YAAa,EAAC,CAAC,GAAG,IAAAY,YAAI,EAACd,QAAQ,CAAC;EACtF,MAAMe,IAAI,GAAG,IAAAC,mBAAa,EAAC;IACzB;IACAC,eAAe,EAAE1B,OAAO,CAACM,IAAI,CAAC;IAC9BC,KAAK,EAAEA,KAAK,CAACD,IAAI,CAAC,CAAI;EACxB,CAAC,CAAC,CAACqB,KAAK,CAAC,CAAC,CAAC;EACX,OAAO,IAAAC,UAAI,EAACvB,GAAG,EAAEe,aAAa,EAAEI,IAAI,EAAE;IACpCK,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnD,eAAe,EAAE,QAAQ,GAAGP;IAC9B;EACF,CAAC,CAAC;AACJ"}
package/cjs/oidc/mixin/index.js CHANGED
@@ -218,7 +218,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
218
218
  if (!idToken) {
219
219
  return '';
220
220
  }
221
- if (!postLogoutRedirectUri) {
221
+ if (postLogoutRedirectUri === undefined) {
222
222
  postLogoutRedirectUri = this.options.postLogoutRedirectUri;
223
223
  }
224
224
  const logoutUrl = (0, _util2.getOAuthUrls)(this).logoutUrl;
@@ -237,16 +237,22 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
237
237
  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.
238
238
  // eslint-disable-next-line complexity, max-statements
239
239
  async signOut(options) {
240
+ var _options;
240
241
  options = Object.assign({}, options);
241
242
 
242
243
  // postLogoutRedirectUri must be whitelisted in Okta Admin UI
243
- var defaultUri = window.location.origin;
244
- var currentUri = window.location.href;
245
- var postLogoutRedirectUri = options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
246
- var accessToken = options.accessToken;
247
- var refreshToken = options.refreshToken;
248
- var revokeAccessToken = options.revokeAccessToken !== false;
249
- var revokeRefreshToken = options.revokeRefreshToken !== false;
244
+ const defaultUri = window.location.origin;
245
+ const currentUri = window.location.href;
246
+ // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior
247
+ // "If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the
248
+ // Okta sign-in page or the post_logout_redirect_uri (if specified)."
249
+ // - https://developer.okta.com/docs/reference/api/oidc/#logout
250
+ const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null : options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
251
+ const state = (_options = options) === null || _options === void 0 ? void 0 : _options.state;
252
+ let accessToken = options.accessToken;
253
+ let refreshToken = options.refreshToken;
254
+ const revokeAccessToken = options.revokeAccessToken !== false;
255
+ const revokeRefreshToken = options.revokeRefreshToken !== false;
250
256
  if (revokeRefreshToken && typeof refreshToken === 'undefined') {
251
257
  refreshToken = this.tokenManager.getTokensSync().refreshToken;
252
258
  }
@@ -270,15 +276,18 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
270
276
  // Fallback to XHR signOut, then simulate a redirect to the post logout uri
271
277
  if (!logoutUri) {
272
278
  // local tokens are cleared once session is closed
273
- return this.closeSession() // can throw if the user cannot be signed out
274
- .then(function (sessionClosed) {
275
- if (postLogoutRedirectUri === currentUri) {
276
- window.location.reload(); // force a hard reload if URI is not changing
277
- } else {
278
- window.location.assign(postLogoutRedirectUri);
279
- }
280
- return sessionClosed;
281
- });
279
+ const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out
280
+ const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null
281
+ if (state) {
282
+ redirectUri.searchParams.append('state', state);
283
+ }
284
+ if (postLogoutRedirectUri === currentUri) {
285
+ // window.location.reload(); // force a hard reload if URI is not changing
286
+ window.location.href = redirectUri.href;
287
+ } else {
288
+ window.location.assign(redirectUri.href);
289
+ }
290
+ return sessionClosed;
282
291
  } else {
283
292
  if (options.clearTokensBeforeRedirect) {
284
293
  // Clear all local tokens