@okta/okta-auth-js 7.3.1 → 7.4.1

package/CHANGELOG.md

@@ -1,5 +1,34 @@
 # Changelog
 
+## 7.4.1
+
+### Bug Fix
+
+- [#1446](https://github.com/okta/okta-auth-js/pull/1446) Fix: prevents incorrectly removing idx message duplicates
+
+## 7.4.0
+
+### Features
+
+- [#1440](https://github.com/okta/okta-auth-js/pull/1440) Fixes type of `tokenManager.getSync`
+
+- [#1439](https://github.com/okta/okta-auth-js/pull/1439) `.signOut` improvements
+  * Passing `postLogoutRedirectUri: null` to `.signOut` now omits the param from `/logout` call and will observe the behavior of `/logout`
+  * `state` is now returned as a query param to the `postLogoutRedirectUri` when `.signOut` falls back to `.closeSession`
+
+- [#1412](https://github.com/okta/okta-auth-js/pull/1412)
+  * Adds oauth2 introspect method, exposed as `authClient.token.introspect`
+  * Adds optional `tokens` param to `renewTokens`
+
+### Fixes
+
+- [#1421](https://github.com/okta/okta-auth-js/pull/1421) Throw error if there is incorrect `relatesTo` in IDX response
+
+### Other
+
+- [#1409](https://github.com/okta/okta-auth-js/pull/1409) Adds password page to React myaccount sample app
+- [#1422](https://github.com/okta/okta-auth-js/pull/1422) IDX: add `customLabel` to `Input` type
+
 ## 7.3.1
 
 ### Fixes
@@ -41,7 +70,7 @@
 
 - [#1343](https://github.com/okta/okta-auth-js/pull/1343) Supports Step Up MFA against `/authorize` and `/interact` endpoints
 
-# Other
+### Other
 
 - [#1342](https://github.com/okta/okta-auth-js/pull/1342) - fixes possible RCE in jsonpath-plus
 

package/README.md

@@ -44,7 +44,7 @@ This library uses semantic versioning and follows Okta's [library version policy
 | -------   | -------------------------------- |
 | `7.x`     | :heavy_check_mark: Stable        |
 | `6.x`     | :warning: Retiring on 2023-09-30 |
-| `5.x`     | :warning: Retiring on 2022-10-31 |
+| `5.x`     | :x: Retired                      |
 | `4.x`     | :x: Retired                      |
 | `3.x`     | :x: Retired                      |
 | `2.x`     | :x: Retired                      |
@@ -96,7 +96,7 @@ require('@okta/okta-auth-js/polyfill');
 The built polyfill bundle is also available on our global CDN. Include the following script in your HTML file to load before any other scripts:
 
 ```html
-<script src="https://global.oktacdn.com/okta-auth-js/7.0.0/okta-auth-js.polyfill.js" type="text/javascript"></script>
+<script src="https://global.oktacdn.com/okta-auth-js/7.4.1/okta-auth-js.polyfill.js" type="text/javascript"></script>
 ```
 
 > :warning: The version shown in this sample may be older than the current version. We recommend using the highest version available
@@ -171,7 +171,7 @@ If you are using the JS on a web page from the browser, you can copy the `node_m
 The built library bundle is also available on our global CDN. Include the following script in your HTML file to load before your application script:
 
 ```html
-<script src="https://global.oktacdn.com/okta-auth-js/7.0.0/okta-auth-js.min.js" type="text/javascript"></script>
+<script src="https://global.oktacdn.com/okta-auth-js/7.4.1/okta-auth-js.min.js" type="text/javascript"></script>
 ```
 
 > :warning: The version shown in this sample may be older than the current version. We recommend using the highest version available
@@ -812,7 +812,7 @@ const config = {
 };
 
 const authClient = new OktaAuth(config);
-const tokens = await authClient.token.getWithoutPrompt();
+const { tokens } = await authClient.token.getWithoutPrompt();
 authClient.tokenManager.setTokens(tokens); // storageProvider.setItem
 
 ```
@@ -996,7 +996,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 
 `signOut` takes the following options:
 
-* `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK.
+* `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK. This will default to `window.location.origin` if no value is provided. To prevent this explicitly pass `null` to leverage the default behavior of `/logout`. If `signOut` falls back to `closeSession` `window.location.origin` will still be used as the default value, even if `null` is passed.
 * `state` - An optional value, used along with `postLogoutRedirectUri`. If set, this value will be returned as a query parameter during the redirect to the `postLogoutRedirectUri`
 * `idToken` - Specifies the ID token object. By default, `signOut` will look for a token object named `idToken` within the `TokenManager`. If you have stored the id token object in a different location, you should retrieve it first and then pass it here.
 * `clearTokensBeforeRedirect` - If `true` (default: `false`) local tokens will be removed before the logout redirect happens. Otherwise a flag (`pendingRemove`) will be added to each local token instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. **Use this option with care**: removing local tokens before fully terminating the Okta SSO session can result in logging back in again when using [`@okta/okta-react`](https://www.npmjs.com/package/@okta/okta-react)'s [`SecureRoute`](https://github.com/okta/okta-react#secureroute) component.

package/cjs/http/OktaUserAgent.js

@@ -20,7 +20,7 @@ var _features = require("../features");
 class OktaUserAgent {
   constructor() {
     // add base sdk env
-    this.environments = [`okta-auth-js/${"7.3.1"}`];
+    this.environments = [`okta-auth-js/${"7.4.1"}`];
   }
   addEnvironment(env) {
     this.environments.push(env);
@@ -32,7 +32,7 @@ class OktaUserAgent {
     };
   }
   getVersion() {
-    return "7.3.1";
+    return "7.4.1";
   }
   maybeAddNodeEnvironment() {
     if ((0, _features.isBrowser)() || !process || !process.versions) {

package/cjs/idx/authenticator/util.js

@@ -40,7 +40,7 @@ function findMatchedOption(authenticators, options) {
   for (let authenticator of authenticators) {
     option = options.find(({
       relatesTo
-    }) => relatesTo.key === authenticator.key);
+    }) => relatesTo.key && relatesTo.key === authenticator.key);
     if (option) {
       break;
     }

package/cjs/idx/authenticator/util.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.js","names":["formatAuthenticator","incoming","authenticator","isAuthenticator","key","Error","compareAuthenticators","auth1","auth2","id","findMatchedOption","authenticators","options","option","find","relatesTo"],"sources":["../../../../lib/idx/authenticator/util.ts"],"sourcesContent":["import { Authenticator, isAuthenticator } from '../types';\n\nexport function formatAuthenticator(incoming: unknown): Authenticator {\n  let authenticator: Authenticator;\n  if  (isAuthenticator(incoming)) {\n    authenticator = incoming;\n  } else if (typeof incoming === 'string') {\n    authenticator = {\n      key: incoming\n    };\n  } else {\n    throw new Error('Invalid format for authenticator');\n  }\n  return authenticator;\n}\n\n// Returns true if the authenticators are equivalent\nexport function compareAuthenticators(auth1, auth2) {\n  if (!auth1 || !auth2) {\n    return false;\n  }\n  // by id\n  if (auth1.id && auth2.id) {\n    return (auth1.id === auth2.id);\n  }\n  // by key\n  if (auth1.key && auth2.key) {\n    return (auth1.key === auth2.key);\n  }\n  return false;\n}\n\n// Find matched authenticator in provided order\nexport function findMatchedOption(authenticators, options) {\n  let option;\n  for (let authenticator of authenticators) {\n    option = options\n      .find(({ relatesTo }) => relatesTo.key === authenticator.key);\n    if (option) {\n      break;\n    }\n  }\n  return option;\n}"],"mappings":";;;;;AAAA;AAEO,SAASA,mBAAmB,CAACC,QAAiB,EAAiB;EACpE,IAAIC,aAA4B;EAChC,IAAK,IAAAC,sBAAe,EAACF,QAAQ,CAAC,EAAE;IAC9BC,aAAa,GAAGD,QAAQ;EAC1B,CAAC,MAAM,IAAI,OAAOA,QAAQ,KAAK,QAAQ,EAAE;IACvCC,aAAa,GAAG;MACdE,GAAG,EAAEH;IACP,CAAC;EACH,CAAC,MAAM;IACL,MAAM,IAAII,KAAK,CAAC,kCAAkC,CAAC;EACrD;EACA,OAAOH,aAAa;AACtB;;AAEA;AACO,SAASI,qBAAqB,CAACC,KAAK,EAAEC,KAAK,EAAE;EAClD,IAAI,CAACD,KAAK,IAAI,CAACC,KAAK,EAAE;IACpB,OAAO,KAAK;EACd;EACA;EACA,IAAID,KAAK,CAACE,EAAE,IAAID,KAAK,CAACC,EAAE,EAAE;IACxB,OAAQF,KAAK,CAACE,EAAE,KAAKD,KAAK,CAACC,EAAE;EAC/B;EACA;EACA,IAAIF,KAAK,CAACH,GAAG,IAAII,KAAK,CAACJ,GAAG,EAAE;IAC1B,OAAQG,KAAK,CAACH,GAAG,KAAKI,KAAK,CAACJ,GAAG;EACjC;EACA,OAAO,KAAK;AACd;;AAEA;AACO,SAASM,iBAAiB,CAACC,cAAc,EAAEC,OAAO,EAAE;EACzD,IAAIC,MAAM;EACV,KAAK,IAAIX,aAAa,IAAIS,cAAc,EAAE;IACxCE,MAAM,GAAGD,OAAO,CACbE,IAAI,CAAC,CAAC;MAAEC;IAAU,CAAC,KAAKA,SAAS,CAACX,GAAG,KAAKF,aAAa,CAACE,GAAG,CAAC;IAC/D,IAAIS,MAAM,EAAE;MACV;IACF;EACF;EACA,OAAOA,MAAM;AACf"}
+{"version":3,"file":"util.js","names":["formatAuthenticator","incoming","authenticator","isAuthenticator","key","Error","compareAuthenticators","auth1","auth2","id","findMatchedOption","authenticators","options","option","find","relatesTo"],"sources":["../../../../lib/idx/authenticator/util.ts"],"sourcesContent":["import { Authenticator, isAuthenticator } from '../types';\n\nexport function formatAuthenticator(incoming: unknown): Authenticator {\n  let authenticator: Authenticator;\n  if  (isAuthenticator(incoming)) {\n    authenticator = incoming;\n  } else if (typeof incoming === 'string') {\n    authenticator = {\n      key: incoming\n    };\n  } else {\n    throw new Error('Invalid format for authenticator');\n  }\n  return authenticator;\n}\n\n// Returns true if the authenticators are equivalent\nexport function compareAuthenticators(auth1, auth2) {\n  if (!auth1 || !auth2) {\n    return false;\n  }\n  // by id\n  if (auth1.id && auth2.id) {\n    return (auth1.id === auth2.id);\n  }\n  // by key\n  if (auth1.key && auth2.key) {\n    return (auth1.key === auth2.key);\n  }\n  return false;\n}\n\n// Find matched authenticator in provided order\nexport function findMatchedOption(authenticators, options) {\n  let option;\n  for (let authenticator of authenticators) {\n    option = options\n      .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n    if (option) {\n      break;\n    }\n  }\n  return option;\n}"],"mappings":";;;;;AAAA;AAEO,SAASA,mBAAmB,CAACC,QAAiB,EAAiB;EACpE,IAAIC,aAA4B;EAChC,IAAK,IAAAC,sBAAe,EAACF,QAAQ,CAAC,EAAE;IAC9BC,aAAa,GAAGD,QAAQ;EAC1B,CAAC,MAAM,IAAI,OAAOA,QAAQ,KAAK,QAAQ,EAAE;IACvCC,aAAa,GAAG;MACdE,GAAG,EAAEH;IACP,CAAC;EACH,CAAC,MAAM;IACL,MAAM,IAAII,KAAK,CAAC,kCAAkC,CAAC;EACrD;EACA,OAAOH,aAAa;AACtB;;AAEA;AACO,SAASI,qBAAqB,CAACC,KAAK,EAAEC,KAAK,EAAE;EAClD,IAAI,CAACD,KAAK,IAAI,CAACC,KAAK,EAAE;IACpB,OAAO,KAAK;EACd;EACA;EACA,IAAID,KAAK,CAACE,EAAE,IAAID,KAAK,CAACC,EAAE,EAAE;IACxB,OAAQF,KAAK,CAACE,EAAE,KAAKD,KAAK,CAACC,EAAE;EAC/B;EACA;EACA,IAAIF,KAAK,CAACH,GAAG,IAAII,KAAK,CAACJ,GAAG,EAAE;IAC1B,OAAQG,KAAK,CAACH,GAAG,KAAKI,KAAK,CAACJ,GAAG;EACjC;EACA,OAAO,KAAK;AACd;;AAEA;AACO,SAASM,iBAAiB,CAACC,cAAc,EAAEC,OAAO,EAAE;EACzD,IAAIC,MAAM;EACV,KAAK,IAAIX,aAAa,IAAIS,cAAc,EAAE;IACxCE,MAAM,GAAGD,OAAO,CACbE,IAAI,CAAC,CAAC;MAAEC;IAAU,CAAC,KAAKA,SAAS,CAACX,GAAG,IAAIW,SAAS,CAACX,GAAG,KAAKF,aAAa,CAACE,GAAG,CAAC;IAChF,IAAIS,MAAM,EAAE;MACV;IACF;EACF;EACA,OAAOA,MAAM;AACf"}

package/cjs/idx/idxState/v1/idxResponseParser.js

@@ -5,6 +5,7 @@ exports.parseNonRemediations = exports.parseIdxResponse = void 0;
 var _remediationParser = require("./remediationParser");
 var _generateIdxAction = _interopRequireDefault(require("./generateIdxAction"));
 var _jsonpath = require("../../../util/jsonpath");
+var _errors = require("../../../errors");
 /*!
  * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -88,6 +89,8 @@ const expandRelatesTo = (idxResponse, value) => {
         if (result) {
           value[k] = result;
           return;
+        } else {
+          throw new _errors.AuthSdkError(`Cannot resolve relatesTo: ${query}`);
         }
       }
     }

package/cjs/idx/idxState/v1/idxResponseParser.js.map

@@ -1 +1 @@
-{"version":3,"file":"idxResponseParser.js","names":["SKIP_FIELDS","Object","fromEntries","map","field","parseNonRemediations","authClient","idxResponse","toPersist","actions","context","keys","filter","forEach","fieldIsObject","rel","name","generateIdxAction","value","fieldValue","type","info","entries","subField","expandRelatesTo","k","query","Array","isArray","result","jsonpath","path","json","innerValue","convertRemediationAction","remediation","remediationActions","generateRemediationFunctions","actionFn","action","parseIdxResponse","remediationData","remediations"],"sources":["../../../../../lib/idx/idxState/v1/idxResponseParser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { jsonpath } from '../../../util/jsonpath';\n\nconst SKIP_FIELDS = Object.fromEntries([\n  'remediation', // remediations are put into proceed/neededToProceed\n  'context', // the API response of 'context' isn't externally useful.  We ignore it and put all non-action (contextual) info into idxState.context\n].map( (field) => [ field, !!'skip this field' ] ));\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ) {\n  const actions = {};\n  const context = {};\n\n  Object.keys(idxResponse)\n    .filter( field => !SKIP_FIELDS[field])\n    .forEach( field => {\n      const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n      if ( !fieldIsObject ) {\n        // simple fields are contextual info\n        context[field] = idxResponse[field];\n        return;\n      }\n\n      if ( idxResponse[field].rel ) {\n        // top level actions\n        actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n        return;\n      }\n\n      const { value: fieldValue, type, ...info} = idxResponse[field];\n      context[field] = { type, ...info}; // add the non-action parts as context\n\n      if ( type !== 'object' ) {\n        // only object values hold actions\n        context[field].value = fieldValue;\n        return;\n      }\n\n      // We are an object field containing an object value\n      context[field].value = {};\n      Object.entries(fieldValue)\n        .forEach( ([subField, value]) => {\n          if (value.rel) { // is [field].value[subField] an action?\n            // add any \"action\" value subfields to actions\n            actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n          } else {\n            // add non-action value subfields to context\n            context[field].value[subField] = value;\n          }\n        });\n    });\n\n  return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n  Object.keys(value).forEach(k => {\n    if (k === 'relatesTo') {\n      const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n      if (typeof query === 'string') {\n        const result = jsonpath({ path: query, json: idxResponse })[0];\n        if (result) {\n          value[k] = result;\n          return;\n        }\n      }\n    }\n    if (Array.isArray(value[k])) {\n      value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n    }\n  });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n  // Only remediation that has `rel` field (indicator for form submission) can have http action\n  if (remediation.rel) {\n    const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n    const actionFn = remediationActions[remediation.name];\n    return {\n      ...remediation,\n      action: actionFn,\n    };\n  }\n\n  return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n  remediations: IdxRemediation[];\n  context: IdxContext;\n  actions: IdxActions;\n} {\n  const remediationData = idxResponse.remediation?.value || [];\n\n  remediationData.forEach(\n    remediation => expandRelatesTo(idxResponse, remediation)\n  );\n\n  const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n  const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n  return {\n    remediations,\n    context,\n    actions,\n  };\n};\n"],"mappings":";;;;AAgBA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACuD;;AAKvD,MAAMA,WAAW,GAAGC,MAAM,CAACC,WAAW,CAAC,CACrC,aAAa;AAAE;AACf,SAAS,CAAE;AAAA,CACZ,CAACC,GAAG,CAAGC,KAAK,IAAK,CAAEA,KAAK,EAAE,CAAC,CAAC,iBAAiB,CAAE,CAAE,CAAC;AAE5C,MAAMC,oBAAoB,GAAG,SAASA,oBAAoB,CAAEC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAAG;EACjI,MAAMC,OAAO,GAAG,CAAC,CAAC;EAClB,MAAMC,OAAO,GAAG,CAAC,CAAC;EAElBT,MAAM,CAACU,IAAI,CAACJ,WAAW,CAAC,CACrBK,MAAM,CAAER,KAAK,IAAI,CAACJ,WAAW,CAACI,KAAK,CAAC,CAAC,CACrCS,OAAO,CAAET,KAAK,IAAI;IACjB,MAAMU,aAAa,GAAG,OAAOP,WAAW,CAACH,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,CAACG,WAAW,CAACH,KAAK,CAAC;IAEpF,IAAK,CAACU,aAAa,EAAG;MACpB;MACAJ,OAAO,CAACN,KAAK,CAAC,GAAGG,WAAW,CAACH,KAAK,CAAC;MACnC;IACF;IAEA,IAAKG,WAAW,CAACH,KAAK,CAAC,CAACW,GAAG,EAAG;MAC5B;MACAN,OAAO,CAACF,WAAW,CAACH,KAAK,CAAC,CAACY,IAAI,CAAC,GAAG,IAAAC,0BAAiB,EAACX,UAAU,EAAEC,WAAW,CAACH,KAAK,CAAC,EAAEI,SAAS,CAAC;MAC/F;IACF;IAEA,MAAM;MAAEU,KAAK,EAAEC,UAAU;MAAEC,IAAI;MAAE,GAAGC;IAAI,CAAC,GAAGd,WAAW,CAACH,KAAK,CAAC;IAC9DM,OAAO,CAACN,KAAK,CAAC,GAAG;MAAEgB,IAAI;MAAE,GAAGC;IAAI,CAAC,CAAC,CAAC;;IAEnC,IAAKD,IAAI,KAAK,QAAQ,EAAG;MACvB;MACAV,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAGC,UAAU;MACjC;IACF;;IAEA;IACAT,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAG,CAAC,CAAC;IACzBjB,MAAM,CAACqB,OAAO,CAACH,UAAU,CAAC,CACvBN,OAAO,CAAE,CAAC,CAACU,QAAQ,EAAEL,KAAK,CAAC,KAAK;MAC/B,IAAIA,KAAK,CAACH,GAAG,EAAE;QAAE;QACf;QACAN,OAAO,CAAE,GAAEL,KAAM,IAAGmB,QAAQ,CAACP,IAAI,IAAIO,QAAS,EAAC,CAAC,GAAG,IAAAN,0BAAiB,EAACX,UAAU,EAAEY,KAAK,EAAEV,SAAS,CAAC;MACpG,CAAC,MAAM;QACL;QACAE,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,CAACK,QAAQ,CAAC,GAAGL,KAAK;MACxC;IACF,CAAC,CAAC;EACN,CAAC,CAAC;EAEJ,OAAO;IAAER,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;AAAC;AAEF,MAAMe,eAAe,GAAG,CAACjB,WAAW,EAAEW,KAAK,KAAK;EAC9CjB,MAAM,CAACU,IAAI,CAACO,KAAK,CAAC,CAACL,OAAO,CAACY,CAAC,IAAI;IAC9B,IAAIA,CAAC,KAAK,WAAW,EAAE;MACrB,MAAMC,KAAK,GAAGC,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC;MAC9D,IAAI,OAAOC,KAAK,KAAK,QAAQ,EAAE;QAC7B,MAAMG,MAAM,GAAG,IAAAC,kBAAQ,EAAC;UAAEC,IAAI,EAAEL,KAAK;UAAEM,IAAI,EAAEzB;QAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAIsB,MAAM,EAAE;UACVX,KAAK,CAACO,CAAC,CAAC,GAAGI,MAAM;UACjB;QACF;MACF;IACF;IACA,IAAIF,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,EAAE;MAC3BP,KAAK,CAACO,CAAC,CAAC,CAACZ,OAAO,CAACoB,UAAU,IAAIT,eAAe,CAACjB,WAAW,EAAE0B,UAAU,CAAC,CAAC;IAC1E;EACF,CAAC,CAAC;AACJ,CAAC;AAED,MAAMC,wBAAwB,GAAG,CAAC5B,UAAgC,EAAE6B,WAAW,EAAE3B,SAAS,KAAK;EAC7F;EACA,IAAI2B,WAAW,CAACpB,GAAG,EAAE;IACnB,MAAMqB,kBAAkB,GAAG,IAAAC,+CAA4B,EAAE/B,UAAU,EAAE,CAAC6B,WAAW,CAAC,EAAE3B,SAAS,CAAE;IAC/F,MAAM8B,QAAQ,GAAGF,kBAAkB,CAACD,WAAW,CAACnB,IAAI,CAAC;IACrD,OAAO;MACL,GAAGmB,WAAW;MACdI,MAAM,EAAED;IACV,CAAC;EACH;EAEA,OAAOH,WAAW;AACpB,CAAC;AAEM,MAAMK,gBAAgB,GAAG,SAASA,gBAAgB,CAAElC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAItH;EAAA;EACA,MAAMiC,eAAe,GAAG,0BAAAlC,WAAW,CAAC4B,WAAW,0DAAvB,sBAAyBjB,KAAK,KAAI,EAAE;EAE5DuB,eAAe,CAAC5B,OAAO,CACrBsB,WAAW,IAAIX,eAAe,CAACjB,WAAW,EAAE4B,WAAW,CAAC,CACzD;EAED,MAAMO,YAAY,GAAGD,eAAe,CAACtC,GAAG,CAACgC,WAAW,IAAID,wBAAwB,CAAE5B,UAAU,EAAE6B,WAAW,EAAE3B,SAAS,CAAE,CAAC;EAEvH,MAAM;IAAEE,OAAO;IAAED;EAAQ,CAAC,GAAGJ,oBAAoB,CAAEC,UAAU,EAAEC,WAAW,EAAEC,SAAS,CAAE;EAEvF,OAAO;IACLkC,YAAY;IACZhC,OAAO;IACPD;EACF,CAAC;AACH,CAAC;AAAC"}
+{"version":3,"file":"idxResponseParser.js","names":["SKIP_FIELDS","Object","fromEntries","map","field","parseNonRemediations","authClient","idxResponse","toPersist","actions","context","keys","filter","forEach","fieldIsObject","rel","name","generateIdxAction","value","fieldValue","type","info","entries","subField","expandRelatesTo","k","query","Array","isArray","result","jsonpath","path","json","AuthSdkError","innerValue","convertRemediationAction","remediation","remediationActions","generateRemediationFunctions","actionFn","action","parseIdxResponse","remediationData","remediations"],"sources":["../../../../../lib/idx/idxState/v1/idxResponseParser.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { jsonpath } from '../../../util/jsonpath';\nimport { AuthSdkError } from '../../../errors';\n\nconst SKIP_FIELDS = Object.fromEntries([\n  'remediation', // remediations are put into proceed/neededToProceed\n  'context', // the API response of 'context' isn't externally useful.  We ignore it and put all non-action (contextual) info into idxState.context\n].map( (field) => [ field, !!'skip this field' ] ));\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ) {\n  const actions = {};\n  const context = {};\n\n  Object.keys(idxResponse)\n    .filter( field => !SKIP_FIELDS[field])\n    .forEach( field => {\n      const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n      if ( !fieldIsObject ) {\n        // simple fields are contextual info\n        context[field] = idxResponse[field];\n        return;\n      }\n\n      if ( idxResponse[field].rel ) {\n        // top level actions\n        actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n        return;\n      }\n\n      const { value: fieldValue, type, ...info} = idxResponse[field];\n      context[field] = { type, ...info}; // add the non-action parts as context\n\n      if ( type !== 'object' ) {\n        // only object values hold actions\n        context[field].value = fieldValue;\n        return;\n      }\n\n      // We are an object field containing an object value\n      context[field].value = {};\n      Object.entries(fieldValue)\n        .forEach( ([subField, value]) => {\n          if (value.rel) { // is [field].value[subField] an action?\n            // add any \"action\" value subfields to actions\n            actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n          } else {\n            // add non-action value subfields to context\n            context[field].value[subField] = value;\n          }\n        });\n    });\n\n  return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n  Object.keys(value).forEach(k => {\n    if (k === 'relatesTo') {\n      const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n      if (typeof query === 'string') {\n        const result = jsonpath({ path: query, json: idxResponse })[0];\n        if (result) {\n          value[k] = result;\n          return;\n        } else {\n          throw new AuthSdkError(`Cannot resolve relatesTo: ${query}`);\n        }\n      }\n    }\n    if (Array.isArray(value[k])) {\n      value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n    }\n  });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n  // Only remediation that has `rel` field (indicator for form submission) can have http action\n  if (remediation.rel) {\n    const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n    const actionFn = remediationActions[remediation.name];\n    return {\n      ...remediation,\n      action: actionFn,\n    };\n  }\n\n  return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n  remediations: IdxRemediation[];\n  context: IdxContext;\n  actions: IdxActions;\n} {\n  const remediationData = idxResponse.remediation?.value || [];\n\n  remediationData.forEach(\n    remediation => expandRelatesTo(idxResponse, remediation)\n  );\n\n  const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n  const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n  return {\n    remediations,\n    context,\n    actions,\n  };\n};\n"],"mappings":";;;;AAgBA;AACA;AACA;AACA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACuD;;AAMvD,MAAMA,WAAW,GAAGC,MAAM,CAACC,WAAW,CAAC,CACrC,aAAa;AAAE;AACf,SAAS,CAAE;AAAA,CACZ,CAACC,GAAG,CAAGC,KAAK,IAAK,CAAEA,KAAK,EAAE,CAAC,CAAC,iBAAiB,CAAE,CAAE,CAAC;AAE5C,MAAMC,oBAAoB,GAAG,SAASA,oBAAoB,CAAEC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAAG;EACjI,MAAMC,OAAO,GAAG,CAAC,CAAC;EAClB,MAAMC,OAAO,GAAG,CAAC,CAAC;EAElBT,MAAM,CAACU,IAAI,CAACJ,WAAW,CAAC,CACrBK,MAAM,CAAER,KAAK,IAAI,CAACJ,WAAW,CAACI,KAAK,CAAC,CAAC,CACrCS,OAAO,CAAET,KAAK,IAAI;IACjB,MAAMU,aAAa,GAAG,OAAOP,WAAW,CAACH,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,CAACG,WAAW,CAACH,KAAK,CAAC;IAEpF,IAAK,CAACU,aAAa,EAAG;MACpB;MACAJ,OAAO,CAACN,KAAK,CAAC,GAAGG,WAAW,CAACH,KAAK,CAAC;MACnC;IACF;IAEA,IAAKG,WAAW,CAACH,KAAK,CAAC,CAACW,GAAG,EAAG;MAC5B;MACAN,OAAO,CAACF,WAAW,CAACH,KAAK,CAAC,CAACY,IAAI,CAAC,GAAG,IAAAC,0BAAiB,EAACX,UAAU,EAAEC,WAAW,CAACH,KAAK,CAAC,EAAEI,SAAS,CAAC;MAC/F;IACF;IAEA,MAAM;MAAEU,KAAK,EAAEC,UAAU;MAAEC,IAAI;MAAE,GAAGC;IAAI,CAAC,GAAGd,WAAW,CAACH,KAAK,CAAC;IAC9DM,OAAO,CAACN,KAAK,CAAC,GAAG;MAAEgB,IAAI;MAAE,GAAGC;IAAI,CAAC,CAAC,CAAC;;IAEnC,IAAKD,IAAI,KAAK,QAAQ,EAAG;MACvB;MACAV,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAGC,UAAU;MACjC;IACF;;IAEA;IACAT,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,GAAG,CAAC,CAAC;IACzBjB,MAAM,CAACqB,OAAO,CAACH,UAAU,CAAC,CACvBN,OAAO,CAAE,CAAC,CAACU,QAAQ,EAAEL,KAAK,CAAC,KAAK;MAC/B,IAAIA,KAAK,CAACH,GAAG,EAAE;QAAE;QACf;QACAN,OAAO,CAAE,GAAEL,KAAM,IAAGmB,QAAQ,CAACP,IAAI,IAAIO,QAAS,EAAC,CAAC,GAAG,IAAAN,0BAAiB,EAACX,UAAU,EAAEY,KAAK,EAAEV,SAAS,CAAC;MACpG,CAAC,MAAM;QACL;QACAE,OAAO,CAACN,KAAK,CAAC,CAACc,KAAK,CAACK,QAAQ,CAAC,GAAGL,KAAK;MACxC;IACF,CAAC,CAAC;EACN,CAAC,CAAC;EAEJ,OAAO;IAAER,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;AAAC;AAEF,MAAMe,eAAe,GAAG,CAACjB,WAAW,EAAEW,KAAK,KAAK;EAC9CjB,MAAM,CAACU,IAAI,CAACO,KAAK,CAAC,CAACL,OAAO,CAACY,CAAC,IAAI;IAC9B,IAAIA,CAAC,KAAK,WAAW,EAAE;MACrB,MAAMC,KAAK,GAAGC,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAGP,KAAK,CAACO,CAAC,CAAC;MAC9D,IAAI,OAAOC,KAAK,KAAK,QAAQ,EAAE;QAC7B,MAAMG,MAAM,GAAG,IAAAC,kBAAQ,EAAC;UAAEC,IAAI,EAAEL,KAAK;UAAEM,IAAI,EAAEzB;QAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAIsB,MAAM,EAAE;UACVX,KAAK,CAACO,CAAC,CAAC,GAAGI,MAAM;UACjB;QACF,CAAC,MAAM;UACL,MAAM,IAAII,oBAAY,CAAE,6BAA4BP,KAAM,EAAC,CAAC;QAC9D;MACF;IACF;IACA,IAAIC,KAAK,CAACC,OAAO,CAACV,KAAK,CAACO,CAAC,CAAC,CAAC,EAAE;MAC3BP,KAAK,CAACO,CAAC,CAAC,CAACZ,OAAO,CAACqB,UAAU,IAAIV,eAAe,CAACjB,WAAW,EAAE2B,UAAU,CAAC,CAAC;IAC1E;EACF,CAAC,CAAC;AACJ,CAAC;AAED,MAAMC,wBAAwB,GAAG,CAAC7B,UAAgC,EAAE8B,WAAW,EAAE5B,SAAS,KAAK;EAC7F;EACA,IAAI4B,WAAW,CAACrB,GAAG,EAAE;IACnB,MAAMsB,kBAAkB,GAAG,IAAAC,+CAA4B,EAAEhC,UAAU,EAAE,CAAC8B,WAAW,CAAC,EAAE5B,SAAS,CAAE;IAC/F,MAAM+B,QAAQ,GAAGF,kBAAkB,CAACD,WAAW,CAACpB,IAAI,CAAC;IACrD,OAAO;MACL,GAAGoB,WAAW;MACdI,MAAM,EAAED;IACV,CAAC;EACH;EAEA,OAAOH,WAAW;AACpB,CAAC;AAEM,MAAMK,gBAAgB,GAAG,SAASA,gBAAgB,CAAEnC,UAAgC,EAAEC,WAAW,EAAEC,SAAS,GAAG,CAAC,CAAC,EAItH;EAAA;EACA,MAAMkC,eAAe,GAAG,0BAAAnC,WAAW,CAAC6B,WAAW,0DAAvB,sBAAyBlB,KAAK,KAAI,EAAE;EAE5DwB,eAAe,CAAC7B,OAAO,CACrBuB,WAAW,IAAIZ,eAAe,CAACjB,WAAW,EAAE6B,WAAW,CAAC,CACzD;EAED,MAAMO,YAAY,GAAGD,eAAe,CAACvC,GAAG,CAACiC,WAAW,IAAID,wBAAwB,CAAE7B,UAAU,EAAE8B,WAAW,EAAE5B,SAAS,CAAE,CAAC;EAEvH,MAAM;IAAEE,OAAO;IAAED;EAAQ,CAAC,GAAGJ,oBAAoB,CAAEC,UAAU,EAAEC,WAAW,EAAEC,SAAS,CAAE;EAEvF,OAAO;IACLmC,YAAY;IACZjC,OAAO;IACPD;EACF,CAAC;AACH,CAAC;AAAC"}

package/cjs/idx/remediators/Base/SelectAuthenticator.js

@@ -26,7 +26,7 @@ class SelectAuthenticator extends _Remediator.Remediator {
     for (let authenticator of authenticators) {
       option = options.find(({
         relatesTo
-      }) => relatesTo.key === authenticator.key);
+      }) => relatesTo.key && relatesTo.key === authenticator.key);
       if (option) {
         break;
       }

package/cjs/idx/remediators/Base/SelectAuthenticator.js.map

@@ -1 +1 @@
-{"version":3,"file":"SelectAuthenticator.js","names":["SelectAuthenticator","Remediator","findMatchedOption","authenticators","options","option","authenticator","find","relatesTo","key","canRemediate","context","values","authenticatorFromRemediation","getAuthenticatorFromRemediation","remediation","length","isAuthenticator","id","matchedOption","isCurrentAuthenticator","currentAuthenticator","value","isCurrentAuthenticatorEnrollment","currentAuthenticatorEnrollment","mapAuthenticator","remediationValue","selectedAuthenticator","selectedOption","form","name","getInputAuthenticator","map","label","type","getValuesAfterProceed","filter","compareAuthenticators"],"sources":["../../../../../lib/idx/remediators/Base/SelectAuthenticator.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticatorFromRemediation } from '../util';\nimport { IdxRemediationValue, IdxContext, IdxOption } from '../../types/idx-js';\nimport { Authenticator, isAuthenticator } from '../../types/api';\nimport { compareAuthenticators, findMatchedOption} from '../../authenticator/util';\n\nexport type SelectAuthenticatorValues = RemediationValues & {\n  authenticator?: string | Authenticator;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class SelectAuthenticator<T extends SelectAuthenticatorValues = SelectAuthenticatorValues>\n  extends Remediator<T> {\n  selectedAuthenticator?: Authenticator;\n  selectedOption?: any;\n\n  // Find matched authenticator in provided order\n  findMatchedOption(authenticators, options) {\n    let option: IdxOption | undefined;\n    for (let authenticator of authenticators) {\n      option = options\n        .find(({ relatesTo }) => relatesTo.key === authenticator.key);\n      if (option) {\n        break;\n      }\n    }\n    return option;\n  }\n\n  /* eslint complexity:[0,9] */\n  canRemediate(context?: IdxContext) {\n    const { authenticators, authenticator } = this.values;\n    const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n    const { options } = authenticatorFromRemediation;\n    // Let users select authenticator if no input is provided\n    if (!authenticators || !authenticators.length) {\n      return false;\n    }\n\n    // Authenticator is explicitly specified by id\n    if (isAuthenticator(authenticator) && authenticator.id) {\n      return true;\n    }\n\n    // Proceed with provided authenticators\n    const matchedOption = this.findMatchedOption(authenticators, options!);\n    if (matchedOption) {\n      // Don't select current authenticator (OKTA-612939)\n      const isCurrentAuthenticator = context?.currentAuthenticator\n        && context?.currentAuthenticator.value.id === matchedOption.relatesTo?.id;\n      const isCurrentAuthenticatorEnrollment = context?.currentAuthenticatorEnrollment\n        && context?.currentAuthenticatorEnrollment.value.id === matchedOption.relatesTo?.id;\n      return !isCurrentAuthenticator && !isCurrentAuthenticatorEnrollment;\n    }\n    \n    return false;\n  }\n\n  mapAuthenticator(remediationValue: IdxRemediationValue) {\n    const { authenticators, authenticator } = this.values;\n\n    // Authenticator is explicitly specified by id\n    if (isAuthenticator(authenticator) && authenticator.id) {\n      this.selectedAuthenticator = authenticator; // track the selected authenticator\n      return authenticator;\n    }\n\n    const { options } = remediationValue;\n    const selectedOption = findMatchedOption(authenticators, options);\n    this.selectedAuthenticator = selectedOption.relatesTo; // track the selected authenticator\n    this.selectedOption = selectedOption;\n    return {\n      id: selectedOption?.value.form.value.find(({ name }) => name === 'id').value\n    };\n  }\n\n  getInputAuthenticator(remediation) {\n    const options = remediation.options.map(({ label, relatesTo }) => {\n      return {\n        label,\n        value: relatesTo.key\n      };\n    });\n    return { name: 'authenticator', type: 'string', options };\n  }\n\n  getValuesAfterProceed(): T {\n    this.values = super.getValuesAfterProceed();\n    // remove used authenticators\n    const authenticators = (this.values.authenticators as Authenticator[])\n      .filter(authenticator => {\n        return compareAuthenticators(authenticator, this.selectedAuthenticator) !== true;\n      });\n    return { ...this.values, authenticators };\n  }\n\n}\n"],"mappings":";;;AAcA;AACA;AAEA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAaA;AACO,MAAMA,mBAAmB,SACtBC,sBAAU,CAAI;EAItB;EACAC,iBAAiB,CAACC,cAAc,EAAEC,OAAO,EAAE;IACzC,IAAIC,MAA6B;IACjC,KAAK,IAAIC,aAAa,IAAIH,cAAc,EAAE;MACxCE,MAAM,GAAGD,OAAO,CACbG,IAAI,CAAC,CAAC;QAAEC;MAAU,CAAC,KAAKA,SAAS,CAACC,GAAG,KAAKH,aAAa,CAACG,GAAG,CAAC;MAC/D,IAAIJ,MAAM,EAAE;QACV;MACF;IACF;IACA,OAAOA,MAAM;EACf;;EAEA;EACAK,YAAY,CAACC,OAAoB,EAAE;IACjC,MAAM;MAAER,cAAc;MAAEG;IAAc,CAAC,GAAG,IAAI,CAACM,MAAM;IACrD,MAAMC,4BAA4B,GAAG,IAAAC,qCAA+B,EAAC,IAAI,CAACC,WAAW,CAAC;IACtF,MAAM;MAAEX;IAAQ,CAAC,GAAGS,4BAA4B;IAChD;IACA,IAAI,CAACV,cAAc,IAAI,CAACA,cAAc,CAACa,MAAM,EAAE;MAC7C,OAAO,KAAK;IACd;;IAEA;IACA,IAAI,IAAAC,oBAAe,EAACX,aAAa,CAAC,IAAIA,aAAa,CAACY,EAAE,EAAE;MACtD,OAAO,IAAI;IACb;;IAEA;IACA,MAAMC,aAAa,GAAG,IAAI,CAACjB,iBAAiB,CAACC,cAAc,EAAEC,OAAO,CAAE;IACtE,IAAIe,aAAa,EAAE;MAAA;MACjB;MACA,MAAMC,sBAAsB,GAAG,CAAAT,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEU,oBAAoB,KACvD,CAAAV,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEU,oBAAoB,CAACC,KAAK,CAACJ,EAAE,gCAAKC,aAAa,CAACX,SAAS,0DAAvB,sBAAyBU,EAAE;MAC3E,MAAMK,gCAAgC,GAAG,CAAAZ,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEa,8BAA8B,KAC3E,CAAAb,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEa,8BAA8B,CAACF,KAAK,CAACJ,EAAE,iCAAKC,aAAa,CAACX,SAAS,2DAAvB,uBAAyBU,EAAE;MACrF,OAAO,CAACE,sBAAsB,IAAI,CAACG,gCAAgC;IACrE;IAEA,OAAO,KAAK;EACd;EAEAE,gBAAgB,CAACC,gBAAqC,EAAE;IACtD,MAAM;MAAEvB,cAAc;MAAEG;IAAc,CAAC,GAAG,IAAI,CAACM,MAAM;;IAErD;IACA,IAAI,IAAAK,oBAAe,EAACX,aAAa,CAAC,IAAIA,aAAa,CAACY,EAAE,EAAE;MACtD,IAAI,CAACS,qBAAqB,GAAGrB,aAAa,CAAC,CAAC;MAC5C,OAAOA,aAAa;IACtB;IAEA,MAAM;MAAEF;IAAQ,CAAC,GAAGsB,gBAAgB;IACpC,MAAME,cAAc,GAAG,IAAA1B,wBAAiB,EAACC,cAAc,EAAEC,OAAO,CAAC;IACjE,IAAI,CAACuB,qBAAqB,GAAGC,cAAc,CAACpB,SAAS,CAAC,CAAC;IACvD,IAAI,CAACoB,cAAc,GAAGA,cAAc;IACpC,OAAO;MACLV,EAAE,EAAEU,cAAc,aAAdA,cAAc,uBAAdA,cAAc,CAAEN,KAAK,CAACO,IAAI,CAACP,KAAK,CAACf,IAAI,CAAC,CAAC;QAAEuB;MAAK,CAAC,KAAKA,IAAI,KAAK,IAAI,CAAC,CAACR;IACzE,CAAC;EACH;EAEAS,qBAAqB,CAAChB,WAAW,EAAE;IACjC,MAAMX,OAAO,GAAGW,WAAW,CAACX,OAAO,CAAC4B,GAAG,CAAC,CAAC;MAAEC,KAAK;MAAEzB;IAAU,CAAC,KAAK;MAChE,OAAO;QACLyB,KAAK;QACLX,KAAK,EAAEd,SAAS,CAACC;MACnB,CAAC;IACH,CAAC,CAAC;IACF,OAAO;MAAEqB,IAAI,EAAE,eAAe;MAAEI,IAAI,EAAE,QAAQ;MAAE9B;IAAQ,CAAC;EAC3D;EAEA+B,qBAAqB,GAAM;IACzB,IAAI,CAACvB,MAAM,GAAG,KAAK,CAACuB,qBAAqB,EAAE;IAC3C;IACA,MAAMhC,cAAc,GAAI,IAAI,CAACS,MAAM,CAACT,cAAc,CAC/CiC,MAAM,CAAC9B,aAAa,IAAI;MACvB,OAAO,IAAA+B,4BAAqB,EAAC/B,aAAa,EAAE,IAAI,CAACqB,qBAAqB,CAAC,KAAK,IAAI;IAClF,CAAC,CAAC;IACJ,OAAO;MAAE,GAAG,IAAI,CAACf,MAAM;MAAET;IAAe,CAAC;EAC3C;AAEF;AAAC"}
+{"version":3,"file":"SelectAuthenticator.js","names":["SelectAuthenticator","Remediator","findMatchedOption","authenticators","options","option","authenticator","find","relatesTo","key","canRemediate","context","values","authenticatorFromRemediation","getAuthenticatorFromRemediation","remediation","length","isAuthenticator","id","matchedOption","isCurrentAuthenticator","currentAuthenticator","value","isCurrentAuthenticatorEnrollment","currentAuthenticatorEnrollment","mapAuthenticator","remediationValue","selectedAuthenticator","selectedOption","form","name","getInputAuthenticator","map","label","type","getValuesAfterProceed","filter","compareAuthenticators"],"sources":["../../../../../lib/idx/remediators/Base/SelectAuthenticator.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticatorFromRemediation } from '../util';\nimport { IdxRemediationValue, IdxContext, IdxOption } from '../../types/idx-js';\nimport { Authenticator, isAuthenticator } from '../../types/api';\nimport { compareAuthenticators, findMatchedOption} from '../../authenticator/util';\n\nexport type SelectAuthenticatorValues = RemediationValues & {\n  authenticator?: string | Authenticator;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class SelectAuthenticator<T extends SelectAuthenticatorValues = SelectAuthenticatorValues>\n  extends Remediator<T> {\n  selectedAuthenticator?: Authenticator;\n  selectedOption?: any;\n\n  // Find matched authenticator in provided order\n  findMatchedOption(authenticators, options) {\n    let option: IdxOption | undefined;\n    for (let authenticator of authenticators) {\n      option = options\n        .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n      if (option) {\n        break;\n      }\n    }\n    return option;\n  }\n\n  /* eslint complexity:[0,9] */\n  canRemediate(context?: IdxContext) {\n    const { authenticators, authenticator } = this.values;\n    const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n    const { options } = authenticatorFromRemediation;\n    // Let users select authenticator if no input is provided\n    if (!authenticators || !authenticators.length) {\n      return false;\n    }\n\n    // Authenticator is explicitly specified by id\n    if (isAuthenticator(authenticator) && authenticator.id) {\n      return true;\n    }\n\n    // Proceed with provided authenticators\n    const matchedOption = this.findMatchedOption(authenticators, options!);\n    if (matchedOption) {\n      // Don't select current authenticator (OKTA-612939)\n      const isCurrentAuthenticator = context?.currentAuthenticator\n        && context?.currentAuthenticator.value.id === matchedOption.relatesTo?.id;\n      const isCurrentAuthenticatorEnrollment = context?.currentAuthenticatorEnrollment\n        && context?.currentAuthenticatorEnrollment.value.id === matchedOption.relatesTo?.id;\n      return !isCurrentAuthenticator && !isCurrentAuthenticatorEnrollment;\n    }\n    \n    return false;\n  }\n\n  mapAuthenticator(remediationValue: IdxRemediationValue) {\n    const { authenticators, authenticator } = this.values;\n\n    // Authenticator is explicitly specified by id\n    if (isAuthenticator(authenticator) && authenticator.id) {\n      this.selectedAuthenticator = authenticator; // track the selected authenticator\n      return authenticator;\n    }\n\n    const { options } = remediationValue;\n    const selectedOption = findMatchedOption(authenticators, options);\n    this.selectedAuthenticator = selectedOption.relatesTo; // track the selected authenticator\n    this.selectedOption = selectedOption;\n    return {\n      id: selectedOption?.value.form.value.find(({ name }) => name === 'id').value\n    };\n  }\n\n  getInputAuthenticator(remediation) {\n    const options = remediation.options.map(({ label, relatesTo }) => {\n      return {\n        label,\n        value: relatesTo.key\n      };\n    });\n    return { name: 'authenticator', type: 'string', options };\n  }\n\n  getValuesAfterProceed(): T {\n    this.values = super.getValuesAfterProceed();\n    // remove used authenticators\n    const authenticators = (this.values.authenticators as Authenticator[])\n      .filter(authenticator => {\n        return compareAuthenticators(authenticator, this.selectedAuthenticator) !== true;\n      });\n    return { ...this.values, authenticators };\n  }\n\n}\n"],"mappings":";;;AAcA;AACA;AAEA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAaA;AACO,MAAMA,mBAAmB,SACtBC,sBAAU,CAAI;EAItB;EACAC,iBAAiB,CAACC,cAAc,EAAEC,OAAO,EAAE;IACzC,IAAIC,MAA6B;IACjC,KAAK,IAAIC,aAAa,IAAIH,cAAc,EAAE;MACxCE,MAAM,GAAGD,OAAO,CACbG,IAAI,CAAC,CAAC;QAAEC;MAAU,CAAC,KAAKA,SAAS,CAACC,GAAG,IAAID,SAAS,CAACC,GAAG,KAAKH,aAAa,CAACG,GAAG,CAAC;MAChF,IAAIJ,MAAM,EAAE;QACV;MACF;IACF;IACA,OAAOA,MAAM;EACf;;EAEA;EACAK,YAAY,CAACC,OAAoB,EAAE;IACjC,MAAM;MAAER,cAAc;MAAEG;IAAc,CAAC,GAAG,IAAI,CAACM,MAAM;IACrD,MAAMC,4BAA4B,GAAG,IAAAC,qCAA+B,EAAC,IAAI,CAACC,WAAW,CAAC;IACtF,MAAM;MAAEX;IAAQ,CAAC,GAAGS,4BAA4B;IAChD;IACA,IAAI,CAACV,cAAc,IAAI,CAACA,cAAc,CAACa,MAAM,EAAE;MAC7C,OAAO,KAAK;IACd;;IAEA;IACA,IAAI,IAAAC,oBAAe,EAACX,aAAa,CAAC,IAAIA,aAAa,CAACY,EAAE,EAAE;MACtD,OAAO,IAAI;IACb;;IAEA;IACA,MAAMC,aAAa,GAAG,IAAI,CAACjB,iBAAiB,CAACC,cAAc,EAAEC,OAAO,CAAE;IACtE,IAAIe,aAAa,EAAE;MAAA;MACjB;MACA,MAAMC,sBAAsB,GAAG,CAAAT,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEU,oBAAoB,KACvD,CAAAV,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEU,oBAAoB,CAACC,KAAK,CAACJ,EAAE,gCAAKC,aAAa,CAACX,SAAS,0DAAvB,sBAAyBU,EAAE;MAC3E,MAAMK,gCAAgC,GAAG,CAAAZ,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEa,8BAA8B,KAC3E,CAAAb,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEa,8BAA8B,CAACF,KAAK,CAACJ,EAAE,iCAAKC,aAAa,CAACX,SAAS,2DAAvB,uBAAyBU,EAAE;MACrF,OAAO,CAACE,sBAAsB,IAAI,CAACG,gCAAgC;IACrE;IAEA,OAAO,KAAK;EACd;EAEAE,gBAAgB,CAACC,gBAAqC,EAAE;IACtD,MAAM;MAAEvB,cAAc;MAAEG;IAAc,CAAC,GAAG,IAAI,CAACM,MAAM;;IAErD;IACA,IAAI,IAAAK,oBAAe,EAACX,aAAa,CAAC,IAAIA,aAAa,CAACY,EAAE,EAAE;MACtD,IAAI,CAACS,qBAAqB,GAAGrB,aAAa,CAAC,CAAC;MAC5C,OAAOA,aAAa;IACtB;IAEA,MAAM;MAAEF;IAAQ,CAAC,GAAGsB,gBAAgB;IACpC,MAAME,cAAc,GAAG,IAAA1B,wBAAiB,EAACC,cAAc,EAAEC,OAAO,CAAC;IACjE,IAAI,CAACuB,qBAAqB,GAAGC,cAAc,CAACpB,SAAS,CAAC,CAAC;IACvD,IAAI,CAACoB,cAAc,GAAGA,cAAc;IACpC,OAAO;MACLV,EAAE,EAAEU,cAAc,aAAdA,cAAc,uBAAdA,cAAc,CAAEN,KAAK,CAACO,IAAI,CAACP,KAAK,CAACf,IAAI,CAAC,CAAC;QAAEuB;MAAK,CAAC,KAAKA,IAAI,KAAK,IAAI,CAAC,CAACR;IACzE,CAAC;EACH;EAEAS,qBAAqB,CAAChB,WAAW,EAAE;IACjC,MAAMX,OAAO,GAAGW,WAAW,CAACX,OAAO,CAAC4B,GAAG,CAAC,CAAC;MAAEC,KAAK;MAAEzB;IAAU,CAAC,KAAK;MAChE,OAAO;QACLyB,KAAK;QACLX,KAAK,EAAEd,SAAS,CAACC;MACnB,CAAC;IACH,CAAC,CAAC;IACF,OAAO;MAAEqB,IAAI,EAAE,eAAe;MAAEI,IAAI,EAAE,QAAQ;MAAE9B;IAAQ,CAAC;EAC3D;EAEA+B,qBAAqB,GAAM;IACzB,IAAI,CAACvB,MAAM,GAAG,KAAK,CAACuB,qBAAqB,EAAE;IAC3C;IACA,MAAMhC,cAAc,GAAI,IAAI,CAACS,MAAM,CAACT,cAAc,CAC/CiC,MAAM,CAAC9B,aAAa,IAAI;MACvB,OAAO,IAAA+B,4BAAqB,EAAC/B,aAAa,EAAE,IAAI,CAACqB,qBAAqB,CAAC,KAAK,IAAI;IAClF,CAAC,CAAC;IACJ,OAAO;MAAE,GAAG,IAAI,CAACf,MAAM;MAAET;IAAe,CAAC;EAC3C;AAEF;AAAC"}

package/cjs/idx/types/api.js.map

@@ -1 +1 @@
-{"version":3,"file":"api.js","names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"sources":["../../../../lib/idx/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n  OktaAuthOAuthInterface,\n  Tokens,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n  IdxToPersist,\n  ChallengeData,\n  ActivationData,\n} from './idx-js';\nimport {\n  AccountUnlockOptions,\n  AuthenticationOptions,\n  CancelOptions,\n  InteractOptions,\n  IntrospectOptions,\n  OktaAuthIdxOptions,\n  PasswordRecoveryOptions,\n  ProceedOptions,\n  RegistrationOptions,\n  StartOptions,\n  IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n  WebauthnEnrollValues,\n  WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor } from '../../base/types';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  mutable?: boolean;\n  visible?: boolean;\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  refresh?: number;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n  channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n  state: string;\n  otp: string;\n}\n\nexport interface IdxAPI {\n  // lowest level api\n  interact: (options?: InteractOptions) => Promise<InteractResponse>;\n  introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n  makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n  // flow entrypoints\n  authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n  register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n  recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n  unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n  poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n  // flow control\n  start: (options?: StartOptions) => Promise<IdxTransaction>;\n  canProceed(options?: ProceedOptions): boolean;\n  proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n  cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n  getFlow(): FlowIdentifier | undefined;\n  setFlow(flow: FlowIdentifier): void;\n\n  // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n  startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n  // redirect callbacks\n  isInteractionRequired: (hashOrSearch?: string) => boolean;\n  isInteractionRequiredError: (error: Error) => boolean; \n  handleInteractionCodeRedirect: (url: string) => Promise<void>;\n  isEmailVerifyCallback: (search: string) => boolean;\n  parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n  handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n  isEmailVerifyCallbackError: (error: Error) => boolean;\n\n  // transaction meta\n  getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n  createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  saveTransactionMeta: (meta: unknown) => void;\n  clearTransactionMeta: () => void;\n  isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n  saveIdxResponse(data: SavedIdxResponse): void;\n  loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n  clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n  getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n  getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n  buildCredentialRequestOptions(\n    challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialRequestOptions;\n  buildCredentialCreationOptions(\n    activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialCreationOptions;\n}\n\nexport interface OktaAuthIdxInterface\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n  extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  idx: IdxAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n  I extends OktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n  new(...args: any[]): I;\n  webauthn: WebauthnAPI;\n}\n\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IAyDYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAQTC,gBAAgB;AAAA;AAAA,WAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;AAAA,GAAhBA,gBAAgB,gCAAhBA,gBAAgB;AAAA,IAkDhBC,UAAU;AAAA;AAAA,WAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;AAAA,GAAVA,UAAU,0BAAVA,UAAU;AAsCf,SAASC,eAAe,CAACC,GAAQ,EAAwB;EAC9D,OAAOA,GAAG,KAAKA,GAAG,CAACC,GAAG,IAAID,GAAG,CAACE,EAAE,CAAC;AACnC"}
+{"version":3,"file":"api.js","names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"sources":["../../../../lib/idx/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n  OktaAuthOAuthInterface,\n  Tokens,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n  IdxToPersist,\n  ChallengeData,\n  ActivationData,\n} from './idx-js';\nimport {\n  AccountUnlockOptions,\n  AuthenticationOptions,\n  CancelOptions,\n  InteractOptions,\n  IntrospectOptions,\n  OktaAuthIdxOptions,\n  PasswordRecoveryOptions,\n  ProceedOptions,\n  RegistrationOptions,\n  StartOptions,\n  IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n  WebauthnEnrollValues,\n  WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor } from '../../base/types';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  mutable?: boolean;\n  visible?: boolean;\n  customLabel?: boolean\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  refresh?: number;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n  channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n  state: string;\n  otp: string;\n}\n\nexport interface IdxAPI {\n  // lowest level api\n  interact: (options?: InteractOptions) => Promise<InteractResponse>;\n  introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n  makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n  // flow entrypoints\n  authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n  register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n  recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n  unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n  poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n  // flow control\n  start: (options?: StartOptions) => Promise<IdxTransaction>;\n  canProceed(options?: ProceedOptions): boolean;\n  proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n  cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n  getFlow(): FlowIdentifier | undefined;\n  setFlow(flow: FlowIdentifier): void;\n\n  // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n  startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n  // redirect callbacks\n  isInteractionRequired: (hashOrSearch?: string) => boolean;\n  isInteractionRequiredError: (error: Error) => boolean; \n  handleInteractionCodeRedirect: (url: string) => Promise<void>;\n  isEmailVerifyCallback: (search: string) => boolean;\n  parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n  handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n  isEmailVerifyCallbackError: (error: Error) => boolean;\n\n  // transaction meta\n  getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n  createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  saveTransactionMeta: (meta: unknown) => void;\n  clearTransactionMeta: () => void;\n  isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n  saveIdxResponse(data: SavedIdxResponse): void;\n  loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n  clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n  getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n  getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n  buildCredentialRequestOptions(\n    challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialRequestOptions;\n  buildCredentialCreationOptions(\n    activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialCreationOptions;\n}\n\nexport interface OktaAuthIdxInterface\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n  extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  idx: IdxAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n  I extends OktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n  new(...args: any[]): I;\n  webauthn: WebauthnAPI;\n}\n\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IAyDYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAQTC,gBAAgB;AAAA;AAAA,WAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;AAAA,GAAhBA,gBAAgB,gCAAhBA,gBAAgB;AAAA,IAmDhBC,UAAU;AAAA;AAAA,WAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;AAAA,GAAVA,UAAU,0BAAVA,UAAU;AAsCf,SAASC,eAAe,CAACC,GAAQ,EAAwB;EAC9D,OAAOA,GAAG,KAAKA,GAAG,CAACC,GAAG,IAAID,GAAG,CAACE,EAAE,CAAC;AACnC"}

package/cjs/idx/util.js

@@ -89,7 +89,7 @@ function getMessagesFromResponse(idxResponse, options) {
   messages = messages.reduce((filtered, message) => {
     var _message$i18n;
     const key = (_message$i18n = message.i18n) === null || _message$i18n === void 0 ? void 0 : _message$i18n.key;
-    if (key && seen[key]) {
+    if (key && seen[key] && message.message === seen[key].message) {
       return filtered;
     }
     seen[key] = message;

package/cjs/idx/util.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.js","names":["isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","name","canResendFn","Object","keys","actions","actionName","includes","getMessagesFromIdxRemediationValue","value","Array","isArray","reduce","messages","form","messagesFromForm","options","optionValues","forEach","option","messagesFromOptions","getMessagesFromResponse","rawIdxState","globalMessages","map","message","useGenericRemediator","remediation","fieldMessages","seen","filtered","key","i18n","getEnabledFeatures","res","push","IdxFeature","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","authClient","remediatorMap","values","remediators","remediatorClass","remediationName","T","getRemediatorClass","remediator","getNextStep","context","entries","stepObj","action","params","idx","proceed","startsWith","part1","part2","split2","actionObj","href","method","rel","accepts","produces","rest","filter","item","filterValuesForRemediation","remediations","find","r","warn","valuesForRemediation","entry","undefined","GenericRemediator","getRemediator","idxRemediations","step","remediatorCandidates","isRemeditionInFlow","canRemediate","nextStep","canSkip","canResend","handleFailedResponse","terminal"],"sources":["../../../lib/idx/util.ts"],"sourcesContent":["import { warn, split2 } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { OktaAuthIdxInterface, IdxFeature, NextStep, RemediateOptions, RemediationResponse, RunOptions } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n  const { neededToProceed, interactionCode } = idxResponse;\n  return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n  return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n  return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n  value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n  if (!value || !Array.isArray(value)) {\n    return;\n  }\n  return value.reduce((messages, value) => {\n    if (value.messages) {\n      messages = [...messages, ...value.messages.value] as never;\n    }\n    if (value.form) {\n      const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n      messages = [...messages, ...messagesFromForm] as never;\n    } \n    if (value.options) {\n      let optionValues = [];\n      value.options.forEach(option => {\n        if (!option.value || typeof option.value === 'string') {\n          return;\n        }\n        optionValues = [...optionValues, option.value] as never;\n      });\n      const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n      messages = [...messages, ...messagesFromOptions] as never;\n    }\n    return messages;\n  }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n  let messages: IdxMessage[] = [];\n  const { rawIdxState, neededToProceed } = idxResponse;\n\n  // Handle global messages\n  const globalMessages = rawIdxState.messages?.value.map(message => message);\n  if (globalMessages) {\n    messages = [...messages, ...globalMessages] as never;\n  }\n\n  // Handle field messages for current flow\n  // Preserve existing logic for general cases, remove in the next major version\n  // Follow ion response format for top level messages when useGenericRemediator is true\n  if (!options.useGenericRemediator) {\n    for (let remediation of neededToProceed) {\n      const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n      if (fieldMessages) {\n        messages = [...messages, ...fieldMessages] as never;\n      }\n    }\n  }\n\n  // API may return identical error on same field, filter by i18n key\n  const seen = {};\n  messages = messages.reduce((filtered, message) => {\n    const key = message.i18n?.key;\n    if (key && seen[key]) {\n      return filtered;\n    }\n    seen[key] = message;\n    filtered = [...filtered, message] as never;\n    return filtered;\n  }, []);\n  return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n    res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n  }\n\n  return res;\n}\n\nexport function getAvailableSteps(\n  authClient: OktaAuthIdxInterface, \n  idxResponse: IdxResponse, \n  useGenericRemediator?: boolean\n): NextStep[] {\n  const res: NextStep[] = [];\n\n  const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n    .reduce((map, remediatorClass) => {\n      // Only add concrete subclasses to the map\n      if (remediatorClass.remediationName) {\n        map[remediatorClass.remediationName] = remediatorClass;\n      }\n      return map;\n    }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n    if (T) {\n      const remediator: Remediator = new T(remediation);\n      res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n    }\n  }\n\n  for (const [name] of Object.entries((idxResponse.actions || {}))) {\n    let stepObj = {\n      name, \n      action: async (params?) => {\n        return authClient.idx.proceed({ \n          actions: [{ name, params }] \n        });\n      }\n    };\n    if (name.startsWith('currentAuthenticator')) {\n      const [part1, part2] = split2(name, '-');\n      const actionObj = idxResponse.rawIdxState[part1].value[part2];\n      /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n      const {\n        href, \n        method, \n        rel, \n        accepts, \n        produces, \n        ...rest\n      } = actionObj;\n      /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n      const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n      stepObj = { \n        ...rest,  \n        ...(value && { value }),\n        ...stepObj,\n      };\n    }\n    res.push(stepObj);\n  }\n\n  return res;\n}\n\nexport function filterValuesForRemediation(\n  idxResponse: IdxResponse,\n  remediationName: string,\n  values: RemediationValues\n): RemediationValues {\n  const remediations = idxResponse.neededToProceed || [];\n  const remediation = remediations.find(r => r.name === remediationName);\n  if (!remediation) {\n    // step was specified, but remediation was not found. This is unexpected!\n    warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n    return values;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n    const { name, value } = entry;\n    if (name === 'stateHandle') {\n      res[name] = value; // use the stateHandle value in the remediation\n    } else {\n      res[name] = values[name]; // use the value provided by the caller\n    }\n    return res;\n  }, {});\n  return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n  const { useGenericRemediator, remediators } = options;\n  \n  if (!remediation) {\n    return undefined;\n  }\n\n  if (useGenericRemediator) {\n    return GenericRemediator;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n  idxResponse: IdxResponse,\n  values: RemediationValues,\n  options: RemediateOptions,\n): Remediator | undefined {\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const remediators = options.remediators!;\n  const useGenericRemediator = options.useGenericRemediator;\n  const {neededToProceed: idxRemediations, context} = idxResponse;\n\n  let remediator: Remediator;\n  // remediation name specified by caller - fast-track remediator lookup \n  if (options.step) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n    if (remediation) {\n      const T = getRemediatorClass(remediation, options);\n      return T ? new T(remediation, values, options) : undefined;\n    } else {\n      // step was specified, but remediation was not found. This is unexpected!\n      warn(`step \"${options.step}\" did not match any remediations`);\n      return;\n    }\n  }\n\n  const remediatorCandidates: Remediator[] = [];\n  if (useGenericRemediator) {\n    // always pick the first remediation for when use GenericRemediator\n    remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n  } else {\n    for (let remediation of idxRemediations) {\n      const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n      if (!isRemeditionInFlow) {\n        continue;\n      }\n\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      const T = getRemediatorClass(remediation, options)!;\n      remediator = new T(remediation, values, options);\n      if (remediator.canRemediate(context)) {\n        // found the remediator\n        return remediator;\n      }\n      // remediator cannot handle the current values\n      // maybe return for next step\n      remediatorCandidates.push(remediator);  \n    }\n  }\n  \n  return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n  authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n  const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n  const canSkip = canSkipFn(idxResponse);\n  const canResend = canResendFn(idxResponse);\n  return {\n    ...nextStep,\n    ...(canSkip && {canSkip}),\n    ...(canResend && {canResend}),\n  };\n}\n\nexport function handleFailedResponse(\n  authClient: OktaAuthIdxInterface,\n  idxResponse: IdxResponse,\n  options = {}\n): RemediationResponse {\n  const terminal = isTerminalResponse(idxResponse);\n  const messages = getMessagesFromResponse(idxResponse, options);\n  if (terminal) {\n    return { idxResponse, terminal, messages };\n  } else {\n    const remediator = getRemediator(idxResponse, {}, options);\n    const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n    return {\n      idxResponse,\n      messages,\n      ...(nextStep && { nextStep }),\n    };\n  }\n  \n}\n"],"mappings":";;;;;;;;;;;;;AAAA;AACA;AAEA;AACA;AAAwH;AAAA;AAGjH,SAASA,kBAAkB,CAACC,WAAwB,EAAE;EAC3D,MAAM;IAAEC,eAAe;IAAEC;EAAgB,CAAC,GAAGF,WAAW;EACxD,OAAO,CAACC,eAAe,CAACE,MAAM,IAAI,CAACD,eAAe;AACpD;AAEO,SAASE,SAAS,CAACJ,WAAwB,EAAE;EAClD,OAAOA,WAAW,CAACC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,MAAM,CAAC;AACxE;AAEO,SAASC,WAAW,CAACP,WAAwB,EAAE;EACpD,OAAOQ,MAAM,CAACC,IAAI,CAACT,WAAW,CAACU,OAAO,CAAC,CAACL,IAAI,CAACM,UAAU,IAAIA,UAAU,CAACC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3F;AAEO,SAASC,kCAAkC,CAChDC,KAA6B,EACH;EAC1B,IAAI,CAACA,KAAK,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,EAAE;IACnC;EACF;EACA,OAAOA,KAAK,CAACG,MAAM,CAAC,CAACC,QAAQ,EAAEJ,KAAK,KAAK;IACvC,IAAIA,KAAK,CAACI,QAAQ,EAAE;MAClBA,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGJ,KAAK,CAACI,QAAQ,CAACJ,KAAK,CAAU;IAC5D;IACA,IAAIA,KAAK,CAACK,IAAI,EAAE;MACd,MAAMC,gBAAgB,GAAGP,kCAAkC,CAACC,KAAK,CAACK,IAAI,CAACL,KAAK,CAAC,IAAI,EAAE;MACnFI,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGE,gBAAgB,CAAU;IACxD;IACA,IAAIN,KAAK,CAACO,OAAO,EAAE;MACjB,IAAIC,YAAY,GAAG,EAAE;MACrBR,KAAK,CAACO,OAAO,CAACE,OAAO,CAACC,MAAM,IAAI;QAC9B,IAAI,CAACA,MAAM,CAACV,KAAK,IAAI,OAAOU,MAAM,CAACV,KAAK,KAAK,QAAQ,EAAE;UACrD;QACF;QACAQ,YAAY,GAAG,CAAC,GAAGA,YAAY,EAAEE,MAAM,CAACV,KAAK,CAAU;MACzD,CAAC,CAAC;MACF,MAAMW,mBAAmB,GAAGZ,kCAAkC,CAACS,YAAY,CAAC,IAAI,EAAE;MAClFJ,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGO,mBAAmB,CAAU;IAC3D;IACA,OAAOP,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;AACR;AAEO,SAASQ,uBAAuB,CAAC1B,WAAwB,EAAEqB,OAAmB,EAAgB;EAAA;EACnG,IAAIH,QAAsB,GAAG,EAAE;EAC/B,MAAM;IAAES,WAAW;IAAE1B;EAAgB,CAAC,GAAGD,WAAW;;EAEpD;EACA,MAAM4B,cAAc,4BAAGD,WAAW,CAACT,QAAQ,0DAApB,sBAAsBJ,KAAK,CAACe,GAAG,CAACC,OAAO,IAAIA,OAAO,CAAC;EAC1E,IAAIF,cAAc,EAAE;IAClBV,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGU,cAAc,CAAU;EACtD;;EAEA;EACA;EACA;EACA,IAAI,CAACP,OAAO,CAACU,oBAAoB,EAAE;IACjC,KAAK,IAAIC,WAAW,IAAI/B,eAAe,EAAE;MACvC,MAAMgC,aAAa,GAAGpB,kCAAkC,CAACmB,WAAW,CAAClB,KAAK,CAAC;MAC3E,IAAImB,aAAa,EAAE;QACjBf,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGe,aAAa,CAAU;MACrD;IACF;EACF;;EAEA;EACA,MAAMC,IAAI,GAAG,CAAC,CAAC;EACfhB,QAAQ,GAAGA,QAAQ,CAACD,MAAM,CAAC,CAACkB,QAAQ,EAAEL,OAAO,KAAK;IAAA;IAChD,MAAMM,GAAG,oBAAGN,OAAO,CAACO,IAAI,kDAAZ,cAAcD,GAAG;IAC7B,IAAIA,GAAG,IAAIF,IAAI,CAACE,GAAG,CAAC,EAAE;MACpB,OAAOD,QAAQ;IACjB;IACAD,IAAI,CAACE,GAAG,CAAC,GAAGN,OAAO;IACnBK,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAEL,OAAO,CAAU;IAC1C,OAAOK,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;EACN,OAAOjB,QAAQ;AACjB;AAGO,SAASoB,kBAAkB,CAACtC,WAAwB,EAAgB;EACzE,MAAMuC,GAAG,GAAG,EAAE;EACd,MAAM;IAAE7B,OAAO;IAAET;EAAgB,CAAC,GAAGD,WAAW;EAEhD,IAAIU,OAAO,CAAC,8BAA8B,CAAC,EAAE;IAC3C6B,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACC,iBAAiB,CAAU;EACjD;EAEA,IAAIzC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,uBAAuB,CAAC,EAAE;IACxEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACE,YAAY,CAAU;EAC5C;EAEA,IAAI1C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,cAAc,CAAC,EAAE;IAC/DiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACG,UAAU,CAAU;EAC1C;EAEA,IAAI3C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,gBAAgB,CAAC,EAAE;IACjEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACI,cAAc,CAAU;EAC9C;EAEA,OAAON,GAAG;AACZ;AAEO,SAASO,iBAAiB,CAC/BC,UAAgC,EAChC/C,WAAwB,EACxB+B,oBAA8B,EAClB;EACZ,MAAMQ,GAAe,GAAG,EAAE;EAE1B,MAAMS,aAAoD,GAAGxC,MAAM,CAACyC,MAAM,CAACC,WAAW,CAAC,CACpFjC,MAAM,CAAC,CAACY,GAAG,EAAEsB,eAAe,KAAK;IAChC;IACA,IAAIA,eAAe,CAACC,eAAe,EAAE;MACnCvB,GAAG,CAACsB,eAAe,CAACC,eAAe,CAAC,GAAGD,eAAe;IACxD;IACA,OAAOtB,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EAER,KAAK,IAAIG,WAAW,IAAIhC,WAAW,CAACC,eAAe,EAAE;IACnD,MAAMoD,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAE;MAAED,oBAAoB;MAAEmB,WAAW,EAAEF;IAAc,CAAC,CAAC;IAC/F,IAAIK,CAAC,EAAE;MACL,MAAME,UAAsB,GAAG,IAAIF,CAAC,CAACrB,WAAW,CAAC;MACjDO,GAAG,CAACC,IAAI,CAAEe,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC,CAAU;IAC7E;EACF;EAEA,KAAK,MAAM,CAACnD,IAAI,CAAC,IAAIE,MAAM,CAACkD,OAAO,CAAE1D,WAAW,CAACU,OAAO,IAAI,CAAC,CAAC,CAAE,EAAE;IAChE,IAAIiD,OAAO,GAAG;MACZrD,IAAI;MACJsD,MAAM,EAAE,MAAOC,MAAO,IAAK;QACzB,OAAOd,UAAU,CAACe,GAAG,CAACC,OAAO,CAAC;UAC5BrD,OAAO,EAAE,CAAC;YAAEJ,IAAI;YAAEuD;UAAO,CAAC;QAC5B,CAAC,CAAC;MACJ;IACF,CAAC;IACD,IAAIvD,IAAI,CAAC0D,UAAU,CAAC,sBAAsB,CAAC,EAAE;MAAA;MAC3C,MAAM,CAACC,KAAK,EAAEC,KAAK,CAAC,GAAG,IAAAC,YAAM,EAAC7D,IAAI,EAAE,GAAG,CAAC;MACxC,MAAM8D,SAAS,GAAGpE,WAAW,CAAC2B,WAAW,CAACsC,KAAK,CAAC,CAACnD,KAAK,CAACoD,KAAK,CAAC;MAC7D;MACA,MAAM;QACJG,IAAI;QACJC,MAAM;QACNC,GAAG;QACHC,OAAO;QACPC,QAAQ;QACR,GAAGC;MACL,CAAC,GAAGN,SAAS;MACb;MACA,MAAMtD,KAAK,uBAAGsD,SAAS,CAACtD,KAAK,qDAAf,iBAAiB6D,MAAM,CAACC,IAAI,IAAIA,IAAI,CAACtE,IAAI,KAAK,aAAa,CAAC;MAC1EqD,OAAO,GAAG;QACR,GAAGe,IAAI;QACP,IAAI5D,KAAK,IAAI;UAAEA;QAAM,CAAC,CAAC;QACvB,GAAG6C;MACL,CAAC;IACH;IACApB,GAAG,CAACC,IAAI,CAACmB,OAAO,CAAC;EACnB;EAEA,OAAOpB,GAAG;AACZ;AAEO,SAASsC,0BAA0B,CACxC7E,WAAwB,EACxBoD,eAAuB,EACvBH,MAAyB,EACN;EACnB,MAAM6B,YAAY,GAAG9E,WAAW,CAACC,eAAe,IAAI,EAAE;EACtD,MAAM+B,WAAW,GAAG8C,YAAY,CAACC,IAAI,CAACC,CAAC,IAAIA,CAAC,CAAC1E,IAAI,KAAK8C,eAAe,CAAC;EACtE,IAAI,CAACpB,WAAW,EAAE;IAChB;IACA,IAAAiD,UAAI,EAAE,gCAA+B7B,eAAgB,kCAAiC,CAAC;IACvF,OAAOH,MAAM;EACf;;EAEA;EACA,MAAMiC,oBAAoB,GAAGlD,WAAW,CAAClB,KAAK,CAAEG,MAAM,CAAC,CAACsB,GAAG,EAAE4C,KAAK,KAAK;IACrE,MAAM;MAAE7E,IAAI;MAAEQ;IAAM,CAAC,GAAGqE,KAAK;IAC7B,IAAI7E,IAAI,KAAK,aAAa,EAAE;MAC1BiC,GAAG,CAACjC,IAAI,CAAC,GAAGQ,KAAK,CAAC,CAAC;IACrB,CAAC,MAAM;MACLyB,GAAG,CAACjC,IAAI,CAAC,GAAG2C,MAAM,CAAC3C,IAAI,CAAC,CAAC,CAAC;IAC5B;;IACA,OAAOiC,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EACN,OAAO2C,oBAAoB;AAC7B;AAEA,SAAS5B,kBAAkB,CAACtB,WAA2B,EAAEX,OAAyB,EAAE;EAClF,MAAM;IAAEU,oBAAoB;IAAEmB;EAAY,CAAC,GAAG7B,OAAO;EAErD,IAAI,CAACW,WAAW,EAAE;IAChB,OAAOoD,SAAS;EAClB;EAEA,IAAIrD,oBAAoB,EAAE;IACxB,OAAOsD,oCAAiB;EAC1B;;EAEA;EACA,OAAOnC,WAAW,CAAElB,WAAW,CAAC1B,IAAI,CAAC;AACvC;;AAEA;AACA;AACO,SAASgF,aAAa,CAC3BtF,WAAwB,EACxBiD,MAAyB,EACzB5B,OAAyB,EACD;EACxB;EACA,MAAM6B,WAAW,GAAG7B,OAAO,CAAC6B,WAAY;EACxC,MAAMnB,oBAAoB,GAAGV,OAAO,CAACU,oBAAoB;EACzD,MAAM;IAAC9B,eAAe,EAAEsF,eAAe;IAAE9B;EAAO,CAAC,GAAGzD,WAAW;EAE/D,IAAIuD,UAAsB;EAC1B;EACA,IAAIlC,OAAO,CAACmE,IAAI,EAAE;IAChB;IACA,MAAMxD,WAAW,GAAGuD,eAAe,CAACR,IAAI,CAAC,CAAC;MAAEzE;IAAK,CAAC,KAAKA,IAAI,KAAKe,OAAO,CAACmE,IAAI,CAAE;IAC9E,IAAIxD,WAAW,EAAE;MACf,MAAMqB,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAC;MAClD,OAAOgC,CAAC,GAAG,IAAIA,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC,GAAG+D,SAAS;IAC5D,CAAC,MAAM;MACL;MACA,IAAAH,UAAI,EAAE,SAAQ5D,OAAO,CAACmE,IAAK,kCAAiC,CAAC;MAC7D;IACF;EACF;EAEA,MAAMC,oBAAkC,GAAG,EAAE;EAC7C,IAAI1D,oBAAoB,EAAE;IACxB;IACA0D,oBAAoB,CAACjD,IAAI,CAAC,IAAI6C,oCAAiB,CAACE,eAAe,CAAC,CAAC,CAAC,EAAEtC,MAAM,EAAE5B,OAAO,CAAC,CAAC;EACvF,CAAC,MAAM;IACL,KAAK,IAAIW,WAAW,IAAIuD,eAAe,EAAE;MACvC,MAAMG,kBAAkB,GAAGlF,MAAM,CAACC,IAAI,CAACyC,WAAW,CAAW,CAACtC,QAAQ,CAACoB,WAAW,CAAC1B,IAAI,CAAC;MACxF,IAAI,CAACoF,kBAAkB,EAAE;QACvB;MACF;;MAEA;MACA,MAAMrC,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAE;MACnDkC,UAAU,GAAG,IAAIF,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC;MAChD,IAAIkC,UAAU,CAACoC,YAAY,CAAClC,OAAO,CAAC,EAAE;QACpC;QACA,OAAOF,UAAU;MACnB;MACA;MACA;MACAkC,oBAAoB,CAACjD,IAAI,CAACe,UAAU,CAAC;IACvC;EACF;EAEA,OAAOkC,oBAAoB,CAAC,CAAC,CAAC;AAChC;AAGO,SAASjC,WAAW,CACzBT,UAAgC,EAAEQ,UAAsB,EAAEvD,WAAwB,EACxE;EACV,MAAM4F,QAAQ,GAAGrC,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC;EACxE,MAAMoC,OAAO,GAAGzF,SAAS,CAACJ,WAAW,CAAC;EACtC,MAAM8F,SAAS,GAAGvF,WAAW,CAACP,WAAW,CAAC;EAC1C,OAAO;IACL,GAAG4F,QAAQ;IACX,IAAIC,OAAO,IAAI;MAACA;IAAO,CAAC,CAAC;IACzB,IAAIC,SAAS,IAAI;MAACA;IAAS,CAAC;EAC9B,CAAC;AACH;AAEO,SAASC,oBAAoB,CAClChD,UAAgC,EAChC/C,WAAwB,EACxBqB,OAAO,GAAG,CAAC,CAAC,EACS;EACrB,MAAM2E,QAAQ,GAAGjG,kBAAkB,CAACC,WAAW,CAAC;EAChD,MAAMkB,QAAQ,GAAGQ,uBAAuB,CAAC1B,WAAW,EAAEqB,OAAO,CAAC;EAC9D,IAAI2E,QAAQ,EAAE;IACZ,OAAO;MAAEhG,WAAW;MAAEgG,QAAQ;MAAE9E;IAAS,CAAC;EAC5C,CAAC,MAAM;IACL,MAAMqC,UAAU,GAAG+B,aAAa,CAACtF,WAAW,EAAE,CAAC,CAAC,EAAEqB,OAAO,CAAC;IAC1D,MAAMuE,QAAQ,GAAGrC,UAAU,IAAIC,WAAW,CAACT,UAAU,EAAEQ,UAAU,EAAEvD,WAAW,CAAC;IAC/E,OAAO;MACLA,WAAW;MACXkB,QAAQ;MACR,IAAI0E,QAAQ,IAAI;QAAEA;MAAS,CAAC;IAC9B,CAAC;EACH;AAEF"}
+{"version":3,"file":"util.js","names":["isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","name","canResendFn","Object","keys","actions","actionName","includes","getMessagesFromIdxRemediationValue","value","Array","isArray","reduce","messages","form","messagesFromForm","options","optionValues","forEach","option","messagesFromOptions","getMessagesFromResponse","rawIdxState","globalMessages","map","message","useGenericRemediator","remediation","fieldMessages","seen","filtered","key","i18n","getEnabledFeatures","res","push","IdxFeature","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","authClient","remediatorMap","values","remediators","remediatorClass","remediationName","T","getRemediatorClass","remediator","getNextStep","context","entries","stepObj","action","params","idx","proceed","startsWith","part1","part2","split2","actionObj","href","method","rel","accepts","produces","rest","filter","item","filterValuesForRemediation","remediations","find","r","warn","valuesForRemediation","entry","undefined","GenericRemediator","getRemediator","idxRemediations","step","remediatorCandidates","isRemeditionInFlow","canRemediate","nextStep","canSkip","canResend","handleFailedResponse","terminal"],"sources":["../../../lib/idx/util.ts"],"sourcesContent":["import { warn, split2 } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { OktaAuthIdxInterface, IdxFeature, NextStep, RemediateOptions, RemediationResponse, RunOptions } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n  const { neededToProceed, interactionCode } = idxResponse;\n  return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n  return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n  return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n  value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n  if (!value || !Array.isArray(value)) {\n    return;\n  }\n  return value.reduce((messages, value) => {\n    if (value.messages) {\n      messages = [...messages, ...value.messages.value] as never;\n    }\n    if (value.form) {\n      const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n      messages = [...messages, ...messagesFromForm] as never;\n    } \n    if (value.options) {\n      let optionValues = [];\n      value.options.forEach(option => {\n        if (!option.value || typeof option.value === 'string') {\n          return;\n        }\n        optionValues = [...optionValues, option.value] as never;\n      });\n      const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n      messages = [...messages, ...messagesFromOptions] as never;\n    }\n    return messages;\n  }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n  let messages: IdxMessage[] = [];\n  const { rawIdxState, neededToProceed } = idxResponse;\n\n  // Handle global messages\n  const globalMessages = rawIdxState.messages?.value.map(message => message);\n  if (globalMessages) {\n    messages = [...messages, ...globalMessages] as never;\n  }\n\n  // Handle field messages for current flow\n  // Preserve existing logic for general cases, remove in the next major version\n  // Follow ion response format for top level messages when useGenericRemediator is true\n  if (!options.useGenericRemediator) {\n    for (let remediation of neededToProceed) {\n      const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n      if (fieldMessages) {\n        messages = [...messages, ...fieldMessages] as never;\n      }\n    }\n  }\n\n  // API may return identical error on same field, filter by i18n key\n  const seen = {};\n  messages = messages.reduce((filtered, message) => {\n    const key = message.i18n?.key;\n    if (key && seen[key] && message.message === seen[key].message) {\n      return filtered;\n    }\n    seen[key] = message;\n    filtered = [...filtered, message] as never;\n    return filtered;\n  }, []);\n\n  return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n    res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n  }\n\n  return res;\n}\n\nexport function getAvailableSteps(\n  authClient: OktaAuthIdxInterface, \n  idxResponse: IdxResponse, \n  useGenericRemediator?: boolean\n): NextStep[] {\n  const res: NextStep[] = [];\n\n  const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n    .reduce((map, remediatorClass) => {\n      // Only add concrete subclasses to the map\n      if (remediatorClass.remediationName) {\n        map[remediatorClass.remediationName] = remediatorClass;\n      }\n      return map;\n    }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n    if (T) {\n      const remediator: Remediator = new T(remediation);\n      res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n    }\n  }\n\n  for (const [name] of Object.entries((idxResponse.actions || {}))) {\n    let stepObj = {\n      name, \n      action: async (params?) => {\n        return authClient.idx.proceed({ \n          actions: [{ name, params }] \n        });\n      }\n    };\n    if (name.startsWith('currentAuthenticator')) {\n      const [part1, part2] = split2(name, '-');\n      const actionObj = idxResponse.rawIdxState[part1].value[part2];\n      /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n      const {\n        href, \n        method, \n        rel, \n        accepts, \n        produces, \n        ...rest\n      } = actionObj;\n      /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n      const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n      stepObj = { \n        ...rest,  \n        ...(value && { value }),\n        ...stepObj,\n      };\n    }\n    res.push(stepObj);\n  }\n\n  return res;\n}\n\nexport function filterValuesForRemediation(\n  idxResponse: IdxResponse,\n  remediationName: string,\n  values: RemediationValues\n): RemediationValues {\n  const remediations = idxResponse.neededToProceed || [];\n  const remediation = remediations.find(r => r.name === remediationName);\n  if (!remediation) {\n    // step was specified, but remediation was not found. This is unexpected!\n    warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n    return values;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n    const { name, value } = entry;\n    if (name === 'stateHandle') {\n      res[name] = value; // use the stateHandle value in the remediation\n    } else {\n      res[name] = values[name]; // use the value provided by the caller\n    }\n    return res;\n  }, {});\n  return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n  const { useGenericRemediator, remediators } = options;\n  \n  if (!remediation) {\n    return undefined;\n  }\n\n  if (useGenericRemediator) {\n    return GenericRemediator;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n  idxResponse: IdxResponse,\n  values: RemediationValues,\n  options: RemediateOptions,\n): Remediator | undefined {\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const remediators = options.remediators!;\n  const useGenericRemediator = options.useGenericRemediator;\n  const {neededToProceed: idxRemediations, context} = idxResponse;\n\n  let remediator: Remediator;\n  // remediation name specified by caller - fast-track remediator lookup \n  if (options.step) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n    if (remediation) {\n      const T = getRemediatorClass(remediation, options);\n      return T ? new T(remediation, values, options) : undefined;\n    } else {\n      // step was specified, but remediation was not found. This is unexpected!\n      warn(`step \"${options.step}\" did not match any remediations`);\n      return;\n    }\n  }\n\n  const remediatorCandidates: Remediator[] = [];\n  if (useGenericRemediator) {\n    // always pick the first remediation for when use GenericRemediator\n    remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n  } else {\n    for (let remediation of idxRemediations) {\n      const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n      if (!isRemeditionInFlow) {\n        continue;\n      }\n\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      const T = getRemediatorClass(remediation, options)!;\n      remediator = new T(remediation, values, options);\n      if (remediator.canRemediate(context)) {\n        // found the remediator\n        return remediator;\n      }\n      // remediator cannot handle the current values\n      // maybe return for next step\n      remediatorCandidates.push(remediator);  \n    }\n  }\n  \n  return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n  authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n  const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n  const canSkip = canSkipFn(idxResponse);\n  const canResend = canResendFn(idxResponse);\n  return {\n    ...nextStep,\n    ...(canSkip && {canSkip}),\n    ...(canResend && {canResend}),\n  };\n}\n\nexport function handleFailedResponse(\n  authClient: OktaAuthIdxInterface,\n  idxResponse: IdxResponse,\n  options = {}\n): RemediationResponse {\n  const terminal = isTerminalResponse(idxResponse);\n  const messages = getMessagesFromResponse(idxResponse, options);\n  if (terminal) {\n    return { idxResponse, terminal, messages };\n  } else {\n    const remediator = getRemediator(idxResponse, {}, options);\n    const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n    return {\n      idxResponse,\n      messages,\n      ...(nextStep && { nextStep }),\n    };\n  }\n  \n}\n"],"mappings":";;;;;;;;;;;;;AAAA;AACA;AAEA;AACA;AAAwH;AAAA;AAGjH,SAASA,kBAAkB,CAACC,WAAwB,EAAE;EAC3D,MAAM;IAAEC,eAAe;IAAEC;EAAgB,CAAC,GAAGF,WAAW;EACxD,OAAO,CAACC,eAAe,CAACE,MAAM,IAAI,CAACD,eAAe;AACpD;AAEO,SAASE,SAAS,CAACJ,WAAwB,EAAE;EAClD,OAAOA,WAAW,CAACC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,MAAM,CAAC;AACxE;AAEO,SAASC,WAAW,CAACP,WAAwB,EAAE;EACpD,OAAOQ,MAAM,CAACC,IAAI,CAACT,WAAW,CAACU,OAAO,CAAC,CAACL,IAAI,CAACM,UAAU,IAAIA,UAAU,CAACC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3F;AAEO,SAASC,kCAAkC,CAChDC,KAA6B,EACH;EAC1B,IAAI,CAACA,KAAK,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,EAAE;IACnC;EACF;EACA,OAAOA,KAAK,CAACG,MAAM,CAAC,CAACC,QAAQ,EAAEJ,KAAK,KAAK;IACvC,IAAIA,KAAK,CAACI,QAAQ,EAAE;MAClBA,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGJ,KAAK,CAACI,QAAQ,CAACJ,KAAK,CAAU;IAC5D;IACA,IAAIA,KAAK,CAACK,IAAI,EAAE;MACd,MAAMC,gBAAgB,GAAGP,kCAAkC,CAACC,KAAK,CAACK,IAAI,CAACL,KAAK,CAAC,IAAI,EAAE;MACnFI,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGE,gBAAgB,CAAU;IACxD;IACA,IAAIN,KAAK,CAACO,OAAO,EAAE;MACjB,IAAIC,YAAY,GAAG,EAAE;MACrBR,KAAK,CAACO,OAAO,CAACE,OAAO,CAACC,MAAM,IAAI;QAC9B,IAAI,CAACA,MAAM,CAACV,KAAK,IAAI,OAAOU,MAAM,CAACV,KAAK,KAAK,QAAQ,EAAE;UACrD;QACF;QACAQ,YAAY,GAAG,CAAC,GAAGA,YAAY,EAAEE,MAAM,CAACV,KAAK,CAAU;MACzD,CAAC,CAAC;MACF,MAAMW,mBAAmB,GAAGZ,kCAAkC,CAACS,YAAY,CAAC,IAAI,EAAE;MAClFJ,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGO,mBAAmB,CAAU;IAC3D;IACA,OAAOP,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;AACR;AAEO,SAASQ,uBAAuB,CAAC1B,WAAwB,EAAEqB,OAAmB,EAAgB;EAAA;EACnG,IAAIH,QAAsB,GAAG,EAAE;EAC/B,MAAM;IAAES,WAAW;IAAE1B;EAAgB,CAAC,GAAGD,WAAW;;EAEpD;EACA,MAAM4B,cAAc,4BAAGD,WAAW,CAACT,QAAQ,0DAApB,sBAAsBJ,KAAK,CAACe,GAAG,CAACC,OAAO,IAAIA,OAAO,CAAC;EAC1E,IAAIF,cAAc,EAAE;IAClBV,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGU,cAAc,CAAU;EACtD;;EAEA;EACA;EACA;EACA,IAAI,CAACP,OAAO,CAACU,oBAAoB,EAAE;IACjC,KAAK,IAAIC,WAAW,IAAI/B,eAAe,EAAE;MACvC,MAAMgC,aAAa,GAAGpB,kCAAkC,CAACmB,WAAW,CAAClB,KAAK,CAAC;MAC3E,IAAImB,aAAa,EAAE;QACjBf,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAE,GAAGe,aAAa,CAAU;MACrD;IACF;EACF;;EAEA;EACA,MAAMC,IAAI,GAAG,CAAC,CAAC;EACfhB,QAAQ,GAAGA,QAAQ,CAACD,MAAM,CAAC,CAACkB,QAAQ,EAAEL,OAAO,KAAK;IAAA;IAChD,MAAMM,GAAG,oBAAGN,OAAO,CAACO,IAAI,kDAAZ,cAAcD,GAAG;IAC7B,IAAIA,GAAG,IAAIF,IAAI,CAACE,GAAG,CAAC,IAAIN,OAAO,CAACA,OAAO,KAAKI,IAAI,CAACE,GAAG,CAAC,CAACN,OAAO,EAAE;MAC7D,OAAOK,QAAQ;IACjB;IACAD,IAAI,CAACE,GAAG,CAAC,GAAGN,OAAO;IACnBK,QAAQ,GAAG,CAAC,GAAGA,QAAQ,EAAEL,OAAO,CAAU;IAC1C,OAAOK,QAAQ;EACjB,CAAC,EAAE,EAAE,CAAC;EAEN,OAAOjB,QAAQ;AACjB;AAGO,SAASoB,kBAAkB,CAACtC,WAAwB,EAAgB;EACzE,MAAMuC,GAAG,GAAG,EAAE;EACd,MAAM;IAAE7B,OAAO;IAAET;EAAgB,CAAC,GAAGD,WAAW;EAEhD,IAAIU,OAAO,CAAC,8BAA8B,CAAC,EAAE;IAC3C6B,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACC,iBAAiB,CAAU;EACjD;EAEA,IAAIzC,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,uBAAuB,CAAC,EAAE;IACxEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACE,YAAY,CAAU;EAC5C;EAEA,IAAI1C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,cAAc,CAAC,EAAE;IAC/DiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACG,UAAU,CAAU;EAC1C;EAEA,IAAI3C,eAAe,CAACI,IAAI,CAAC,CAAC;IAAEC;EAAK,CAAC,KAAKA,IAAI,KAAK,gBAAgB,CAAC,EAAE;IACjEiC,GAAG,CAACC,IAAI,CAACC,iBAAU,CAACI,cAAc,CAAU;EAC9C;EAEA,OAAON,GAAG;AACZ;AAEO,SAASO,iBAAiB,CAC/BC,UAAgC,EAChC/C,WAAwB,EACxB+B,oBAA8B,EAClB;EACZ,MAAMQ,GAAe,GAAG,EAAE;EAE1B,MAAMS,aAAoD,GAAGxC,MAAM,CAACyC,MAAM,CAACC,WAAW,CAAC,CACpFjC,MAAM,CAAC,CAACY,GAAG,EAAEsB,eAAe,KAAK;IAChC;IACA,IAAIA,eAAe,CAACC,eAAe,EAAE;MACnCvB,GAAG,CAACsB,eAAe,CAACC,eAAe,CAAC,GAAGD,eAAe;IACxD;IACA,OAAOtB,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EAER,KAAK,IAAIG,WAAW,IAAIhC,WAAW,CAACC,eAAe,EAAE;IACnD,MAAMoD,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAE;MAAED,oBAAoB;MAAEmB,WAAW,EAAEF;IAAc,CAAC,CAAC;IAC/F,IAAIK,CAAC,EAAE;MACL,MAAME,UAAsB,GAAG,IAAIF,CAAC,CAACrB,WAAW,CAAC;MACjDO,GAAG,CAACC,IAAI,CAAEe,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC,CAAU;IAC7E;EACF;EAEA,KAAK,MAAM,CAACnD,IAAI,CAAC,IAAIE,MAAM,CAACkD,OAAO,CAAE1D,WAAW,CAACU,OAAO,IAAI,CAAC,CAAC,CAAE,EAAE;IAChE,IAAIiD,OAAO,GAAG;MACZrD,IAAI;MACJsD,MAAM,EAAE,MAAOC,MAAO,IAAK;QACzB,OAAOd,UAAU,CAACe,GAAG,CAACC,OAAO,CAAC;UAC5BrD,OAAO,EAAE,CAAC;YAAEJ,IAAI;YAAEuD;UAAO,CAAC;QAC5B,CAAC,CAAC;MACJ;IACF,CAAC;IACD,IAAIvD,IAAI,CAAC0D,UAAU,CAAC,sBAAsB,CAAC,EAAE;MAAA;MAC3C,MAAM,CAACC,KAAK,EAAEC,KAAK,CAAC,GAAG,IAAAC,YAAM,EAAC7D,IAAI,EAAE,GAAG,CAAC;MACxC,MAAM8D,SAAS,GAAGpE,WAAW,CAAC2B,WAAW,CAACsC,KAAK,CAAC,CAACnD,KAAK,CAACoD,KAAK,CAAC;MAC7D;MACA,MAAM;QACJG,IAAI;QACJC,MAAM;QACNC,GAAG;QACHC,OAAO;QACPC,QAAQ;QACR,GAAGC;MACL,CAAC,GAAGN,SAAS;MACb;MACA,MAAMtD,KAAK,uBAAGsD,SAAS,CAACtD,KAAK,qDAAf,iBAAiB6D,MAAM,CAACC,IAAI,IAAIA,IAAI,CAACtE,IAAI,KAAK,aAAa,CAAC;MAC1EqD,OAAO,GAAG;QACR,GAAGe,IAAI;QACP,IAAI5D,KAAK,IAAI;UAAEA;QAAM,CAAC,CAAC;QACvB,GAAG6C;MACL,CAAC;IACH;IACApB,GAAG,CAACC,IAAI,CAACmB,OAAO,CAAC;EACnB;EAEA,OAAOpB,GAAG;AACZ;AAEO,SAASsC,0BAA0B,CACxC7E,WAAwB,EACxBoD,eAAuB,EACvBH,MAAyB,EACN;EACnB,MAAM6B,YAAY,GAAG9E,WAAW,CAACC,eAAe,IAAI,EAAE;EACtD,MAAM+B,WAAW,GAAG8C,YAAY,CAACC,IAAI,CAACC,CAAC,IAAIA,CAAC,CAAC1E,IAAI,KAAK8C,eAAe,CAAC;EACtE,IAAI,CAACpB,WAAW,EAAE;IAChB;IACA,IAAAiD,UAAI,EAAE,gCAA+B7B,eAAgB,kCAAiC,CAAC;IACvF,OAAOH,MAAM;EACf;;EAEA;EACA,MAAMiC,oBAAoB,GAAGlD,WAAW,CAAClB,KAAK,CAAEG,MAAM,CAAC,CAACsB,GAAG,EAAE4C,KAAK,KAAK;IACrE,MAAM;MAAE7E,IAAI;MAAEQ;IAAM,CAAC,GAAGqE,KAAK;IAC7B,IAAI7E,IAAI,KAAK,aAAa,EAAE;MAC1BiC,GAAG,CAACjC,IAAI,CAAC,GAAGQ,KAAK,CAAC,CAAC;IACrB,CAAC,MAAM;MACLyB,GAAG,CAACjC,IAAI,CAAC,GAAG2C,MAAM,CAAC3C,IAAI,CAAC,CAAC,CAAC;IAC5B;;IACA,OAAOiC,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;EACN,OAAO2C,oBAAoB;AAC7B;AAEA,SAAS5B,kBAAkB,CAACtB,WAA2B,EAAEX,OAAyB,EAAE;EAClF,MAAM;IAAEU,oBAAoB;IAAEmB;EAAY,CAAC,GAAG7B,OAAO;EAErD,IAAI,CAACW,WAAW,EAAE;IAChB,OAAOoD,SAAS;EAClB;EAEA,IAAIrD,oBAAoB,EAAE;IACxB,OAAOsD,oCAAiB;EAC1B;;EAEA;EACA,OAAOnC,WAAW,CAAElB,WAAW,CAAC1B,IAAI,CAAC;AACvC;;AAEA;AACA;AACO,SAASgF,aAAa,CAC3BtF,WAAwB,EACxBiD,MAAyB,EACzB5B,OAAyB,EACD;EACxB;EACA,MAAM6B,WAAW,GAAG7B,OAAO,CAAC6B,WAAY;EACxC,MAAMnB,oBAAoB,GAAGV,OAAO,CAACU,oBAAoB;EACzD,MAAM;IAAC9B,eAAe,EAAEsF,eAAe;IAAE9B;EAAO,CAAC,GAAGzD,WAAW;EAE/D,IAAIuD,UAAsB;EAC1B;EACA,IAAIlC,OAAO,CAACmE,IAAI,EAAE;IAChB;IACA,MAAMxD,WAAW,GAAGuD,eAAe,CAACR,IAAI,CAAC,CAAC;MAAEzE;IAAK,CAAC,KAAKA,IAAI,KAAKe,OAAO,CAACmE,IAAI,CAAE;IAC9E,IAAIxD,WAAW,EAAE;MACf,MAAMqB,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAC;MAClD,OAAOgC,CAAC,GAAG,IAAIA,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC,GAAG+D,SAAS;IAC5D,CAAC,MAAM;MACL;MACA,IAAAH,UAAI,EAAE,SAAQ5D,OAAO,CAACmE,IAAK,kCAAiC,CAAC;MAC7D;IACF;EACF;EAEA,MAAMC,oBAAkC,GAAG,EAAE;EAC7C,IAAI1D,oBAAoB,EAAE;IACxB;IACA0D,oBAAoB,CAACjD,IAAI,CAAC,IAAI6C,oCAAiB,CAACE,eAAe,CAAC,CAAC,CAAC,EAAEtC,MAAM,EAAE5B,OAAO,CAAC,CAAC;EACvF,CAAC,MAAM;IACL,KAAK,IAAIW,WAAW,IAAIuD,eAAe,EAAE;MACvC,MAAMG,kBAAkB,GAAGlF,MAAM,CAACC,IAAI,CAACyC,WAAW,CAAW,CAACtC,QAAQ,CAACoB,WAAW,CAAC1B,IAAI,CAAC;MACxF,IAAI,CAACoF,kBAAkB,EAAE;QACvB;MACF;;MAEA;MACA,MAAMrC,CAAC,GAAGC,kBAAkB,CAACtB,WAAW,EAAEX,OAAO,CAAE;MACnDkC,UAAU,GAAG,IAAIF,CAAC,CAACrB,WAAW,EAAEiB,MAAM,EAAE5B,OAAO,CAAC;MAChD,IAAIkC,UAAU,CAACoC,YAAY,CAAClC,OAAO,CAAC,EAAE;QACpC;QACA,OAAOF,UAAU;MACnB;MACA;MACA;MACAkC,oBAAoB,CAACjD,IAAI,CAACe,UAAU,CAAC;IACvC;EACF;EAEA,OAAOkC,oBAAoB,CAAC,CAAC,CAAC;AAChC;AAGO,SAASjC,WAAW,CACzBT,UAAgC,EAAEQ,UAAsB,EAAEvD,WAAwB,EACxE;EACV,MAAM4F,QAAQ,GAAGrC,UAAU,CAACC,WAAW,CAACT,UAAU,EAAE/C,WAAW,CAACyD,OAAO,CAAC;EACxE,MAAMoC,OAAO,GAAGzF,SAAS,CAACJ,WAAW,CAAC;EACtC,MAAM8F,SAAS,GAAGvF,WAAW,CAACP,WAAW,CAAC;EAC1C,OAAO;IACL,GAAG4F,QAAQ;IACX,IAAIC,OAAO,IAAI;MAACA;IAAO,CAAC,CAAC;IACzB,IAAIC,SAAS,IAAI;MAACA;IAAS,CAAC;EAC9B,CAAC;AACH;AAEO,SAASC,oBAAoB,CAClChD,UAAgC,EAChC/C,WAAwB,EACxBqB,OAAO,GAAG,CAAC,CAAC,EACS;EACrB,MAAM2E,QAAQ,GAAGjG,kBAAkB,CAACC,WAAW,CAAC;EAChD,MAAMkB,QAAQ,GAAGQ,uBAAuB,CAAC1B,WAAW,EAAEqB,OAAO,CAAC;EAC9D,IAAI2E,QAAQ,EAAE;IACZ,OAAO;MAAEhG,WAAW;MAAEgG,QAAQ;MAAE9E;IAAS,CAAC;EAC5C,CAAC,MAAM;IACL,MAAMqC,UAAU,GAAG+B,aAAa,CAACtF,WAAW,EAAE,CAAC,CAAC,EAAEqB,OAAO,CAAC;IAC1D,MAAMuE,QAAQ,GAAGrC,UAAU,IAAIC,WAAW,CAACT,UAAU,EAAEQ,UAAU,EAAEvD,WAAW,CAAC;IAC/E,OAAO;MACLA,WAAW;MACXkB,QAAQ;MACR,IAAI0E,QAAQ,IAAI;QAAEA;MAAS,CAAC;IAC9B,CAAC;EACH;AAEF"}

package/cjs/oidc/TokenManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","e","Promise","reject","renewTokens","then","tokenType","catch","err","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (e) {\n      return Promise.reject(e);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAS;IAClB,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAAkB;IAC7B,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,CAAC,EAAE;MACV,OAAOC,OAAO,CAACC,MAAM,CAACF,CAAC,CAAC;IAC1B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAC;MAC1C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACC,GAAG,IAAI;MACZ;MACA,IAAI,CAACX,MAAM,CAAChE,GAAG,CAAC;MAChB2E,GAAG,CAACC,QAAQ,GAAG5E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACgE,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDE,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC7F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAwH,KAAK,GAAG;IACN,MAAM1C,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAACgI,YAAY,EAAE;IAC3B,IAAI,CAAC/C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMqD,aAAa,GAAG,CAAC,CAAC;IACxB9G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACiF,aAAa,EAAE;QACnCD,aAAa,CAAChF,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC2C,aAAa,CAAC,CAAC1C,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEgF,aAAa,CAAChF,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAkF,kBAAkB,CAACxF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;;IAEjF;IACA,IAAIzD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAoD,kBAAkB,GAAI;IACpB,MAAMpF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;IACjF,IAAI,CAACnB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAqF,qBAAqB,GAAG;IACtB,MAAMjD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACiF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC9B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}
+{"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","e","Promise","reject","renewTokens","then","tokenType","catch","err","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token | undefined {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token | undefined> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (e) {\n      return Promise.reject(e);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token!);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAqB;IAC9B,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAA8B;IACzC,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,CAAC,EAAE;MACV,OAAOC,OAAO,CAACC,MAAM,CAACF,CAAC,CAAC;IAC1B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAE;MAC3C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACC,GAAG,IAAI;MACZ;MACA,IAAI,CAACX,MAAM,CAAChE,GAAG,CAAC;MAChB2E,GAAG,CAACC,QAAQ,GAAG5E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACgE,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDE,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC7F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAwH,KAAK,GAAG;IACN,MAAM1C,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAACgI,YAAY,EAAE;IAC3B,IAAI,CAAC/C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMqD,aAAa,GAAG,CAAC,CAAC;IACxB9G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACiF,aAAa,EAAE;QACnCD,aAAa,CAAChF,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC2C,aAAa,CAAC,CAAC1C,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEgF,aAAa,CAAChF,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAkF,kBAAkB,CAACxF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;;IAEjF;IACA,IAAIzD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAoD,kBAAkB,GAAI;IACpB,MAAMpF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;IACjF,IAAI,CAACnB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAqF,qBAAqB,GAAG;IACtB,MAAMjD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACiF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC9B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}

package/cjs/oidc/factory/api.js

@@ -14,6 +14,7 @@ var _renewToken = require("../renewToken");
 var _renewTokens = require("../renewTokens");
 var _renewTokensWithRefresh = require("../renewTokensWithRefresh");
 var _revokeToken = require("../revokeToken");
+var _introspect = require("../introspect");
 var _util2 = require("../util");
 var _verifyToken = require("../verifyToken");
 var _enrollAuthenticator = require("../enrollAuthenticator");
@@ -69,7 +70,8 @@ function createTokenAPI(sdk, queue) {
       return (0, _getUserInfo.getUserInfo)(sdk, accessTokenObject, idTokenObject);
     },
     verify: _verifyToken.verifyToken.bind(null, sdk),
-    isLoginRedirect: _util2.isLoginRedirect.bind(null, sdk)
+    isLoginRedirect: _util2.isLoginRedirect.bind(null, sdk),
+    introspect: _introspect.oidcIntrospect.bind(null, sdk)
   };
 
   // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency