@okta/okta-auth-js 7.3.1 → 7.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (203) hide show
  1. package/CHANGELOG.md +30 -1
  2. package/README.md +5 -5
  3. package/cjs/http/OktaUserAgent.js +2 -2
  4. package/cjs/idx/authenticator/util.js +1 -1
  5. package/cjs/idx/authenticator/util.js.map +1 -1
  6. package/cjs/idx/idxState/v1/idxResponseParser.js +3 -0
  7. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  8. package/cjs/idx/remediators/Base/SelectAuthenticator.js +1 -1
  9. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  10. package/cjs/idx/types/api.js.map +1 -1
  11. package/cjs/idx/util.js +1 -1
  12. package/cjs/idx/util.js.map +1 -1
  13. package/cjs/oidc/TokenManager.js.map +1 -1
  14. package/cjs/oidc/factory/api.js +3 -1
  15. package/cjs/oidc/factory/api.js.map +1 -1
  16. package/cjs/oidc/index.js +9 -1
  17. package/cjs/oidc/index.js.map +1 -1
  18. package/cjs/oidc/introspect.js +70 -0
  19. package/cjs/oidc/introspect.js.map +1 -0
  20. package/cjs/oidc/mixin/index.js +26 -17
  21. package/cjs/oidc/mixin/index.js.map +1 -1
  22. package/cjs/oidc/renewTokens.js +2 -1
  23. package/cjs/oidc/renewTokens.js.map +1 -1
  24. package/cjs/oidc/types/Token.js +8 -2
  25. package/cjs/oidc/types/Token.js.map +1 -1
  26. package/cjs/oidc/types/TokenManager.js.map +1 -1
  27. package/cjs/oidc/types/api.js.map +1 -1
  28. package/cjs/oidc/types/options.js.map +1 -1
  29. package/cjs/oidc/types/proto.js.map +1 -1
  30. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  31. package/dist/okta-auth-js.authn.min.js +1 -1
  32. package/dist/okta-auth-js.authn.min.js.map +1 -1
  33. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  34. package/dist/okta-auth-js.core.min.js +1 -1
  35. package/dist/okta-auth-js.core.min.js.map +1 -1
  36. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  37. package/dist/okta-auth-js.idx.min.js +1 -1
  38. package/dist/okta-auth-js.idx.min.js.map +1 -1
  39. package/dist/okta-auth-js.min.analyzer.html +2 -2
  40. package/dist/okta-auth-js.min.js +1 -1
  41. package/dist/okta-auth-js.min.js.map +1 -1
  42. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  43. package/dist/okta-auth-js.myaccount.min.js +1 -1
  44. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  45. package/dist/okta-auth-js.polyfill.js +1 -1
  46. package/dist/okta-auth-js.polyfill.js.map +1 -1
  47. package/esm/browser/browser/fingerprint.js +1 -0
  48. package/esm/browser/browser/fingerprint.js.map +1 -1
  49. package/esm/browser/core/AuthStateManager.js +1 -0
  50. package/esm/browser/core/AuthStateManager.js.map +1 -1
  51. package/esm/browser/core/options.js +1 -0
  52. package/esm/browser/core/options.js.map +1 -1
  53. package/esm/browser/exports/exports/authn.js +2 -1
  54. package/esm/browser/exports/exports/authn.js.map +1 -1
  55. package/esm/browser/exports/exports/core.js +2 -1
  56. package/esm/browser/exports/exports/core.js.map +1 -1
  57. package/esm/browser/exports/exports/default.js +2 -1
  58. package/esm/browser/exports/exports/default.js.map +1 -1
  59. package/esm/browser/exports/exports/idx.js +2 -1
  60. package/esm/browser/exports/exports/idx.js.map +1 -1
  61. package/esm/browser/exports/exports/myaccount.js +2 -1
  62. package/esm/browser/exports/exports/myaccount.js.map +1 -1
  63. package/esm/browser/http/OktaUserAgent.js +2 -2
  64. package/esm/browser/idx/authenticator/util.js +1 -1
  65. package/esm/browser/idx/authenticator/util.js.map +1 -1
  66. package/esm/browser/idx/factory/api.js +1 -0
  67. package/esm/browser/idx/factory/api.js.map +1 -1
  68. package/esm/browser/idx/idxState/v1/idxResponseParser.js +4 -0
  69. package/esm/browser/idx/idxState/v1/idxResponseParser.js.map +1 -1
  70. package/esm/browser/idx/interact.js +1 -0
  71. package/esm/browser/idx/interact.js.map +1 -1
  72. package/esm/browser/idx/introspect.js +1 -0
  73. package/esm/browser/idx/introspect.js.map +1 -1
  74. package/esm/browser/idx/remediators/Base/SelectAuthenticator.js +1 -1
  75. package/esm/browser/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  76. package/esm/browser/idx/transactionMeta.js +1 -0
  77. package/esm/browser/idx/transactionMeta.js.map +1 -1
  78. package/esm/browser/idx/types/api.js.map +1 -1
  79. package/esm/browser/idx/util.js +1 -1
  80. package/esm/browser/idx/util.js.map +1 -1
  81. package/esm/browser/oidc/TokenManager.js.map +1 -1
  82. package/esm/browser/oidc/TransactionManager.js +1 -0
  83. package/esm/browser/oidc/TransactionManager.js.map +1 -1
  84. package/esm/browser/oidc/enrollAuthenticator.js +1 -0
  85. package/esm/browser/oidc/enrollAuthenticator.js.map +1 -1
  86. package/esm/browser/oidc/exchangeCodeForTokens.js +1 -0
  87. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  88. package/esm/browser/oidc/factory/api.js +4 -1
  89. package/esm/browser/oidc/factory/api.js.map +1 -1
  90. package/esm/browser/oidc/getToken.js +1 -0
  91. package/esm/browser/oidc/getToken.js.map +1 -1
  92. package/esm/browser/oidc/getWithPopup.js +1 -0
  93. package/esm/browser/oidc/getWithPopup.js.map +1 -1
  94. package/esm/browser/oidc/getWithRedirect.js +1 -0
  95. package/esm/browser/oidc/getWithRedirect.js.map +1 -1
  96. package/esm/browser/oidc/handleOAuthResponse.js +1 -0
  97. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  98. package/esm/browser/oidc/introspect.js +67 -0
  99. package/esm/browser/oidc/introspect.js.map +1 -0
  100. package/esm/browser/oidc/mixin/index.js +25 -20
  101. package/esm/browser/oidc/mixin/index.js.map +1 -1
  102. package/esm/browser/oidc/parseFromUrl.js +1 -0
  103. package/esm/browser/oidc/parseFromUrl.js.map +1 -1
  104. package/esm/browser/oidc/renewTokens.js +3 -1
  105. package/esm/browser/oidc/renewTokens.js.map +1 -1
  106. package/esm/browser/oidc/types/Token.js +7 -1
  107. package/esm/browser/oidc/types/Token.js.map +1 -1
  108. package/esm/browser/oidc/types/TokenManager.js.map +1 -1
  109. package/esm/browser/oidc/util/sharedStorage.js +1 -0
  110. package/esm/browser/oidc/util/sharedStorage.js.map +1 -1
  111. package/esm/browser/oidc/verifyToken.js +1 -0
  112. package/esm/browser/oidc/verifyToken.js.map +1 -1
  113. package/esm/browser/package.json +1 -1
  114. package/esm/browser/services/SyncStorageService.js +1 -0
  115. package/esm/browser/services/SyncStorageService.js.map +1 -1
  116. package/esm/node/browser/fingerprint.js +1 -0
  117. package/esm/node/browser/fingerprint.js.map +1 -1
  118. package/esm/node/core/AuthStateManager.js +1 -0
  119. package/esm/node/core/AuthStateManager.js.map +1 -1
  120. package/esm/node/core/options.js +1 -0
  121. package/esm/node/core/options.js.map +1 -1
  122. package/esm/node/exports/exports/authn.js +2 -1
  123. package/esm/node/exports/exports/authn.js.map +1 -1
  124. package/esm/node/exports/exports/core.js +2 -1
  125. package/esm/node/exports/exports/core.js.map +1 -1
  126. package/esm/node/exports/exports/default.js +2 -1
  127. package/esm/node/exports/exports/default.js.map +1 -1
  128. package/esm/node/exports/exports/idx.js +2 -1
  129. package/esm/node/exports/exports/idx.js.map +1 -1
  130. package/esm/node/exports/exports/myaccount.js +2 -1
  131. package/esm/node/exports/exports/myaccount.js.map +1 -1
  132. package/esm/node/http/OktaUserAgent.js +2 -2
  133. package/esm/node/idx/authenticator/util.js +1 -1
  134. package/esm/node/idx/authenticator/util.js.map +1 -1
  135. package/esm/node/idx/factory/api.js +1 -0
  136. package/esm/node/idx/factory/api.js.map +1 -1
  137. package/esm/node/idx/idxState/v1/idxResponseParser.js +4 -0
  138. package/esm/node/idx/idxState/v1/idxResponseParser.js.map +1 -1
  139. package/esm/node/idx/interact.js +1 -0
  140. package/esm/node/idx/interact.js.map +1 -1
  141. package/esm/node/idx/introspect.js +1 -0
  142. package/esm/node/idx/introspect.js.map +1 -1
  143. package/esm/node/idx/remediators/Base/SelectAuthenticator.js +1 -1
  144. package/esm/node/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  145. package/esm/node/idx/transactionMeta.js +1 -0
  146. package/esm/node/idx/transactionMeta.js.map +1 -1
  147. package/esm/node/idx/types/api.js.map +1 -1
  148. package/esm/node/idx/util.js +1 -1
  149. package/esm/node/idx/util.js.map +1 -1
  150. package/esm/node/oidc/TokenManager.js.map +1 -1
  151. package/esm/node/oidc/TransactionManager.js +1 -0
  152. package/esm/node/oidc/TransactionManager.js.map +1 -1
  153. package/esm/node/oidc/enrollAuthenticator.js +1 -0
  154. package/esm/node/oidc/enrollAuthenticator.js.map +1 -1
  155. package/esm/node/oidc/exchangeCodeForTokens.js +1 -0
  156. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  157. package/esm/node/oidc/factory/api.js +4 -1
  158. package/esm/node/oidc/factory/api.js.map +1 -1
  159. package/esm/node/oidc/getToken.js +1 -0
  160. package/esm/node/oidc/getToken.js.map +1 -1
  161. package/esm/node/oidc/getWithPopup.js +1 -0
  162. package/esm/node/oidc/getWithPopup.js.map +1 -1
  163. package/esm/node/oidc/getWithRedirect.js +1 -0
  164. package/esm/node/oidc/getWithRedirect.js.map +1 -1
  165. package/esm/node/oidc/handleOAuthResponse.js +1 -0
  166. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  167. package/esm/node/oidc/introspect.js +67 -0
  168. package/esm/node/oidc/introspect.js.map +1 -0
  169. package/esm/node/oidc/mixin/index.js +25 -20
  170. package/esm/node/oidc/mixin/index.js.map +1 -1
  171. package/esm/node/oidc/parseFromUrl.js +1 -0
  172. package/esm/node/oidc/parseFromUrl.js.map +1 -1
  173. package/esm/node/oidc/renewTokens.js +3 -1
  174. package/esm/node/oidc/renewTokens.js.map +1 -1
  175. package/esm/node/oidc/types/Token.js +7 -1
  176. package/esm/node/oidc/types/Token.js.map +1 -1
  177. package/esm/node/oidc/types/TokenManager.js.map +1 -1
  178. package/esm/node/oidc/util/sharedStorage.js +1 -0
  179. package/esm/node/oidc/util/sharedStorage.js.map +1 -1
  180. package/esm/node/oidc/verifyToken.js +1 -0
  181. package/esm/node/oidc/verifyToken.js.map +1 -1
  182. package/esm/node/package.json +1 -1
  183. package/package.json +9 -5
  184. package/types/lib/idx/types/api.d.ts +1 -0
  185. package/types/lib/oidc/TokenManager.d.ts +2 -2
  186. package/types/lib/oidc/index.d.ts +1 -0
  187. package/types/lib/oidc/introspect.d.ts +14 -0
  188. package/types/lib/oidc/renewTokens.d.ts +2 -2
  189. package/types/lib/oidc/types/Token.d.ts +5 -0
  190. package/types/lib/oidc/types/TokenManager.d.ts +2 -2
  191. package/types/lib/oidc/types/api.d.ts +5 -4
  192. package/types/lib/oidc/types/options.d.ts +4 -0
  193. package/types/lib/oidc/types/proto.d.ts +1 -0
  194. package/umd/authn.js +1 -1
  195. package/umd/authn.js.map +1 -1
  196. package/umd/core.js +1 -1
  197. package/umd/core.js.map +1 -1
  198. package/umd/default.js +1 -1
  199. package/umd/default.js.map +1 -1
  200. package/umd/idx.js +1 -1
  201. package/umd/idx.js.map +1 -1
  202. package/umd/myaccount.js +1 -1
  203. package/umd/myaccount.js.map +1 -1
package/cjs/oidc/factory/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","Object","assign","_getHistory","window","history","_getLocation","location","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","toWrap","forEach","key","createEndpoints","authorize","enrollAuthenticator"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk)\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n"],"mappings":";;;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AACA;AAtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA6BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;;EAE9F;EACA,MAAMU,cAAc,GAAGR,QAAQ,CAACS,0BAAY,CAACJ,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMY,eAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,cAAc,EAAE;IAC3E;IACAK,WAAW,EAAE,YAAW;MACtB,OAAOC,MAAM,CAACC,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOF,MAAM,CAACG,QAAQ;IACxB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOJ,MAAM,CAACK,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAAChB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtDwB,qBAAqB,EAAEA,4CAAqB,CAACjB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5DyB,gBAAgB,EAAEA,kCAAgB,CAAClB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD0B,YAAY,EAAEA,0BAAY,CAACnB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC1CS,eAAe,EAAED,iBAAiB;IAClCG,YAAY,EAAEC,eAAe;IAC7Be,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,CAACvB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnC+B,KAAK,EAAEC,sBAAU,CAACzB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACjCiC,sBAAsB,EAAEA,8CAAsB,CAAC1B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC9DkC,WAAW,EAAEA,wBAAW,CAAC3B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACxCmC,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,EAACnC,GAAG,EAAEoC,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,CAAChC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCwC,eAAe,EAAEA,sBAAe,CAACjC,IAAI,CAAC,IAAI,EAAEP,GAAG;EACjD,CAAC;;EAED;EACA;EACA,MAAMyC,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;IACpBrB,KAAK,CAACqB,GAAG,CAAC,GAAGzC,QAAQ,CAACoB,KAAK,CAACqB,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,OAAOrB,KAAK;AACd;AAEO,SAASsB,eAAe,CAAC5C,GAA2B,EAAa;EACtE,OAAO;IACL6C,SAAS,EAAE;MACTC,mBAAmB,EAAEA,wCAAmB,CAACvC,IAAI,CAAC,IAAI,EAAEP,GAAG;IACzD;EACF,CAAC;AACH"}
1
+ {"version":3,"file":"api.js","names":["createTokenAPI","sdk","queue","useQueue","method","PromiseQueue","prototype","push","bind","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","Object","assign","_getHistory","window","history","_getLocation","location","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","accessTokenObject","idTokenObject","verify","verifyToken","isLoginRedirect","introspect","oidcIntrospect","toWrap","forEach","key","createEndpoints","authorize","enrollAuthenticator"],"sources":["../../../../lib/oidc/factory/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk),\n introspect: oidcIntrospect.bind(null, sdk),\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n"],"mappings":";;;;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYA;AACA;AACA;AAvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AA8BA;AACO,SAASA,cAAc,CAACC,GAA2B,EAAEC,KAAmB,EAAY;EACzF,MAAMC,QAAQ,GAAIC,MAAM,IAAK;IAC3B,OAAOC,kBAAY,CAACC,SAAS,CAACC,IAAI,CAACC,IAAI,CAACN,KAAK,EAAEE,MAAM,EAAE,IAAI,CAAC;EAC9D,CAAC;EAED,MAAMK,iBAAiB,GAAGN,QAAQ,CAACO,gCAAe,CAACF,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA4B;;EAE9F;EACA,MAAMU,cAAc,GAAGR,QAAQ,CAACS,0BAAY,CAACJ,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC,CAA0B;EACtF,MAAMY,eAAsC,GAAGC,MAAM,CAACC,MAAM,CAACJ,cAAc,EAAE;IAC3E;IACAK,WAAW,EAAE,YAAW;MACtB,OAAOC,MAAM,CAACC,OAAO;IACvB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOF,MAAM,CAACG,QAAQ;IACxB,CAAC;IAED;IACAC,YAAY,EAAE,YAAW;MACvB,OAAOJ,MAAM,CAACK,QAAQ;IACxB;EACF,CAAC,CAAC;EAEF,MAAMC,KAAe,GAAE;IACrBC,kBAAkB,EAAEA,yBAAkB,CAAChB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACtDwB,qBAAqB,EAAEA,4CAAqB,CAACjB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC5DyB,gBAAgB,EAAEA,kCAAgB,CAAClB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAClD0B,YAAY,EAAEA,0BAAY,CAACnB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC1CS,eAAe,EAAED,iBAAiB;IAClCG,YAAY,EAAEC,eAAe;IAC7Be,MAAM,EAAEC,wBAAW;IACnBC,MAAM,EAAEC,wBAAW,CAACvB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnC+B,KAAK,EAAEC,sBAAU,CAACzB,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACjCiC,sBAAsB,EAAEA,8CAAsB,CAAC1B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAC9DkC,WAAW,EAAEA,wBAAW,CAAC3B,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACxCmC,WAAW,EAAE,CACXC,iBAA8B,EAC9BC,aAAsB,KACK;MAC3B,OAAO,IAAAF,wBAAW,EAACnC,GAAG,EAAEoC,iBAAiB,EAAEC,aAAa,CAAC;IAC3D,CAAC;IACDC,MAAM,EAAEC,wBAAW,CAAChC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IACnCwC,eAAe,EAAEA,sBAAe,CAACjC,IAAI,CAAC,IAAI,EAAEP,GAAG,CAAC;IAChDyC,UAAU,EAAEC,0BAAc,CAACnC,IAAI,CAAC,IAAI,EAAEP,GAAG;EAC3C,CAAC;;EAED;EACA;EACA,MAAM2C,MAAM,GAAG,CACb,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,OAAO,EACP,wBAAwB,EACxB,aAAa,CACd;EACDA,MAAM,CAACC,OAAO,CAACC,GAAG,IAAI;IACpBvB,KAAK,CAACuB,GAAG,CAAC,GAAG3C,QAAQ,CAACoB,KAAK,CAACuB,GAAG,CAAC,CAAC;EACnC,CAAC,CAAC;EAEF,OAAOvB,KAAK;AACd;AAEO,SAASwB,eAAe,CAAC9C,GAA2B,EAAa;EACtE,OAAO;IACL+C,SAAS,EAAE;MACTC,mBAAmB,EAAEA,wCAAmB,CAACzC,IAAI,CAAC,IAAI,EAAEP,GAAG;IACzD;EACF,CAAC;AACH"}
package/cjs/oidc/index.js CHANGED
@@ -14,7 +14,8 @@ var _exportNames = {
14
14
  getWithoutPrompt: true,
15
15
  getWithPopup: true,
16
16
  getWithRedirect: true,
17
- parseFromUrl: true
17
+ parseFromUrl: true,
18
+ oidcIntrospect: true
18
19
  };
19
20
  Object.defineProperty(exports, "decodeToken", {
20
21
  enumerable: true,
@@ -64,6 +65,12 @@ Object.defineProperty(exports, "handleOAuthResponse", {
64
65
  return _handleOAuthResponse.handleOAuthResponse;
65
66
  }
66
67
  });
68
+ Object.defineProperty(exports, "oidcIntrospect", {
69
+ enumerable: true,
70
+ get: function () {
71
+ return _introspect.oidcIntrospect;
72
+ }
73
+ });
67
74
  Object.defineProperty(exports, "parseFromUrl", {
68
75
  enumerable: true,
69
76
  get: function () {
@@ -222,4 +229,5 @@ var _getWithoutPrompt = require("./getWithoutPrompt");
222
229
  var _getWithPopup = require("./getWithPopup");
223
230
  var _getWithRedirect = require("./getWithRedirect");
224
231
  var _parseFromUrl = require("./parseFromUrl");
232
+ var _introspect = require("./introspect");
225
233
  //# sourceMappingURL=index.js.map
package/cjs/oidc/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../lib/oidc/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './endpoints';\nexport * from './options';\nexport * from './types';\nexport * from './TokenManager';\nexport * from './TransactionManager';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA"}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../lib/oidc/index.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './endpoints';\nexport * from './options';\nexport * from './types';\nexport * from './TokenManager';\nexport * from './TransactionManager';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\nexport { oidcIntrospect } from './introspect';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AACA;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA"}
package/cjs/oidc/introspect.js ADDED
@@ -0,0 +1,70 @@
1
+ "use strict";
2
+
3
+ exports.oidcIntrospect = oidcIntrospect;
4
+ var _errors = require("../errors");
5
+ var _wellKnown = require("./endpoints/well-known");
6
+ var _http = require("../http");
7
+ var _util = require("../util");
8
+ var _crypto = require("../crypto");
9
+ var _types = require("./types");
10
+ /*!
11
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
12
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
13
+ *
14
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
15
+ * Unless required by applicable law or agreed to in writing, software
16
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
+ *
19
+ * See the License for the specific language governing permissions and limitations under the License.
20
+ *
21
+ */
22
+
23
+ const hintMap = {
24
+ accessToken: 'access_token',
25
+ idToken: 'id_token',
26
+ refreshToken: 'refresh_token'
27
+ };
28
+
29
+ /* eslint complexity: [2, 9] */
30
+ async function oidcIntrospect(sdk, kind, token) {
31
+ let issuer;
32
+ let clientId = sdk.options.clientId;
33
+ let clientSecret = sdk.options.clientSecret;
34
+ if (!token) {
35
+ token = sdk.tokenManager.getTokens()[kind];
36
+ }
37
+ if (!token) {
38
+ throw new _errors.AuthSdkError(`unable to find ${kind} in storage or fn params`);
39
+ }
40
+ if (kind !== _types.TokenKind.ACCESS) {
41
+ var _token;
42
+ issuer = (_token = token) === null || _token === void 0 ? void 0 : _token.issuer;
43
+ } else {
44
+ var _token2, _token2$claims;
45
+ issuer = (_token2 = token) === null || _token2 === void 0 ? void 0 : (_token2$claims = _token2.claims) === null || _token2$claims === void 0 ? void 0 : _token2$claims.iss;
46
+ }
47
+ issuer ?? (issuer = sdk.options.issuer);
48
+ if (!clientId) {
49
+ throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');
50
+ }
51
+ if (!issuer) {
52
+ throw new _errors.AuthSdkError('Unable to find issuer');
53
+ }
54
+ const {
55
+ introspection_endpoint: introspectUrl
56
+ } = await (0, _wellKnown.getWellKnown)(sdk, issuer);
57
+ const authHeader = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
58
+ const args = (0, _util.toQueryString)({
59
+ // eslint-disable-next-line camelcase
60
+ token_type_hint: hintMap[kind],
61
+ token: token[kind] // extract raw token string from token object
62
+ }).slice(1);
63
+ return (0, _http.post)(sdk, introspectUrl, args, {
64
+ headers: {
65
+ 'Content-Type': 'application/x-www-form-urlencoded',
66
+ 'Authorization': 'Basic ' + authHeader
67
+ }
68
+ });
69
+ }
70
+ //# sourceMappingURL=introspect.js.map
package/cjs/oidc/introspect.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"introspect.js","names":["hintMap","accessToken","idToken","refreshToken","oidcIntrospect","sdk","kind","token","issuer","clientId","options","clientSecret","tokenManager","getTokens","AuthSdkError","TokenKind","ACCESS","claims","iss","introspection_endpoint","introspectUrl","getWellKnown","authHeader","btoa","args","toQueryString","token_type_hint","slice","post","headers"],"sources":["../../../lib/oidc/introspect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n accessToken: 'access_token',\n idToken: 'id_token',\n refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n let issuer: string;\n let clientId: string = sdk.options.clientId;\n let clientSecret: string | undefined = sdk.options.clientSecret;\n\n if (!token) {\n token = sdk.tokenManager.getTokens()[kind];\n }\n\n if (!token) {\n throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n }\n\n if (kind !== TokenKind.ACCESS) {\n issuer = (token as any)?.issuer;\n }\n else {\n issuer = (token as any)?.claims?.iss;\n }\n issuer ??= sdk.options.issuer;\n\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n }\n if (!issuer) {\n throw new AuthSdkError('Unable to find issuer');\n }\n\n const { introspection_endpoint: introspectUrl } = await getWellKnown(sdk, issuer);\n const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n const args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: hintMap[kind],\n token: token[kind] // extract raw token string from token object\n }).slice(1);\n return post(sdk, introspectUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + authHeader\n }\n });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA,MAAMA,OAAO,GAAG;EACdC,WAAW,EAAE,cAAc;EAC3BC,OAAO,EAAE,UAAU;EACnBC,YAAY,EAAE;AAChB,CAAC;;AAED;AACO,eAAeC,cAAc,CAAEC,GAAG,EAAEC,IAAe,EAAEC,KAAa,EAAE;EACzE,IAAIC,MAAc;EAClB,IAAIC,QAAgB,GAAGJ,GAAG,CAACK,OAAO,CAACD,QAAQ;EAC3C,IAAIE,YAAgC,GAAGN,GAAG,CAACK,OAAO,CAACC,YAAY;EAE/D,IAAI,CAACJ,KAAK,EAAE;IACVA,KAAK,GAAGF,GAAG,CAACO,YAAY,CAACC,SAAS,EAAE,CAACP,IAAI,CAAC;EAC5C;EAEA,IAAI,CAACC,KAAK,EAAE;IACV,MAAM,IAAIO,oBAAY,CAAE,kBAAiBR,IAAK,0BAAyB,CAAC;EAC1E;EAEA,IAAIA,IAAI,KAAKS,gBAAS,CAACC,MAAM,EAAE;IAAA;IAC7BR,MAAM,aAAID,KAAK,2CAAN,OAAgBC,MAAM;EACjC,CAAC,MACI;IAAA;IACHA,MAAM,cAAID,KAAK,8DAAN,QAAgBU,MAAM,mDAAtB,eAAwBC,GAAG;EACtC;EACAV,MAAM,KAANA,MAAM,GAAKH,GAAG,CAACK,OAAO,CAACF,MAAM;EAE7B,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIK,oBAAY,CAAC,gFAAgF,CAAC;EAC1G;EACA,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIM,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,MAAM;IAAEK,sBAAsB,EAAEC;EAAc,CAAC,GAAI,MAAM,IAAAC,uBAAY,EAAChB,GAAG,EAAEG,MAAM,CAAC;EAClF,MAAMc,UAAU,GAAGX,YAAY,GAAG,IAAAY,YAAI,EAAE,GAAEd,QAAS,IAAGE,YAAa,EAAC,CAAC,GAAG,IAAAY,YAAI,EAACd,QAAQ,CAAC;EACtF,MAAMe,IAAI,GAAG,IAAAC,mBAAa,EAAC;IACzB;IACAC,eAAe,EAAE1B,OAAO,CAACM,IAAI,CAAC;IAC9BC,KAAK,EAAEA,KAAK,CAACD,IAAI,CAAC,CAAI;EACxB,CAAC,CAAC,CAACqB,KAAK,CAAC,CAAC,CAAC;EACX,OAAO,IAAAC,UAAI,EAACvB,GAAG,EAAEe,aAAa,EAAEI,IAAI,EAAE;IACpCK,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnD,eAAe,EAAE,QAAQ,GAAGP;IAC9B;EACF,CAAC,CAAC;AACJ"}
package/cjs/oidc/mixin/index.js CHANGED
@@ -218,7 +218,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
218
218
  if (!idToken) {
219
219
  return '';
220
220
  }
221
- if (!postLogoutRedirectUri) {
221
+ if (postLogoutRedirectUri === undefined) {
222
222
  postLogoutRedirectUri = this.options.postLogoutRedirectUri;
223
223
  }
224
224
  const logoutUrl = (0, _util2.getOAuthUrls)(this).logoutUrl;
@@ -237,16 +237,22 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
237
237
  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.
238
238
  // eslint-disable-next-line complexity, max-statements
239
239
  async signOut(options) {
240
+ var _options;
240
241
  options = Object.assign({}, options);
241
242
 
242
243
  // postLogoutRedirectUri must be whitelisted in Okta Admin UI
243
- var defaultUri = window.location.origin;
244
- var currentUri = window.location.href;
245
- var postLogoutRedirectUri = options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
246
- var accessToken = options.accessToken;
247
- var refreshToken = options.refreshToken;
248
- var revokeAccessToken = options.revokeAccessToken !== false;
249
- var revokeRefreshToken = options.revokeRefreshToken !== false;
244
+ const defaultUri = window.location.origin;
245
+ const currentUri = window.location.href;
246
+ // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior
247
+ // "If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the
248
+ // Okta sign-in page or the post_logout_redirect_uri (if specified)."
249
+ // - https://developer.okta.com/docs/reference/api/oidc/#logout
250
+ const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null : options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
251
+ const state = (_options = options) === null || _options === void 0 ? void 0 : _options.state;
252
+ let accessToken = options.accessToken;
253
+ let refreshToken = options.refreshToken;
254
+ const revokeAccessToken = options.revokeAccessToken !== false;
255
+ const revokeRefreshToken = options.revokeRefreshToken !== false;
250
256
  if (revokeRefreshToken && typeof refreshToken === 'undefined') {
251
257
  refreshToken = this.tokenManager.getTokensSync().refreshToken;
252
258
  }
@@ -270,15 +276,18 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
270
276
  // Fallback to XHR signOut, then simulate a redirect to the post logout uri
271
277
  if (!logoutUri) {
272
278
  // local tokens are cleared once session is closed
273
- return this.closeSession() // can throw if the user cannot be signed out
274
- .then(function (sessionClosed) {
275
- if (postLogoutRedirectUri === currentUri) {
276
- window.location.reload(); // force a hard reload if URI is not changing
277
- } else {
278
- window.location.assign(postLogoutRedirectUri);
279
- }
280
- return sessionClosed;
281
- });
279
+ const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out
280
+ const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null
281
+ if (state) {
282
+ redirectUri.searchParams.append('state', state);
283
+ }
284
+ if (postLogoutRedirectUri === currentUri) {
285
+ // window.location.reload(); // force a hard reload if URI is not changing
286
+ window.location.href = redirectUri.href;
287
+ } else {
288
+ window.location.assign(redirectUri.href);
289
+ }
290
+ return sessionClosed;
282
291
  } else {
283
292
  if (options.clearTokensBeforeRedirect) {
284
293
  // Clear all local tokens
package/cjs/oidc/mixin/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","Array","isArray","length","indexOf","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","closeSession","then","sessionClosed","reload","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n \n hasResponseType(responseType: OAuthResponseType): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function(sessionClosed) {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n return sessionClosed;\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,uBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,wBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,IAAIK,eAAe,GAAG,KAAK;MAC3B,IAAIC,KAAK,CAACC,OAAO,CAAC,IAAI,CAACvD,OAAO,CAACgD,YAAY,CAAC,IAAI,IAAI,CAAChD,OAAO,CAACgD,YAAY,CAACQ,MAAM,EAAE;QAChFH,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,CAACS,OAAO,CAACT,YAAY,CAAC,IAAI,CAAC;MACxE,CAAC,MAAM;QACLK,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,KAAKA,YAAY;MAC9D;MACA,OAAOK,eAAe;IACxB;IAEAK,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACL,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAMM,eAAe,CAAC3D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAoC,iBAAW,EAAC,IAAI,EAAE7D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM8D,iBAAiB,CAACrC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QAC9E,MAAMsC,cAAc,GAAG,IAAI,CAACnD,YAAY,CAACoD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACiC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACtC,WAAW,EAAE;QAChB,OAAOwC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAAC1C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM2C,kBAAkB,CAACvB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAACgD,SAAS,EAAE,EAAEf,YAA4B;QACjF,MAAMwB,eAAe,GAAG,IAAI,CAACzD,YAAY,CAACoD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACuC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACxB,YAAY,EAAE;QACjB,OAAOoB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAACtB,YAAY,CAAC;IACxC;IAEAyB,qBAAqB,CAACtE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPwC,qBAAqB;QACrBC;MACF,CAAC,GAAGxE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAI,CAACwC,qBAAqB,EAAE;QAC1BA,qBAAqB,GAAG,IAAI,CAACvE,OAAO,CAACuE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG5C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI6C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC9E,OAAwB,EAAoB;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,IAAI+E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACvC,IAAIC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACrC,IAAIb,qBAAqB,GAAGvE,OAAO,CAACuE,qBAAqB,IACpD,IAAI,CAACvE,OAAO,CAACuE,qBAAqB,IAClCQ,UAAU;MAEf,IAAItD,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,IAAIiB,iBAAiB,GAAG9D,OAAO,CAAC8D,iBAAiB,KAAK,KAAK;MAC3D,IAAIM,kBAAkB,GAAGpE,OAAO,CAACoE,kBAAkB,KAAK,KAAK;MAE7D,IAAIA,kBAAkB,IAAI,OAAOvB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIiB,iBAAiB,IAAI,OAAOrC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIqC,kBAAkB,IAAIvB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACuB,kBAAkB,CAACvB,YAAY,CAAC;MAC7C;MAEA,IAAIiB,iBAAiB,IAAIrC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACqC,iBAAiB,CAACrC,WAAW,CAAC;MAC3C;MAEA,MAAMmD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGtE,OAAO;QAAEuE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,OAAO,IAAI,CAACS,YAAY,EAAE,CAAC;QAAA,CAC1BC,IAAI,CAAC,UAASC,aAAa,EAAE;UAC5B,IAAIhB,qBAAqB,KAAKY,UAAU,EAAE;YACxCH,MAAM,CAACC,QAAQ,CAACO,MAAM,EAAE,CAAC,CAAC;UAC5B,CAAC,MAAM;YACLR,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAACyE,qBAAqB,CAAC;UAC/C;UACA,OAAOgB,aAAa;QACtB,CAAC,CAAC;MACJ,CAAC,MAAM;QACL,IAAIvF,OAAO,CAACyF,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC7E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAAC8E,qBAAqB,EAAE;QAC3C;QACA;QACAV,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAAC8E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDAnS4Be,MAAM;AAqSrC"}
1
+ {"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","Array","isArray","length","indexOf","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n \n hasResponseType(responseType: OAuthResponseType): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,uBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,wBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,IAAIK,eAAe,GAAG,KAAK;MAC3B,IAAIC,KAAK,CAACC,OAAO,CAAC,IAAI,CAACvD,OAAO,CAACgD,YAAY,CAAC,IAAI,IAAI,CAAChD,OAAO,CAACgD,YAAY,CAACQ,MAAM,EAAE;QAChFH,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,CAACS,OAAO,CAACT,YAAY,CAAC,IAAI,CAAC;MACxE,CAAC,MAAM;QACLK,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,KAAKA,YAAY;MAC9D;MACA,OAAOK,eAAe;IACxB;IAEAK,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACL,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAMM,eAAe,CAAC3D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAoC,iBAAW,EAAC,IAAI,EAAE7D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM8D,iBAAiB,CAACrC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QAC9E,MAAMsC,cAAc,GAAG,IAAI,CAACnD,YAAY,CAACoD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACiC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACtC,WAAW,EAAE;QAChB,OAAOwC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAAC1C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM2C,kBAAkB,CAACvB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAACgD,SAAS,EAAE,EAAEf,YAA4B;QACjF,MAAMwB,eAAe,GAAG,IAAI,CAACzD,YAAY,CAACoD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACuC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACxB,YAAY,EAAE;QACjB,OAAOoB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAACtB,YAAY,CAAC;IACxC;IAEAyB,qBAAqB,CAACtE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPwC,qBAAqB;QACrBC;MACF,CAAC,GAAGxE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIwC,qBAAqB,KAAK3C,SAAS,EAAE;QACvC2C,qBAAqB,GAAG,IAAI,CAACvE,OAAO,CAACuE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG5C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI6C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC9E,OAAwB,EAAoB;MAAA;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAM+E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGvE,OAAO,CAACuE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxEvE,OAAO,CAACuE,qBAAqB,IAC3B,IAAI,CAACvE,OAAO,CAACuE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,eAAGxE,OAAO,6CAAP,SAASwE,KAAK;MAG5B,IAAI/C,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMiB,iBAAiB,GAAG9D,OAAO,CAAC8D,iBAAiB,KAAK,KAAK;MAC7D,MAAMM,kBAAkB,GAAGpE,OAAO,CAACoE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOvB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIiB,iBAAiB,IAAI,OAAOrC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIqC,kBAAkB,IAAIvB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACuB,kBAAkB,CAACvB,YAAY,CAAC;MAC7C;MAEA,IAAIiB,iBAAiB,IAAIrC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACqC,iBAAiB,CAACrC,WAAW,CAAC;MAC3C;MAEA,MAAMmD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGtE,OAAO;QAAEuE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAACyF,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAIrF,OAAO,CAAC2F,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC/E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAACgF,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAAC8E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDA7S4BiB,MAAM;AA+SrC"}
package/cjs/oidc/renewTokens.js CHANGED
@@ -21,7 +21,8 @@ var _util = require("./util");
21
21
  // If we have a refresh token, renew using that, otherwise getWithoutPrompt
22
22
  // eslint-disable-next-line complexity
23
23
  async function renewTokens(sdk, options) {
24
- const tokens = sdk.tokenManager.getTokensSync();
24
+ var _options;
25
+ const tokens = ((_options = options) === null || _options === void 0 ? void 0 : _options.tokens) ?? sdk.tokenManager.getTokensSync();
25
26
  if (tokens.refreshToken) {
26
27
  return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options || {}, tokens.refreshToken);
27
28
  }
package/cjs/oidc/renewTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAAqB,EAAmB;EAC7E,MAAMC,MAAM,GAAGF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAC/C,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
1
+ {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EAAA;EACnF,MAAMC,MAAM,GAAG,aAAAD,OAAO,6CAAP,SAASC,MAAM,KAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
package/cjs/oidc/types/Token.js CHANGED
@@ -1,5 +1,6 @@
1
1
  "use strict";
2
2
 
3
+ exports.TokenKind = void 0;
3
4
  exports.isAccessToken = isAccessToken;
4
5
  exports.isIDToken = isIDToken;
5
6
  exports.isRefreshToken = isRefreshToken;
@@ -14,8 +15,13 @@ exports.isToken = isToken;
14
15
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
16
  *
16
17
  * See the License for the specific language governing permissions and limitations under the License.
17
- */
18
-
18
+ */let TokenKind;
19
+ exports.TokenKind = TokenKind;
20
+ (function (TokenKind) {
21
+ TokenKind["ACCESS"] = "accessToken";
22
+ TokenKind["ID"] = "idToken";
23
+ TokenKind["REFRESH"] = "refreshToken";
24
+ })(TokenKind || (exports.TokenKind = TokenKind = {}));
19
25
  function isToken(obj) {
20
26
  if (obj && (obj.accessToken || obj.idToken || obj.refreshToken) && Array.isArray(obj.scopes)) {
21
27
  return true;
package/cjs/oidc/types/Token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Token.js","names":["isToken","obj","accessToken","idToken","refreshToken","Array","isArray","scopes","isAccessToken","isIDToken","isRefreshToken"],"sources":["../../../../lib/oidc/types/Token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n expiresAt: number;\n authorizeUrl: string;\n scopes: string[];\n pendingRemove?: boolean;\n}\n\nexport interface AccessToken extends AbstractToken {\n accessToken: string;\n claims: UserClaims;\n tokenType: string;\n userinfoUrl: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n refreshToken: string;\n tokenUrl: string;\n issuer: string;\n}\n\nexport interface IDToken extends AbstractToken {\n idToken: string;\n claims: UserClaims;\n issuer: string;\n clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\n\nexport function isToken(obj: any): obj is Token {\n if (obj &&\n (obj.accessToken || obj.idToken || obj.refreshToken) &&\n Array.isArray(obj.scopes)) {\n return true;\n }\n return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n accessToken?: AccessToken;\n idToken?: IDToken;\n refreshToken?: RefreshToken;\n}\n"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCO,SAASA,OAAO,CAACC,GAAQ,EAAgB;EAC9C,IAAIA,GAAG,KACFA,GAAG,CAACC,WAAW,IAAID,GAAG,CAACE,OAAO,IAAIF,GAAG,CAACG,YAAY,CAAC,IACpDC,KAAK,CAACC,OAAO,CAACL,GAAG,CAACM,MAAM,CAAC,EAAE;IAC7B,OAAO,IAAI;EACb;EACA,OAAO,KAAK;AACd;AAEO,SAASC,aAAa,CAACP,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAIA,GAAG,CAACC,WAAW;AAC/B;AAEO,SAASO,SAAS,CAACR,GAAQ,EAAkB;EAClD,OAAOA,GAAG,IAAIA,GAAG,CAACE,OAAO;AAC3B;AAEO,SAASO,cAAc,CAACT,GAAQ,EAAuB;EAC5D,OAAOA,GAAG,IAAIA,GAAG,CAACG,YAAY;AAChC"}
1
+ {"version":3,"file":"Token.js","names":["TokenKind","isToken","obj","accessToken","idToken","refreshToken","Array","isArray","scopes","isAccessToken","isIDToken","isRefreshToken"],"sources":["../../../../lib/oidc/types/Token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n expiresAt: number;\n authorizeUrl: string;\n scopes: string[];\n pendingRemove?: boolean;\n}\n\nexport interface AccessToken extends AbstractToken {\n accessToken: string;\n claims: UserClaims;\n tokenType: string;\n userinfoUrl: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n refreshToken: string;\n tokenUrl: string;\n issuer: string;\n}\n\nexport interface IDToken extends AbstractToken {\n idToken: string;\n claims: UserClaims;\n issuer: string;\n clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\nexport enum TokenKind {\n ACCESS = 'accessToken',\n ID = 'idToken',\n REFRESH = 'refreshToken',\n}\n\nexport function isToken(obj: any): obj is Token {\n if (obj &&\n (obj.accessToken || obj.idToken || obj.refreshToken) &&\n Array.isArray(obj.scopes)) {\n return true;\n }\n return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n accessToken?: AccessToken;\n idToken?: IDToken;\n refreshToken?: RefreshToken;\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IA6CYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAMd,SAASC,OAAO,CAACC,GAAQ,EAAgB;EAC9C,IAAIA,GAAG,KACFA,GAAG,CAACC,WAAW,IAAID,GAAG,CAACE,OAAO,IAAIF,GAAG,CAACG,YAAY,CAAC,IACpDC,KAAK,CAACC,OAAO,CAACL,GAAG,CAACM,MAAM,CAAC,EAAE;IAC7B,OAAO,IAAI;EACb;EACA,OAAO,KAAK;AACd;AAEO,SAASC,aAAa,CAACP,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAIA,GAAG,CAACC,WAAW;AAC/B;AAEO,SAASO,SAAS,CAACR,GAAQ,EAAkB;EAClD,OAAOA,GAAG,IAAIA,GAAG,CAACE,OAAO;AAC3B;AAEO,SAASO,cAAc,CAACT,GAAQ,EAAuB;EAC5D,OAAOA,GAAG,IAAIA,GAAG,CAACG,YAAY;AAChC"}
package/cjs/oidc/types/TokenManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TokenManager.js","names":["EVENT_EXPIRED","EVENT_RENEWED","EVENT_ADDED","EVENT_REMOVED","EVENT_ERROR","EVENT_SET_STORAGE"],"sources":["../../../../lib/oidc/types/TokenManager.ts"],"sourcesContent":["/* eslint-disable max-len */\nimport { StorageProvider } from '../../storage/types';\nimport { TokenManagerOptions } from './options';\nimport { AccessToken, IDToken, RefreshToken, Token, Tokens, TokenType } from './Token';\n\nexport interface TokenManagerError {\n errorSummary: string;\n errorCode: string;\n message: string;\n name: string;\n tokenKey: string;\n}\n\nexport declare type AccessTokenCallback = (key: string, token: AccessToken) => void;\nexport declare type IDTokenCallback = (key: string, token: IDToken) => void;\nexport declare type RefreshTokenCallback = (key: string, token: RefreshToken) => void;\n\nexport const EVENT_EXPIRED = 'expired';\nexport const EVENT_RENEWED = 'renewed';\nexport const EVENT_ADDED = 'added';\nexport const EVENT_REMOVED = 'removed';\nexport const EVENT_ERROR = 'error';\nexport const EVENT_SET_STORAGE = 'set_storage';\n\nexport declare type TokenManagerErrorEventHandler = (error: TokenManagerError) => void;\nexport declare type TokenManagerEventHandler = (key: string, token: Token) => void;\nexport declare type TokenManagerRenewEventHandler = (key: string, token: Token, oldtoken: Token) => void;\nexport declare type TokenManagerSetStorageEventHandler = (storage: Tokens) => void;\n\nexport declare type TokenManagerAnyEventHandler = TokenManagerErrorEventHandler | TokenManagerRenewEventHandler | TokenManagerSetStorageEventHandler | TokenManagerEventHandler;\nexport declare type TokenManagerAnyEvent = typeof EVENT_RENEWED | typeof EVENT_ERROR | typeof EVENT_SET_STORAGE | typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED;\n\n// only add methods needed internally\nexport interface TokenManagerInterface {\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler: TokenManagerEventHandler, context?: object): void;\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler?: TokenManagerEventHandler): void;\n\n clear(): void;\n setExpireEventTimeout(key: string, token: Token): void;\n clearExpireEventTimeout(key: string): void;\n clearExpireEventTimeoutAll(): void;\n emitAdded(key: string, token: Token): void;\n emitError(error: Error): void;\n emitRemoved(key: string, token: Token): void;\n emitRenewed(key: string, token: Token, oldToken?: Token): void;\n renew(key: string): Promise<Token | undefined>;\n remove(key: string): void;\n hasExpired(token: Token): boolean;\n getExpireTime(token: Token): number;\n\n get(key): Promise<Token>;\n getSync(key): Token;\n getTokens(): Promise<Tokens>;\n getTokensSync(): Tokens;\n setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;\n getStorageKeyByType(type: TokenType): string;\n add(key: any, token: Token): void;\n updateRefreshToken(token: RefreshToken);\n removeRefreshToken(): void;\n clearPendingRemoveTokens(): void;\n\n getOptions(): TokenManagerOptions;\n getStorage(): StorageProvider;\n\n start();\n stop();\n isStarted(): boolean;\n}\n"],"mappings":";;;AAAA;;AAiBO,MAAMA,aAAa,GAAG,SAAS;AAAC;AAChC,MAAMC,aAAa,GAAG,SAAS;AAAC;AAChC,MAAMC,WAAW,GAAG,OAAO;AAAC;AAC5B,MAAMC,aAAa,GAAG,SAAS;AAAC;AAChC,MAAMC,WAAW,GAAG,OAAO;AAAC;AAC5B,MAAMC,iBAAiB,GAAG,aAAa;AAAC"}
1
+ {"version":3,"file":"TokenManager.js","names":["EVENT_EXPIRED","EVENT_RENEWED","EVENT_ADDED","EVENT_REMOVED","EVENT_ERROR","EVENT_SET_STORAGE"],"sources":["../../../../lib/oidc/types/TokenManager.ts"],"sourcesContent":["/* eslint-disable max-len */\nimport { StorageProvider } from '../../storage/types';\nimport { TokenManagerOptions } from './options';\nimport { AccessToken, IDToken, RefreshToken, Token, Tokens, TokenType } from './Token';\n\nexport interface TokenManagerError {\n errorSummary: string;\n errorCode: string;\n message: string;\n name: string;\n tokenKey: string;\n}\n\nexport declare type AccessTokenCallback = (key: string, token: AccessToken) => void;\nexport declare type IDTokenCallback = (key: string, token: IDToken) => void;\nexport declare type RefreshTokenCallback = (key: string, token: RefreshToken) => void;\n\nexport const EVENT_EXPIRED = 'expired';\nexport const EVENT_RENEWED = 'renewed';\nexport const EVENT_ADDED = 'added';\nexport const EVENT_REMOVED = 'removed';\nexport const EVENT_ERROR = 'error';\nexport const EVENT_SET_STORAGE = 'set_storage';\n\nexport declare type TokenManagerErrorEventHandler = (error: TokenManagerError) => void;\nexport declare type TokenManagerEventHandler = (key: string, token: Token) => void;\nexport declare type TokenManagerRenewEventHandler = (key: string, token: Token, oldtoken: Token) => void;\nexport declare type TokenManagerSetStorageEventHandler = (storage: Tokens) => void;\n\nexport declare type TokenManagerAnyEventHandler = TokenManagerErrorEventHandler | TokenManagerRenewEventHandler | TokenManagerSetStorageEventHandler | TokenManagerEventHandler;\nexport declare type TokenManagerAnyEvent = typeof EVENT_RENEWED | typeof EVENT_ERROR | typeof EVENT_SET_STORAGE | typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED;\n\n// only add methods needed internally\nexport interface TokenManagerInterface {\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler: TokenManagerEventHandler, context?: object): void;\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler?: TokenManagerEventHandler): void;\n\n clear(): void;\n setExpireEventTimeout(key: string, token: Token): void;\n clearExpireEventTimeout(key: string): void;\n clearExpireEventTimeoutAll(): void;\n emitAdded(key: string, token: Token): void;\n emitError(error: Error): void;\n emitRemoved(key: string, token: Token): void;\n emitRenewed(key: string, token: Token, oldToken?: Token): void;\n renew(key: string): Promise<Token | undefined>;\n remove(key: string): void;\n hasExpired(token: Token): boolean;\n getExpireTime(token: Token): number;\n\n get(key): Promise<Token | undefined>;\n getSync(key): Token | undefined;\n getTokens(): Promise<Tokens>;\n getTokensSync(): Tokens;\n setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;\n getStorageKeyByType(type: TokenType): string;\n add(key: any, token: Token): void;\n updateRefreshToken(token: RefreshToken);\n removeRefreshToken(): void;\n clearPendingRemoveTokens(): void;\n\n getOptions(): TokenManagerOptions;\n getStorage(): StorageProvider;\n\n start();\n stop();\n isStarted(): boolean;\n}\n"],"mappings":";;;AAAA;;AAiBO,MAAMA,aAAa,GAAG,SAAS;AAAC;AAChC,MAAMC,aAAa,GAAG,SAAS;AAAC;AAChC,MAAMC,WAAW,GAAG,OAAO;AAAC;AAC5B,MAAMC,aAAa,GAAG,SAAS;AAAC;AAChC,MAAMC,WAAW,GAAG,OAAO;AAAC;AAC5B,MAAMC,iBAAiB,GAAG,aAAa;AAAC"}
package/cjs/oidc/types/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: TokenParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
1
+ {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
package/cjs/oidc/types/options.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"options.js","names":[],"sources":["../../../../lib/oidc/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { OktaAuthHttpOptions } from '../../http/types';\nimport { SimpleStorage } from '../../storage/types';\nimport { OktaAuthOAuthInterface, SetLocationFunction } from './api';\nimport { OAuthResponseMode, OAuthResponseType } from './proto';\nimport { TransactionManagerOptions } from './Transaction';\n\nexport interface CustomUrls {\n issuer?: string;\n authorizeUrl?: string;\n userinfoUrl?: string;\n tokenUrl?: string;\n revokeUrl?: string;\n logoutUrl?: string;\n}\n\nexport interface TokenParams extends CustomUrls {\n pkce?: boolean;\n clientId?: string;\n redirectUri?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n responseMode?: OAuthResponseMode;\n state?: string;\n nonce?: string;\n scopes?: string[];\n enrollAmrValues?: string | string[];\n display?: string;\n ignoreSignature?: boolean;\n codeVerifier?: string;\n authorizationCode?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n interactionCode?: string;\n idp?: string;\n idpScope?: string | string[];\n loginHint?: string;\n maxAge?: string | number;\n acrValues?: string;\n prompt?: string;\n sessionToken?: string;\n timeout?: number;\n extraParams?: { [propName: string]: string }; // custom authorize query params\n // TODO: remove in the next major version\n popupTitle?: string;\n}\n\nexport interface TokenManagerOptions {\n autoRenew?: boolean;\n autoRemove?: boolean;\n clearPendingRemoveTokens?: boolean;\n secure?: boolean;\n storage?: string | SimpleStorage;\n storageKey?: string;\n expireEarlySeconds?: number;\n syncStorage?: boolean;\n}\n\nexport interface EnrollAuthenticatorOptions extends TokenParams {\n enrollAmrValues: string | string[];\n acrValues: string;\n}\n\nexport interface SigninWithRedirectOptions extends TokenParams {\n originalUri?: string;\n}\n\nexport interface OktaAuthOAuthOptions extends\n OktaAuthHttpOptions,\n CustomUrls,\n Pick<TokenParams,\n 'issuer' |\n 'clientId' |\n 'redirectUri' |\n 'responseType' |\n 'responseMode' |\n 'scopes' |\n 'state' |\n 'pkce' |\n 'ignoreSignature' |\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'maxAge' |\n 'acrValues'\n >\n{\n ignoreLifetime?: boolean;\n tokenManager?: TokenManagerOptions;\n postLogoutRedirectUri?: string;\n maxClockSkew?: number;\n restoreOriginalUri?: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n\n transactionManager?: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret?: string;\n setLocation?: SetLocationFunction;\n}\n\nexport type OktaAuthOauthOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthOAuthOptions>;\n"],"mappings":""}
1
+ {"version":3,"file":"options.js","names":[],"sources":["../../../../lib/oidc/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { OktaAuthHttpOptions } from '../../http/types';\nimport { SimpleStorage } from '../../storage/types';\nimport { OktaAuthOAuthInterface, SetLocationFunction } from './api';\nimport { OAuthResponseMode, OAuthResponseType } from './proto';\nimport { Tokens } from './Token';\nimport { TransactionManagerOptions } from './Transaction';\n\nexport interface CustomUrls {\n issuer?: string;\n authorizeUrl?: string;\n userinfoUrl?: string;\n tokenUrl?: string;\n revokeUrl?: string;\n logoutUrl?: string;\n}\n\nexport interface TokenParams extends CustomUrls {\n pkce?: boolean;\n clientId?: string;\n redirectUri?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n responseMode?: OAuthResponseMode;\n state?: string;\n nonce?: string;\n scopes?: string[];\n enrollAmrValues?: string | string[];\n display?: string;\n ignoreSignature?: boolean;\n codeVerifier?: string;\n authorizationCode?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n interactionCode?: string;\n idp?: string;\n idpScope?: string | string[];\n loginHint?: string;\n maxAge?: string | number;\n acrValues?: string;\n prompt?: string;\n sessionToken?: string;\n timeout?: number;\n extraParams?: { [propName: string]: string }; // custom authorize query params\n // TODO: remove in the next major version\n popupTitle?: string;\n}\n\nexport interface TokenManagerOptions {\n autoRenew?: boolean;\n autoRemove?: boolean;\n clearPendingRemoveTokens?: boolean;\n secure?: boolean;\n storage?: string | SimpleStorage;\n storageKey?: string;\n expireEarlySeconds?: number;\n syncStorage?: boolean;\n}\n\nexport interface EnrollAuthenticatorOptions extends TokenParams {\n enrollAmrValues: string | string[];\n acrValues: string;\n}\n\nexport interface SigninWithRedirectOptions extends TokenParams {\n originalUri?: string;\n}\n\nexport interface RenewTokensParams extends TokenParams {\n tokens?: Tokens\n}\n\nexport interface OktaAuthOAuthOptions extends\n OktaAuthHttpOptions,\n CustomUrls,\n Pick<TokenParams,\n 'issuer' |\n 'clientId' |\n 'redirectUri' |\n 'responseType' |\n 'responseMode' |\n 'scopes' |\n 'state' |\n 'pkce' |\n 'ignoreSignature' |\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'maxAge' |\n 'acrValues'\n >\n{\n ignoreLifetime?: boolean;\n tokenManager?: TokenManagerOptions;\n postLogoutRedirectUri?: string;\n maxClockSkew?: number;\n restoreOriginalUri?: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n\n transactionManager?: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret?: string;\n setLocation?: SetLocationFunction;\n}\n\nexport type OktaAuthOauthOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthOAuthOptions>;\n"],"mappings":""}
package/cjs/oidc/types/proto.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"proto.js","names":[],"sources":["../../../../lib/oidc/types/proto.ts"],"sourcesContent":["/* eslint-disable camelcase */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport interface OAuthParams {\n client_id?: string;\n code_challenge?: string;\n code_challenge_method?: string;\n display?: string;\n idp?: string;\n idp_scope?: string | string[];\n login_hint?: string;\n max_age?: string | number;\n nonce?: string;\n prompt?: string;\n redirect_uri?: string;\n response_mode?: string;\n response_type?: string | string[];\n scope?: string;\n sessionToken?: string;\n state?: string;\n grant_type?: string;\n code?: string;\n interaction_code?: string;\n acr_values?: string;\n enroll_amr_values?: string | string[];\n}\n\nexport interface OAuthResponse {\n state?: string;\n code?: string;\n interaction_code?: string;\n expires_in?: string;\n token_type?: string;\n access_token?: string;\n id_token?: string;\n refresh_token?: string;\n scope?: string;\n error?: string;\n error_description?: string;\n}\n\nexport interface WellKnownResponse {\n issuer: string;\n authorization_endpoint: string;\n userinfo_endpoint: string;\n jwks_uri: string;\n response_types_supported: string[];\n response_modes_supported: string[];\n grant_types_supported: string[];\n subject_types_supported: string[];\n id_token_signing_alg_values_supported: string[];\n scopes_supported: string[];\n claims_supported: string[];\n}\n\n\nexport type OAuthResponseMode = 'okta_post_message' |'fragment' |'query' |'form_post';\n\nexport type OAuthResponseType = 'code' |'token' |'id_token' | 'refresh_token';\n"],"mappings":""}
1
+ {"version":3,"file":"proto.js","names":[],"sources":["../../../../lib/oidc/types/proto.ts"],"sourcesContent":["/* eslint-disable camelcase */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport interface OAuthParams {\n client_id?: string;\n code_challenge?: string;\n code_challenge_method?: string;\n display?: string;\n idp?: string;\n idp_scope?: string | string[];\n login_hint?: string;\n max_age?: string | number;\n nonce?: string;\n prompt?: string;\n redirect_uri?: string;\n response_mode?: string;\n response_type?: string | string[];\n scope?: string;\n sessionToken?: string;\n state?: string;\n grant_type?: string;\n code?: string;\n interaction_code?: string;\n acr_values?: string;\n enroll_amr_values?: string | string[];\n}\n\nexport interface OAuthResponse {\n state?: string;\n code?: string;\n interaction_code?: string;\n expires_in?: string;\n token_type?: string;\n access_token?: string;\n id_token?: string;\n refresh_token?: string;\n scope?: string;\n error?: string;\n error_description?: string;\n}\n\nexport interface WellKnownResponse {\n issuer: string;\n authorization_endpoint: string;\n userinfo_endpoint: string;\n jwks_uri: string;\n response_types_supported: string[];\n response_modes_supported: string[];\n grant_types_supported: string[];\n subject_types_supported: string[];\n id_token_signing_alg_values_supported: string[];\n scopes_supported: string[];\n claims_supported: string[];\n introspection_endpoint: string;\n}\n\n\nexport type OAuthResponseMode = 'okta_post_message' |'fragment' |'query' |'form_post';\n\nexport type OAuthResponseType = 'code' |'token' |'id_token' | 'refresh_token';\n"],"mappings":""}