@okta/okta-auth-js 7.3.1 → 7.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (203) hide show
  1. package/CHANGELOG.md +30 -1
  2. package/README.md +5 -5
  3. package/cjs/http/OktaUserAgent.js +2 -2
  4. package/cjs/idx/authenticator/util.js +1 -1
  5. package/cjs/idx/authenticator/util.js.map +1 -1
  6. package/cjs/idx/idxState/v1/idxResponseParser.js +3 -0
  7. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  8. package/cjs/idx/remediators/Base/SelectAuthenticator.js +1 -1
  9. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  10. package/cjs/idx/types/api.js.map +1 -1
  11. package/cjs/idx/util.js +1 -1
  12. package/cjs/idx/util.js.map +1 -1
  13. package/cjs/oidc/TokenManager.js.map +1 -1
  14. package/cjs/oidc/factory/api.js +3 -1
  15. package/cjs/oidc/factory/api.js.map +1 -1
  16. package/cjs/oidc/index.js +9 -1
  17. package/cjs/oidc/index.js.map +1 -1
  18. package/cjs/oidc/introspect.js +70 -0
  19. package/cjs/oidc/introspect.js.map +1 -0
  20. package/cjs/oidc/mixin/index.js +26 -17
  21. package/cjs/oidc/mixin/index.js.map +1 -1
  22. package/cjs/oidc/renewTokens.js +2 -1
  23. package/cjs/oidc/renewTokens.js.map +1 -1
  24. package/cjs/oidc/types/Token.js +8 -2
  25. package/cjs/oidc/types/Token.js.map +1 -1
  26. package/cjs/oidc/types/TokenManager.js.map +1 -1
  27. package/cjs/oidc/types/api.js.map +1 -1
  28. package/cjs/oidc/types/options.js.map +1 -1
  29. package/cjs/oidc/types/proto.js.map +1 -1
  30. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  31. package/dist/okta-auth-js.authn.min.js +1 -1
  32. package/dist/okta-auth-js.authn.min.js.map +1 -1
  33. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  34. package/dist/okta-auth-js.core.min.js +1 -1
  35. package/dist/okta-auth-js.core.min.js.map +1 -1
  36. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  37. package/dist/okta-auth-js.idx.min.js +1 -1
  38. package/dist/okta-auth-js.idx.min.js.map +1 -1
  39. package/dist/okta-auth-js.min.analyzer.html +2 -2
  40. package/dist/okta-auth-js.min.js +1 -1
  41. package/dist/okta-auth-js.min.js.map +1 -1
  42. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  43. package/dist/okta-auth-js.myaccount.min.js +1 -1
  44. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  45. package/dist/okta-auth-js.polyfill.js +1 -1
  46. package/dist/okta-auth-js.polyfill.js.map +1 -1
  47. package/esm/browser/browser/fingerprint.js +1 -0
  48. package/esm/browser/browser/fingerprint.js.map +1 -1
  49. package/esm/browser/core/AuthStateManager.js +1 -0
  50. package/esm/browser/core/AuthStateManager.js.map +1 -1
  51. package/esm/browser/core/options.js +1 -0
  52. package/esm/browser/core/options.js.map +1 -1
  53. package/esm/browser/exports/exports/authn.js +2 -1
  54. package/esm/browser/exports/exports/authn.js.map +1 -1
  55. package/esm/browser/exports/exports/core.js +2 -1
  56. package/esm/browser/exports/exports/core.js.map +1 -1
  57. package/esm/browser/exports/exports/default.js +2 -1
  58. package/esm/browser/exports/exports/default.js.map +1 -1
  59. package/esm/browser/exports/exports/idx.js +2 -1
  60. package/esm/browser/exports/exports/idx.js.map +1 -1
  61. package/esm/browser/exports/exports/myaccount.js +2 -1
  62. package/esm/browser/exports/exports/myaccount.js.map +1 -1
  63. package/esm/browser/http/OktaUserAgent.js +2 -2
  64. package/esm/browser/idx/authenticator/util.js +1 -1
  65. package/esm/browser/idx/authenticator/util.js.map +1 -1
  66. package/esm/browser/idx/factory/api.js +1 -0
  67. package/esm/browser/idx/factory/api.js.map +1 -1
  68. package/esm/browser/idx/idxState/v1/idxResponseParser.js +4 -0
  69. package/esm/browser/idx/idxState/v1/idxResponseParser.js.map +1 -1
  70. package/esm/browser/idx/interact.js +1 -0
  71. package/esm/browser/idx/interact.js.map +1 -1
  72. package/esm/browser/idx/introspect.js +1 -0
  73. package/esm/browser/idx/introspect.js.map +1 -1
  74. package/esm/browser/idx/remediators/Base/SelectAuthenticator.js +1 -1
  75. package/esm/browser/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  76. package/esm/browser/idx/transactionMeta.js +1 -0
  77. package/esm/browser/idx/transactionMeta.js.map +1 -1
  78. package/esm/browser/idx/types/api.js.map +1 -1
  79. package/esm/browser/idx/util.js +1 -1
  80. package/esm/browser/idx/util.js.map +1 -1
  81. package/esm/browser/oidc/TokenManager.js.map +1 -1
  82. package/esm/browser/oidc/TransactionManager.js +1 -0
  83. package/esm/browser/oidc/TransactionManager.js.map +1 -1
  84. package/esm/browser/oidc/enrollAuthenticator.js +1 -0
  85. package/esm/browser/oidc/enrollAuthenticator.js.map +1 -1
  86. package/esm/browser/oidc/exchangeCodeForTokens.js +1 -0
  87. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  88. package/esm/browser/oidc/factory/api.js +4 -1
  89. package/esm/browser/oidc/factory/api.js.map +1 -1
  90. package/esm/browser/oidc/getToken.js +1 -0
  91. package/esm/browser/oidc/getToken.js.map +1 -1
  92. package/esm/browser/oidc/getWithPopup.js +1 -0
  93. package/esm/browser/oidc/getWithPopup.js.map +1 -1
  94. package/esm/browser/oidc/getWithRedirect.js +1 -0
  95. package/esm/browser/oidc/getWithRedirect.js.map +1 -1
  96. package/esm/browser/oidc/handleOAuthResponse.js +1 -0
  97. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  98. package/esm/browser/oidc/introspect.js +67 -0
  99. package/esm/browser/oidc/introspect.js.map +1 -0
  100. package/esm/browser/oidc/mixin/index.js +25 -20
  101. package/esm/browser/oidc/mixin/index.js.map +1 -1
  102. package/esm/browser/oidc/parseFromUrl.js +1 -0
  103. package/esm/browser/oidc/parseFromUrl.js.map +1 -1
  104. package/esm/browser/oidc/renewTokens.js +3 -1
  105. package/esm/browser/oidc/renewTokens.js.map +1 -1
  106. package/esm/browser/oidc/types/Token.js +7 -1
  107. package/esm/browser/oidc/types/Token.js.map +1 -1
  108. package/esm/browser/oidc/types/TokenManager.js.map +1 -1
  109. package/esm/browser/oidc/util/sharedStorage.js +1 -0
  110. package/esm/browser/oidc/util/sharedStorage.js.map +1 -1
  111. package/esm/browser/oidc/verifyToken.js +1 -0
  112. package/esm/browser/oidc/verifyToken.js.map +1 -1
  113. package/esm/browser/package.json +1 -1
  114. package/esm/browser/services/SyncStorageService.js +1 -0
  115. package/esm/browser/services/SyncStorageService.js.map +1 -1
  116. package/esm/node/browser/fingerprint.js +1 -0
  117. package/esm/node/browser/fingerprint.js.map +1 -1
  118. package/esm/node/core/AuthStateManager.js +1 -0
  119. package/esm/node/core/AuthStateManager.js.map +1 -1
  120. package/esm/node/core/options.js +1 -0
  121. package/esm/node/core/options.js.map +1 -1
  122. package/esm/node/exports/exports/authn.js +2 -1
  123. package/esm/node/exports/exports/authn.js.map +1 -1
  124. package/esm/node/exports/exports/core.js +2 -1
  125. package/esm/node/exports/exports/core.js.map +1 -1
  126. package/esm/node/exports/exports/default.js +2 -1
  127. package/esm/node/exports/exports/default.js.map +1 -1
  128. package/esm/node/exports/exports/idx.js +2 -1
  129. package/esm/node/exports/exports/idx.js.map +1 -1
  130. package/esm/node/exports/exports/myaccount.js +2 -1
  131. package/esm/node/exports/exports/myaccount.js.map +1 -1
  132. package/esm/node/http/OktaUserAgent.js +2 -2
  133. package/esm/node/idx/authenticator/util.js +1 -1
  134. package/esm/node/idx/authenticator/util.js.map +1 -1
  135. package/esm/node/idx/factory/api.js +1 -0
  136. package/esm/node/idx/factory/api.js.map +1 -1
  137. package/esm/node/idx/idxState/v1/idxResponseParser.js +4 -0
  138. package/esm/node/idx/idxState/v1/idxResponseParser.js.map +1 -1
  139. package/esm/node/idx/interact.js +1 -0
  140. package/esm/node/idx/interact.js.map +1 -1
  141. package/esm/node/idx/introspect.js +1 -0
  142. package/esm/node/idx/introspect.js.map +1 -1
  143. package/esm/node/idx/remediators/Base/SelectAuthenticator.js +1 -1
  144. package/esm/node/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  145. package/esm/node/idx/transactionMeta.js +1 -0
  146. package/esm/node/idx/transactionMeta.js.map +1 -1
  147. package/esm/node/idx/types/api.js.map +1 -1
  148. package/esm/node/idx/util.js +1 -1
  149. package/esm/node/idx/util.js.map +1 -1
  150. package/esm/node/oidc/TokenManager.js.map +1 -1
  151. package/esm/node/oidc/TransactionManager.js +1 -0
  152. package/esm/node/oidc/TransactionManager.js.map +1 -1
  153. package/esm/node/oidc/enrollAuthenticator.js +1 -0
  154. package/esm/node/oidc/enrollAuthenticator.js.map +1 -1
  155. package/esm/node/oidc/exchangeCodeForTokens.js +1 -0
  156. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  157. package/esm/node/oidc/factory/api.js +4 -1
  158. package/esm/node/oidc/factory/api.js.map +1 -1
  159. package/esm/node/oidc/getToken.js +1 -0
  160. package/esm/node/oidc/getToken.js.map +1 -1
  161. package/esm/node/oidc/getWithPopup.js +1 -0
  162. package/esm/node/oidc/getWithPopup.js.map +1 -1
  163. package/esm/node/oidc/getWithRedirect.js +1 -0
  164. package/esm/node/oidc/getWithRedirect.js.map +1 -1
  165. package/esm/node/oidc/handleOAuthResponse.js +1 -0
  166. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  167. package/esm/node/oidc/introspect.js +67 -0
  168. package/esm/node/oidc/introspect.js.map +1 -0
  169. package/esm/node/oidc/mixin/index.js +25 -20
  170. package/esm/node/oidc/mixin/index.js.map +1 -1
  171. package/esm/node/oidc/parseFromUrl.js +1 -0
  172. package/esm/node/oidc/parseFromUrl.js.map +1 -1
  173. package/esm/node/oidc/renewTokens.js +3 -1
  174. package/esm/node/oidc/renewTokens.js.map +1 -1
  175. package/esm/node/oidc/types/Token.js +7 -1
  176. package/esm/node/oidc/types/Token.js.map +1 -1
  177. package/esm/node/oidc/types/TokenManager.js.map +1 -1
  178. package/esm/node/oidc/util/sharedStorage.js +1 -0
  179. package/esm/node/oidc/util/sharedStorage.js.map +1 -1
  180. package/esm/node/oidc/verifyToken.js +1 -0
  181. package/esm/node/oidc/verifyToken.js.map +1 -1
  182. package/esm/node/package.json +1 -1
  183. package/package.json +9 -5
  184. package/types/lib/idx/types/api.d.ts +1 -0
  185. package/types/lib/oidc/TokenManager.d.ts +2 -2
  186. package/types/lib/oidc/index.d.ts +1 -0
  187. package/types/lib/oidc/introspect.d.ts +14 -0
  188. package/types/lib/oidc/renewTokens.d.ts +2 -2
  189. package/types/lib/oidc/types/Token.d.ts +5 -0
  190. package/types/lib/oidc/types/TokenManager.d.ts +2 -2
  191. package/types/lib/oidc/types/api.d.ts +5 -4
  192. package/types/lib/oidc/types/options.d.ts +4 -0
  193. package/types/lib/oidc/types/proto.d.ts +1 -0
  194. package/umd/authn.js +1 -1
  195. package/umd/authn.js.map +1 -1
  196. package/umd/core.js +1 -1
  197. package/umd/core.js.map +1 -1
  198. package/umd/default.js +1 -1
  199. package/umd/default.js.map +1 -1
  200. package/umd/idx.js +1 -1
  201. package/umd/idx.js.map +1 -1
  202. package/umd/myaccount.js +1 -1
  203. package/umd/myaccount.js.map +1 -1
package/esm/node/oidc/verifyToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verifyToken.js","sources":["../../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"names":["sdkCrypto.verifyToken","sdkCrypto.getOidcHash"],"mappings":";;;;;;;;;;;;;;;;;;;;AAsBO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAe,WAAW,CAAC,CAAA,CAAA,CAA2B,EAAE,CAAc,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,gBAAmC,CAAA,CAAA,CAAA;AAChH,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAC,OAAO,CAAE,CAAA,CAAA;AAC5B,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,MAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAY,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAA+B,CAAC,CAAC;AACzD,CAAA,CAAA,CAAA,CAAA,CAAA;CAGD,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,GAAG,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAW,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAC,CAAO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AAIvC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,KAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAhB,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAhB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,GAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,CAAE,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAC;IACxE,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAY,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAG,CAAA,CAAA,CAAA,CAAE,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AAE7D,CAAA,CAAA,CAAA,CAAA,MAAM,CAAiB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAsB,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,MAAM,CAAC,CAAA;AAEzD,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,QAAQ,CAAE,CAAA,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAC,CAAQ,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;AAC9B,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,eAAe,CAAE,CAAA,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAC,CAAe,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;AAC7C,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,gBAAgB,CAAE,CAAA,CAAA;QAEnB,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA;AACP,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;CAGH,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAc,CAAC,CAAA,CAAA,CAAG,CAAE,CAAA,CAAA,CAAA,CAAG,CAAC,CAAO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAiB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AAIpD,CAAA,CAAA,CAAA,CAAA,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAiB,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAe,IAAI,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAQ,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAsB,EAAE,CAAE,CAAA,CAAA;AACvF,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,KAAK,CAAC;AACd,CAAA,CAAA,CAAA,CAAA,CAAA;AAGD,CAAA,CAAA,CAAA,CAAA,MAAM,CAAG,CAAA,CAAA,CAAA,CAAA,CAAG,MAAM,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,GAAG,CAAE,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,EAAE,CAAG,CAAA,CAAA,CAAC,MAAM,CAAC,CAAA,CAAA,CAAI,CAAC,CAAC;AAC7D,CAAA,CAAA,CAAA,CAAA,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAMA,CAAqB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAC,CAAO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAG,CAAA,CAAA,CAAC,CAAC;CAC9D,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAA,CAAA,CAAA,CAAA,CAAK,CAAE,CAAA,CAAA;AACV,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,MAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAY,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAkC,CAAC,CAAC;AAC5D,CAAA,CAAA,CAAA,CAAA,CAAA;IACD,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAW,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAE,CAAA,CAAA;CAC5E,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAG,CAAMC,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAqB,CAAC,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAW,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AACvE,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,IAAI,CAAK,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAC,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,OAAO,CAAE,CAAA,CAAA;AACjC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,MAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAY,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgC,CAAC,CAAC;AAC1D,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;AACF,CAAA,CAAA,CAAA,CAAA,CAAA;AACD,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,KAAK,CAAC;AACf,CAAA;;"}
1
+ {"version":3,"file":"verifyToken.js","sources":["../../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"names":["sdkCrypto.verifyToken","sdkCrypto.getOidcHash"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAsBO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAe,WAAW,CAAC,CAAA,CAAA,CAA2B,EAAE,CAAc,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,gBAAmC,CAAA,CAAA,CAAA;AAChH,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAC,OAAO,CAAE,CAAA,CAAA;AAC5B,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,MAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAY,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAA+B,CAAC,CAAC;AACzD,CAAA,CAAA,CAAA,CAAA,CAAA;CAGD,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,GAAG,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAW,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAC,CAAO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AAIvC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,KAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAhB,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAhB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,GAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,CAAE,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAC;IACxE,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAY,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAG,CAAA,CAAA,CAAA,CAAE,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AAE7D,CAAA,CAAA,CAAA,CAAA,MAAM,CAAiB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAsB,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,MAAM,CAAC,CAAA;AAEzD,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,QAAQ,CAAE,CAAA,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAC,CAAQ,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;AAC9B,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,eAAe,CAAE,CAAA,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAC,CAAe,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;AAC7C,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,gBAAgB,CAAE,CAAA,CAAA;QAEnB,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA;AACP,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;CAGH,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAc,CAAC,CAAA,CAAA,CAAG,CAAE,CAAA,CAAA,CAAA,CAAG,CAAC,CAAO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAiB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AAIpD,CAAA,CAAA,CAAA,CAAA,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAiB,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAe,IAAI,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAA,CAAA,CAAG,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAQ,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAsB,EAAE,CAAE,CAAA,CAAA;AACvF,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,KAAK,CAAC;AACd,CAAA,CAAA,CAAA,CAAA,CAAA;AAGD,CAAA,CAAA,CAAA,CAAA,MAAM,CAAG,CAAA,CAAA,CAAA,CAAA,CAAG,MAAM,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,GAAG,CAAE,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,EAAE,CAAG,CAAA,CAAA,CAAC,MAAM,CAAC,CAAA,CAAA,CAAI,CAAC,CAAC;AAC7D,CAAA,CAAA,CAAA,CAAA,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAG,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAMA,CAAqB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAK,CAAA,CAAA,CAAA,CAAA,CAAC,CAAO,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAE,CAAG,CAAA,CAAA,CAAC,CAAC;CAC9D,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,CAAC,CAAA,CAAA,CAAA,CAAA,CAAK,CAAE,CAAA,CAAA;AACV,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,MAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAY,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAkC,CAAC,CAAC;AAC5D,CAAA,CAAA,CAAA,CAAA,CAAA;IACD,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgB,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAW,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,CAAE,CAAA,CAAA;CAC5E,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAG,CAAMC,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAAA,CAAqB,CAAC,CAAgB,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAW,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,CAAC;AACvE,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAI,IAAI,CAAK,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAK,CAAC,CAAM,CAAA,CAAA,CAAA,CAAA,CAAA,CAAC,OAAO,CAAE,CAAA,CAAA;AACjC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,MAAM,CAAI,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAY,CAAC,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAgC,CAAC,CAAC;AAC1D,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;AACF,CAAA,CAAA,CAAA,CAAA,CAAA;AACD,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAO,KAAK,CAAC;AACf,CAAA;;"}
package/esm/node/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "name": "@okta/okta-auth-js",
3
- "version": "7.3.1",
3
+ "version": "7.4.1",
4
4
  "type": "module"
5
5
  }
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "private": false,
3
3
  "name": "@okta/okta-auth-js",
4
4
  "description": "The Okta Auth SDK",
5
- "version": "7.3.1",
5
+ "version": "7.4.1",
6
6
  "homepage": "https://github.com/okta/okta-auth-js",
7
7
  "license": "Apache-2.0",
8
8
  "main": "cjs/exports/default.js",
@@ -219,7 +219,7 @@
219
219
  "typedoc": "^0.23.19",
220
220
  "typedoc-plugin-markdown": "^3.13.6",
221
221
  "typescript": "^4.7.3",
222
- "webpack": "^5.60.0",
222
+ "webpack": "^5.78.0",
223
223
  "webpack-bundle-analyzer": "^4.5.0",
224
224
  "webpack-cli": "^4.10.0",
225
225
  "webpack-dev-server": "^4.9.2"
@@ -230,13 +230,17 @@
230
230
  },
231
231
  "resolutions": {
232
232
  "**/request/qs": "^6.10.5",
233
- "**/globule/minimatch": "^3.1.2"
233
+ "**/globule/minimatch": "^3.1.2",
234
+ "**/cacheable-request/http-cache-semantics": "^4.0.0",
235
+ "**/has-ansi/ansi-regex": "^4.1.1",
236
+ "**/strip-ansi/ansi-regex": "^3.0.1",
237
+ "**/download/got": "^11.8.5"
234
238
  },
235
239
  "tsd": {
236
240
  "directory": "test/types"
237
241
  },
238
242
  "okta": {
239
- "commitSha": "5706554d6c3d30f9d84aebfd6c9316b96180e8f2",
240
- "fullVersion": "7.3.1-g5706554"
243
+ "commitSha": "92826f6fbb4f8632950aeef5ed4e437587497ef4",
244
+ "fullVersion": "7.4.1-g92826f6"
241
245
  }
242
246
  }
package/types/lib/idx/types/api.d.ts CHANGED
@@ -49,6 +49,7 @@ export declare type Input = {
49
49
  options?: IdxOption[];
50
50
  mutable?: boolean;
51
51
  visible?: boolean;
52
+ customLabel?: boolean;
52
53
  };
53
54
  export interface IdxPollOptions {
54
55
  required?: boolean;
package/types/lib/oidc/TokenManager.d.ts CHANGED
@@ -33,8 +33,8 @@ export declare class TokenManager implements TokenManagerInterface {
33
33
  setExpireEventTimeoutAll(): void;
34
34
  resetExpireEventTimeoutAll(): void;
35
35
  add(key: any, token: Token): void;
36
- getSync(key: any): Token;
37
- get(key: any): Promise<Token>;
36
+ getSync(key: any): Token | undefined;
37
+ get(key: any): Promise<Token | undefined>;
38
38
  getTokensSync(): Tokens;
39
39
  getTokens(): Promise<Tokens>;
40
40
  getStorageKeyByType(type: TokenType): string;
package/types/lib/oidc/index.d.ts CHANGED
@@ -33,3 +33,4 @@ export { getWithoutPrompt } from './getWithoutPrompt';
33
33
  export { getWithPopup } from './getWithPopup';
34
34
  export { getWithRedirect } from './getWithRedirect';
35
35
  export { parseFromUrl } from './parseFromUrl';
36
+ export { oidcIntrospect } from './introspect';
package/types/lib/oidc/introspect.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ /*!
2
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
3
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
4
+ *
5
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
6
+ * Unless required by applicable law or agreed to in writing, software
7
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
8
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9
+ *
10
+ * See the License for the specific language governing permissions and limitations under the License.
11
+ *
12
+ */
13
+ import { Token, TokenKind } from './types';
14
+ export declare function oidcIntrospect(sdk: any, kind: TokenKind, token?: Token): Promise<any>;
package/types/lib/oidc/renewTokens.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import { TokenParams, Tokens } from './types';
2
- export declare function renewTokens(sdk: any, options?: TokenParams): Promise<Tokens>;
1
+ import { RenewTokensParams, Tokens } from './types';
2
+ export declare function renewTokens(sdk: any, options?: RenewTokensParams): Promise<Tokens>;
package/types/lib/oidc/types/Token.d.ts CHANGED
@@ -36,6 +36,11 @@ export interface IDToken extends AbstractToken {
36
36
  export declare type Token = AccessToken | IDToken | RefreshToken;
37
37
  export declare type RevocableToken = AccessToken | RefreshToken;
38
38
  export declare type TokenType = 'accessToken' | 'idToken' | 'refreshToken';
39
+ export declare enum TokenKind {
40
+ ACCESS = "accessToken",
41
+ ID = "idToken",
42
+ REFRESH = "refreshToken"
43
+ }
39
44
  export declare function isToken(obj: any): obj is Token;
40
45
  export declare function isAccessToken(obj: any): obj is AccessToken;
41
46
  export declare function isIDToken(obj: any): obj is IDToken;
package/types/lib/oidc/types/TokenManager.d.ts CHANGED
@@ -44,8 +44,8 @@ export interface TokenManagerInterface {
44
44
  remove(key: string): void;
45
45
  hasExpired(token: Token): boolean;
46
46
  getExpireTime(token: Token): number;
47
- get(key: any): Promise<Token>;
48
- getSync(key: any): Token;
47
+ get(key: any): Promise<Token | undefined>;
48
+ getSync(key: any): Token | undefined;
49
49
  getTokens(): Promise<Tokens>;
50
50
  getTokensSync(): Tokens;
51
51
  setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;
package/types/lib/oidc/types/api.d.ts CHANGED
@@ -11,10 +11,10 @@
11
11
  */
12
12
  import { JWTObject } from './JWT';
13
13
  import { OAuthTransactionMeta, PKCETransactionMeta } from './meta';
14
- import { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams } from './options';
14
+ import { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';
15
15
  import { OAuthResponseType } from './proto';
16
16
  import { OAuthStorageManagerInterface } from './storage';
17
- import { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens } from './Token';
17
+ import { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';
18
18
  import { TokenManagerInterface } from './TokenManager';
19
19
  import { CustomUserClaims, UserClaims } from './UserClaims';
20
20
  import { TransactionManagerInterface } from './TransactionManager';
@@ -55,10 +55,11 @@ export interface TokenAPI extends BaseTokenAPI {
55
55
  getWithPopup(params?: TokenParams): Promise<TokenResponse>;
56
56
  revoke(token: RevocableToken): Promise<object>;
57
57
  renew(token: Token): Promise<Token | undefined>;
58
- renewTokens(options?: TokenParams): Promise<Tokens>;
58
+ renewTokens(options?: RenewTokensParams): Promise<Tokens>;
59
59
  renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;
60
60
  verify(token: IDToken, params?: object): Promise<IDToken>;
61
61
  isLoginRedirect(): boolean;
62
+ introspect(kind: TokenKind, token?: Token): any;
62
63
  }
63
64
  export interface TokenVerifyParams {
64
65
  clientId: string;
@@ -82,7 +83,7 @@ export interface IsAuthenticatedOptions {
82
83
  onExpiredToken?: 'renew' | 'remove' | 'none';
83
84
  }
84
85
  export interface SignoutRedirectUrlOptions {
85
- postLogoutRedirectUri?: string;
86
+ postLogoutRedirectUri?: string | null;
86
87
  idToken?: IDToken;
87
88
  state?: string;
88
89
  }
package/types/lib/oidc/types/options.d.ts CHANGED
@@ -14,6 +14,7 @@ import { OktaAuthHttpOptions } from '../../http/types';
14
14
  import { SimpleStorage } from '../../storage/types';
15
15
  import { OktaAuthOAuthInterface, SetLocationFunction } from './api';
16
16
  import { OAuthResponseMode, OAuthResponseType } from './proto';
17
+ import { Tokens } from './Token';
17
18
  import { TransactionManagerOptions } from './Transaction';
18
19
  export interface CustomUrls {
19
20
  issuer?: string;
@@ -70,6 +71,9 @@ export interface EnrollAuthenticatorOptions extends TokenParams {
70
71
  export interface SigninWithRedirectOptions extends TokenParams {
71
72
  originalUri?: string;
72
73
  }
74
+ export interface RenewTokensParams extends TokenParams {
75
+ tokens?: Tokens;
76
+ }
73
77
  export interface OktaAuthOAuthOptions extends OktaAuthHttpOptions, CustomUrls, Pick<TokenParams, 'issuer' | 'clientId' | 'redirectUri' | 'responseType' | 'responseMode' | 'scopes' | 'state' | 'pkce' | 'ignoreSignature' | 'codeChallenge' | 'codeChallengeMethod' | 'maxAge' | 'acrValues'> {
74
78
  ignoreLifetime?: boolean;
75
79
  tokenManager?: TokenManagerOptions;
package/types/lib/oidc/types/proto.d.ts CHANGED
@@ -57,6 +57,7 @@ export interface WellKnownResponse {
57
57
  id_token_signing_alg_values_supported: string[];
58
58
  scopes_supported: string[];
59
59
  claims_supported: string[];
60
+ introspection_endpoint: string;
60
61
  }
61
62
  export declare type OAuthResponseMode = 'okta_post_message' | 'fragment' | 'query' | 'form_post';
62
63
  export declare type OAuthResponseType = 'code' | 'token' | 'id_token' | 'refresh_token';