@okta/okta-auth-js 7.4.2 → 7.5.0

package/cjs/myaccount/types.js

@@ -1,57 +1,6 @@
 "use strict";
 
-Object.defineProperty(exports, "BaseTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.BaseTransaction;
-  }
-});
-Object.defineProperty(exports, "EmailChallengeTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.EmailChallengeTransaction;
-  }
-});
-exports.EmailRole = void 0;
-Object.defineProperty(exports, "EmailStatusTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.EmailStatusTransaction;
-  }
-});
-Object.defineProperty(exports, "EmailTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.EmailTransaction;
-  }
-});
-exports.PasswordStatus = void 0;
-Object.defineProperty(exports, "PasswordTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.PasswordTransaction;
-  }
-});
-Object.defineProperty(exports, "PhoneTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.PhoneTransaction;
-  }
-});
-Object.defineProperty(exports, "ProfileSchemaTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.ProfileSchemaTransaction;
-  }
-});
-Object.defineProperty(exports, "ProfileTransaction", {
-  enumerable: true,
-  get: function () {
-    return _transactions.ProfileTransaction;
-  }
-});
-exports.Status = void 0;
-var _transactions = require("./transactions");
+exports.Status = exports.PasswordStatus = exports.EmailRole = void 0;
 let EmailRole;
 exports.EmailRole = EmailRole;
 (function (EmailRole) {

package/cjs/myaccount/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","names":["EmailRole","Status","PasswordStatus"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta\n} from '../oidc/types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PasswordTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n  NOT_ENROLLED = 'NOT_ENROLLED',\n  ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n  profile: {\n    password: string;\n  }\n}\n\nexport type UpdatePasswordPayload = {\n  profile: {\n    password: string;\n    currentPassword?: string;\n  }\n}\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload\n    | EnrollPasswordPayload\n    | UpdatePasswordPayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthOAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n  extends OktaAuthOAuthInterface<M, S, O>\n{\n  myaccount;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA;AASwB,IAEZA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAKTC,MAAM;AAAA;AAAA,WAANA,MAAM;EAANA,MAAM;EAANA,MAAM;AAAA,GAANA,MAAM,sBAANA,MAAM;AAAA,IAKNC,cAAc;AAAA;AAAA,WAAdA,cAAc;EAAdA,cAAc;EAAdA,cAAc;AAAA,GAAdA,cAAc,8BAAdA,cAAc"}
+{"version":3,"file":"types.js","names":["EmailRole","Status","PasswordStatus"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta\n} from '../oidc/types';\n\nexport type { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PasswordTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n  NOT_ENROLLED = 'NOT_ENROLLED',\n  ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n  profile: {\n    password: string;\n  }\n}\n\nexport type UpdatePasswordPayload = {\n  profile: {\n    password: string;\n    currentPassword?: string;\n  }\n}\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload\n    | EnrollPasswordPayload\n    | UpdatePasswordPayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthOAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n  extends OktaAuthOAuthInterface<M, S, O>\n{\n  myaccount;\n}\n"],"mappings":";;;IAmBYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAKTC,MAAM;AAAA;AAAA,WAANA,MAAM;EAANA,MAAM;EAANA,MAAM;AAAA,GAANA,MAAM,sBAANA,MAAM;AAAA,IAKNC,cAAc;AAAA;AAAA,WAAdA,cAAc;EAAdA,cAAc;EAAdA,cAAc;AAAA,GAAdA,cAAc,8BAAdA,cAAc"}

package/cjs/oidc/TokenManager.js

@@ -345,8 +345,9 @@ class TokenManager {
       if (!token) {
         throw new _errors.AuthSdkError('The tokenManager has no token for the key: ' + key);
       }
-    } catch (e) {
-      return Promise.reject(e);
+    } catch (err) {
+      this.emitError(err);
+      return Promise.reject(err);
     }
 
     // Remove existing autoRenew timeout

package/cjs/oidc/TokenManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","e","Promise","reject","renewTokens","then","tokenType","catch","err","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token | undefined {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token | undefined> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (e) {\n      return Promise.reject(e);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token!);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAqB;IAC9B,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAA8B;IACzC,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,CAAC,EAAE;MACV,OAAOC,OAAO,CAACC,MAAM,CAACF,CAAC,CAAC;IAC1B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAE;MAC3C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACC,GAAG,IAAI;MACZ;MACA,IAAI,CAACX,MAAM,CAAChE,GAAG,CAAC;MAChB2E,GAAG,CAACC,QAAQ,GAAG5E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACgE,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDE,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC7F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAwH,KAAK,GAAG;IACN,MAAM1C,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAACgI,YAAY,EAAE;IAC3B,IAAI,CAAC/C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMqD,aAAa,GAAG,CAAC,CAAC;IACxB9G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACiF,aAAa,EAAE;QACnCD,aAAa,CAAChF,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC2C,aAAa,CAAC,CAAC1C,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEgF,aAAa,CAAChF,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAkF,kBAAkB,CAACxF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;;IAEjF;IACA,IAAIzD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAoD,kBAAkB,GAAI;IACpB,MAAMpF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;IACjF,IAAI,CAACnB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAqF,qBAAqB,GAAG;IACtB,MAAMjD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACiF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC9B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}
+{"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","err","Promise","reject","renewTokens","then","tokenType","catch","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token | undefined {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token | undefined> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (err) {\n      this.emitError(err);\n      return Promise.reject(err);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token!);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAqB;IAC9B,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAA8B;IACzC,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,GAAG,EAAE;MACZ,IAAI,CAACzD,SAAS,CAACyD,GAAG,CAAC;MACnB,OAAOC,OAAO,CAACC,MAAM,CAACF,GAAG,CAAC;IAC5B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAE;MAC3C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACN,GAAG,IAAI;MACZ;MACA,IAAI,CAACJ,MAAM,CAAChE,GAAG,CAAC;MAChBoE,GAAG,CAACO,QAAQ,GAAG3E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACyD,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDQ,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC5F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAuH,KAAK,GAAG;IACN,MAAMzC,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAAC+H,YAAY,EAAE;IAC3B,IAAI,CAAC9C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMoD,aAAa,GAAG,CAAC,CAAC;IACxB7G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACgF,aAAa,EAAE;QACnCD,aAAa,CAAC/E,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC0C,aAAa,CAAC,CAACzC,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAE+E,aAAa,CAAC/E,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAiF,kBAAkB,CAACvF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIqC,oCAAyB;;IAEjF;IACA,IAAIxD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAmD,kBAAkB,GAAI;IACpB,MAAMnF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIqC,oCAAyB;IACjF,IAAI,CAAClB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAoF,qBAAqB,GAAG;IACtB,MAAMhD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACgF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC7B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}

package/cjs/oidc/factory/baseApi.js

@@ -0,0 +1,29 @@
+"use strict";
+
+exports.createBaseTokenAPI = createBaseTokenAPI;
+var _decodeToken = require("../decodeToken");
+var _exchangeCodeForTokens = require("../exchangeCodeForTokens");
+var _util = require("../util");
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and limitations under the License.
+ *
+ */
+
+// Factory
+function createBaseTokenAPI(sdk) {
+  const token = {
+    prepareTokenParams: _util.prepareTokenParams.bind(null, sdk),
+    exchangeCodeForTokens: _exchangeCodeForTokens.exchangeCodeForTokens.bind(null, sdk),
+    decode: _decodeToken.decodeToken
+  };
+  return token;
+}
+//# sourceMappingURL=baseApi.js.map

package/cjs/oidc/factory/baseApi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseApi.js","names":["createBaseTokenAPI","sdk","token","prepareTokenParams","bind","exchangeCodeForTokens","decode","decodeToken"],"sources":["../../../../lib/oidc/factory/baseApi.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport {\n  OktaAuthOAuthInterface,\n  BaseTokenAPI,\n} from '../types';\nimport { prepareTokenParams } from '../util';\n\n// Factory\nexport function createBaseTokenAPI(sdk: OktaAuthOAuthInterface): BaseTokenAPI {\n  const token: BaseTokenAPI = {\n    prepareTokenParams: prepareTokenParams.bind(null, sdk),\n    exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n    decode: decodeToken,\n  };\n\n  return token;\n}\n"],"mappings":";;;AAaA;AACA;AAKA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAUA;AACO,SAASA,kBAAkB,CAACC,GAA2B,EAAgB;EAC5E,MAAMC,KAAmB,GAAG;IAC1BC,kBAAkB,EAAEA,wBAAkB,CAACC,IAAI,CAAC,IAAI,EAAEH,GAAG,CAAC;IACtDI,qBAAqB,EAAEA,4CAAqB,CAACD,IAAI,CAAC,IAAI,EAAEH,GAAG,CAAC;IAC5DK,MAAM,EAAEC;EACV,CAAC;EAED,OAAOL,KAAK;AACd"}

package/cjs/oidc/mixin/index.js

@@ -7,7 +7,7 @@ var _http = require("../../http");
 var _util = require("../../util");
 var crypto = _interopRequireWildcard(require("../../crypto"));
 var _pkce = _interopRequireDefault(require("../util/pkce"));
-var _factory = require("../factory");
+var _api = require("../factory/api");
 var _TokenManager = require("../TokenManager");
 var _util2 = require("../util");
 var _node = require("./node");
@@ -31,11 +31,11 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
         handleLogin: false
       };
       this._tokenQueue = new _util.PromiseQueue();
-      this.token = (0, _factory.createTokenAPI)(this, this._tokenQueue);
+      this.token = (0, _api.createTokenAPI)(this, this._tokenQueue);
 
       // TokenManager
       this.tokenManager = new _TokenManager.TokenManager(this, this.options.tokenManager);
-      this.endpoints = (0, _factory.createEndpoints)(this);
+      this.endpoints = (0, _api.createEndpoints)(this);
     }
 
     // inherited from subclass
@@ -158,13 +158,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
       return !!this.options.pkce;
     }
     hasResponseType(responseType) {
-      let hasResponseType = false;
-      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
-        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;
-      } else {
-        hasResponseType = this.options.responseType === responseType;
-      }
-      return hasResponseType;
+      return (0, _util2.hasResponseType)(responseType, this.options);
     }
     isAuthorizationCodeFlow() {
       return this.hasResponseType('code');

package/cjs/oidc/mixin/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","Array","isArray","length","indexOf","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n  Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n    endpoints: Endpoints;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n      this.endpoints = createEndpoints(this);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens, responseType } = await this.token.parseFromUrl();\n      if (responseType !== 'none') {\n        this.tokenManager.setTokens(tokens);\n      }\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n  \n    hasResponseType(responseType: OAuthResponseType): boolean {\n      let hasResponseType = false;\n      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n      } else {\n        hasResponseType = this.options.responseType === responseType;\n      }\n      return hasResponseType;\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (postLogoutRedirectUri === undefined) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity, max-statements\n    async signOut(options?: SignoutOptions): Promise<boolean> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      const defaultUri = window.location.origin;\n      const currentUri = window.location.href;\n      // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n      //    \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n      //    Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n      // - https://developer.okta.com/docs/reference/api/oidc/#logout\n      const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n        (options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri);\n      const state = options?.state;\n      \n    \n      let accessToken = options.accessToken;\n      let refreshToken = options.refreshToken;\n      const revokeAccessToken = options.revokeAccessToken !== false;\n      const revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        const sessionClosed = await this.closeSession();   // can throw if the user cannot be signed out\n        const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n        if (state) {\n          redirectUri.searchParams.append('state', state);\n        }\n        if (postLogoutRedirectUri === currentUri) {\n          // window.location.reload(); // force a hard reload if URI is not changing\n          window.location.href = redirectUri.href;\n        } else {\n          window.location.assign(redirectUri.href);\n        }\n        return sessionClosed;\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n        return true;\n      }\n    }\n\n  };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,uBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,wBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,IAAIK,eAAe,GAAG,KAAK;MAC3B,IAAIC,KAAK,CAACC,OAAO,CAAC,IAAI,CAACvD,OAAO,CAACgD,YAAY,CAAC,IAAI,IAAI,CAAChD,OAAO,CAACgD,YAAY,CAACQ,MAAM,EAAE;QAChFH,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,CAACS,OAAO,CAACT,YAAY,CAAC,IAAI,CAAC;MACxE,CAAC,MAAM;QACLK,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,KAAKA,YAAY;MAC9D;MACA,OAAOK,eAAe;IACxB;IAEAK,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACL,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAMM,eAAe,CAAC3D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAoC,iBAAW,EAAC,IAAI,EAAE7D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM8D,iBAAiB,CAACrC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QAC9E,MAAMsC,cAAc,GAAG,IAAI,CAACnD,YAAY,CAACoD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACiC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACtC,WAAW,EAAE;QAChB,OAAOwC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAAC1C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM2C,kBAAkB,CAACvB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAACgD,SAAS,EAAE,EAAEf,YAA4B;QACjF,MAAMwB,eAAe,GAAG,IAAI,CAACzD,YAAY,CAACoD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACuC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACxB,YAAY,EAAE;QACjB,OAAOoB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAACtB,YAAY,CAAC;IACxC;IAEAyB,qBAAqB,CAACtE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPwC,qBAAqB;QACrBC;MACF,CAAC,GAAGxE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIwC,qBAAqB,KAAK3C,SAAS,EAAE;QACvC2C,qBAAqB,GAAG,IAAI,CAACvE,OAAO,CAACuE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG5C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI6C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC9E,OAAwB,EAAoB;MAAA;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAM+E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGvE,OAAO,CAACuE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxEvE,OAAO,CAACuE,qBAAqB,IAC3B,IAAI,CAACvE,OAAO,CAACuE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,eAAGxE,OAAO,6CAAP,SAASwE,KAAK;MAG5B,IAAI/C,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMiB,iBAAiB,GAAG9D,OAAO,CAAC8D,iBAAiB,KAAK,KAAK;MAC7D,MAAMM,kBAAkB,GAAGpE,OAAO,CAACoE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOvB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIiB,iBAAiB,IAAI,OAAOrC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIqC,kBAAkB,IAAIvB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACuB,kBAAkB,CAACvB,YAAY,CAAC;MAC7C;MAEA,IAAIiB,iBAAiB,IAAIrC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACqC,iBAAiB,CAACrC,WAAW,CAAC;MAC3C;MAEA,MAAMmD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGtE,OAAO;QAAEuE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAACyF,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAIrF,OAAO,CAAC2F,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC/E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAACgF,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAAC8E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDA7S4BiB,MAAM;AA+SrC"}
+{"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n  Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n    endpoints: Endpoints;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n      this.endpoints = createEndpoints(this);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens, responseType } = await this.token.parseFromUrl();\n      if (responseType !== 'none') {\n        this.tokenManager.setTokens(tokens);\n      }\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n\n    hasResponseType(responseType: OAuthResponseType): boolean {\n      return hasResponseType(responseType, this.options);\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (postLogoutRedirectUri === undefined) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity, max-statements\n    async signOut(options?: SignoutOptions): Promise<boolean> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      const defaultUri = window.location.origin;\n      const currentUri = window.location.href;\n      // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n      //    \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n      //    Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n      // - https://developer.okta.com/docs/reference/api/oidc/#logout\n      const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n        (options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri);\n      const state = options?.state;\n      \n    \n      let accessToken = options.accessToken;\n      let refreshToken = options.refreshToken;\n      const revokeAccessToken = options.revokeAccessToken !== false;\n      const revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        const sessionClosed = await this.closeSession();   // can throw if the user cannot be signed out\n        const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n        if (state) {\n          redirectUri.searchParams.append('state', state);\n        }\n        if (postLogoutRedirectUri === currentUri) {\n          // window.location.reload(); // force a hard reload if URI is not changing\n          window.location.href = redirectUri.href;\n        } else {\n          window.location.assign(redirectUri.href);\n        }\n        return sessionClosed;\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n        return true;\n      }\n    }\n\n  };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,mBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,oBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,OAAO,IAAAK,sBAAe,EAACL,YAAY,EAAE,IAAI,CAAChD,OAAO,CAAC;IACpD;IAEAsD,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACD,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAME,eAAe,CAACvD,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAAC4C,SAAS,EAAE,EAAE/B,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAgC,iBAAW,EAAC,IAAI,EAAEzD,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM0D,iBAAiB,CAACjC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAAC4C,SAAS,EAAE,EAAE/B,WAA0B;QAC9E,MAAMkC,cAAc,GAAG,IAAI,CAAC/C,YAAY,CAACgD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAAChD,YAAY,CAACkB,MAAM,CAAC6B,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAAClC,WAAW,EAAE;QAChB,OAAOoC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACpD,KAAK,CAACqD,MAAM,CAACtC,WAAW,CAAC;IACvC;;IAEA;IACA,MAAMuC,kBAAkB,CAACnB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAAC4C,SAAS,EAAE,EAAEX,YAA4B;QACjF,MAAMoB,eAAe,GAAG,IAAI,CAACrD,YAAY,CAACgD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAAChD,YAAY,CAACkB,MAAM,CAACmC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACpB,YAAY,EAAE;QACjB,OAAOgB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACpD,KAAK,CAACqD,MAAM,CAAClB,YAAY,CAAC;IACxC;IAEAqB,qBAAqB,CAAClE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPoC,qBAAqB;QACrBC;MACF,CAAC,GAAGpE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIoC,qBAAqB,KAAKvC,SAAS,EAAE;QACvCuC,qBAAqB,GAAG,IAAI,CAACnE,OAAO,CAACmE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAGxC,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAIyC,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC1E,OAAwB,EAAoB;MAAA;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAM2E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGnE,OAAO,CAACmE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxEnE,OAAO,CAACmE,qBAAqB,IAC3B,IAAI,CAACnE,OAAO,CAACmE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,eAAGpE,OAAO,6CAAP,SAASoE,KAAK;MAG5B,IAAI3C,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMa,iBAAiB,GAAG1D,OAAO,CAAC0D,iBAAiB,KAAK,KAAK;MAC7D,MAAMM,kBAAkB,GAAGhE,OAAO,CAACgE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOnB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIa,iBAAiB,IAAI,OAAOjC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIiC,kBAAkB,IAAInB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACmB,kBAAkB,CAACnB,YAAY,CAAC;MAC7C;MAEA,IAAIa,iBAAiB,IAAIjC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACiC,iBAAiB,CAACjC,WAAW,CAAC;MAC3C;MAEA,MAAM+C,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGlE,OAAO;QAAEmE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAAC/E,MAAM,CAACqF,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAIjF,OAAO,CAACuF,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC3E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAAC4E,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAAC/E,MAAM,CAAC0E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDAvS4BiB,MAAM;AAySrC"}

package/cjs/oidc/mixin/minimal.js

@@ -0,0 +1,29 @@
+"use strict";
+
+exports.mixinMinimalOAuth = mixinMinimalOAuth;
+var _baseApi = require("../factory/baseApi");
+var _util = require("../util");
+function mixinMinimalOAuth(Base, TransactionManagerConstructor) {
+  return class OktaAuthOAuth extends Base {
+    constructor(...args) {
+      super(...args);
+      this.transactionManager = new TransactionManagerConstructor(Object.assign({
+        storageManager: this.storageManager
+      }, this.options.transactionManager));
+      this.token = (0, _baseApi.createBaseTokenAPI)(this);
+    }
+    isLoginRedirect() {
+      return (0, _util.isLoginRedirect)(this);
+    }
+    isPKCE() {
+      return !!this.options.pkce;
+    }
+    hasResponseType(responseType) {
+      return (0, _util.hasResponseType)(responseType, this.options);
+    }
+    isAuthorizationCodeFlow() {
+      return this.hasResponseType('code');
+    }
+  };
+}
+//# sourceMappingURL=minimal.js.map

package/cjs/oidc/mixin/minimal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"minimal.js","names":["mixinMinimalOAuth","Base","TransactionManagerConstructor","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","token","createBaseTokenAPI","isLoginRedirect","isPKCE","pkce","hasResponseType","responseType","isAuthorizationCodeFlow"],"sources":["../../../../lib/oidc/mixin/minimal.ts"],"sourcesContent":["\nimport { OktaAuthConstructor } from '../../base/types';\nimport {\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  MinimalOktaOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta,\n  BaseTokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n} from '../types';\nimport { createBaseTokenAPI } from '../factory/baseApi';\nimport { isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nexport function mixinMinimalOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n{\n  return class OktaAuthOAuth extends Base implements MinimalOktaOAuthInterface<M, S, O, TM>\n  {\n    token: BaseTokenAPI;\n    transactionManager: TM;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.token = createBaseTokenAPI(this as any);\n    }\n\n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this as any);\n    }\n\n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n\n    hasResponseType(responseType: OAuthResponseType): boolean {\n      return hasResponseType(responseType, this.options);\n    }\n\n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n  };\n\n}\n"],"mappings":";;;AAaA;AACA;AAGO,SAASA,iBAAiB,CAU/BC,IAAW,EACXC,6BAAgE,EAElE;EACE,OAAO,MAAMC,aAAa,SAASF,IAAI,CACvC;IAIEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIJ,6BAA6B,CAACK,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,KAAK,GAAG,IAAAC,2BAAkB,EAAC,IAAI,CAAQ;IAC9C;IAEAC,eAAe,GAAY;MACzB,OAAO,IAAAA,qBAAe,EAAC,IAAI,CAAQ;IACrC;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACJ,OAAO,CAACK,IAAI;IAC5B;IAEAC,eAAe,CAACC,YAA+B,EAAW;MACxD,OAAO,IAAAD,qBAAe,EAACC,YAAY,EAAE,IAAI,CAACP,OAAO,CAAC;IACpD;IAEAQ,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACF,eAAe,CAAC,MAAM,CAAC;IACrC;EAEF,CAAC;AAEH"}

package/cjs/oidc/types/api.js.map

@@ -1 +1 @@
-{"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n  popupTitle?: string;\n  popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n  tokens: Tokens;\n  state: string;\n  code?: string;\n  responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n  url?: string;\n  responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n  _getDocument: () => Document;\n  _getLocation: () => Location;\n  _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n  decode(token: string): JWTObject;\n  prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n  exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n  getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n    accessToken?: AccessToken,\n    idToken?: IDToken\n  ): Promise<UserClaims<S>>;\n  getWithRedirect: GetWithRedirectFunction;\n  parseFromUrl: ParseFromUrlInterface;\n  getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n  getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n  revoke(token: RevocableToken): Promise<object>;\n  renew(token: Token): Promise<Token | undefined>;\n  renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n  renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n  verify(token: IDToken, params?: object): Promise<IDToken>;\n  isLoginRedirect(): boolean;\n  introspect(kind: TokenKind, token?: Token): any;  // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n  clientId: string;\n  issuer: string;\n  ignoreSignature?: boolean;\n  nonce?: string;\n  accessToken?: string; // raw access token string\n  acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n  authorize: {\n    _getLocationHref: () => string;\n  };\n}\n\nexport interface PkceAPI {\n  DEFAULT_CODE_CHALLENGE_METHOD: string;\n  generateVerifier(prefix: string): string;\n  computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n  onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n  postLogoutRedirectUri?: string | null;\n  idToken?: IDToken;\n  state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n  revokeAccessToken?: boolean;\n  revokeRefreshToken?: boolean;\n  accessToken?: AccessToken;\n  refreshToken?: RefreshToken;\n  clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n  getOriginalUri(state?: string): string | undefined;\n  setOriginalUri(originalUri: string, state?: string): void;\n  removeOriginalUri(state?: string): void;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n  extends OktaAuthSessionInterface<S, O>,\n  OriginalUriApi\n{\n  token: TokenAPI;\n  tokenManager: TokenManagerInterface;\n  pkce: PkceAPI;\n  transactionManager: TM;\n  endpoints: Endpoints;\n  \n  isPKCE(): boolean;\n  getIdToken(): string | undefined;\n  getAccessToken(): string | undefined;\n  getRefreshToken(): string | undefined;\n\n  isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n  signOut(opts?: SignoutOptions): Promise<boolean>;\n  isLoginRedirect(): boolean;\n  storeTokensFromRedirect(): Promise<void>;\n  getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n  signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n  \n  revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n  revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
+{"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n  popupTitle?: string;\n  popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n  tokens: Tokens;\n  state: string;\n  code?: string;\n  responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n  url?: string;\n  responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n  _getDocument: () => Document;\n  _getLocation: () => Location;\n  _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n  decode(token: string): JWTObject;\n  prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n  exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n  getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n    accessToken?: AccessToken,\n    idToken?: IDToken\n  ): Promise<UserClaims<S>>;\n  getWithRedirect: GetWithRedirectFunction;\n  parseFromUrl: ParseFromUrlInterface;\n  getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n  getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n  revoke(token: RevocableToken): Promise<object>;\n  renew(token: Token): Promise<Token | undefined>;\n  renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n  renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n  verify(token: IDToken, params?: object): Promise<IDToken>;\n  isLoginRedirect(): boolean;\n  introspect(kind: TokenKind, token?: Token): any;  // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n  clientId: string;\n  issuer: string;\n  ignoreSignature?: boolean;\n  nonce?: string;\n  accessToken?: string; // raw access token string\n  acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n  authorize: {\n    _getLocationHref: () => string;\n  };\n}\n\nexport interface PkceAPI {\n  DEFAULT_CODE_CHALLENGE_METHOD: string;\n  generateVerifier(prefix: string): string;\n  computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n  onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n  postLogoutRedirectUri?: string | null;\n  idToken?: IDToken;\n  state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n  revokeAccessToken?: boolean;\n  revokeRefreshToken?: boolean;\n  accessToken?: AccessToken;\n  refreshToken?: RefreshToken;\n  clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n  getOriginalUri(state?: string): string | undefined;\n  setOriginalUri(originalUri: string, state?: string): void;\n  removeOriginalUri(state?: string): void;\n}\n\nexport interface MinimalOktaOAuthInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n  extends OktaAuthSessionInterface<S, O>\n{\n  token: BaseTokenAPI;\n  transactionManager: TM;\n\n  isPKCE(): boolean;\n  isLoginRedirect(): boolean;\n  isAuthorizationCodeFlow(): boolean;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n  extends OktaAuthSessionInterface<S, O>,\n  OriginalUriApi\n{\n  token: TokenAPI;\n  tokenManager: TokenManagerInterface;\n  pkce: PkceAPI;\n  transactionManager: TM;\n  endpoints: Endpoints;\n  \n  isPKCE(): boolean;\n  getIdToken(): string | undefined;\n  getAccessToken(): string | undefined;\n  getRefreshToken(): string | undefined;\n\n  isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n  signOut(opts?: SignoutOptions): Promise<boolean>;\n  isLoginRedirect(): boolean;\n  isAuthorizationCodeFlow(): boolean;\n  storeTokensFromRedirect(): Promise<void>;\n  getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n  signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n  \n  revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n  revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}

package/cjs/oidc/util/loginRedirect.js

@@ -4,6 +4,7 @@ exports.getHashOrSearch = getHashOrSearch;
 exports.hasAuthorizationCode = hasAuthorizationCode;
 exports.hasErrorInUrl = hasErrorInUrl;
 exports.hasInteractionCode = hasInteractionCode;
+exports.hasResponseType = hasResponseType;
 exports.hasTokensInHash = hasTokensInHash;
 exports.isCodeFlow = isCodeFlow;
 exports.isInteractionRequired = isInteractionRequired;
@@ -50,6 +51,15 @@ function isRedirectUri(uri, sdk) {
 function isCodeFlow(options) {
   return options.pkce || options.responseType === 'code' || options.responseMode === 'query';
 }
+function hasResponseType(responseType, options) {
+  let hasResponseType = false;
+  if (Array.isArray(options.responseType) && options.responseType.length) {
+    hasResponseType = options.responseType.indexOf(responseType) >= 0;
+  } else {
+    hasResponseType = options.responseType === responseType;
+  }
+  return hasResponseType;
+}
 function getHashOrSearch(options) {
   var codeFlow = isCodeFlow(options);
   var useQuery = codeFlow && options.responseMode !== 'fragment';

package/cjs/oidc/util/loginRedirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n  var authParams = sdk.options;\n  if (!uri || !authParams.redirectUri) {\n    return false;\n  }\n  return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGO,SAASA,eAAe,CAACC,IAAY,EAAW;EACrD,OAAO,uBAAuB,CAACC,IAAI,CAACD,IAAI,CAAC;AAC3C;;AAEA;AACO,SAASE,oBAAoB,CAACC,YAAoB,EAAW;EAClE,OAAO,UAAU,CAACF,IAAI,CAACE,YAAY,CAAC;AACtC;;AAEA;AACO,SAASC,kBAAkB,CAACD,YAAoB,EAAW;EAChE,OAAO,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AAClD;AAEO,SAASE,aAAa,CAACF,YAAoB,EAAW;EAC3D,OAAO,WAAW,CAACF,IAAI,CAACE,YAAY,CAAC,IAAI,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AACpF;AAEO,SAASG,aAAa,CAACC,GAAW,EAAEC,GAA2B,EAAW;EAC/E,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAAO;EAC5B,IAAI,CAACH,GAAG,IAAI,CAACE,UAAU,CAACE,WAAW,EAAE;IACnC,OAAO,KAAK;EACd;EACA,OAAOJ,GAAG,CAACK,OAAO,CAACH,UAAU,CAACE,WAAW,CAAC,KAAK,CAAC;AAClD;AAEO,SAASE,UAAU,CAACH,OAA6B,EAAE;EACxD,OAAOA,OAAO,CAACI,IAAI,IAAIJ,OAAO,CAACK,YAAY,KAAK,MAAM,IAAIL,OAAO,CAACM,YAAY,KAAK,OAAO;AAC5F;AAEO,SAASC,eAAe,CAACP,OAA6B,EAAE;EAC7D,IAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAO,CAAC;EAClC,IAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAY,KAAK,UAAU;EAC9D,OAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM,GAAGF,MAAM,CAACC,QAAQ,CAACrB,IAAI;AACjE;;AAEA;AACA;AACA;AACA;AACO,SAASuB,eAAe,CAAEf,GAA2B,EAAE;EAC5D;EACA,IAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAQ,CAACG,IAAI,EAAEhB,GAAG,CAAC,EAAC;IAC5C,OAAO,KAAK;EACd;;EAEA;EACA,IAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAO,CAAC;EACtC,IAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAO,CAAC;EAE/C,IAAIL,aAAa,CAACF,YAAY,CAAC,EAAE;IAC/B,OAAO,IAAI;EACb;EAEA,IAAIe,QAAQ,EAAE;IACZ,IAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAY,CAAC,IAAIC,kBAAkB,CAACD,YAAY,CAAC;IACrF,OAAOsB,OAAO;EAChB;;EAEA;EACA,OAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAQ,CAACrB,IAAI,CAAC;AAC9C;;AAEA;AACA;AACA;AACA;AACO,SAAS0B,qBAAqB,CAAElB,GAA2B,EAAEL,YAAqB,EAAE;EACzF,IAAI,CAACA,YAAY,EAAE;IAAE;IACnB;IACA,IAAI,CAACoB,eAAe,CAACf,GAAG,CAAC,EAAC;MACxB,OAAO,KAAK;IACd;IAEAL,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAO,CAAC;EAC7C;EACA,OAAO,+BAA+B,CAACT,IAAI,CAACE,YAAY,CAAC;AAC3D"}
+{"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","hasResponseType","Array","isArray","length","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface, OAuthResponseType } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n  var authParams = sdk.options;\n  if (!uri || !authParams.redirectUri) {\n    return false;\n  }\n  return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function hasResponseType(responseType: OAuthResponseType, options: OktaAuthOAuthOptions): boolean {\n  let hasResponseType = false;\n  if (Array.isArray(options.responseType) && options.responseType.length) {\n    hasResponseType = options.responseType.indexOf(responseType) >= 0;\n  } else {\n    hasResponseType = options.responseType === responseType;\n  }\n  return hasResponseType;\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGO,SAASA,eAAe,CAACC,IAAY,EAAW;EACrD,OAAO,uBAAuB,CAACC,IAAI,CAACD,IAAI,CAAC;AAC3C;;AAEA;AACO,SAASE,oBAAoB,CAACC,YAAoB,EAAW;EAClE,OAAO,UAAU,CAACF,IAAI,CAACE,YAAY,CAAC;AACtC;;AAEA;AACO,SAASC,kBAAkB,CAACD,YAAoB,EAAW;EAChE,OAAO,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AAClD;AAEO,SAASE,aAAa,CAACF,YAAoB,EAAW;EAC3D,OAAO,WAAW,CAACF,IAAI,CAACE,YAAY,CAAC,IAAI,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AACpF;AAEO,SAASG,aAAa,CAACC,GAAW,EAAEC,GAA2B,EAAW;EAC/E,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAAO;EAC5B,IAAI,CAACH,GAAG,IAAI,CAACE,UAAU,CAACE,WAAW,EAAE;IACnC,OAAO,KAAK;EACd;EACA,OAAOJ,GAAG,CAACK,OAAO,CAACH,UAAU,CAACE,WAAW,CAAC,KAAK,CAAC;AAClD;AAEO,SAASE,UAAU,CAACH,OAA6B,EAAE;EACxD,OAAOA,OAAO,CAACI,IAAI,IAAIJ,OAAO,CAACK,YAAY,KAAK,MAAM,IAAIL,OAAO,CAACM,YAAY,KAAK,OAAO;AAC5F;AAEO,SAASC,eAAe,CAACF,YAA+B,EAAEL,OAA6B,EAAW;EACvG,IAAIO,eAAe,GAAG,KAAK;EAC3B,IAAIC,KAAK,CAACC,OAAO,CAACT,OAAO,CAACK,YAAY,CAAC,IAAIL,OAAO,CAACK,YAAY,CAACK,MAAM,EAAE;IACtEH,eAAe,GAAGP,OAAO,CAACK,YAAY,CAACH,OAAO,CAACG,YAAY,CAAC,IAAI,CAAC;EACnE,CAAC,MAAM;IACLE,eAAe,GAAGP,OAAO,CAACK,YAAY,KAAKA,YAAY;EACzD;EACA,OAAOE,eAAe;AACxB;AAEO,SAASI,eAAe,CAACX,OAA6B,EAAE;EAC7D,IAAIY,QAAQ,GAAGT,UAAU,CAACH,OAAO,CAAC;EAClC,IAAIa,QAAQ,GAAGD,QAAQ,IAAIZ,OAAO,CAACM,YAAY,KAAK,UAAU;EAC9D,OAAOO,QAAQ,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM,GAAGF,MAAM,CAACC,QAAQ,CAACzB,IAAI;AACjE;;AAEA;AACA;AACA;AACA;AACO,SAAS2B,eAAe,CAAEnB,GAA2B,EAAE;EAC5D;EACA,IAAI,CAACF,aAAa,CAACkB,MAAM,CAACC,QAAQ,CAACG,IAAI,EAAEpB,GAAG,CAAC,EAAC;IAC5C,OAAO,KAAK;EACd;;EAEA;EACA,IAAIc,QAAQ,GAAGT,UAAU,CAACL,GAAG,CAACE,OAAO,CAAC;EACtC,IAAIP,YAAY,GAAGkB,eAAe,CAACb,GAAG,CAACE,OAAO,CAAC;EAE/C,IAAIL,aAAa,CAACF,YAAY,CAAC,EAAE;IAC/B,OAAO,IAAI;EACb;EAEA,IAAImB,QAAQ,EAAE;IACZ,IAAIO,OAAO,GAAI3B,oBAAoB,CAACC,YAAY,CAAC,IAAIC,kBAAkB,CAACD,YAAY,CAAC;IACrF,OAAO0B,OAAO;EAChB;;EAEA;EACA,OAAO9B,eAAe,CAACyB,MAAM,CAACC,QAAQ,CAACzB,IAAI,CAAC;AAC9C;;AAEA;AACA;AACA;AACA;AACO,SAAS8B,qBAAqB,CAAEtB,GAA2B,EAAEL,YAAqB,EAAE;EACzF,IAAI,CAACA,YAAY,EAAE;IAAE;IACnB;IACA,IAAI,CAACwB,eAAe,CAACnB,GAAG,CAAC,EAAC;MACxB,OAAO,KAAK;IACd;IAEAL,YAAY,GAAGkB,eAAe,CAACb,GAAG,CAACE,OAAO,CAAC;EAC7C;EACA,OAAO,+BAA+B,CAACT,IAAI,CAACE,YAAY,CAAC;AAC3D"}