@okta/okta-auth-js 7.4.3 → 7.5.1

package/cjs/myaccount/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","names":["EmailRole","Status","PasswordStatus"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta\n} from '../oidc/types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PasswordTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n  NOT_ENROLLED = 'NOT_ENROLLED',\n  ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n  profile: {\n    password: string;\n  }\n}\n\nexport type UpdatePasswordPayload = {\n  profile: {\n    password: string;\n    currentPassword?: string;\n  }\n}\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload\n    | EnrollPasswordPayload\n    | UpdatePasswordPayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthOAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n  extends OktaAuthOAuthInterface<M, S, O>\n{\n  myaccount;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA;AASwB,IAEZA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAKTC,MAAM;AAAA;AAAA,WAANA,MAAM;EAANA,MAAM;EAANA,MAAM;AAAA,GAANA,MAAM,sBAANA,MAAM;AAAA,IAKNC,cAAc;AAAA;AAAA,WAAdA,cAAc;EAAdA,cAAc;EAAdA,cAAc;AAAA,GAAdA,cAAc,8BAAdA,cAAc"}
+{"version":3,"file":"types.js","names":["EmailRole","Status","PasswordStatus"],"sources":["../../../lib/myaccount/types.ts"],"sourcesContent":["import {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta\n} from '../oidc/types';\n\nexport type { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PasswordTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n  NOT_ENROLLED = 'NOT_ENROLLED',\n  ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n  profile: {\n    password: string;\n  }\n}\n\nexport type UpdatePasswordPayload = {\n  profile: {\n    password: string;\n    currentPassword?: string;\n  }\n}\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload\n    | EnrollPasswordPayload\n    | UpdatePasswordPayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthOAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n  extends OktaAuthOAuthInterface<M, S, O>\n{\n  myaccount;\n}\n"],"mappings":";;;IAmBYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAKTC,MAAM;AAAA;AAAA,WAANA,MAAM;EAANA,MAAM;EAANA,MAAM;AAAA,GAANA,MAAM,sBAANA,MAAM;AAAA,IAKNC,cAAc;AAAA;AAAA,WAAdA,cAAc;EAAdA,cAAc;EAAdA,cAAc;AAAA,GAAdA,cAAc,8BAAdA,cAAc"}

package/cjs/oidc/TokenManager.js

@@ -326,8 +326,7 @@ class TokenManager {
 
   // TODO: this methods is redundant and can be removed in the next major version OKTA-407224
   async renewToken(token) {
-    var _this$sdk$token;
-    return (_this$sdk$token = this.sdk.token) === null || _this$sdk$token === void 0 ? void 0 : _this$sdk$token.renew(token);
+    return this.sdk.token?.renew(token);
   }
   // TODO: this methods is redundant and can be removed in the next major version OKTA-407224
   validateToken(token) {
@@ -345,8 +344,9 @@ class TokenManager {
       if (!token) {
         throw new _errors.AuthSdkError('The tokenManager has no token for the key: ' + key);
       }
-    } catch (e) {
-      return Promise.reject(e);
+    } catch (err) {
+      this.emitError(err);
+      return Promise.reject(err);
     }
 
     // Remove existing autoRenew timeout

package/cjs/oidc/TokenManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","e","Promise","reject","renewTokens","then","tokenType","catch","err","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token | undefined {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token | undefined> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (e) {\n      return Promise.reject(e);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token!);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAqB;IAC9B,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAA8B;IACzC,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IAAA;IACtB,0BAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,oDAAd,gBAAgByE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,CAAC,EAAE;MACV,OAAOC,OAAO,CAACC,MAAM,CAACF,CAAC,CAAC;IAC1B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAE;MAC3C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACC,GAAG,IAAI;MACZ;MACA,IAAI,CAACX,MAAM,CAAChE,GAAG,CAAC;MAChB2E,GAAG,CAACC,QAAQ,GAAG5E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACgE,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDE,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC7F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAwH,KAAK,GAAG;IACN,MAAM1C,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAACgI,YAAY,EAAE;IAC3B,IAAI,CAAC/C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMqD,aAAa,GAAG,CAAC,CAAC;IACxB9G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACiF,aAAa,EAAE;QACnCD,aAAa,CAAChF,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC2C,aAAa,CAAC,CAAC1C,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEgF,aAAa,CAAChF,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAkF,kBAAkB,CAACxF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;;IAEjF;IACA,IAAIzD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAoD,kBAAkB,GAAI;IACpB,MAAMpF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIsC,oCAAyB;IACjF,IAAI,CAACnB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAqF,qBAAqB,GAAG;IACtB,MAAMjD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACiF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC9B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}
+{"version":3,"file":"TokenManager.js","names":["DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","storage","undefined","expireEarlySeconds","storageKey","TOKEN_STORAGE_NAME","defaultState","expireTimeouts","renewPromise","TokenManager","on","event","handler","context","emitter","off","constructor","sdk","options","AuthSdkError","Object","assign","removeNils","isLocalhost","storageOptions","secure","storageProvider","storageType","storageManager","getTokenStorage","useSeparateCookies","clock","SdkClock","create","state","start","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getOptions","clone","getExpireTime","token","expireTime","expiresAt","hasExpired","now","emitExpired","key","emit","EVENT_EXPIRED","emitRenewed","freshToken","oldToken","EVENT_RENEWED","emitAdded","EVENT_ADDED","emitRemoved","EVENT_REMOVED","emitError","error","EVENT_ERROR","clearExpireEventTimeout","clearTimeout","prototype","hasOwnProperty","call","setExpireEventTimeout","isRefreshToken","expireEventWait","Math","max","expireEventTimeout","setTimeout","tokenStorage","getStorage","resetExpireEventTimeoutAll","add","validateToken","setStorage","emitSetStorageEvent","getSync","get","getTokensSync","tokens","keys","forEach","isAccessToken","accessToken","isIDToken","idToken","refreshToken","getTokens","getStorageKeyByType","type","filter","getTokenType","isIE11OrLess","EVENT_SET_STORAGE","setTokens","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","reduce","newToken","existingToken","remove","removedToken","renewToken","renew","err","Promise","reject","renewTokens","then","tokenType","catch","tokenKey","finally","clear","clearStorage","removedTokens","pendingRemove","updateRefreshToken","REFRESH_TOKEN_STORAGE_KEY","removeRefreshToken","addPendingRemoveFlags"],"sources":["../../../lib/oidc/TokenManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token | undefined {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token | undefined> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (err) {\n      this.emitError(err);\n      return Promise.reject(err);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token!);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AACA;AACA;AA2BA;AA5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA,MAAMA,eAAe,GAAG;EACtB;EACAC,SAAS,EAAE,IAAI;EACfC,UAAU,EAAE,IAAI;EAChBC,WAAW,EAAE,IAAI;EACjB;EACAC,wBAAwB,EAAE,IAAI;EAC9BC,OAAO,EAAEC,SAAS;EAAE;EACpBC,kBAAkB,EAAE,EAAE;EACtBC,UAAU,EAAEC;AACd,CAAC;AAOD,SAASC,YAAY,GAAsB;EACzC,OAAO;IACLC,cAAc,EAAE,CAAC,CAAC;IAClBC,YAAY,EAAE;EAChB,CAAC;AACH;AACO,MAAMC,YAAY,CAAkC;EAazDC,EAAE,CAACC,KAA2B,EAAEC,OAAoC,EAAEC,OAAgB,EAAQ;IAC5F,IAAIA,OAAO,EAAE;MACX,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,EAAEC,OAAO,CAAC;IAC1C,CAAC,MAAM;MACL,IAAI,CAACC,OAAO,CAACJ,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC;IACjC;EACF;EAOAG,GAAG,CAACJ,KAA2B,EAAEC,OAAqC,EAAQ;IAC5E,IAAIA,OAAO,EAAE;MACX,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,EAAEC,OAAO,CAAC;IAClC,CAAC,MAAM;MACL,IAAI,CAACE,OAAO,CAACC,GAAG,CAACJ,KAAK,CAAC;IACzB;EACF;;EAEA;EACAK,WAAW,CAACC,GAA2B,EAAEC,OAA4B,GAAG,CAAC,CAAC,EAAE;IAC1E,IAAI,CAACD,GAAG,GAAGA,GAAG;IACd,IAAI,CAACH,OAAO,GAAIG,GAAG,CAASH,OAAO;IACnC,IAAI,CAAC,IAAI,CAACA,OAAO,EAAE;MACjB,MAAM,IAAIK,oBAAY,CAAC,mDAAmD,CAAC;IAC7E;IAEAD,OAAO,GAAGE,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEzB,eAAe,EAAE,IAAA0B,gBAAU,EAACJ,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,IAAAK,qBAAW,GAAE,EAAE;MAClBL,OAAO,CAACf,kBAAkB,GAAGP,eAAe,CAACO,kBAAkB;IACjE;IAEA,IAAI,CAACe,OAAO,GAAGA,OAAO;IAEtB,MAAMM,cAA8B,GAAG,IAAAF,gBAAU,EAAC;MAChDlB,UAAU,EAAEc,OAAO,CAACd,UAAU;MAC9BqB,MAAM,EAAEP,OAAO,CAACO;IAClB,CAAC,CAAC;IACF,IAAI,OAAOP,OAAO,CAACjB,OAAO,KAAK,QAAQ,EAAE;MACvC;MACAuB,cAAc,CAACE,eAAe,GAAGR,OAAO,CAACjB,OAAO;IAClD,CAAC,MAAM,IAAIiB,OAAO,CAACjB,OAAO,EAAE;MAC1BuB,cAAc,CAACG,WAAW,GAAGT,OAAO,CAACjB,OAAsB;IAC7D;IAEA,IAAI,CAACA,OAAO,GAAGgB,GAAG,CAACW,cAAc,CAACC,eAAe,CAAC;MAAC,GAAGL,cAAc;MAAEM,kBAAkB,EAAE;IAAI,CAAC,CAAC;IAChG,IAAI,CAACC,KAAK,GAAGC,cAAQ,CAACC,MAAM,EAAoB;IAChD,IAAI,CAACC,KAAK,GAAG5B,YAAY,EAAE;EAC7B;EAEA6B,KAAK,GAAG;IACN,IAAI,IAAI,CAACjB,OAAO,CAAClB,wBAAwB,EAAE;MACzC,IAAI,CAACA,wBAAwB,EAAE;IACjC;IACA,IAAI,CAACoC,wBAAwB,EAAE;IAC/B,IAAI,CAACF,KAAK,CAACG,OAAO,GAAG,IAAI;EAC3B;EAEAC,IAAI,GAAG;IACL,IAAI,CAACC,0BAA0B,EAAE;IACjC,IAAI,CAACL,KAAK,CAACG,OAAO,GAAG,KAAK;EAC5B;EAEAG,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACN,KAAK,CAACG,OAAO;EAC7B;EAEAI,UAAU,GAAwB;IAChC,OAAO,IAAAC,WAAK,EAAC,IAAI,CAACxB,OAAO,CAAC;EAC5B;EAEAyB,aAAa,CAACC,KAAK,EAAE;IACnB,MAAMzC,kBAAkB,GAAG,IAAI,CAACe,OAAO,CAACf,kBAAkB,IAAI,CAAC;IAC/D,IAAI0C,UAAU,GAAGD,KAAK,CAACE,SAAS,GAAG3C,kBAAkB;IACrD,OAAO0C,UAAU;EACnB;EAEAE,UAAU,CAACH,KAAK,EAAE;IAChB,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,OAAOC,UAAU,IAAI,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE;EACvC;EAEAC,WAAW,CAACC,GAAG,EAAEN,KAAK,EAAE;IACtB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACC,oBAAa,EAAEF,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAS,WAAW,CAACH,GAAG,EAAEI,UAAU,EAAEC,QAAQ,EAAE;IACrC,IAAI,CAACzC,OAAO,CAACqC,IAAI,CAACK,oBAAa,EAAEN,GAAG,EAAEI,UAAU,EAAEC,QAAQ,CAAC;EAC7D;EAEAE,SAAS,CAACP,GAAG,EAAEN,KAAK,EAAE;IACpB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACO,kBAAW,EAAER,GAAG,EAAEN,KAAK,CAAC;EAC5C;EAEAe,WAAW,CAACT,GAAG,EAAEN,KAAM,EAAE;IACvB,IAAI,CAAC9B,OAAO,CAACqC,IAAI,CAACS,oBAAa,EAAEV,GAAG,EAAEN,KAAK,CAAC;EAC9C;EAEAiB,SAAS,CAACC,KAAK,EAAE;IACf,IAAI,CAAChD,OAAO,CAACqC,IAAI,CAACY,kBAAW,EAAED,KAAK,CAAC;EACvC;EAEAE,uBAAuB,CAACd,GAAG,EAAE;IAC3Be,YAAY,CAAC,IAAI,CAAC/B,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,CAAQ;IACnD,OAAO,IAAI,CAAChB,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC;;IAErC;IACA,IAAI,CAAChB,KAAK,CAAC1B,YAAY,GAAG,IAAI;EAChC;EAEA+B,0BAA0B,GAAG;IAC3B,IAAIhC,cAAc,GAAG,IAAI,CAAC2B,KAAK,CAAC3B,cAAc;IAC9C,KAAK,IAAI2C,GAAG,IAAI3C,cAAc,EAAE;MAC9B,IAAI,CAACa,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAAC7D,cAAc,EAAE2C,GAAG,CAAC,EAAE;QAC9D;MACF;MACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IACnC;EACF;EAEAmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,EAAE;IAChC,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACzB;IACF;IAEA,IAAIC,UAAU,GAAG,IAAI,CAACF,aAAa,CAACC,KAAK,CAAC;IAC1C,IAAI2B,eAAe,GAAGC,IAAI,CAACC,GAAG,CAAC5B,UAAU,GAAG,IAAI,CAACd,KAAK,CAACiB,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI;;IAEvE;IACA,IAAI,CAACgB,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAIwB,kBAAkB,GAAGC,UAAU,CAAC,MAAM;MACxC,IAAI,CAAC1B,WAAW,CAACC,GAAG,EAAEN,KAAK,CAAC;IAC9B,CAAC,EAAE2B,eAAe,CAAC;;IAEnB;IACA,IAAI,CAACrC,KAAK,CAAC3B,cAAc,CAAC2C,GAAG,CAAC,GAAGwB,kBAAkB;EACrD;EAEAtC,wBAAwB,GAAG;IACzB,IAAIwC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,KAAI,IAAI3B,GAAG,IAAI0B,YAAY,EAAE;MAC3B,IAAI,CAACxD,MAAM,CAAC8C,SAAS,CAACC,cAAc,CAACC,IAAI,CAACQ,YAAY,EAAE1B,GAAG,CAAC,EAAE;QAC5D;MACF;MACA,IAAIN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC7B,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;IACxC;EACF;;EAEA;EACAkC,0BAA0B,GAAG;IAC3B,IAAI,CAACvC,0BAA0B,EAAE;IACjC,IAAI,CAACH,wBAAwB,EAAE;EACjC;EAEA2C,GAAG,CAAC7B,GAAG,EAAEN,KAAY,EAAE;IACrB,IAAIgC,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B,IAAI,CAACzB,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;IAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;EACxC;EAEAuC,OAAO,CAACjC,GAAG,EAAqB;IAC9B,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,OAAOD,YAAY,CAAC1B,GAAG,CAAC;EAC1B;EAEA,MAAMkC,GAAG,CAAClC,GAAG,EAA8B;IACzC,OAAO,IAAI,CAACiC,OAAO,CAACjC,GAAG,CAAC;EAC1B;EAEAmC,aAAa,GAAW;IACtB,MAAMC,MAAM,GAAG,CAAC,CAAW;IAC3B,MAAMV,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9CzD,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,IAAI,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,EAAE;QACxB0C,MAAM,CAACI,WAAW,GAAG9C,KAAK;MAC5B,CAAC,MAAM,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;QAC3B0C,MAAM,CAACM,OAAO,GAAGhD,KAAK;MACxB,CAAC,MAAM,IAAI,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;QAChC0C,MAAM,CAACO,YAAY,GAAGjD,KAAK;MAC7B;IACF,CAAC,CAAC;IACF,OAAO0C,MAAM;EACf;EAEA,MAAMQ,SAAS,GAAoB;IACjC,OAAO,IAAI,CAACT,aAAa,EAAE;EAC7B;EAEAU,mBAAmB,CAACC,IAAe,EAAU;IAC3C,MAAMpB,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAM3B,GAAG,GAAG9B,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACqB,MAAM,CAAC/C,GAAG,IAAI;MAClD,MAAMN,KAAK,GAAGgC,YAAY,CAAC1B,GAAG,CAAC;MAC/B,OAAQ,IAAAuC,oBAAa,EAAC7C,KAAK,CAAC,IAAIoD,IAAI,KAAK,aAAa,IAChD,IAAAL,gBAAS,EAAC/C,KAAK,CAAC,IAAIoD,IAAI,KAAK,SAAU,IACvC,IAAA1B,qBAAc,EAAC1B,KAAK,CAAC,IAAIoD,IAAI,KAAK,cAAe;IACzD,CAAC,CAAC,CAAC,CAAC,CAAC;IACL,OAAO9C,GAAG;EACZ;EAEQgD,YAAY,CAACtD,KAAY,EAAa;IAC5C,IAAI,IAAA6C,oBAAa,EAAC7C,KAAK,CAAC,EAAE;MACxB,OAAO,aAAa;IACtB;IACA,IAAI,IAAA+C,gBAAS,EAAC/C,KAAK,CAAC,EAAE;MACpB,OAAO,SAAS;IAClB;IACA,IAAG,IAAA0B,qBAAc,EAAC1B,KAAK,CAAC,EAAE;MACxB,OAAO,cAAc;IACvB;IACA,MAAM,IAAIzB,oBAAY,CAAC,oBAAoB,CAAC;EAC9C;;EAEA;EACQ+D,mBAAmB,GAAG;IAC5B,IAAI,IAAAiB,sBAAY,GAAE,EAAE;MAClB,MAAMlG,OAAO,GAAG,IAAI,CAACA,OAAO,CAAC4E,UAAU,EAAE;MACzC,IAAI,CAAC/D,OAAO,CAACqC,IAAI,CAACiD,wBAAiB,EAAEnG,OAAO,CAAC;IAC/C;EACF;;EAEA;EACO4E,UAAU,GAAG;IAClB,OAAO,IAAI,CAAC5E,OAAO;EACrB;EAEAoG,SAAS,CACPf,MAAc;EACd;EACAgB,aAAmC,EACnCC,SAA2B,EAC3BC,cAAqC,EAC/B;IACN,MAAMC,mBAAmB,GAAG,CAACvD,GAAG,EAAEN,KAAK,KAAK;MAC1C,MAAMoD,IAAI,GAAG,IAAI,CAACE,YAAY,CAACtD,KAAK,CAAC;MACrC,IAAIoD,IAAI,KAAK,aAAa,EAAE;QAC1BM,aAAa,IAAIA,aAAa,CAACpD,GAAG,EAAEN,KAAK,CAAC;MAC5C,CAAC,MAAM,IAAIoD,IAAI,KAAK,SAAS,EAAE;QAC7BO,SAAS,IAAIA,SAAS,CAACrD,GAAG,EAAEN,KAAK,CAAC;MACpC,CAAC,MAAM,IAAIoD,IAAI,KAAK,cAAc,EAAE;QAClCQ,cAAc,IAAIA,cAAc,CAACtD,GAAG,EAAEN,KAAK,CAAC;MAC9C;IACF,CAAC;IACD,MAAM8D,WAAW,GAAG,CAACxD,GAAG,EAAEN,KAAK,KAAK;MAClC,IAAI,CAACa,SAAS,CAACP,GAAG,EAAEN,KAAK,CAAC;MAC1B,IAAI,CAACyB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAM+D,aAAa,GAAG,CAACzD,GAAG,EAAEN,KAAK,EAAEW,QAAQ,KAAK;MAC9C,IAAI,CAACF,WAAW,CAACH,GAAG,EAAEN,KAAK,EAAEW,QAAQ,CAAC;MACtC,IAAI,CAACS,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACmB,qBAAqB,CAACnB,GAAG,EAAEN,KAAK,CAAC;MACtC6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IACD,MAAMgE,aAAa,GAAG,CAAC1D,GAAG,EAAEN,KAAK,KAAK;MACpC,IAAI,CAACoB,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEN,KAAK,CAAC;MAC5B6D,mBAAmB,CAACvD,GAAG,EAAEN,KAAK,CAAC;IACjC,CAAC;IAED,MAAMiE,KAAkB,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,CAAC;IACrE,MAAMC,cAAc,GAAG,IAAI,CAACzB,aAAa,EAAE;;IAE3C;IACAwB,KAAK,CAACrB,OAAO,CAAEQ,IAAI,IAAK;MACtB,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,IAAAoC,oBAAa,EAACpC,KAAK,EAAEoD,IAAI,CAAC;MAC5B;IACF,CAAC,CAAC;;IAEF;IACA,MAAM/F,OAAO,GAAG4G,KAAK,CAACE,MAAM,CAAC,CAAC9G,OAAO,EAAE+F,IAAI,KAAK;MAC9C,MAAMpD,KAAK,GAAG0C,MAAM,CAACU,IAAI,CAAC;MAC1B,IAAIpD,KAAK,EAAE;QACT,MAAMxC,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;QACzD/F,OAAO,CAACG,UAAU,CAAC,GAAGwC,KAAK;MAC7B;MACA,OAAO3C,OAAO;IAChB,CAAC,EAAE,CAAC,CAAC,CAAC;IACN,IAAI,CAACA,OAAO,CAACgF,UAAU,CAAChF,OAAO,CAAC;IAChC,IAAI,CAACiF,mBAAmB,EAAE;;IAE1B;IACA2B,KAAK,CAACrB,OAAO,CAACQ,IAAI,IAAI;MACpB,MAAMgB,QAAQ,GAAG1B,MAAM,CAACU,IAAI,CAAC;MAC7B,MAAMiB,aAAa,GAAGH,cAAc,CAACd,IAAI,CAAC;MAC1C,MAAM5F,UAAU,GAAG,IAAI,CAAC2F,mBAAmB,CAACC,IAAI,CAAC,IAAIA,IAAI;MACzD,IAAIgB,QAAQ,IAAIC,aAAa,EAAE;QAAE;QAC/B;QACAL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;QACxCP,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;QACjCL,aAAa,CAACvG,UAAU,EAAE4G,QAAQ,EAAEC,aAAa,CAAC;MACpD,CAAC,MAAM,IAAID,QAAQ,EAAE;QAAE;QACrBN,WAAW,CAACtG,UAAU,EAAE4G,QAAQ,CAAC;MACnC,CAAC,MAAM,IAAIC,aAAa,EAAE;QAAE;QAC1BL,aAAa,CAACxG,UAAU,EAAE6G,aAAa,CAAC;MAC1C;IACF,CAAC,CAAC;EACJ;EAEAC,MAAM,CAAChE,GAAG,EAAE;IACV;IACA,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;IAEjC,IAAI0B,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAIsC,YAAY,GAAGvC,YAAY,CAAC1B,GAAG,CAAC;IACpC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;IACxB,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAE1B,IAAI,CAACvB,WAAW,CAACT,GAAG,EAAEiE,YAAY,CAAC;EACrC;;EAEA;EACA,MAAMC,UAAU,CAACxE,KAAK,EAAE;IACtB,OAAO,IAAI,CAAC3B,GAAG,CAAC2B,KAAK,EAAEyE,KAAK,CAACzE,KAAK,CAAC;EACrC;EACA;EACAoC,aAAa,CAACpC,KAAY,EAAE;IAC1B,OAAO,IAAAoC,oBAAa,EAACpC,KAAK,CAAC;EAC7B;;EAEA;EACAyE,KAAK,CAACnE,GAAG,EAA8B;IACrC;IACA,IAAI,IAAI,CAAChB,KAAK,CAAC1B,YAAY,EAAE;MAC3B,OAAO,IAAI,CAAC0B,KAAK,CAAC1B,YAAY;IAChC;IAEA,IAAI;MACF,IAAIoC,KAAK,GAAG,IAAI,CAACuC,OAAO,CAACjC,GAAG,CAAC;MAC7B,IAAI,CAACN,KAAK,EAAE;QACV,MAAM,IAAIzB,oBAAY,CAAC,6CAA6C,GAAG+B,GAAG,CAAC;MAC7E;IACF,CAAC,CAAC,OAAOoE,GAAG,EAAE;MACZ,IAAI,CAACzD,SAAS,CAACyD,GAAG,CAAC;MACnB,OAAOC,OAAO,CAACC,MAAM,CAACF,GAAG,CAAC;IAC5B;;IAEA;IACA,IAAI,CAACtD,uBAAuB,CAACd,GAAG,CAAC;;IAEjC;IACA;IACA,MAAM1C,YAAY,GAAG,IAAI,CAAC0B,KAAK,CAAC1B,YAAY,GAAG,IAAI,CAACS,GAAG,CAAC2B,KAAK,CAAC6E,WAAW,EAAE,CACxEC,IAAI,CAACpC,MAAM,IAAI;MACd,IAAI,CAACe,SAAS,CAACf,MAAM,CAAC;;MAEtB;MACA,MAAMqC,SAAS,GAAG,IAAI,CAACzB,YAAY,CAACtD,KAAK,CAAE;MAC3C,OAAO0C,MAAM,CAACqC,SAAS,CAAC;IAC1B,CAAC,CAAC,CACDC,KAAK,CAACN,GAAG,IAAI;MACZ;MACA,IAAI,CAACJ,MAAM,CAAChE,GAAG,CAAC;MAChBoE,GAAG,CAACO,QAAQ,GAAG3E,GAAG;MAClB,IAAI,CAACW,SAAS,CAACyD,GAAG,CAAC;MACnB,MAAMA,GAAG;IACX,CAAC,CAAC,CACDQ,OAAO,CAAC,MAAM;MACb;MACA,IAAI,CAAC5F,KAAK,CAAC1B,YAAY,GAAG,IAAI;IAChC,CAAC,CAAC;IAEJ,OAAOA,YAAY;EACrB;EAEAuH,KAAK,GAAG;IACN,MAAMzC,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnC,IAAI,CAAC9C,0BAA0B,EAAE;IACjC,IAAI,CAACtC,OAAO,CAAC+H,YAAY,EAAE;IAC3B,IAAI,CAAC9C,mBAAmB,EAAE;IAE1B9D,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAEoC,MAAM,CAACpC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC;EACJ;EAEAlD,wBAAwB,GAAG;IACzB,MAAM4E,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC9C,MAAMoD,aAAa,GAAG,CAAC,CAAC;IACxB7G,MAAM,CAACmE,IAAI,CAACX,YAAY,CAAC,CAACY,OAAO,CAACtC,GAAG,IAAI;MACvC,IAAI0B,YAAY,CAAC1B,GAAG,CAAC,CAACgF,aAAa,EAAE;QACnCD,aAAa,CAAC/E,GAAG,CAAC,GAAG0B,YAAY,CAAC1B,GAAG,CAAC;QACtC,OAAO0B,YAAY,CAAC1B,GAAG,CAAC;MAC1B;IACF,CAAC,CAAC;IACF,IAAI,CAACjD,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;IAC1B9D,MAAM,CAACmE,IAAI,CAAC0C,aAAa,CAAC,CAACzC,OAAO,CAACtC,GAAG,IAAI;MACxC,IAAI,CAACc,uBAAuB,CAACd,GAAG,CAAC;MACjC,IAAI,CAACS,WAAW,CAACT,GAAG,EAAE+E,aAAa,CAAC/E,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;EACJ;EAEAiF,kBAAkB,CAACvF,KAAmB,EAAE;IACtC,MAAMM,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIqC,oCAAyB;;IAEjF;IACA,IAAIxD,YAAY,GAAG,IAAI,CAAC3E,OAAO,CAAC4E,UAAU,EAAE;IAC5C,IAAAG,oBAAa,EAACpC,KAAK,CAAC;IACpBgC,YAAY,CAAC1B,GAAG,CAAC,GAAGN,KAAK;IACzB,IAAI,CAAC3C,OAAO,CAACgF,UAAU,CAACL,YAAY,CAAC;IACrC,IAAI,CAACM,mBAAmB,EAAE;EAC5B;EAEAmD,kBAAkB,GAAI;IACpB,MAAMnF,GAAG,GAAG,IAAI,CAAC6C,mBAAmB,CAAC,cAAc,CAAC,IAAIqC,oCAAyB;IACjF,IAAI,CAAClB,MAAM,CAAChE,GAAG,CAAC;EAClB;EAEAoF,qBAAqB,GAAG;IACtB,MAAMhD,MAAM,GAAG,IAAI,CAACD,aAAa,EAAE;IACnCjE,MAAM,CAACmE,IAAI,CAACD,MAAM,CAAC,CAACE,OAAO,CAACtC,GAAG,IAAI;MACjCoC,MAAM,CAACpC,GAAG,CAAC,CAACgF,aAAa,GAAG,IAAI;IAClC,CAAC,CAAC;IACF,IAAI,CAAC7B,SAAS,CAACf,MAAM,CAAC;EACxB;AAEF;AAAC"}

package/cjs/oidc/TransactionManager.js

@@ -36,7 +36,7 @@ function createTransactionManager() {
 
       // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow
       if (this.enableSharedStorage && options.clearSharedStorage !== false) {
-        const state = options.state || (meta === null || meta === void 0 ? void 0 : meta.state);
+        const state = options.state || meta?.state;
         if (state) {
           (0, _sharedStorage.clearTransactionFromSharedStorage)(this.storageManager, state);
         }

package/cjs/oidc/TransactionManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"TransactionManager.js","names":["createTransactionManager","TransactionManager","constructor","options","storageManager","enableSharedStorage","saveLastResponse","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearSharedStorage","state","clearTransactionFromSharedStorage","save","storage","obj","isTransactionMeta","muteWarning","warn","setStorage","saveTransactionToSharedStorage","exists","load","pruneSharedStorage","loadTransactionFromSharedStorage"],"sources":["../../../lib/oidc/TransactionManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n  TransactionMeta,\n  isTransactionMeta,\n  TransactionMetaOptions,\n  TransactionManagerOptions,\n  OAuthTransactionMeta,\n  OAuthStorageManagerInterface,\n  ClearTransactionMetaOptions,\n  TransactionManagerInterface,\n  PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n  clearTransactionFromSharedStorage,\n  loadTransactionFromSharedStorage,\n  pruneSharedStorage,\n  saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n  return class TransactionManager implements TransactionManagerInterface\n  {\n    options: TransactionManagerOptions;\n    storageManager: S;\n    enableSharedStorage: boolean;\n    saveLastResponse: boolean;\n\n    constructor(options: TransactionManagerOptions) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      this.storageManager = options.storageManager! as S;\n      this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n      this.saveLastResponse = options.saveLastResponse === false ? false : true;\n      this.options = options;\n    }\n\n    // eslint-disable-next-line complexity\n    clear(options: ClearTransactionMetaOptions = {}) {\n      const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n      const meta = transactionStorage.getStorage();\n\n      // Clear primary storage (by default, sessionStorage on browser)\n      transactionStorage.clearStorage();\n\n      // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n      if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n        const state = options.state || meta?.state;\n        if (state) {\n          clearTransactionFromSharedStorage(this.storageManager, state);\n        }\n      }\n    }\n\n    // eslint-disable-next-line complexity\n    save(meta: M, options: TransactionMetaOptions = {}) {\n      // There must be only one transaction executing at a time.\n      // Before saving, check to see if a transaction is already stored.\n      // An existing transaction indicates a concurrency/race/overlap condition\n\n      let storage: StorageProvider = this.storageManager.getTransactionStorage();\n      const obj = storage.getStorage();\n      // oie process may need to update transaction in the middle of process for tracking purpose\n      // false alarm might be caused \n      // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n      if (isTransactionMeta(obj) && !options.muteWarning) {\n        // eslint-disable-next-line max-len\n        warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n      }\n\n      storage.setStorage(meta);\n\n      // Shared storage allows continuation of transaction in another tab\n      if (this.enableSharedStorage && meta.state) {\n        saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n      }\n    }\n\n    exists(options: TransactionMetaOptions = {}): boolean {\n      try {\n        const meta = this.load(options);\n        return !!meta;\n      } catch {\n        return false;\n      }\n    }\n\n    // load transaction meta from storage\n    // eslint-disable-next-line complexity,max-statements\n    load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n      let meta: TransactionMeta;\n\n      // If state was passed, try loading transaction data from shared storage\n      if (this.enableSharedStorage && options.state) {\n        pruneSharedStorage(this.storageManager); // prune before load\n        meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n        if (isTransactionMeta(meta)) {\n          return meta;\n        }\n      }\n\n      let storage: StorageProvider = this.storageManager.getTransactionStorage();\n      meta = storage.getStorage();\n      if (isTransactionMeta(meta)) {\n        // if we have meta in the new location, there is no need to go further\n        return meta;\n      }\n\n      return null;\n    }\n\n  };\n}\n"],"mappings":";;;AAaA;AAWA;AACA;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBO,SAASA,wBAAwB,GAMxC;EACE,OAAO,MAAMC,kBAAkB,CAC/B;IAMEC,WAAW,CAACC,OAAkC,EAAE;MAC9C;MACA,IAAI,CAACC,cAAc,GAAGD,OAAO,CAACC,cAAoB;MAClD,IAAI,CAACC,mBAAmB,GAAGF,OAAO,CAACE,mBAAmB,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI;MAC/E,IAAI,CAACC,gBAAgB,GAAGH,OAAO,CAACG,gBAAgB,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI;MACzE,IAAI,CAACH,OAAO,GAAGA,OAAO;IACxB;;IAEA;IACAI,KAAK,CAACJ,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,MAAMK,kBAAmC,GAAG,IAAI,CAACJ,cAAc,CAACK,qBAAqB,EAAE;MACvF,MAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAU,EAAE;;MAE5C;MACAH,kBAAkB,CAACI,YAAY,EAAE;;MAEjC;MACA,IAAI,IAAI,CAACP,mBAAmB,IAAIF,OAAO,CAACU,kBAAkB,KAAK,KAAK,EAAE;QACpE,MAAMC,KAAK,GAAGX,OAAO,CAACW,KAAK,KAAIJ,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEI,KAAK;QAC1C,IAAIA,KAAK,EAAE;UACT,IAAAC,gDAAiC,EAAC,IAAI,CAACX,cAAc,EAAEU,KAAK,CAAC;QAC/D;MACF;IACF;;IAEA;IACAE,IAAI,CAACN,IAAO,EAAEP,OAA+B,GAAG,CAAC,CAAC,EAAE;MAClD;MACA;MACA;;MAEA,IAAIc,OAAwB,GAAG,IAAI,CAACb,cAAc,CAACK,qBAAqB,EAAE;MAC1E,MAAMS,GAAG,GAAGD,OAAO,CAACN,UAAU,EAAE;MAChC;MACA;MACA;MACA,IAAI,IAAAQ,wBAAiB,EAACD,GAAG,CAAC,IAAI,CAACf,OAAO,CAACiB,WAAW,EAAE;QAClD;QACA,IAAAC,UAAI,EAAC,yGAAyG,CAAC;MACjH;MAEAJ,OAAO,CAACK,UAAU,CAACZ,IAAI,CAAC;;MAExB;MACA,IAAI,IAAI,CAACL,mBAAmB,IAAIK,IAAI,CAACI,KAAK,EAAE;QAC1C,IAAAS,6CAA8B,EAAC,IAAI,CAACnB,cAAc,EAAEM,IAAI,CAACI,KAAK,EAAEJ,IAAI,CAAC;MACvE;IACF;IAEAc,MAAM,CAACrB,OAA+B,GAAG,CAAC,CAAC,EAAW;MACpD,IAAI;QACF,MAAMO,IAAI,GAAG,IAAI,CAACe,IAAI,CAACtB,OAAO,CAAC;QAC/B,OAAO,CAAC,CAACO,IAAI;MACf,CAAC,CAAC,MAAM;QACN,OAAO,KAAK;MACd;IACF;;IAEA;IACA;IACAe,IAAI,CAACtB,OAA+B,GAAG,CAAC,CAAC,EAA0B;MAEjE,IAAIO,IAAqB;;MAEzB;MACA,IAAI,IAAI,CAACL,mBAAmB,IAAIF,OAAO,CAACW,KAAK,EAAE;QAC7C,IAAAY,iCAAkB,EAAC,IAAI,CAACtB,cAAc,CAAC,CAAC,CAAC;QACzCM,IAAI,GAAG,IAAAiB,+CAAgC,EAAC,IAAI,CAACvB,cAAc,EAAED,OAAO,CAACW,KAAK,CAAC;QAC3E,IAAI,IAAAK,wBAAiB,EAACT,IAAI,CAAC,EAAE;UAC3B,OAAOA,IAAI;QACb;MACF;MAEA,IAAIO,OAAwB,GAAG,IAAI,CAACb,cAAc,CAACK,qBAAqB,EAAE;MAC1EC,IAAI,GAAGO,OAAO,CAACN,UAAU,EAAE;MAC3B,IAAI,IAAAQ,wBAAiB,EAACT,IAAI,CAAC,EAAE;QAC3B;QACA,OAAOA,IAAI;MACb;MAEA,OAAO,IAAI;IACb;EAEF,CAAC;AACH"}
+{"version":3,"file":"TransactionManager.js","names":["createTransactionManager","TransactionManager","constructor","options","storageManager","enableSharedStorage","saveLastResponse","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearSharedStorage","state","clearTransactionFromSharedStorage","save","storage","obj","isTransactionMeta","muteWarning","warn","setStorage","saveTransactionToSharedStorage","exists","load","pruneSharedStorage","loadTransactionFromSharedStorage"],"sources":["../../../lib/oidc/TransactionManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n  TransactionMeta,\n  isTransactionMeta,\n  TransactionMetaOptions,\n  TransactionManagerOptions,\n  OAuthTransactionMeta,\n  OAuthStorageManagerInterface,\n  ClearTransactionMetaOptions,\n  TransactionManagerInterface,\n  PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n  clearTransactionFromSharedStorage,\n  loadTransactionFromSharedStorage,\n  pruneSharedStorage,\n  saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n  return class TransactionManager implements TransactionManagerInterface\n  {\n    options: TransactionManagerOptions;\n    storageManager: S;\n    enableSharedStorage: boolean;\n    saveLastResponse: boolean;\n\n    constructor(options: TransactionManagerOptions) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      this.storageManager = options.storageManager! as S;\n      this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n      this.saveLastResponse = options.saveLastResponse === false ? false : true;\n      this.options = options;\n    }\n\n    // eslint-disable-next-line complexity\n    clear(options: ClearTransactionMetaOptions = {}) {\n      const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n      const meta = transactionStorage.getStorage();\n\n      // Clear primary storage (by default, sessionStorage on browser)\n      transactionStorage.clearStorage();\n\n      // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n      if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n        const state = options.state || meta?.state;\n        if (state) {\n          clearTransactionFromSharedStorage(this.storageManager, state);\n        }\n      }\n    }\n\n    // eslint-disable-next-line complexity\n    save(meta: M, options: TransactionMetaOptions = {}) {\n      // There must be only one transaction executing at a time.\n      // Before saving, check to see if a transaction is already stored.\n      // An existing transaction indicates a concurrency/race/overlap condition\n\n      let storage: StorageProvider = this.storageManager.getTransactionStorage();\n      const obj = storage.getStorage();\n      // oie process may need to update transaction in the middle of process for tracking purpose\n      // false alarm might be caused \n      // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n      if (isTransactionMeta(obj) && !options.muteWarning) {\n        // eslint-disable-next-line max-len\n        warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n      }\n\n      storage.setStorage(meta);\n\n      // Shared storage allows continuation of transaction in another tab\n      if (this.enableSharedStorage && meta.state) {\n        saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n      }\n    }\n\n    exists(options: TransactionMetaOptions = {}): boolean {\n      try {\n        const meta = this.load(options);\n        return !!meta;\n      } catch {\n        return false;\n      }\n    }\n\n    // load transaction meta from storage\n    // eslint-disable-next-line complexity,max-statements\n    load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n      let meta: TransactionMeta;\n\n      // If state was passed, try loading transaction data from shared storage\n      if (this.enableSharedStorage && options.state) {\n        pruneSharedStorage(this.storageManager); // prune before load\n        meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n        if (isTransactionMeta(meta)) {\n          return meta;\n        }\n      }\n\n      let storage: StorageProvider = this.storageManager.getTransactionStorage();\n      meta = storage.getStorage();\n      if (isTransactionMeta(meta)) {\n        // if we have meta in the new location, there is no need to go further\n        return meta;\n      }\n\n      return null;\n    }\n\n  };\n}\n"],"mappings":";;;AAaA;AAWA;AACA;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBO,SAASA,wBAAwB,GAMxC;EACE,OAAO,MAAMC,kBAAkB,CAC/B;IAMEC,WAAW,CAACC,OAAkC,EAAE;MAC9C;MACA,IAAI,CAACC,cAAc,GAAGD,OAAO,CAACC,cAAoB;MAClD,IAAI,CAACC,mBAAmB,GAAGF,OAAO,CAACE,mBAAmB,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI;MAC/E,IAAI,CAACC,gBAAgB,GAAGH,OAAO,CAACG,gBAAgB,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI;MACzE,IAAI,CAACH,OAAO,GAAGA,OAAO;IACxB;;IAEA;IACAI,KAAK,CAACJ,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,MAAMK,kBAAmC,GAAG,IAAI,CAACJ,cAAc,CAACK,qBAAqB,EAAE;MACvF,MAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAU,EAAE;;MAE5C;MACAH,kBAAkB,CAACI,YAAY,EAAE;;MAEjC;MACA,IAAI,IAAI,CAACP,mBAAmB,IAAIF,OAAO,CAACU,kBAAkB,KAAK,KAAK,EAAE;QACpE,MAAMC,KAAK,GAAGX,OAAO,CAACW,KAAK,IAAIJ,IAAI,EAAEI,KAAK;QAC1C,IAAIA,KAAK,EAAE;UACT,IAAAC,gDAAiC,EAAC,IAAI,CAACX,cAAc,EAAEU,KAAK,CAAC;QAC/D;MACF;IACF;;IAEA;IACAE,IAAI,CAACN,IAAO,EAAEP,OAA+B,GAAG,CAAC,CAAC,EAAE;MAClD;MACA;MACA;;MAEA,IAAIc,OAAwB,GAAG,IAAI,CAACb,cAAc,CAACK,qBAAqB,EAAE;MAC1E,MAAMS,GAAG,GAAGD,OAAO,CAACN,UAAU,EAAE;MAChC;MACA;MACA;MACA,IAAI,IAAAQ,wBAAiB,EAACD,GAAG,CAAC,IAAI,CAACf,OAAO,CAACiB,WAAW,EAAE;QAClD;QACA,IAAAC,UAAI,EAAC,yGAAyG,CAAC;MACjH;MAEAJ,OAAO,CAACK,UAAU,CAACZ,IAAI,CAAC;;MAExB;MACA,IAAI,IAAI,CAACL,mBAAmB,IAAIK,IAAI,CAACI,KAAK,EAAE;QAC1C,IAAAS,6CAA8B,EAAC,IAAI,CAACnB,cAAc,EAAEM,IAAI,CAACI,KAAK,EAAEJ,IAAI,CAAC;MACvE;IACF;IAEAc,MAAM,CAACrB,OAA+B,GAAG,CAAC,CAAC,EAAW;MACpD,IAAI;QACF,MAAMO,IAAI,GAAG,IAAI,CAACe,IAAI,CAACtB,OAAO,CAAC;QAC/B,OAAO,CAAC,CAACO,IAAI;MACf,CAAC,CAAC,MAAM;QACN,OAAO,KAAK;MACd;IACF;;IAEA;IACA;IACAe,IAAI,CAACtB,OAA+B,GAAG,CAAC,CAAC,EAA0B;MAEjE,IAAIO,IAAqB;;MAEzB;MACA,IAAI,IAAI,CAACL,mBAAmB,IAAIF,OAAO,CAACW,KAAK,EAAE;QAC7C,IAAAY,iCAAkB,EAAC,IAAI,CAACtB,cAAc,CAAC,CAAC,CAAC;QACzCM,IAAI,GAAG,IAAAiB,+CAAgC,EAAC,IAAI,CAACvB,cAAc,EAAED,OAAO,CAACW,KAAK,CAAC;QAC3E,IAAI,IAAAK,wBAAiB,EAACT,IAAI,CAAC,EAAE;UAC3B,OAAOA,IAAI;QACb;MACF;MAEA,IAAIO,OAAwB,GAAG,IAAI,CAACb,cAAc,CAACK,qBAAqB,EAAE;MAC1EC,IAAI,GAAGO,OAAO,CAACN,UAAU,EAAE;MAC3B,IAAI,IAAAQ,wBAAiB,EAACT,IAAI,CAAC,EAAE;QAC3B;QACA,OAAOA,IAAI;MACb;MAEA,OAAO,IAAI;IACb;EAEF,CAAC;AACH"}

package/cjs/oidc/factory/baseApi.js

@@ -0,0 +1,29 @@
+"use strict";
+
+exports.createBaseTokenAPI = createBaseTokenAPI;
+var _decodeToken = require("../decodeToken");
+var _exchangeCodeForTokens = require("../exchangeCodeForTokens");
+var _util = require("../util");
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and limitations under the License.
+ *
+ */
+
+// Factory
+function createBaseTokenAPI(sdk) {
+  const token = {
+    prepareTokenParams: _util.prepareTokenParams.bind(null, sdk),
+    exchangeCodeForTokens: _exchangeCodeForTokens.exchangeCodeForTokens.bind(null, sdk),
+    decode: _decodeToken.decodeToken
+  };
+  return token;
+}
+//# sourceMappingURL=baseApi.js.map

package/cjs/oidc/factory/baseApi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseApi.js","names":["createBaseTokenAPI","sdk","token","prepareTokenParams","bind","exchangeCodeForTokens","decode","decodeToken"],"sources":["../../../../lib/oidc/factory/baseApi.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport {\n  OktaAuthOAuthInterface,\n  BaseTokenAPI,\n} from '../types';\nimport { prepareTokenParams } from '../util';\n\n// Factory\nexport function createBaseTokenAPI(sdk: OktaAuthOAuthInterface): BaseTokenAPI {\n  const token: BaseTokenAPI = {\n    prepareTokenParams: prepareTokenParams.bind(null, sdk),\n    exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n    decode: decodeToken,\n  };\n\n  return token;\n}\n"],"mappings":";;;AAaA;AACA;AAKA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAUA;AACO,SAASA,kBAAkB,CAACC,GAA2B,EAAgB;EAC5E,MAAMC,KAAmB,GAAG;IAC1BC,kBAAkB,EAAEA,wBAAkB,CAACC,IAAI,CAAC,IAAI,EAAEH,GAAG,CAAC;IACtDI,qBAAqB,EAAEA,4CAAqB,CAACD,IAAI,CAAC,IAAI,EAAEH,GAAG,CAAC;IAC5DK,MAAM,EAAEC;EACV,CAAC;EAED,OAAOL,KAAK;AACd"}

package/cjs/oidc/getToken.js

@@ -125,8 +125,7 @@ function getToken(sdk, options) {
           return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
         }).finally(function () {
           if (document.body.contains(iframeEl)) {
-            var _iframeEl$parentEleme;
-            (_iframeEl$parentEleme = iframeEl.parentElement) === null || _iframeEl$parentEleme === void 0 ? void 0 : _iframeEl$parentEleme.removeChild(iframeEl);
+            iframeEl.parentElement?.removeChild(iframeEl);
           }
         });
       case 'POPUP':

package/cjs/oidc/getToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOAuthInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"mappings":";;;;AAeA;AAMA;AASA;AACA;AACA;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAQ;IACZ,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MAAM,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MAC1Cc,QAAQ,GAAG,OAAO;IACpB,CAAC,MAAM;MACLA,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIC,aAAa,GAAG,IAAAC,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACd,UAAU,CAAC;QACpC,OAAOS,aAAa,CACjBpB,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YAAA;YACpC,yBAAAA,QAAQ,CAACQ,aAAa,0DAAtB,sBAAwBC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIjC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIxC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAsC,YAAY,GAAG,IAAAb,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI1B,WAAW,EAAE;UACfA,WAAW,CAACwC,QAAQ,CAAC5B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAO,CAAC,UAAU6C,OAAO,EAAE5C,MAAM,EAAE;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAW,IAAIA,WAAW,CAAC6C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B7C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAsC,YAAY,CACTlC,IAAI,CAAC,UAAU0B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B7C,MAAM,CAACkD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBtC,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAM,EAAE;YACtC7C,WAAW,CAACiD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN;QACE,MAAM,IAAIlD,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}
+{"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOAuthInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"mappings":";;;;AAeA;AAMA;AASA;AACA;AACA;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAQ;IACZ,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MAAM,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MAC1Cc,QAAQ,GAAG,OAAO;IACpB,CAAC,MAAM;MACLA,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIC,aAAa,GAAG,IAAAC,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACd,UAAU,CAAC;QACpC,OAAOS,aAAa,CACjBpB,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YACpCA,QAAQ,CAACQ,aAAa,EAAEC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIjC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIxC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAsC,YAAY,GAAG,IAAAb,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI1B,WAAW,EAAE;UACfA,WAAW,CAACwC,QAAQ,CAAC5B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAO,CAAC,UAAU6C,OAAO,EAAE5C,MAAM,EAAE;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAW,IAAIA,WAAW,CAAC6C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B7C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAsC,YAAY,CACTlC,IAAI,CAAC,UAAU0B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B7C,MAAM,CAACkD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBtC,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAM,EAAE;YACtC7C,WAAW,CAACiD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN;QACE,MAAM,IAAIlD,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}

package/cjs/oidc/introspect.js

@@ -38,13 +38,11 @@ async function oidcIntrospect(sdk, kind, token) {
     throw new _errors.AuthSdkError(`unable to find ${kind} in storage or fn params`);
   }
   if (kind !== _types.TokenKind.ACCESS) {
-    var _token;
-    issuer = (_token = token) === null || _token === void 0 ? void 0 : _token.issuer;
+    issuer = token?.issuer;
   } else {
-    var _token2, _token2$claims;
-    issuer = (_token2 = token) === null || _token2 === void 0 ? void 0 : (_token2$claims = _token2.claims) === null || _token2$claims === void 0 ? void 0 : _token2$claims.iss;
+    issuer = token?.claims?.iss;
   }
-  issuer ?? (issuer = sdk.options.issuer);
+  issuer = issuer || sdk.options.issuer;
   if (!clientId) {
     throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');
   }

package/cjs/oidc/introspect.js.map

@@ -1 +1 @@
-{"version":3,"file":"introspect.js","names":["hintMap","accessToken","idToken","refreshToken","oidcIntrospect","sdk","kind","token","issuer","clientId","options","clientSecret","tokenManager","getTokens","AuthSdkError","TokenKind","ACCESS","claims","iss","introspection_endpoint","introspectUrl","getWellKnown","authHeader","btoa","args","toQueryString","token_type_hint","slice","post","headers"],"sources":["../../../lib/oidc/introspect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n  accessToken: 'access_token',\n  idToken: 'id_token',\n  refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n  let issuer: string;\n  let clientId: string = sdk.options.clientId;\n  let clientSecret: string | undefined = sdk.options.clientSecret;\n\n  if (!token) {\n    token = sdk.tokenManager.getTokens()[kind];\n  }\n\n  if (!token) {\n    throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n  }\n\n  if (kind !== TokenKind.ACCESS) {\n    issuer = (token as any)?.issuer;\n  }\n  else {\n    issuer = (token as any)?.claims?.iss;\n  }\n  issuer ??= sdk.options.issuer;\n\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n  }\n  if (!issuer) {\n    throw new AuthSdkError('Unable to find issuer');\n  }\n\n  const { introspection_endpoint: introspectUrl }  = await getWellKnown(sdk, issuer);\n  const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  const args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: hintMap[kind],\n    token: token[kind]    // extract raw token string from token object\n  }).slice(1);\n  return post(sdk, introspectUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + authHeader\n    }\n  });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA,MAAMA,OAAO,GAAG;EACdC,WAAW,EAAE,cAAc;EAC3BC,OAAO,EAAE,UAAU;EACnBC,YAAY,EAAE;AAChB,CAAC;;AAED;AACO,eAAeC,cAAc,CAAEC,GAAG,EAAEC,IAAe,EAAEC,KAAa,EAAE;EACzE,IAAIC,MAAc;EAClB,IAAIC,QAAgB,GAAGJ,GAAG,CAACK,OAAO,CAACD,QAAQ;EAC3C,IAAIE,YAAgC,GAAGN,GAAG,CAACK,OAAO,CAACC,YAAY;EAE/D,IAAI,CAACJ,KAAK,EAAE;IACVA,KAAK,GAAGF,GAAG,CAACO,YAAY,CAACC,SAAS,EAAE,CAACP,IAAI,CAAC;EAC5C;EAEA,IAAI,CAACC,KAAK,EAAE;IACV,MAAM,IAAIO,oBAAY,CAAE,kBAAiBR,IAAK,0BAAyB,CAAC;EAC1E;EAEA,IAAIA,IAAI,KAAKS,gBAAS,CAACC,MAAM,EAAE;IAAA;IAC7BR,MAAM,aAAID,KAAK,2CAAN,OAAgBC,MAAM;EACjC,CAAC,MACI;IAAA;IACHA,MAAM,cAAID,KAAK,8DAAN,QAAgBU,MAAM,mDAAtB,eAAwBC,GAAG;EACtC;EACAV,MAAM,KAANA,MAAM,GAAKH,GAAG,CAACK,OAAO,CAACF,MAAM;EAE7B,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIK,oBAAY,CAAC,gFAAgF,CAAC;EAC1G;EACA,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIM,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,MAAM;IAAEK,sBAAsB,EAAEC;EAAc,CAAC,GAAI,MAAM,IAAAC,uBAAY,EAAChB,GAAG,EAAEG,MAAM,CAAC;EAClF,MAAMc,UAAU,GAAGX,YAAY,GAAG,IAAAY,YAAI,EAAE,GAAEd,QAAS,IAAGE,YAAa,EAAC,CAAC,GAAG,IAAAY,YAAI,EAACd,QAAQ,CAAC;EACtF,MAAMe,IAAI,GAAG,IAAAC,mBAAa,EAAC;IACzB;IACAC,eAAe,EAAE1B,OAAO,CAACM,IAAI,CAAC;IAC9BC,KAAK,EAAEA,KAAK,CAACD,IAAI,CAAC,CAAI;EACxB,CAAC,CAAC,CAACqB,KAAK,CAAC,CAAC,CAAC;EACX,OAAO,IAAAC,UAAI,EAACvB,GAAG,EAAEe,aAAa,EAAEI,IAAI,EAAE;IACpCK,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnD,eAAe,EAAE,QAAQ,GAAGP;IAC9B;EACF,CAAC,CAAC;AACJ"}
+{"version":3,"file":"introspect.js","names":["hintMap","accessToken","idToken","refreshToken","oidcIntrospect","sdk","kind","token","issuer","clientId","options","clientSecret","tokenManager","getTokens","AuthSdkError","TokenKind","ACCESS","claims","iss","introspection_endpoint","introspectUrl","getWellKnown","authHeader","btoa","args","toQueryString","token_type_hint","slice","post","headers"],"sources":["../../../lib/oidc/introspect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n  accessToken: 'access_token',\n  idToken: 'id_token',\n  refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n  let issuer: string;\n  let clientId: string = sdk.options.clientId;\n  let clientSecret: string | undefined = sdk.options.clientSecret;\n\n  if (!token) {\n    token = sdk.tokenManager.getTokens()[kind];\n  }\n\n  if (!token) {\n    throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n  }\n\n  if (kind !== TokenKind.ACCESS) {\n    issuer = (token as any)?.issuer;\n  }\n  else {\n    issuer = (token as any)?.claims?.iss;\n  }\n  issuer = issuer || sdk.options.issuer;\n\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n  }\n  if (!issuer) {\n    throw new AuthSdkError('Unable to find issuer');\n  }\n\n  const { introspection_endpoint: introspectUrl }  = await getWellKnown(sdk, issuer);\n  const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  const args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: hintMap[kind],\n    token: token[kind]    // extract raw token string from token object\n  }).slice(1);\n  return post(sdk, introspectUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + authHeader\n    }\n  });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA,MAAMA,OAAO,GAAG;EACdC,WAAW,EAAE,cAAc;EAC3BC,OAAO,EAAE,UAAU;EACnBC,YAAY,EAAE;AAChB,CAAC;;AAED;AACO,eAAeC,cAAc,CAAEC,GAAG,EAAEC,IAAe,EAAEC,KAAa,EAAE;EACzE,IAAIC,MAAc;EAClB,IAAIC,QAAgB,GAAGJ,GAAG,CAACK,OAAO,CAACD,QAAQ;EAC3C,IAAIE,YAAgC,GAAGN,GAAG,CAACK,OAAO,CAACC,YAAY;EAE/D,IAAI,CAACJ,KAAK,EAAE;IACVA,KAAK,GAAGF,GAAG,CAACO,YAAY,CAACC,SAAS,EAAE,CAACP,IAAI,CAAC;EAC5C;EAEA,IAAI,CAACC,KAAK,EAAE;IACV,MAAM,IAAIO,oBAAY,CAAE,kBAAiBR,IAAK,0BAAyB,CAAC;EAC1E;EAEA,IAAIA,IAAI,KAAKS,gBAAS,CAACC,MAAM,EAAE;IAC7BR,MAAM,GAAID,KAAK,EAAUC,MAAM;EACjC,CAAC,MACI;IACHA,MAAM,GAAID,KAAK,EAAUU,MAAM,EAAEC,GAAG;EACtC;EACAV,MAAM,GAAGA,MAAM,IAAIH,GAAG,CAACK,OAAO,CAACF,MAAM;EAErC,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIK,oBAAY,CAAC,gFAAgF,CAAC;EAC1G;EACA,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIM,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,MAAM;IAAEK,sBAAsB,EAAEC;EAAc,CAAC,GAAI,MAAM,IAAAC,uBAAY,EAAChB,GAAG,EAAEG,MAAM,CAAC;EAClF,MAAMc,UAAU,GAAGX,YAAY,GAAG,IAAAY,YAAI,EAAE,GAAEd,QAAS,IAAGE,YAAa,EAAC,CAAC,GAAG,IAAAY,YAAI,EAACd,QAAQ,CAAC;EACtF,MAAMe,IAAI,GAAG,IAAAC,mBAAa,EAAC;IACzB;IACAC,eAAe,EAAE1B,OAAO,CAACM,IAAI,CAAC;IAC9BC,KAAK,EAAEA,KAAK,CAACD,IAAI,CAAC,CAAI;EACxB,CAAC,CAAC,CAACqB,KAAK,CAAC,CAAC,CAAC;EACX,OAAO,IAAAC,UAAI,EAACvB,GAAG,EAAEe,aAAa,EAAEI,IAAI,EAAE;IACpCK,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnD,eAAe,EAAE,QAAQ,GAAGP;IAC9B;EACF,CAAC,CAAC;AACJ"}

package/cjs/oidc/mixin/index.js

@@ -7,7 +7,7 @@ var _http = require("../../http");
 var _util = require("../../util");
 var crypto = _interopRequireWildcard(require("../../crypto"));
 var _pkce = _interopRequireDefault(require("../util/pkce"));
-var _factory = require("../factory");
+var _api = require("../factory/api");
 var _TokenManager = require("../TokenManager");
 var _util2 = require("../util");
 var _node = require("./node");
@@ -31,11 +31,11 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
         handleLogin: false
       };
       this._tokenQueue = new _util.PromiseQueue();
-      this.token = (0, _factory.createTokenAPI)(this, this._tokenQueue);
+      this.token = (0, _api.createTokenAPI)(this, this._tokenQueue);
 
       // TokenManager
       this.tokenManager = new _TokenManager.TokenManager(this, this.options.tokenManager);
-      this.endpoints = (0, _factory.createEndpoints)(this);
+      this.endpoints = (0, _api.createEndpoints)(this);
     }
 
     // inherited from subclass
@@ -158,13 +158,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
       return !!this.options.pkce;
     }
     hasResponseType(responseType) {
-      let hasResponseType = false;
-      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
-        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;
-      } else {
-        hasResponseType = this.options.responseType === responseType;
-      }
-      return hasResponseType;
+      return (0, _util2.hasResponseType)(responseType, this.options);
     }
     isAuthorizationCodeFlow() {
       return this.hasResponseType('code');
@@ -174,7 +168,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
     async invokeApiMethod(options) {
       if (!options.accessToken) {
         const accessToken = (await this.tokenManager.getTokens()).accessToken;
-        options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
+        options.accessToken = accessToken?.accessToken;
       }
       return (0, _http.httpRequest)(this, options);
     }
@@ -237,7 +231,6 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
     // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.
     // eslint-disable-next-line complexity, max-statements
     async signOut(options) {
-      var _options;
       options = Object.assign({}, options);
 
       // postLogoutRedirectUri must be whitelisted in Okta Admin UI
@@ -248,7 +241,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
       //    Okta sign-in page or the post_logout_redirect_uri (if specified)."
       // - https://developer.okta.com/docs/reference/api/oidc/#logout
       const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null : options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
-      const state = (_options = options) === null || _options === void 0 ? void 0 : _options.state;
+      const state = options?.state;
       let accessToken = options.accessToken;
       let refreshToken = options.refreshToken;
       const revokeAccessToken = options.revokeAccessToken !== false;

package/cjs/oidc/mixin/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","Array","isArray","length","indexOf","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n  Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n    endpoints: Endpoints;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n      this.endpoints = createEndpoints(this);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens, responseType } = await this.token.parseFromUrl();\n      if (responseType !== 'none') {\n        this.tokenManager.setTokens(tokens);\n      }\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n  \n    hasResponseType(responseType: OAuthResponseType): boolean {\n      let hasResponseType = false;\n      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n      } else {\n        hasResponseType = this.options.responseType === responseType;\n      }\n      return hasResponseType;\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (postLogoutRedirectUri === undefined) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity, max-statements\n    async signOut(options?: SignoutOptions): Promise<boolean> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      const defaultUri = window.location.origin;\n      const currentUri = window.location.href;\n      // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n      //    \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n      //    Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n      // - https://developer.okta.com/docs/reference/api/oidc/#logout\n      const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n        (options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri);\n      const state = options?.state;\n      \n    \n      let accessToken = options.accessToken;\n      let refreshToken = options.refreshToken;\n      const revokeAccessToken = options.revokeAccessToken !== false;\n      const revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        const sessionClosed = await this.closeSession();   // can throw if the user cannot be signed out\n        const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n        if (state) {\n          redirectUri.searchParams.append('state', state);\n        }\n        if (postLogoutRedirectUri === currentUri) {\n          // window.location.reload(); // force a hard reload if URI is not changing\n          window.location.href = redirectUri.href;\n        } else {\n          window.location.assign(redirectUri.href);\n        }\n        return sessionClosed;\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n        return true;\n      }\n    }\n\n  };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,uBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,wBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,IAAIK,eAAe,GAAG,KAAK;MAC3B,IAAIC,KAAK,CAACC,OAAO,CAAC,IAAI,CAACvD,OAAO,CAACgD,YAAY,CAAC,IAAI,IAAI,CAAChD,OAAO,CAACgD,YAAY,CAACQ,MAAM,EAAE;QAChFH,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,CAACS,OAAO,CAACT,YAAY,CAAC,IAAI,CAAC;MACxE,CAAC,MAAM;QACLK,eAAe,GAAG,IAAI,CAACrD,OAAO,CAACgD,YAAY,KAAKA,YAAY;MAC9D;MACA,OAAOK,eAAe;IACxB;IAEAK,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACL,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAMM,eAAe,CAAC3D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAoC,iBAAW,EAAC,IAAI,EAAE7D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM8D,iBAAiB,CAACrC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACgD,SAAS,EAAE,EAAEnC,WAA0B;QAC9E,MAAMsC,cAAc,GAAG,IAAI,CAACnD,YAAY,CAACoD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACiC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACtC,WAAW,EAAE;QAChB,OAAOwC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAAC1C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM2C,kBAAkB,CAACvB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAACgD,SAAS,EAAE,EAAEf,YAA4B;QACjF,MAAMwB,eAAe,GAAG,IAAI,CAACzD,YAAY,CAACoD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpD,YAAY,CAACkB,MAAM,CAACuC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACxB,YAAY,EAAE;QACjB,OAAOoB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACxD,KAAK,CAACyD,MAAM,CAACtB,YAAY,CAAC;IACxC;IAEAyB,qBAAqB,CAACtE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPwC,qBAAqB;QACrBC;MACF,CAAC,GAAGxE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIwC,qBAAqB,KAAK3C,SAAS,EAAE;QACvC2C,qBAAqB,GAAG,IAAI,CAACvE,OAAO,CAACuE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG5C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI6C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC9E,OAAwB,EAAoB;MAAA;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAM+E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGvE,OAAO,CAACuE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxEvE,OAAO,CAACuE,qBAAqB,IAC3B,IAAI,CAACvE,OAAO,CAACuE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,eAAGxE,OAAO,6CAAP,SAASwE,KAAK;MAG5B,IAAI/C,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMiB,iBAAiB,GAAG9D,OAAO,CAAC8D,iBAAiB,KAAK,KAAK;MAC7D,MAAMM,kBAAkB,GAAGpE,OAAO,CAACoE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOvB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIiB,iBAAiB,IAAI,OAAOrC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIqC,kBAAkB,IAAIvB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACuB,kBAAkB,CAACvB,YAAY,CAAC;MAC7C;MAEA,IAAIiB,iBAAiB,IAAIrC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACqC,iBAAiB,CAACrC,WAAW,CAAC;MAC3C;MAEA,MAAMmD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGtE,OAAO;QAAEuE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAACyF,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAIrF,OAAO,CAAC2F,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC/E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAACgF,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAACnF,MAAM,CAAC8E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDA7S4BiB,MAAM;AA+SrC"}
+{"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n  Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n    endpoints: Endpoints;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n      this.endpoints = createEndpoints(this);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens, responseType } = await this.token.parseFromUrl();\n      if (responseType !== 'none') {\n        this.tokenManager.setTokens(tokens);\n      }\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n\n    hasResponseType(responseType: OAuthResponseType): boolean {\n      return hasResponseType(responseType, this.options);\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (postLogoutRedirectUri === undefined) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity, max-statements\n    async signOut(options?: SignoutOptions): Promise<boolean> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      const defaultUri = window.location.origin;\n      const currentUri = window.location.href;\n      // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n      //    \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n      //    Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n      // - https://developer.okta.com/docs/reference/api/oidc/#logout\n      const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n        (options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri);\n      const state = options?.state;\n      \n    \n      let accessToken = options.accessToken;\n      let refreshToken = options.refreshToken;\n      const revokeAccessToken = options.revokeAccessToken !== false;\n      const revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        const sessionClosed = await this.closeSession();   // can throw if the user cannot be signed out\n        const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n        if (state) {\n          redirectUri.searchParams.append('state', state);\n        }\n        if (postLogoutRedirectUri === currentUri) {\n          // window.location.reload(); // force a hard reload if URI is not changing\n          window.location.href = redirectUri.href;\n        } else {\n          window.location.assign(redirectUri.href);\n        }\n        return sessionClosed;\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n        return true;\n      }\n    }\n\n  };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,mBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,oBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,OAAO,IAAAK,sBAAe,EAACL,YAAY,EAAE,IAAI,CAAChD,OAAO,CAAC;IACpD;IAEAsD,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACD,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAME,eAAe,CAACvD,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAAC4C,SAAS,EAAE,EAAE/B,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,EAAEA,WAAW;MAChD;MACA,OAAO,IAAAgC,iBAAW,EAAC,IAAI,EAAEzD,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM0D,iBAAiB,CAACjC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAAC4C,SAAS,EAAE,EAAE/B,WAA0B;QAC9E,MAAMkC,cAAc,GAAG,IAAI,CAAC/C,YAAY,CAACgD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAAChD,YAAY,CAACkB,MAAM,CAAC6B,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAAClC,WAAW,EAAE;QAChB,OAAOoC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACpD,KAAK,CAACqD,MAAM,CAACtC,WAAW,CAAC;IACvC;;IAEA;IACA,MAAMuC,kBAAkB,CAACnB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAAC4C,SAAS,EAAE,EAAEX,YAA4B;QACjF,MAAMoB,eAAe,GAAG,IAAI,CAACrD,YAAY,CAACgD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAAChD,YAAY,CAACkB,MAAM,CAACmC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACpB,YAAY,EAAE;QACjB,OAAOgB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACpD,KAAK,CAACqD,MAAM,CAAClB,YAAY,CAAC;IACxC;IAEAqB,qBAAqB,CAAClE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPoC,qBAAqB;QACrBC;MACF,CAAC,GAAGpE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIoC,qBAAqB,KAAKvC,SAAS,EAAE;QACvCuC,qBAAqB,GAAG,IAAI,CAACnE,OAAO,CAACmE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAGxC,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAIyC,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC1E,OAAwB,EAAoB;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAM2E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGnE,OAAO,CAACmE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxEnE,OAAO,CAACmE,qBAAqB,IAC3B,IAAI,CAACnE,OAAO,CAACmE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,GAAGpE,OAAO,EAAEoE,KAAK;MAG5B,IAAI3C,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMa,iBAAiB,GAAG1D,OAAO,CAAC0D,iBAAiB,KAAK,KAAK;MAC7D,MAAMM,kBAAkB,GAAGhE,OAAO,CAACgE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOnB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIa,iBAAiB,IAAI,OAAOjC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIiC,kBAAkB,IAAInB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACmB,kBAAkB,CAACnB,YAAY,CAAC;MAC7C;MAEA,IAAIa,iBAAiB,IAAIjC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACiC,iBAAiB,CAACjC,WAAW,CAAC;MAC3C;MAEA,MAAM+C,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGlE,OAAO;QAAEmE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAAC/E,MAAM,CAACqF,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAIjF,OAAO,CAACuF,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC3E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAAC4E,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAAC/E,MAAM,CAAC0E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDAvS4BiB,MAAM;AAySrC"}