@okta/okta-auth-js 7.4.3 → 7.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (366) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/README.md +1 -1
  3. package/cjs/browser/fingerprint.js +1 -2
  4. package/cjs/browser/fingerprint.js.map +1 -1
  5. package/cjs/core/ServiceManager/browser.js +3 -4
  6. package/cjs/core/ServiceManager/browser.js.map +1 -1
  7. package/cjs/core/types/api.js.map +1 -1
  8. package/cjs/fetch/fetchRequest.js +1 -2
  9. package/cjs/fetch/fetchRequest.js.map +1 -1
  10. package/cjs/http/OktaUserAgent.js +2 -2
  11. package/cjs/http/request.js +11 -5
  12. package/cjs/http/request.js.map +1 -1
  13. package/cjs/http/types.js.map +1 -1
  14. package/cjs/idx/IdxTransactionManager.js +1 -1
  15. package/cjs/idx/IdxTransactionManager.js.map +1 -1
  16. package/cjs/idx/authenticator/OktaPassword.js +1 -2
  17. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  18. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +1 -2
  19. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  20. package/cjs/idx/authenticator/getAuthenticator.js +3 -4
  21. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  22. package/cjs/idx/factory/MinimalOktaAuthIdx.js +20 -0
  23. package/cjs/idx/factory/MinimalOktaAuthIdx.js.map +1 -0
  24. package/cjs/idx/factory/api.js +9 -0
  25. package/cjs/idx/factory/api.js.map +1 -1
  26. package/cjs/idx/factory/index.js +11 -0
  27. package/cjs/idx/factory/index.js.map +1 -1
  28. package/cjs/idx/factory/minimalApi.js +41 -0
  29. package/cjs/idx/factory/minimalApi.js.map +1 -0
  30. package/cjs/idx/flow/AccountUnlockFlow.js +2 -1
  31. package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -1
  32. package/cjs/idx/flow/AuthenticationFlow.js +1 -0
  33. package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
  34. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  35. package/cjs/idx/flow/PasswordRecoveryFlow.js +1 -0
  36. package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  37. package/cjs/idx/idxState/index.js +1 -1
  38. package/cjs/idx/idxState/index.js.map +1 -1
  39. package/cjs/idx/idxState/v1/generateIdxAction.js +2 -2
  40. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  41. package/cjs/idx/idxState/v1/idxResponseParser.js +11 -10
  42. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  43. package/cjs/idx/idxState/v1/makeIdxState.js +1 -2
  44. package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
  45. package/cjs/idx/idxState/v1/parsers.js +1 -4
  46. package/cjs/idx/idxState/v1/parsers.js.map +1 -1
  47. package/cjs/idx/idxState/v1/remediationParser.js +4 -5
  48. package/cjs/idx/idxState/v1/remediationParser.js.map +1 -1
  49. package/cjs/idx/interact.js +1 -2
  50. package/cjs/idx/interact.js.map +1 -1
  51. package/cjs/idx/mixinMinimal.js +19 -0
  52. package/cjs/idx/mixinMinimal.js.map +1 -0
  53. package/cjs/idx/poll.js +3 -5
  54. package/cjs/idx/poll.js.map +1 -1
  55. package/cjs/idx/proceed.js +1 -1
  56. package/cjs/idx/proceed.js.map +1 -1
  57. package/cjs/idx/remediators/Base/AuthenticatorData.js +1 -1
  58. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  59. package/cjs/idx/remediators/Base/Remediator.js +5 -7
  60. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  61. package/cjs/idx/remediators/Base/SelectAuthenticator.js +3 -4
  62. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  63. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +1 -2
  64. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  65. package/cjs/idx/remediators/EnrollPoll.js +1 -1
  66. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  67. package/cjs/idx/remediators/Identify.js.map +1 -1
  68. package/cjs/idx/remediators/ReEnrollAuthenticatorWarning.js +22 -0
  69. package/cjs/idx/remediators/ReEnrollAuthenticatorWarning.js.map +1 -0
  70. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +2 -3
  71. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  72. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +2 -3
  73. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
  74. package/cjs/idx/remediators/SelectEnrollmentChannel.js +1 -2
  75. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  76. package/cjs/idx/remediators/index.js +11 -0
  77. package/cjs/idx/remediators/index.js.map +1 -1
  78. package/cjs/idx/remediators/util.js +2 -4
  79. package/cjs/idx/remediators/util.js.map +1 -1
  80. package/cjs/idx/run.js +7 -10
  81. package/cjs/idx/run.js.map +1 -1
  82. package/cjs/idx/transactionMeta.js +1 -1
  83. package/cjs/idx/transactionMeta.js.map +1 -1
  84. package/cjs/idx/types/FlowSpecification.js +2 -0
  85. package/cjs/idx/types/FlowSpecification.js.map +1 -0
  86. package/cjs/idx/types/api.js.map +1 -1
  87. package/cjs/idx/types/index.js.map +1 -1
  88. package/cjs/idx/util.js +23 -10
  89. package/cjs/idx/util.js.map +1 -1
  90. package/cjs/myaccount/emailApi.js +11 -15
  91. package/cjs/myaccount/emailApi.js.map +1 -1
  92. package/cjs/myaccount/passwordApi.js +8 -10
  93. package/cjs/myaccount/passwordApi.js.map +1 -1
  94. package/cjs/myaccount/phoneApi.js +7 -9
  95. package/cjs/myaccount/phoneApi.js.map +1 -1
  96. package/cjs/myaccount/profileApi.js +7 -9
  97. package/cjs/myaccount/profileApi.js.map +1 -1
  98. package/cjs/myaccount/request.js +18 -27
  99. package/cjs/myaccount/request.js.map +1 -1
  100. package/cjs/myaccount/transactions/Base.js.map +1 -1
  101. package/cjs/myaccount/transactions/EmailChallengeTransaction.js +4 -4
  102. package/cjs/myaccount/transactions/EmailChallengeTransaction.js.map +1 -1
  103. package/cjs/myaccount/transactions/EmailTransaction.js +8 -9
  104. package/cjs/myaccount/transactions/EmailTransaction.js.map +1 -1
  105. package/cjs/myaccount/transactions/PasswordTransaction.js +6 -9
  106. package/cjs/myaccount/transactions/PasswordTransaction.js.map +1 -1
  107. package/cjs/myaccount/transactions/PhoneTransaction.js +2 -3
  108. package/cjs/myaccount/transactions/PhoneTransaction.js.map +1 -1
  109. package/cjs/myaccount/types.js +1 -52
  110. package/cjs/myaccount/types.js.map +1 -1
  111. package/cjs/oidc/TokenManager.js +4 -4
  112. package/cjs/oidc/TokenManager.js.map +1 -1
  113. package/cjs/oidc/TransactionManager.js +1 -1
  114. package/cjs/oidc/TransactionManager.js.map +1 -1
  115. package/cjs/oidc/factory/baseApi.js +29 -0
  116. package/cjs/oidc/factory/baseApi.js.map +1 -0
  117. package/cjs/oidc/getToken.js +1 -2
  118. package/cjs/oidc/getToken.js.map +1 -1
  119. package/cjs/oidc/introspect.js +3 -5
  120. package/cjs/oidc/introspect.js.map +1 -1
  121. package/cjs/oidc/mixin/index.js +6 -13
  122. package/cjs/oidc/mixin/index.js.map +1 -1
  123. package/cjs/oidc/mixin/minimal.js +29 -0
  124. package/cjs/oidc/mixin/minimal.js.map +1 -0
  125. package/cjs/oidc/renewTokens.js +1 -2
  126. package/cjs/oidc/renewTokens.js.map +1 -1
  127. package/cjs/oidc/types/api.js.map +1 -1
  128. package/cjs/oidc/util/errors.js +2 -2
  129. package/cjs/oidc/util/errors.js.map +1 -1
  130. package/cjs/oidc/util/loginRedirect.js +10 -0
  131. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  132. package/cjs/oidc/util/validateClaims.js +1 -1
  133. package/cjs/oidc/util/validateClaims.js.map +1 -1
  134. package/cjs/oidc/verifyToken.js +1 -1
  135. package/cjs/oidc/verifyToken.js.map +1 -1
  136. package/cjs/services/LeaderElectionService.js +3 -6
  137. package/cjs/services/LeaderElectionService.js.map +1 -1
  138. package/cjs/services/SyncStorageService.js +6 -11
  139. package/cjs/services/SyncStorageService.js.map +1 -1
  140. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  141. package/dist/okta-auth-js.authn.min.js +1 -1
  142. package/dist/okta-auth-js.authn.min.js.map +1 -1
  143. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  144. package/dist/okta-auth-js.core.min.js +1 -1
  145. package/dist/okta-auth-js.core.min.js.map +1 -1
  146. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  147. package/dist/okta-auth-js.idx.min.js +1 -1
  148. package/dist/okta-auth-js.idx.min.js.map +1 -1
  149. package/dist/okta-auth-js.min.analyzer.html +2 -2
  150. package/dist/okta-auth-js.min.js +1 -1
  151. package/dist/okta-auth-js.min.js.map +1 -1
  152. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  153. package/dist/okta-auth-js.myaccount.min.js +1 -1
  154. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  155. package/esm/browser/exports/exports/authn.js +1 -1
  156. package/esm/browser/exports/exports/core.js +1 -1
  157. package/esm/browser/exports/exports/default.js +2 -9
  158. package/esm/browser/exports/exports/default.js.map +1 -1
  159. package/esm/browser/exports/exports/idx.js +2 -1
  160. package/esm/browser/exports/exports/idx.js.map +1 -1
  161. package/esm/browser/exports/exports/myaccount.js +1 -9
  162. package/esm/browser/exports/exports/myaccount.js.map +1 -1
  163. package/esm/browser/http/OktaUserAgent.js +2 -2
  164. package/esm/browser/http/request.js +7 -1
  165. package/esm/browser/http/request.js.map +1 -1
  166. package/esm/browser/idx/cancel.js +1 -0
  167. package/esm/browser/idx/cancel.js.map +1 -1
  168. package/esm/browser/idx/factory/MinimalOktaAuthIdx.js +31 -0
  169. package/esm/browser/idx/factory/MinimalOktaAuthIdx.js.map +1 -0
  170. package/esm/browser/idx/factory/api.js +7 -0
  171. package/esm/browser/idx/factory/api.js.map +1 -1
  172. package/esm/browser/idx/factory/minimalApi.js +38 -0
  173. package/esm/browser/idx/factory/minimalApi.js.map +1 -0
  174. package/esm/browser/idx/flow/AccountUnlockFlow.js +2 -0
  175. package/esm/browser/idx/flow/AccountUnlockFlow.js.map +1 -1
  176. package/esm/browser/idx/flow/AuthenticationFlow.js +2 -0
  177. package/esm/browser/idx/flow/AuthenticationFlow.js.map +1 -1
  178. package/esm/browser/idx/flow/FlowSpecification.js.map +1 -1
  179. package/esm/browser/idx/flow/PasswordRecoveryFlow.js +2 -0
  180. package/esm/browser/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  181. package/esm/browser/idx/flow/RegistrationFlow.js +1 -0
  182. package/esm/browser/idx/flow/RegistrationFlow.js.map +1 -1
  183. package/esm/browser/idx/idxState/v1/idxResponseParser.js +4 -4
  184. package/esm/browser/idx/idxState/v1/idxResponseParser.js.map +1 -1
  185. package/esm/browser/idx/idxState/v1/makeIdxState.js.map +1 -1
  186. package/esm/browser/idx/idxState/v1/parsers.js.map +1 -1
  187. package/esm/browser/idx/idxState/v1/remediationParser.js +1 -6
  188. package/esm/browser/idx/idxState/v1/remediationParser.js.map +1 -1
  189. package/esm/browser/idx/mixinMinimal.js +29 -0
  190. package/esm/browser/idx/mixinMinimal.js.map +1 -0
  191. package/esm/browser/idx/recoverPassword.js +1 -0
  192. package/esm/browser/idx/recoverPassword.js.map +1 -1
  193. package/esm/browser/idx/remediators/Base/Remediator.js.map +1 -1
  194. package/esm/browser/idx/remediators/Identify.js.map +1 -1
  195. package/esm/browser/idx/remediators/ReEnrollAuthenticatorWarning.js +20 -0
  196. package/esm/browser/idx/remediators/ReEnrollAuthenticatorWarning.js.map +1 -0
  197. package/esm/browser/idx/remediators/index.js +1 -0
  198. package/esm/browser/idx/remediators/index.js.map +1 -1
  199. package/esm/browser/idx/run.js +4 -22
  200. package/esm/browser/idx/run.js.map +1 -1
  201. package/esm/browser/idx/types/api.js.map +1 -1
  202. package/esm/browser/idx/util.js +16 -3
  203. package/esm/browser/idx/util.js.map +1 -1
  204. package/esm/browser/myaccount/emailApi.js +9 -11
  205. package/esm/browser/myaccount/emailApi.js.map +1 -1
  206. package/esm/browser/myaccount/passwordApi.js +4 -6
  207. package/esm/browser/myaccount/passwordApi.js.map +1 -1
  208. package/esm/browser/myaccount/phoneApi.js +5 -6
  209. package/esm/browser/myaccount/phoneApi.js.map +1 -1
  210. package/esm/browser/myaccount/profileApi.js +6 -6
  211. package/esm/browser/myaccount/profileApi.js.map +1 -1
  212. package/esm/browser/myaccount/request.js +13 -28
  213. package/esm/browser/myaccount/request.js.map +1 -1
  214. package/esm/browser/myaccount/transactions/Base.js.map +1 -1
  215. package/esm/browser/myaccount/transactions/EmailChallengeTransaction.js +3 -3
  216. package/esm/browser/myaccount/transactions/EmailChallengeTransaction.js.map +1 -1
  217. package/esm/browser/myaccount/transactions/EmailTransaction.js +5 -6
  218. package/esm/browser/myaccount/transactions/EmailTransaction.js.map +1 -1
  219. package/esm/browser/myaccount/transactions/PasswordTransaction.js +3 -6
  220. package/esm/browser/myaccount/transactions/PasswordTransaction.js.map +1 -1
  221. package/esm/browser/myaccount/transactions/PhoneTransaction.js +1 -2
  222. package/esm/browser/myaccount/transactions/PhoneTransaction.js.map +1 -1
  223. package/esm/browser/myaccount/types.js +0 -4
  224. package/esm/browser/myaccount/types.js.map +1 -1
  225. package/esm/browser/oidc/TokenManager.js +3 -2
  226. package/esm/browser/oidc/TokenManager.js.map +1 -1
  227. package/esm/browser/oidc/factory/baseApi.js +28 -0
  228. package/esm/browser/oidc/factory/baseApi.js.map +1 -0
  229. package/esm/browser/oidc/introspect.js +1 -1
  230. package/esm/browser/oidc/introspect.js.map +1 -1
  231. package/esm/browser/oidc/mixin/index.js +2 -9
  232. package/esm/browser/oidc/mixin/index.js.map +1 -1
  233. package/esm/browser/oidc/mixin/minimal.js +45 -0
  234. package/esm/browser/oidc/mixin/minimal.js.map +1 -0
  235. package/esm/browser/oidc/util/loginRedirect.js +11 -1
  236. package/esm/browser/oidc/util/loginRedirect.js.map +1 -1
  237. package/esm/browser/oidc/util/validateClaims.js +2 -1
  238. package/esm/browser/oidc/util/validateClaims.js.map +1 -1
  239. package/esm/browser/package.json +1 -1
  240. package/esm/node/exports/exports/authn.js +1 -1
  241. package/esm/node/exports/exports/core.js +1 -1
  242. package/esm/node/exports/exports/default.js +2 -9
  243. package/esm/node/exports/exports/default.js.map +1 -1
  244. package/esm/node/exports/exports/idx.js +2 -1
  245. package/esm/node/exports/exports/idx.js.map +1 -1
  246. package/esm/node/exports/exports/myaccount.js +1 -9
  247. package/esm/node/exports/exports/myaccount.js.map +1 -1
  248. package/esm/node/fetch/fetchRequest.js +1 -1
  249. package/esm/node/fetch/fetchRequest.js.map +1 -1
  250. package/esm/node/http/OktaUserAgent.js +2 -2
  251. package/esm/node/http/request.js +7 -1
  252. package/esm/node/http/request.js.map +1 -1
  253. package/esm/node/idx/cancel.js +1 -0
  254. package/esm/node/idx/cancel.js.map +1 -1
  255. package/esm/node/idx/factory/MinimalOktaAuthIdx.js +31 -0
  256. package/esm/node/idx/factory/MinimalOktaAuthIdx.js.map +1 -0
  257. package/esm/node/idx/factory/api.js +7 -0
  258. package/esm/node/idx/factory/api.js.map +1 -1
  259. package/esm/node/idx/factory/minimalApi.js +38 -0
  260. package/esm/node/idx/factory/minimalApi.js.map +1 -0
  261. package/esm/node/idx/flow/AccountUnlockFlow.js +2 -0
  262. package/esm/node/idx/flow/AccountUnlockFlow.js.map +1 -1
  263. package/esm/node/idx/flow/AuthenticationFlow.js +2 -0
  264. package/esm/node/idx/flow/AuthenticationFlow.js.map +1 -1
  265. package/esm/node/idx/flow/FlowSpecification.js.map +1 -1
  266. package/esm/node/idx/flow/PasswordRecoveryFlow.js +2 -0
  267. package/esm/node/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  268. package/esm/node/idx/flow/RegistrationFlow.js +1 -0
  269. package/esm/node/idx/flow/RegistrationFlow.js.map +1 -1
  270. package/esm/node/idx/idxState/v1/idxResponseParser.js +4 -4
  271. package/esm/node/idx/idxState/v1/idxResponseParser.js.map +1 -1
  272. package/esm/node/idx/idxState/v1/makeIdxState.js.map +1 -1
  273. package/esm/node/idx/idxState/v1/parsers.js.map +1 -1
  274. package/esm/node/idx/idxState/v1/remediationParser.js +1 -6
  275. package/esm/node/idx/idxState/v1/remediationParser.js.map +1 -1
  276. package/esm/node/idx/mixinMinimal.js +29 -0
  277. package/esm/node/idx/mixinMinimal.js.map +1 -0
  278. package/esm/node/idx/recoverPassword.js +1 -0
  279. package/esm/node/idx/recoverPassword.js.map +1 -1
  280. package/esm/node/idx/remediators/Base/Remediator.js.map +1 -1
  281. package/esm/node/idx/remediators/Identify.js.map +1 -1
  282. package/esm/node/idx/remediators/ReEnrollAuthenticatorWarning.js +20 -0
  283. package/esm/node/idx/remediators/ReEnrollAuthenticatorWarning.js.map +1 -0
  284. package/esm/node/idx/remediators/index.js +1 -0
  285. package/esm/node/idx/remediators/index.js.map +1 -1
  286. package/esm/node/idx/run.js +4 -22
  287. package/esm/node/idx/run.js.map +1 -1
  288. package/esm/node/idx/types/api.js.map +1 -1
  289. package/esm/node/idx/util.js +16 -3
  290. package/esm/node/idx/util.js.map +1 -1
  291. package/esm/node/myaccount/emailApi.js +9 -11
  292. package/esm/node/myaccount/emailApi.js.map +1 -1
  293. package/esm/node/myaccount/passwordApi.js +4 -6
  294. package/esm/node/myaccount/passwordApi.js.map +1 -1
  295. package/esm/node/myaccount/phoneApi.js +5 -6
  296. package/esm/node/myaccount/phoneApi.js.map +1 -1
  297. package/esm/node/myaccount/profileApi.js +6 -6
  298. package/esm/node/myaccount/profileApi.js.map +1 -1
  299. package/esm/node/myaccount/request.js +13 -28
  300. package/esm/node/myaccount/request.js.map +1 -1
  301. package/esm/node/myaccount/transactions/Base.js.map +1 -1
  302. package/esm/node/myaccount/transactions/EmailChallengeTransaction.js +3 -3
  303. package/esm/node/myaccount/transactions/EmailChallengeTransaction.js.map +1 -1
  304. package/esm/node/myaccount/transactions/EmailTransaction.js +5 -6
  305. package/esm/node/myaccount/transactions/EmailTransaction.js.map +1 -1
  306. package/esm/node/myaccount/transactions/PasswordTransaction.js +3 -6
  307. package/esm/node/myaccount/transactions/PasswordTransaction.js.map +1 -1
  308. package/esm/node/myaccount/transactions/PhoneTransaction.js +1 -2
  309. package/esm/node/myaccount/transactions/PhoneTransaction.js.map +1 -1
  310. package/esm/node/myaccount/types.js +0 -5
  311. package/esm/node/myaccount/types.js.map +1 -1
  312. package/esm/node/oidc/TokenManager.js +3 -2
  313. package/esm/node/oidc/TokenManager.js.map +1 -1
  314. package/esm/node/oidc/factory/baseApi.js +29 -0
  315. package/esm/node/oidc/factory/baseApi.js.map +1 -0
  316. package/esm/node/oidc/introspect.js +1 -1
  317. package/esm/node/oidc/introspect.js.map +1 -1
  318. package/esm/node/oidc/mixin/index.js +2 -9
  319. package/esm/node/oidc/mixin/index.js.map +1 -1
  320. package/esm/node/oidc/mixin/minimal.js +46 -0
  321. package/esm/node/oidc/mixin/minimal.js.map +1 -0
  322. package/esm/node/oidc/util/loginRedirect.js +11 -1
  323. package/esm/node/oidc/util/loginRedirect.js.map +1 -1
  324. package/esm/node/oidc/util/validateClaims.js +2 -1
  325. package/esm/node/oidc/util/validateClaims.js.map +1 -1
  326. package/esm/node/package.json +1 -1
  327. package/package.json +4 -4
  328. package/types/lib/core/types/api.d.ts +1 -0
  329. package/types/lib/http/types.d.ts +1 -1
  330. package/types/lib/idx/factory/MinimalOktaAuthIdx.d.ts +8 -0
  331. package/types/lib/idx/factory/index.d.ts +1 -0
  332. package/types/lib/idx/factory/minimalApi.d.ts +14 -0
  333. package/types/lib/idx/flow/FlowSpecification.d.ts +1 -8
  334. package/types/lib/idx/idxState/v1/idxResponseParser.d.ts +4 -3
  335. package/types/lib/idx/idxState/v1/remediationParser.d.ts +2 -2
  336. package/types/lib/idx/mixinMinimal.d.ts +6 -0
  337. package/types/lib/idx/remediators/Base/Remediator.d.ts +1 -0
  338. package/types/lib/idx/remediators/Identify.d.ts +1 -0
  339. package/types/lib/idx/remediators/ReEnrollAuthenticatorWarning.d.ts +15 -0
  340. package/types/lib/idx/remediators/index.d.ts +1 -0
  341. package/types/lib/idx/types/FlowSpecification.d.ts +8 -0
  342. package/types/lib/idx/types/api.d.ts +18 -2
  343. package/types/lib/idx/types/index.d.ts +1 -0
  344. package/types/lib/idx/util.d.ts +10 -2
  345. package/types/lib/myaccount/emailApi.d.ts +2 -1
  346. package/types/lib/myaccount/passwordApi.d.ts +2 -1
  347. package/types/lib/myaccount/phoneApi.d.ts +2 -1
  348. package/types/lib/myaccount/profileApi.d.ts +2 -1
  349. package/types/lib/myaccount/request.d.ts +4 -16
  350. package/types/lib/myaccount/transactions/Base.d.ts +14 -1
  351. package/types/lib/myaccount/transactions/EmailTransaction.d.ts +2 -1
  352. package/types/lib/myaccount/types.d.ts +1 -1
  353. package/types/lib/oidc/factory/baseApi.d.ts +14 -0
  354. package/types/lib/oidc/mixin/minimal.d.ts +4 -0
  355. package/types/lib/oidc/types/api.d.ts +8 -0
  356. package/types/lib/oidc/util/loginRedirect.d.ts +2 -1
  357. package/umd/authn.js +1 -1
  358. package/umd/authn.js.map +1 -1
  359. package/umd/core.js +1 -1
  360. package/umd/core.js.map +1 -1
  361. package/umd/default.js +1 -1
  362. package/umd/default.js.map +1 -1
  363. package/umd/idx.js +1 -1
  364. package/umd/idx.js.map +1 -1
  365. package/umd/myaccount.js +1 -1
  366. package/umd/myaccount.js.map +1 -1
package/cjs/oidc/mixin/minimal.js ADDED
@@ -0,0 +1,29 @@
1
+ "use strict";
2
+
3
+ exports.mixinMinimalOAuth = mixinMinimalOAuth;
4
+ var _baseApi = require("../factory/baseApi");
5
+ var _util = require("../util");
6
+ function mixinMinimalOAuth(Base, TransactionManagerConstructor) {
7
+ return class OktaAuthOAuth extends Base {
8
+ constructor(...args) {
9
+ super(...args);
10
+ this.transactionManager = new TransactionManagerConstructor(Object.assign({
11
+ storageManager: this.storageManager
12
+ }, this.options.transactionManager));
13
+ this.token = (0, _baseApi.createBaseTokenAPI)(this);
14
+ }
15
+ isLoginRedirect() {
16
+ return (0, _util.isLoginRedirect)(this);
17
+ }
18
+ isPKCE() {
19
+ return !!this.options.pkce;
20
+ }
21
+ hasResponseType(responseType) {
22
+ return (0, _util.hasResponseType)(responseType, this.options);
23
+ }
24
+ isAuthorizationCodeFlow() {
25
+ return this.hasResponseType('code');
26
+ }
27
+ };
28
+ }
29
+ //# sourceMappingURL=minimal.js.map
package/cjs/oidc/mixin/minimal.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"minimal.js","names":["mixinMinimalOAuth","Base","TransactionManagerConstructor","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","token","createBaseTokenAPI","isLoginRedirect","isPKCE","pkce","hasResponseType","responseType","isAuthorizationCodeFlow"],"sources":["../../../../lib/oidc/mixin/minimal.ts"],"sourcesContent":["\nimport { OktaAuthConstructor } from '../../base/types';\nimport {\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n MinimalOktaOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n BaseTokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n} from '../types';\nimport { createBaseTokenAPI } from '../factory/baseApi';\nimport { isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nexport function mixinMinimalOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n{\n return class OktaAuthOAuth extends Base implements MinimalOktaOAuthInterface<M, S, O, TM>\n {\n token: BaseTokenAPI;\n transactionManager: TM;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.token = createBaseTokenAPI(this as any);\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this as any);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n };\n\n}\n"],"mappings":";;;AAaA;AACA;AAGO,SAASA,iBAAiB,CAU/BC,IAAW,EACXC,6BAAgE,EAElE;EACE,OAAO,MAAMC,aAAa,SAASF,IAAI,CACvC;IAIEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIJ,6BAA6B,CAACK,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,KAAK,GAAG,IAAAC,2BAAkB,EAAC,IAAI,CAAQ;IAC9C;IAEAC,eAAe,GAAY;MACzB,OAAO,IAAAA,qBAAe,EAAC,IAAI,CAAQ;IACrC;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACJ,OAAO,CAACK,IAAI;IAC5B;IAEAC,eAAe,CAACC,YAA+B,EAAW;MACxD,OAAO,IAAAD,qBAAe,EAACC,YAAY,EAAE,IAAI,CAACP,OAAO,CAAC;IACpD;IAEAQ,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACF,eAAe,CAAC,MAAM,CAAC;IACrC;EAEF,CAAC;AAEH"}
package/cjs/oidc/renewTokens.js CHANGED
@@ -21,8 +21,7 @@ var _util = require("./util");
21
21
  // If we have a refresh token, renew using that, otherwise getWithoutPrompt
22
22
  // eslint-disable-next-line complexity
23
23
  async function renewTokens(sdk, options) {
24
- var _options;
25
- const tokens = ((_options = options) === null || _options === void 0 ? void 0 : _options.tokens) ?? sdk.tokenManager.getTokensSync();
24
+ const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();
26
25
  if (tokens.refreshToken) {
27
26
  return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options || {}, tokens.refreshToken);
28
27
  }
package/cjs/oidc/renewTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EAAA;EACnF,MAAMC,MAAM,GAAG,aAAAD,OAAO,6CAAP,SAASC,MAAM,KAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
1
+ {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EACnF,MAAMC,MAAM,GAAGD,OAAO,EAAEC,MAAM,IAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
package/cjs/oidc/types/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
1
+ {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface MinimalOktaOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>\n{\n token: BaseTokenAPI;\n transactionManager: TM;\n\n isPKCE(): boolean;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
package/cjs/oidc/util/errors.js CHANGED
@@ -30,8 +30,8 @@ function isAuthorizationCodeError(sdk, error) {
30
30
  const authApiError = error;
31
31
  // xhr property doesn't seem to match XMLHttpRequest type
32
32
  const errorResponse = authApiError.xhr;
33
- const responseJSON = errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.responseJSON;
34
- return sdk.options.pkce && (responseJSON === null || responseJSON === void 0 ? void 0 : responseJSON.error) === 'invalid_grant';
33
+ const responseJSON = errorResponse?.responseJSON;
34
+ return sdk.options.pkce && responseJSON?.error === 'invalid_grant';
35
35
  }
36
36
  function isRefreshTokenInvalidError(error) {
37
37
  // error: {"error":"invalid_grant","error_description":"The refresh token is invalid or expired."}
package/cjs/oidc/util/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;AAcA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,0BAA0B,CAACC,KAAY,EAAE;EACvD,IAAIA,KAAK,CAACC,IAAI,KAAK,YAAY,EAAE;IAC/B,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAGF,KAAmB;EACtC,OAAQE,UAAU,CAACC,SAAS,KAAK,sBAAsB;AACzD;AAEO,SAASC,wBAAwB,CAACC,GAA2B,EAAEL,KAAY,EAAE;EAClF,IAAIA,KAAK,CAACC,IAAI,KAAK,cAAc,EAAE;IACjC,OAAO,KAAK;EACd;EACA,MAAMK,YAAY,GAAGN,KAAqB;EAC1C;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAyC;EAC5E,MAAMC,YAAY,GAAGF,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEE,YAAuC;EAC3E,OAAOJ,GAAG,CAACK,OAAO,CAACC,IAAI,IAAK,CAAAF,YAAY,aAAZA,YAAY,uBAAZA,YAAY,CAAET,KAAK,MAAe,eAAgB;AAChF;AAEO,SAASY,0BAA0B,CAACZ,KAAc,EAAW;EAClE;EACA,OAAO,IAAAa,oBAAY,EAACb,KAAK,CAAC,IACxBA,KAAK,CAACG,SAAS,KAAK,eAAe,IACnCH,KAAK,CAACc,YAAY,KAAK,0CAA0C;AACrE"}
1
+ {"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;AAcA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,0BAA0B,CAACC,KAAY,EAAE;EACvD,IAAIA,KAAK,CAACC,IAAI,KAAK,YAAY,EAAE;IAC/B,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAGF,KAAmB;EACtC,OAAQE,UAAU,CAACC,SAAS,KAAK,sBAAsB;AACzD;AAEO,SAASC,wBAAwB,CAACC,GAA2B,EAAEL,KAAY,EAAE;EAClF,IAAIA,KAAK,CAACC,IAAI,KAAK,cAAc,EAAE;IACjC,OAAO,KAAK;EACd;EACA,MAAMK,YAAY,GAAGN,KAAqB;EAC1C;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAyC;EAC5E,MAAMC,YAAY,GAAGF,aAAa,EAAEE,YAAuC;EAC3E,OAAOJ,GAAG,CAACK,OAAO,CAACC,IAAI,IAAKF,YAAY,EAAET,KAAK,KAAe,eAAgB;AAChF;AAEO,SAASY,0BAA0B,CAACZ,KAAc,EAAW;EAClE;EACA,OAAO,IAAAa,oBAAY,EAACb,KAAK,CAAC,IACxBA,KAAK,CAACG,SAAS,KAAK,eAAe,IACnCH,KAAK,CAACc,YAAY,KAAK,0CAA0C;AACrE"}
package/cjs/oidc/util/loginRedirect.js CHANGED
@@ -4,6 +4,7 @@ exports.getHashOrSearch = getHashOrSearch;
4
4
  exports.hasAuthorizationCode = hasAuthorizationCode;
5
5
  exports.hasErrorInUrl = hasErrorInUrl;
6
6
  exports.hasInteractionCode = hasInteractionCode;
7
+ exports.hasResponseType = hasResponseType;
7
8
  exports.hasTokensInHash = hasTokensInHash;
8
9
  exports.isCodeFlow = isCodeFlow;
9
10
  exports.isInteractionRequired = isInteractionRequired;
@@ -50,6 +51,15 @@ function isRedirectUri(uri, sdk) {
50
51
  function isCodeFlow(options) {
51
52
  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';
52
53
  }
54
+ function hasResponseType(responseType, options) {
55
+ let hasResponseType = false;
56
+ if (Array.isArray(options.responseType) && options.responseType.length) {
57
+ hasResponseType = options.responseType.indexOf(responseType) >= 0;
58
+ } else {
59
+ hasResponseType = options.responseType === responseType;
60
+ }
61
+ return hasResponseType;
62
+ }
53
63
  function getHashOrSearch(options) {
54
64
  var codeFlow = isCodeFlow(options);
55
65
  var useQuery = codeFlow && options.responseMode !== 'fragment';
package/cjs/oidc/util/loginRedirect.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGO,SAASA,eAAe,CAACC,IAAY,EAAW;EACrD,OAAO,uBAAuB,CAACC,IAAI,CAACD,IAAI,CAAC;AAC3C;;AAEA;AACO,SAASE,oBAAoB,CAACC,YAAoB,EAAW;EAClE,OAAO,UAAU,CAACF,IAAI,CAACE,YAAY,CAAC;AACtC;;AAEA;AACO,SAASC,kBAAkB,CAACD,YAAoB,EAAW;EAChE,OAAO,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AAClD;AAEO,SAASE,aAAa,CAACF,YAAoB,EAAW;EAC3D,OAAO,WAAW,CAACF,IAAI,CAACE,YAAY,CAAC,IAAI,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AACpF;AAEO,SAASG,aAAa,CAACC,GAAW,EAAEC,GAA2B,EAAW;EAC/E,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAAO;EAC5B,IAAI,CAACH,GAAG,IAAI,CAACE,UAAU,CAACE,WAAW,EAAE;IACnC,OAAO,KAAK;EACd;EACA,OAAOJ,GAAG,CAACK,OAAO,CAACH,UAAU,CAACE,WAAW,CAAC,KAAK,CAAC;AAClD;AAEO,SAASE,UAAU,CAACH,OAA6B,EAAE;EACxD,OAAOA,OAAO,CAACI,IAAI,IAAIJ,OAAO,CAACK,YAAY,KAAK,MAAM,IAAIL,OAAO,CAACM,YAAY,KAAK,OAAO;AAC5F;AAEO,SAASC,eAAe,CAACP,OAA6B,EAAE;EAC7D,IAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAO,CAAC;EAClC,IAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAY,KAAK,UAAU;EAC9D,OAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM,GAAGF,MAAM,CAACC,QAAQ,CAACrB,IAAI;AACjE;;AAEA;AACA;AACA;AACA;AACO,SAASuB,eAAe,CAAEf,GAA2B,EAAE;EAC5D;EACA,IAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAQ,CAACG,IAAI,EAAEhB,GAAG,CAAC,EAAC;IAC5C,OAAO,KAAK;EACd;;EAEA;EACA,IAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAO,CAAC;EACtC,IAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAO,CAAC;EAE/C,IAAIL,aAAa,CAACF,YAAY,CAAC,EAAE;IAC/B,OAAO,IAAI;EACb;EAEA,IAAIe,QAAQ,EAAE;IACZ,IAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAY,CAAC,IAAIC,kBAAkB,CAACD,YAAY,CAAC;IACrF,OAAOsB,OAAO;EAChB;;EAEA;EACA,OAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAQ,CAACrB,IAAI,CAAC;AAC9C;;AAEA;AACA;AACA;AACA;AACO,SAAS0B,qBAAqB,CAAElB,GAA2B,EAAEL,YAAqB,EAAE;EACzF,IAAI,CAACA,YAAY,EAAE;IAAE;IACnB;IACA,IAAI,CAACoB,eAAe,CAACf,GAAG,CAAC,EAAC;MACxB,OAAO,KAAK;IACd;IAEAL,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAO,CAAC;EAC7C;EACA,OAAO,+BAA+B,CAACT,IAAI,CAACE,YAAY,CAAC;AAC3D"}
1
+ {"version":3,"file":"loginRedirect.js","names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","hasResponseType","Array","isArray","length","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface, OAuthResponseType } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function hasResponseType(responseType: OAuthResponseType, options: OktaAuthOAuthOptions): boolean {\n let hasResponseType = false;\n if (Array.isArray(options.responseType) && options.responseType.length) {\n hasResponseType = options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = options.responseType === responseType;\n }\n return hasResponseType;\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGO,SAASA,eAAe,CAACC,IAAY,EAAW;EACrD,OAAO,uBAAuB,CAACC,IAAI,CAACD,IAAI,CAAC;AAC3C;;AAEA;AACO,SAASE,oBAAoB,CAACC,YAAoB,EAAW;EAClE,OAAO,UAAU,CAACF,IAAI,CAACE,YAAY,CAAC;AACtC;;AAEA;AACO,SAASC,kBAAkB,CAACD,YAAoB,EAAW;EAChE,OAAO,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AAClD;AAEO,SAASE,aAAa,CAACF,YAAoB,EAAW;EAC3D,OAAO,WAAW,CAACF,IAAI,CAACE,YAAY,CAAC,IAAI,sBAAsB,CAACF,IAAI,CAACE,YAAY,CAAC;AACpF;AAEO,SAASG,aAAa,CAACC,GAAW,EAAEC,GAA2B,EAAW;EAC/E,IAAIC,UAAU,GAAGD,GAAG,CAACE,OAAO;EAC5B,IAAI,CAACH,GAAG,IAAI,CAACE,UAAU,CAACE,WAAW,EAAE;IACnC,OAAO,KAAK;EACd;EACA,OAAOJ,GAAG,CAACK,OAAO,CAACH,UAAU,CAACE,WAAW,CAAC,KAAK,CAAC;AAClD;AAEO,SAASE,UAAU,CAACH,OAA6B,EAAE;EACxD,OAAOA,OAAO,CAACI,IAAI,IAAIJ,OAAO,CAACK,YAAY,KAAK,MAAM,IAAIL,OAAO,CAACM,YAAY,KAAK,OAAO;AAC5F;AAEO,SAASC,eAAe,CAACF,YAA+B,EAAEL,OAA6B,EAAW;EACvG,IAAIO,eAAe,GAAG,KAAK;EAC3B,IAAIC,KAAK,CAACC,OAAO,CAACT,OAAO,CAACK,YAAY,CAAC,IAAIL,OAAO,CAACK,YAAY,CAACK,MAAM,EAAE;IACtEH,eAAe,GAAGP,OAAO,CAACK,YAAY,CAACH,OAAO,CAACG,YAAY,CAAC,IAAI,CAAC;EACnE,CAAC,MAAM;IACLE,eAAe,GAAGP,OAAO,CAACK,YAAY,KAAKA,YAAY;EACzD;EACA,OAAOE,eAAe;AACxB;AAEO,SAASI,eAAe,CAACX,OAA6B,EAAE;EAC7D,IAAIY,QAAQ,GAAGT,UAAU,CAACH,OAAO,CAAC;EAClC,IAAIa,QAAQ,GAAGD,QAAQ,IAAIZ,OAAO,CAACM,YAAY,KAAK,UAAU;EAC9D,OAAOO,QAAQ,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM,GAAGF,MAAM,CAACC,QAAQ,CAACzB,IAAI;AACjE;;AAEA;AACA;AACA;AACA;AACO,SAAS2B,eAAe,CAAEnB,GAA2B,EAAE;EAC5D;EACA,IAAI,CAACF,aAAa,CAACkB,MAAM,CAACC,QAAQ,CAACG,IAAI,EAAEpB,GAAG,CAAC,EAAC;IAC5C,OAAO,KAAK;EACd;;EAEA;EACA,IAAIc,QAAQ,GAAGT,UAAU,CAACL,GAAG,CAACE,OAAO,CAAC;EACtC,IAAIP,YAAY,GAAGkB,eAAe,CAACb,GAAG,CAACE,OAAO,CAAC;EAE/C,IAAIL,aAAa,CAACF,YAAY,CAAC,EAAE;IAC/B,OAAO,IAAI;EACb;EAEA,IAAImB,QAAQ,EAAE;IACZ,IAAIO,OAAO,GAAI3B,oBAAoB,CAACC,YAAY,CAAC,IAAIC,kBAAkB,CAACD,YAAY,CAAC;IACrF,OAAO0B,OAAO;EAChB;;EAEA;EACA,OAAO9B,eAAe,CAACyB,MAAM,CAACC,QAAQ,CAACzB,IAAI,CAAC;AAC9C;;AAEA;AACA;AACA;AACA;AACO,SAAS8B,qBAAqB,CAAEtB,GAA2B,EAAEL,YAAqB,EAAE;EACzF,IAAI,CAACA,YAAY,EAAE;IAAE;IACnB;IACA,IAAI,CAACwB,eAAe,CAACnB,GAAG,CAAC,EAAC;MACxB,OAAO,KAAK;IACd;IAEAL,YAAY,GAAGkB,eAAe,CAACb,GAAG,CAACE,OAAO,CAAC;EAC7C;EACA,OAAO,+BAA+B,CAACT,IAAI,CAACE,YAAY,CAAC;AAC3D"}
package/cjs/oidc/util/validateClaims.js CHANGED
@@ -33,7 +33,7 @@ function validateClaims(sdk, claims, validationParams) {
33
33
  if (claims.iss !== iss) {
34
34
  throw new _AuthSdkError.default('The issuer [' + claims.iss + '] ' + 'does not match [' + iss + ']');
35
35
  }
36
- if (claims.aud !== aud) {
36
+ if (Array.isArray(claims.aud) && claims.aud.indexOf(aud) < 0 || !Array.isArray(claims.aud) && claims.aud !== aud) {
37
37
  throw new _AuthSdkError.default('The audience [' + claims.aud + '] ' + 'does not match [' + aud + ']');
38
38
  }
39
39
  if (acr && claims.acr !== acr) {
package/cjs/oidc/util/validateClaims.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","acr","acrValues","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n const aud = validationParams.clientId;\n const iss = validationParams.issuer;\n const nonce = validationParams.nonce;\n const acr = validationParams.acrValues;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n const now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (acr && claims.acr !== acr) {\n throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n 'does not match acr_values [' + acr + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"mappings":";;;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKO,SAASA,cAAc,CAACC,GAA2B,EAAEC,MAAkB,EAAEC,gBAAmC,EAAE;EACnH,MAAMC,GAAG,GAAGD,gBAAgB,CAACE,QAAQ;EACrC,MAAMC,GAAG,GAAGH,gBAAgB,CAACI,MAAM;EACnC,MAAMC,KAAK,GAAGL,gBAAgB,CAACK,KAAK;EACpC,MAAMC,GAAG,GAAGN,gBAAgB,CAACO,SAAS;EAEtC,IAAI,CAACR,MAAM,IAAI,CAACI,GAAG,IAAI,CAACF,GAAG,EAAE;IAC3B,MAAM,IAAIO,qBAAY,CAAC,kDAAkD,CAAC;EAC5E;EAEA,IAAIH,KAAK,IAAIN,MAAM,CAACM,KAAK,KAAKA,KAAK,EAAE;IACnC,MAAM,IAAIG,qBAAY,CAAC,wDAAwD,CAAC;EAClF;EAEA,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,EAAE,GAAC,IAAI,CAAC;EAEvC,IAAIV,MAAM,CAACI,GAAG,KAAKA,GAAG,EAAE;IACtB,MAAM,IAAIK,qBAAY,CAAC,cAAc,GAAGT,MAAM,CAACI,GAAG,GAAG,IAAI,GACvD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAIJ,MAAM,CAACE,GAAG,KAAKA,GAAG,EAAE;IACtB,MAAM,IAAIO,qBAAY,CAAC,gBAAgB,GAAGT,MAAM,CAACE,GAAG,GAAG,IAAI,GACzD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAIK,GAAG,IAAIP,MAAM,CAACO,GAAG,KAAKA,GAAG,EAAE;IAC7B,MAAM,IAAIE,qBAAY,CAAC,WAAW,GAAGT,MAAM,CAACO,GAAG,GAAG,IAAI,GACpD,6BAA6B,GAAGA,GAAG,GAAG,GAAG,CAAC;EAC9C;EAEA,IAAIP,MAAM,CAACc,GAAG,GAAId,MAAM,CAACe,GAAI,EAAE;IAC7B,MAAM,IAAIN,qBAAY,CAAC,sCAAsC,CAAC;EAChE;EAEA,IAAI,CAACV,GAAG,CAACiB,OAAO,CAACC,cAAc,EAAE;IAC/B,IAAKP,GAAG,GAAGX,GAAG,CAACiB,OAAO,CAACE,YAAa,GAAIlB,MAAM,CAACe,GAAI,EAAE;MACnD,MAAM,IAAIN,qBAAY,CAAC,wCAAwC,CAAC;IAClE;IAEA,IAAIT,MAAM,CAACc,GAAG,GAAKJ,GAAG,GAAGX,GAAG,CAACiB,OAAO,CAACE,YAAc,EAAE;MACnD,MAAM,IAAIT,qBAAY,CAAC,kCAAkC,CAAC;IAC5D;EACF;AACF"}
1
+ {"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","acr","acrValues","AuthSdkError","now","Math","floor","Date","Array","isArray","indexOf","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n const aud = validationParams.clientId;\n const iss = validationParams.issuer;\n const nonce = validationParams.nonce;\n const acr = validationParams.acrValues;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n const now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if ((Array.isArray(claims.aud) && claims.aud.indexOf(aud) < 0) ||\n (!Array.isArray(claims.aud) && claims.aud !== aud))\n {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (acr && claims.acr !== acr) {\n throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n 'does not match acr_values [' + acr + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"mappings":";;;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKO,SAASA,cAAc,CAACC,GAA2B,EAAEC,MAAkB,EAAEC,gBAAmC,EAAE;EACnH,MAAMC,GAAG,GAAGD,gBAAgB,CAACE,QAAQ;EACrC,MAAMC,GAAG,GAAGH,gBAAgB,CAACI,MAAM;EACnC,MAAMC,KAAK,GAAGL,gBAAgB,CAACK,KAAK;EACpC,MAAMC,GAAG,GAAGN,gBAAgB,CAACO,SAAS;EAEtC,IAAI,CAACR,MAAM,IAAI,CAACI,GAAG,IAAI,CAACF,GAAG,EAAE;IAC3B,MAAM,IAAIO,qBAAY,CAAC,kDAAkD,CAAC;EAC5E;EAEA,IAAIH,KAAK,IAAIN,MAAM,CAACM,KAAK,KAAKA,KAAK,EAAE;IACnC,MAAM,IAAIG,qBAAY,CAAC,wDAAwD,CAAC;EAClF;EAEA,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,EAAE,GAAC,IAAI,CAAC;EAEvC,IAAIV,MAAM,CAACI,GAAG,KAAKA,GAAG,EAAE;IACtB,MAAM,IAAIK,qBAAY,CAAC,cAAc,GAAGT,MAAM,CAACI,GAAG,GAAG,IAAI,GACvD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAKU,KAAK,CAACC,OAAO,CAACf,MAAM,CAACE,GAAG,CAAC,IAAIF,MAAM,CAACE,GAAG,CAACc,OAAO,CAACd,GAAG,CAAC,GAAG,CAAC,IAC1D,CAACY,KAAK,CAACC,OAAO,CAACf,MAAM,CAACE,GAAG,CAAC,IAAIF,MAAM,CAACE,GAAG,KAAKA,GAAI,EACpD;IACE,MAAM,IAAIO,qBAAY,CAAC,gBAAgB,GAAGT,MAAM,CAACE,GAAG,GAAG,IAAI,GACzD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAIK,GAAG,IAAIP,MAAM,CAACO,GAAG,KAAKA,GAAG,EAAE;IAC7B,MAAM,IAAIE,qBAAY,CAAC,WAAW,GAAGT,MAAM,CAACO,GAAG,GAAG,IAAI,GACpD,6BAA6B,GAAGA,GAAG,GAAG,GAAG,CAAC;EAC9C;EAEA,IAAIP,MAAM,CAACiB,GAAG,GAAIjB,MAAM,CAACkB,GAAI,EAAE;IAC7B,MAAM,IAAIT,qBAAY,CAAC,sCAAsC,CAAC;EAChE;EAEA,IAAI,CAACV,GAAG,CAACoB,OAAO,CAACC,cAAc,EAAE;IAC/B,IAAKV,GAAG,GAAGX,GAAG,CAACoB,OAAO,CAACE,YAAa,GAAIrB,MAAM,CAACkB,GAAI,EAAE;MACnD,MAAM,IAAIT,qBAAY,CAAC,wCAAwC,CAAC;IAClE;IAEA,IAAIT,MAAM,CAACiB,GAAG,GAAKP,GAAG,GAAGX,GAAG,CAACoB,OAAO,CAACE,YAAc,EAAE;MACnD,MAAM,IAAIZ,qBAAY,CAAC,kCAAkC,CAAC;IAC5D;EACF;AACF"}
package/cjs/oidc/verifyToken.js CHANGED
@@ -34,7 +34,7 @@ async function verifyToken(sdk, token, validationParams) {
34
34
 
35
35
  // The configured issuer may point to a frontend proxy.
36
36
  // Get the "real" issuer from .well-known/openid-configuration
37
- const configuredIssuer = (validationParams === null || validationParams === void 0 ? void 0 : validationParams.issuer) || sdk.options.issuer;
37
+ const configuredIssuer = validationParams?.issuer || sdk.options.issuer;
38
38
  const {
39
39
  issuer
40
40
  } = await (0, _wellKnown.getWellKnown)(sdk, configuredIssuer);
package/cjs/oidc/verifyToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","Object","assign","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"mappings":";;;AAcA;AACA;AACA;AAEA;AACA;AAAuC;AAAA;AAnBvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACO,eAAeA,WAAW,CAACC,GAA2B,EAAEC,KAAc,EAAEC,gBAAmC,EAAoB;EACpI,IAAI,CAACD,KAAK,IAAI,CAACA,KAAK,CAACE,OAAO,EAAE;IAC5B,MAAM,IAAIC,oBAAY,CAAC,+BAA+B,CAAC;EACzD;;EAEA;EACA,MAAMC,GAAG,GAAG,IAAAC,wBAAW,EAACL,KAAK,CAACE,OAAO,CAAC;;EAEtC;EACA;EACA,MAAMI,gBAAgB,GAAG,CAAAL,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEM,MAAM,KAAIR,GAAG,CAACS,OAAO,CAACD,MAAM;EACvE,MAAM;IAAEA;EAAO,CAAC,GAAG,MAAM,IAAAE,uBAAY,EAACV,GAAG,EAAEO,gBAAgB,CAAC;EAE5D,MAAMI,iBAAoC,GAAGC,MAAM,CAACC,MAAM,CAAC;IACzD;IACAC,QAAQ,EAAEd,GAAG,CAACS,OAAO,CAACK,QAAQ;IAC9BC,eAAe,EAAEf,GAAG,CAACS,OAAO,CAACM;EAC/B,CAAC,EAAEb,gBAAgB,EAAE;IACnB;IACAM;EACF,CAAC,CAAC;;EAEF;EACA,IAAAQ,oBAAc,EAAChB,GAAG,EAAEK,GAAG,CAACY,OAAO,EAAEN,iBAAiB,CAAC;;EAEnD;EACA;EACA,IAAIA,iBAAiB,CAACI,eAAe,IAAI,IAAI,IAAI,CAACf,GAAG,CAACkB,QAAQ,CAACC,sBAAsB,EAAE,EAAE;IACvF,OAAOlB,KAAK;EACd;;EAEA;EACA,MAAMmB,GAAG,GAAG,MAAM,IAAAC,iBAAM,EAACrB,GAAG,EAAEC,KAAK,CAACO,MAAM,EAAEH,GAAG,CAACiB,MAAM,CAACC,GAAG,CAAE;EAC5D,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAAC1B,WAAW,CAACE,KAAK,CAACE,OAAO,EAAEiB,GAAG,CAAC;EAC7D,IAAI,CAACI,KAAK,EAAE;IACV,MAAM,IAAIpB,oBAAY,CAAC,kCAAkC,CAAC;EAC5D;EACA,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACwB,WAAW,IAAIzB,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAW,CAAC5B,gBAAgB,CAACwB,WAAW,CAAC;IACtE,IAAIG,IAAI,KAAK5B,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;MACjC,MAAM,IAAIxB,oBAAY,CAAC,gCAAgC,CAAC;IAC1D;EACF;EACA,OAAOH,KAAK;AACd"}
1
+ {"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","Object","assign","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"mappings":";;;AAcA;AACA;AACA;AAEA;AACA;AAAuC;AAAA;AAnBvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACO,eAAeA,WAAW,CAACC,GAA2B,EAAEC,KAAc,EAAEC,gBAAmC,EAAoB;EACpI,IAAI,CAACD,KAAK,IAAI,CAACA,KAAK,CAACE,OAAO,EAAE;IAC5B,MAAM,IAAIC,oBAAY,CAAC,+BAA+B,CAAC;EACzD;;EAEA;EACA,MAAMC,GAAG,GAAG,IAAAC,wBAAW,EAACL,KAAK,CAACE,OAAO,CAAC;;EAEtC;EACA;EACA,MAAMI,gBAAgB,GAAGL,gBAAgB,EAAEM,MAAM,IAAIR,GAAG,CAACS,OAAO,CAACD,MAAM;EACvE,MAAM;IAAEA;EAAO,CAAC,GAAG,MAAM,IAAAE,uBAAY,EAACV,GAAG,EAAEO,gBAAgB,CAAC;EAE5D,MAAMI,iBAAoC,GAAGC,MAAM,CAACC,MAAM,CAAC;IACzD;IACAC,QAAQ,EAAEd,GAAG,CAACS,OAAO,CAACK,QAAQ;IAC9BC,eAAe,EAAEf,GAAG,CAACS,OAAO,CAACM;EAC/B,CAAC,EAAEb,gBAAgB,EAAE;IACnB;IACAM;EACF,CAAC,CAAC;;EAEF;EACA,IAAAQ,oBAAc,EAAChB,GAAG,EAAEK,GAAG,CAACY,OAAO,EAAEN,iBAAiB,CAAC;;EAEnD;EACA;EACA,IAAIA,iBAAiB,CAACI,eAAe,IAAI,IAAI,IAAI,CAACf,GAAG,CAACkB,QAAQ,CAACC,sBAAsB,EAAE,EAAE;IACvF,OAAOlB,KAAK;EACd;;EAEA;EACA,MAAMmB,GAAG,GAAG,MAAM,IAAAC,iBAAM,EAACrB,GAAG,EAAEC,KAAK,CAACO,MAAM,EAAEH,GAAG,CAACiB,MAAM,CAACC,GAAG,CAAE;EAC5D,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAAC1B,WAAW,CAACE,KAAK,CAACE,OAAO,EAAEiB,GAAG,CAAC;EAC7D,IAAI,CAACI,KAAK,EAAE;IACV,MAAM,IAAIpB,oBAAY,CAAC,kCAAkC,CAAC;EAC5D;EACA,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACwB,WAAW,IAAIzB,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAW,CAAC5B,gBAAgB,CAACwB,WAAW,CAAC;IACtE,IAAIG,IAAI,KAAK5B,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;MACjC,MAAM,IAAIxB,oBAAY,CAAC,gCAAgC,CAAC;IAC1D;EACF;EACA,OAAOH,KAAK;AACd"}
package/cjs/services/LeaderElectionService.js CHANGED
@@ -26,16 +26,13 @@ class LeaderElectionService {
26
26
  }
27
27
  onLeaderDuplicate() {}
28
28
  async onLeader() {
29
- var _this$options$onLeade, _this$options;
30
- await ((_this$options$onLeade = (_this$options = this.options).onLeader) === null || _this$options$onLeade === void 0 ? void 0 : _this$options$onLeade.call(_this$options));
29
+ await this.options.onLeader?.();
31
30
  }
32
31
  isLeader() {
33
- var _this$elector;
34
- return !!((_this$elector = this.elector) !== null && _this$elector !== void 0 && _this$elector.isLeader);
32
+ return !!this.elector?.isLeader;
35
33
  }
36
34
  hasLeader() {
37
- var _this$elector2;
38
- return !!((_this$elector2 = this.elector) !== null && _this$elector2 !== void 0 && _this$elector2.hasLeader);
35
+ return !!this.elector?.hasLeader;
39
36
  }
40
37
  async start() {
41
38
  if (this.canStart()) {
package/cjs/services/LeaderElectionService.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"LeaderElectionService.js","names":["LeaderElectionService","constructor","options","onLeaderDuplicate","bind","onLeader","isLeader","elector","hasLeader","start","canStart","electionChannelName","channel","BroadcastChannel","createLeaderElection","onduplicate","awaitLeadership","then","started","stop","die","undefined","postInternal","Promise","resolve","close","requiresLeadership","isStarted","isBrowser"],"sources":["../../../lib/services/LeaderElectionService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n private options: ServiceOptions;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started = false;\n\n constructor(options: ServiceOptions = {}) {\n this.options = options;\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n }\n\n private onLeaderDuplicate() {\n }\n\n private async onLeader() {\n await this.options.onLeader?.();\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return !!this.elector?.hasLeader;\n }\n\n async start() {\n if (this.canStart()) {\n const { electionChannelName } = this.options;\n this.channel = new BroadcastChannel(electionChannelName as string);\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n if (this.elector) {\n await this.elector.die();\n this.elector = undefined;\n }\n if (this.channel) {\n // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n (this.channel as any).postInternal = () => Promise.resolve();\n await this.channel.close();\n this.channel = undefined;\n }\n this.started = false;\n }\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return isBrowser() && !this.started;\n }\n\n}\n"],"mappings":";;;;;AAcA;AAKA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAgBO,MAAMA,qBAAqB,CAA6B;EAM7DC,WAAW,CAACC,OAAuB,GAAG,CAAC,CAAC,EAAE;IAAA,+CAFxB,KAAK;IAGrB,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,iBAAiB,GAAG,IAAI,CAACA,iBAAiB,CAACC,IAAI,CAAC,IAAI,CAAC;IAC1D,IAAI,CAACC,QAAQ,GAAG,IAAI,CAACA,QAAQ,CAACD,IAAI,CAAC,IAAI,CAAC;EAC1C;EAEQD,iBAAiB,GAAG,CAC5B;EAEA,MAAcE,QAAQ,GAAG;IAAA;IACvB,gCAAM,qBAAI,CAACH,OAAO,EAACG,QAAQ,0DAArB,yCAAyB;EACjC;EAEAC,QAAQ,GAAG;IAAA;IACT,OAAO,CAAC,mBAAC,IAAI,CAACC,OAAO,0CAAZ,cAAcD,QAAQ;EACjC;EAEAE,SAAS,GAAG;IAAA;IACV,OAAO,CAAC,oBAAC,IAAI,CAACD,OAAO,2CAAZ,eAAcC,SAAS;EAClC;EAEA,MAAMC,KAAK,GAAG;IACZ,IAAI,IAAI,CAACC,QAAQ,EAAE,EAAE;MACnB,MAAM;QAAEC;MAAoB,CAAC,GAAG,IAAI,CAACT,OAAO;MAC5C,IAAI,CAACU,OAAO,GAAG,IAAIC,kCAAgB,CAACF,mBAAmB,CAAW;MAClE,IAAI,CAACJ,OAAO,GAAG,IAAAO,sCAAoB,EAAC,IAAI,CAACF,OAAO,CAAC;MACjD,IAAI,CAACL,OAAO,CAACQ,WAAW,GAAG,IAAI,CAACZ,iBAAiB;MACjD,IAAI,CAACI,OAAO,CAACS,eAAe,EAAE,CAACC,IAAI,CAAC,IAAI,CAACZ,QAAQ,CAAC;MAClD,IAAI,CAACa,OAAO,GAAG,IAAI;IACrB;EACF;EAEA,MAAMC,IAAI,GAAG;IACX,IAAI,IAAI,CAACD,OAAO,EAAE;MAChB,IAAI,IAAI,CAACX,OAAO,EAAE;QAChB,MAAM,IAAI,CAACA,OAAO,CAACa,GAAG,EAAE;QACxB,IAAI,CAACb,OAAO,GAAGc,SAAS;MAC1B;MACA,IAAI,IAAI,CAACT,OAAO,EAAE;QAChB;QACC,IAAI,CAACA,OAAO,CAASU,YAAY,GAAG,MAAMC,OAAO,CAACC,OAAO,EAAE;QAC5D,MAAM,IAAI,CAACZ,OAAO,CAACa,KAAK,EAAE;QAC1B,IAAI,CAACb,OAAO,GAAGS,SAAS;MAC1B;MACA,IAAI,CAACH,OAAO,GAAG,KAAK;IACtB;EACF;EAEAQ,kBAAkB,GAAG;IACnB,OAAO,KAAK;EACd;EAEAC,SAAS,GAAG;IACV,OAAO,IAAI,CAACT,OAAO;EACrB;EAEAR,QAAQ,GAAG;IACT,OAAO,IAAAkB,mBAAS,GAAE,IAAI,CAAC,IAAI,CAACV,OAAO;EACrC;AAEF;AAAC"}
1
+ {"version":3,"file":"LeaderElectionService.js","names":["LeaderElectionService","constructor","options","onLeaderDuplicate","bind","onLeader","isLeader","elector","hasLeader","start","canStart","electionChannelName","channel","BroadcastChannel","createLeaderElection","onduplicate","awaitLeadership","then","started","stop","die","undefined","postInternal","Promise","resolve","close","requiresLeadership","isStarted","isBrowser"],"sources":["../../../lib/services/LeaderElectionService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n private options: ServiceOptions;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started = false;\n\n constructor(options: ServiceOptions = {}) {\n this.options = options;\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n }\n\n private onLeaderDuplicate() {\n }\n\n private async onLeader() {\n await this.options.onLeader?.();\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return !!this.elector?.hasLeader;\n }\n\n async start() {\n if (this.canStart()) {\n const { electionChannelName } = this.options;\n this.channel = new BroadcastChannel(electionChannelName as string);\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n if (this.elector) {\n await this.elector.die();\n this.elector = undefined;\n }\n if (this.channel) {\n // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n (this.channel as any).postInternal = () => Promise.resolve();\n await this.channel.close();\n this.channel = undefined;\n }\n this.started = false;\n }\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return isBrowser() && !this.started;\n }\n\n}\n"],"mappings":";;;;;AAcA;AAKA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAgBO,MAAMA,qBAAqB,CAA6B;EAM7DC,WAAW,CAACC,OAAuB,GAAG,CAAC,CAAC,EAAE;IAAA,+CAFxB,KAAK;IAGrB,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,iBAAiB,GAAG,IAAI,CAACA,iBAAiB,CAACC,IAAI,CAAC,IAAI,CAAC;IAC1D,IAAI,CAACC,QAAQ,GAAG,IAAI,CAACA,QAAQ,CAACD,IAAI,CAAC,IAAI,CAAC;EAC1C;EAEQD,iBAAiB,GAAG,CAC5B;EAEA,MAAcE,QAAQ,GAAG;IACvB,MAAM,IAAI,CAACH,OAAO,CAACG,QAAQ,IAAI;EACjC;EAEAC,QAAQ,GAAG;IACT,OAAO,CAAC,CAAC,IAAI,CAACC,OAAO,EAAED,QAAQ;EACjC;EAEAE,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACD,OAAO,EAAEC,SAAS;EAClC;EAEA,MAAMC,KAAK,GAAG;IACZ,IAAI,IAAI,CAACC,QAAQ,EAAE,EAAE;MACnB,MAAM;QAAEC;MAAoB,CAAC,GAAG,IAAI,CAACT,OAAO;MAC5C,IAAI,CAACU,OAAO,GAAG,IAAIC,kCAAgB,CAACF,mBAAmB,CAAW;MAClE,IAAI,CAACJ,OAAO,GAAG,IAAAO,sCAAoB,EAAC,IAAI,CAACF,OAAO,CAAC;MACjD,IAAI,CAACL,OAAO,CAACQ,WAAW,GAAG,IAAI,CAACZ,iBAAiB;MACjD,IAAI,CAACI,OAAO,CAACS,eAAe,EAAE,CAACC,IAAI,CAAC,IAAI,CAACZ,QAAQ,CAAC;MAClD,IAAI,CAACa,OAAO,GAAG,IAAI;IACrB;EACF;EAEA,MAAMC,IAAI,GAAG;IACX,IAAI,IAAI,CAACD,OAAO,EAAE;MAChB,IAAI,IAAI,CAACX,OAAO,EAAE;QAChB,MAAM,IAAI,CAACA,OAAO,CAACa,GAAG,EAAE;QACxB,IAAI,CAACb,OAAO,GAAGc,SAAS;MAC1B;MACA,IAAI,IAAI,CAACT,OAAO,EAAE;QAChB;QACC,IAAI,CAACA,OAAO,CAASU,YAAY,GAAG,MAAMC,OAAO,CAACC,OAAO,EAAE;QAC5D,MAAM,IAAI,CAACZ,OAAO,CAACa,KAAK,EAAE;QAC1B,IAAI,CAACb,OAAO,GAAGS,SAAS;MAC1B;MACA,IAAI,CAACH,OAAO,GAAG,KAAK;IACtB;EACF;EAEAQ,kBAAkB,GAAG;IACnB,OAAO,KAAK;EACd;EAEAC,SAAS,GAAG;IACV,OAAO,IAAI,CAACT,OAAO;EACrB;EAEAR,QAAQ,GAAG;IACT,OAAO,IAAAkB,mBAAS,GAAE,IAAI,CAAC,IAAI,CAACV,OAAO;EACrC;AAEF;AAAC"}
package/cjs/services/SyncStorageService.js CHANGED
@@ -62,45 +62,41 @@ class SyncStorageService {
62
62
  }
63
63
  async stop() {
64
64
  if (this.started) {
65
- var _this$channel, _this$channel2;
66
65
  this.tokenManager.off(_types.EVENT_ADDED, this.onTokenAddedHandler);
67
66
  this.tokenManager.off(_types.EVENT_REMOVED, this.onTokenRemovedHandler);
68
67
  this.tokenManager.off(_types.EVENT_RENEWED, this.onTokenRenewedHandler);
69
68
  this.tokenManager.off(_types.EVENT_SET_STORAGE, this.onSetStorageHandler);
70
- (_this$channel = this.channel) === null || _this$channel === void 0 ? void 0 : _this$channel.removeEventListener('message', this.onSyncMessageHandler);
71
- await ((_this$channel2 = this.channel) === null || _this$channel2 === void 0 ? void 0 : _this$channel2.close());
69
+ this.channel?.removeEventListener('message', this.onSyncMessageHandler);
70
+ await this.channel?.close();
72
71
  this.channel = undefined;
73
72
  this.started = false;
74
73
  }
75
74
  }
76
75
  onTokenAddedHandler(key, token) {
77
- var _this$channel3;
78
76
  if (!this.enablePostMessage) {
79
77
  return;
80
78
  }
81
- (_this$channel3 = this.channel) === null || _this$channel3 === void 0 ? void 0 : _this$channel3.postMessage({
79
+ this.channel?.postMessage({
82
80
  type: _types.EVENT_ADDED,
83
81
  key,
84
82
  token
85
83
  });
86
84
  }
87
85
  onTokenRemovedHandler(key, token) {
88
- var _this$channel4;
89
86
  if (!this.enablePostMessage) {
90
87
  return;
91
88
  }
92
- (_this$channel4 = this.channel) === null || _this$channel4 === void 0 ? void 0 : _this$channel4.postMessage({
89
+ this.channel?.postMessage({
93
90
  type: _types.EVENT_REMOVED,
94
91
  key,
95
92
  token
96
93
  });
97
94
  }
98
95
  onTokenRenewedHandler(key, token, oldToken) {
99
- var _this$channel5;
100
96
  if (!this.enablePostMessage) {
101
97
  return;
102
98
  }
103
- (_this$channel5 = this.channel) === null || _this$channel5 === void 0 ? void 0 : _this$channel5.postMessage({
99
+ this.channel?.postMessage({
104
100
  type: _types.EVENT_RENEWED,
105
101
  key,
106
102
  token,
@@ -108,8 +104,7 @@ class SyncStorageService {
108
104
  });
109
105
  }
110
106
  onSetStorageHandler(storage) {
111
- var _this$channel6;
112
- (_this$channel6 = this.channel) === null || _this$channel6 === void 0 ? void 0 : _this$channel6.postMessage({
107
+ this.channel?.postMessage({
113
108
  type: _types.EVENT_SET_STORAGE,
114
109
  storage
115
110
  });
package/cjs/services/SyncStorageService.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SyncStorageService.js","names":["SyncStorageService","constructor","tokenManager","options","onTokenAddedHandler","bind","onTokenRemovedHandler","onTokenRenewedHandler","onSetStorageHandler","onSyncMessageHandler","requiresLeadership","isStarted","started","canStart","syncStorage","isBrowser","start","syncChannelName","channel","BroadcastChannel","err","AuthSdkError","on","EVENT_ADDED","EVENT_REMOVED","EVENT_RENEWED","EVENT_SET_STORAGE","addEventListener","stop","off","removeEventListener","close","undefined","key","token","enablePostMessage","postMessage","type","oldToken","storage","msg","getStorage","setStorage","emitAdded","setExpireEventTimeout","clearExpireEventTimeout","emitRemoved","emitRenewed"],"sources":["../../../lib/services/SyncStorageService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { BroadcastChannel } from 'broadcast-channel';\nimport { isBrowser } from '../features';\nimport {\n ServiceManagerOptions, ServiceInterface\n} from '../core/types';\nimport {\n Token, Tokens, \n EVENT_ADDED, EVENT_REMOVED, EVENT_RENEWED, EVENT_SET_STORAGE, TokenManagerInterface\n} from '../oidc/types';\nimport { AuthSdkError } from '../errors';\n\nexport type SyncMessage = {\n type: string;\n key?: string;\n token?: Token;\n oldToken?: Token;\n storage?: Tokens;\n};\nexport class SyncStorageService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private options: ServiceManagerOptions;\n private channel?: BroadcastChannel<SyncMessage>;\n private started = false;\n private enablePostMessage = true;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.onTokenAddedHandler = this.onTokenAddedHandler.bind(this);\n this.onTokenRemovedHandler = this.onTokenRemovedHandler.bind(this);\n this.onTokenRenewedHandler = this.onTokenRenewedHandler.bind(this);\n this.onSetStorageHandler = this.onSetStorageHandler.bind(this);\n this.onSyncMessageHandler = this.onSyncMessageHandler.bind(this);\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return !!this.options.syncStorage && isBrowser() && !this.started;\n }\n\n async start() {\n if (!this.canStart()) {\n return;\n }\n \n const { syncChannelName } = this.options;\n try {\n // BroadcastChannel throws if no supported method can be found\n this.channel = new BroadcastChannel(syncChannelName as string);\n } catch (err) {\n throw new AuthSdkError('SyncStorageService is not supported in current browser.');\n }\n\n this.tokenManager.on(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.on(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.on(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.on(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel.addEventListener('message', this.onSyncMessageHandler);\n this.started = true;\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.off(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.off(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.off(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel?.removeEventListener('message', this.onSyncMessageHandler);\n await this.channel?.close();\n this.channel = undefined;\n this.started = false;\n }\n }\n\n private onTokenAddedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_ADDED,\n key,\n token\n });\n }\n\n private onTokenRemovedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_REMOVED,\n key,\n token\n });\n }\n\n private onTokenRenewedHandler(key: string, token: Token, oldToken?: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_RENEWED,\n key,\n token,\n oldToken\n });\n }\n\n private onSetStorageHandler(storage: Tokens) {\n this.channel?.postMessage({\n type: EVENT_SET_STORAGE,\n storage\n });\n }\n\n /* eslint-disable complexity */\n private onSyncMessageHandler(msg: SyncMessage) {\n // Notes:\n // 1. Using `enablePostMessage` flag here to prevent sync message loop.\n // If this flag is on, tokenManager event handlers do not post sync message.\n // 2. IE11 has known issue with synchronization of LocalStorage cross tabs.\n // One workaround is to set empty event handler for `window.onstorage`.\n // But it's not 100% working, sometimes you still get old value from LocalStorage.\n // Better approch is to explicitly udpate LocalStorage with `setStorage`.\n\n this.enablePostMessage = false;\n switch (msg.type) {\n case EVENT_SET_STORAGE:\n this.tokenManager.getStorage().setStorage(msg.storage);\n break;\n case EVENT_ADDED:\n this.tokenManager.emitAdded(msg.key!, msg.token!);\n this.tokenManager.setExpireEventTimeout(msg.key!, msg.token!);\n break;\n case EVENT_REMOVED:\n this.tokenManager.clearExpireEventTimeout(msg.key!);\n this.tokenManager.emitRemoved(msg.key!, msg.token!);\n break;\n case EVENT_RENEWED:\n this.tokenManager.emitRenewed(msg.key!, msg.token!, msg.oldToken);\n break;\n default:\n break;\n }\n this.enablePostMessage = true;\n }\n} "],"mappings":";;;;;AAYA;AACA;AAIA;AAIA;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoBO,MAAMA,kBAAkB,CAA6B;EAO1DC,WAAW,CAACC,YAAmC,EAAEC,OAA8B,GAAG,CAAC,CAAC,EAAE;IAAA,+CAHpE,KAAK;IAAA,yDACK,IAAI;IAG9B,IAAI,CAACD,YAAY,GAAGA,YAAY;IAChC,IAAI,CAACC,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,mBAAmB,GAAG,IAAI,CAACA,mBAAmB,CAACC,IAAI,CAAC,IAAI,CAAC;IAC9D,IAAI,CAACC,qBAAqB,GAAG,IAAI,CAACA,qBAAqB,CAACD,IAAI,CAAC,IAAI,CAAC;IAClE,IAAI,CAACE,qBAAqB,GAAG,IAAI,CAACA,qBAAqB,CAACF,IAAI,CAAC,IAAI,CAAC;IAClE,IAAI,CAACG,mBAAmB,GAAG,IAAI,CAACA,mBAAmB,CAACH,IAAI,CAAC,IAAI,CAAC;IAC9D,IAAI,CAACI,oBAAoB,GAAG,IAAI,CAACA,oBAAoB,CAACJ,IAAI,CAAC,IAAI,CAAC;EAClE;EAEAK,kBAAkB,GAAG;IACnB,OAAO,KAAK;EACd;EAEAC,SAAS,GAAG;IACV,OAAO,IAAI,CAACC,OAAO;EACrB;EAEAC,QAAQ,GAAG;IACT,OAAO,CAAC,CAAC,IAAI,CAACV,OAAO,CAACW,WAAW,IAAI,IAAAC,mBAAS,GAAE,IAAI,CAAC,IAAI,CAACH,OAAO;EACnE;EAEA,MAAMI,KAAK,GAAG;IACZ,IAAI,CAAC,IAAI,CAACH,QAAQ,EAAE,EAAE;MACpB;IACF;IAEA,MAAM;MAAEI;IAAgB,CAAC,GAAG,IAAI,CAACd,OAAO;IACxC,IAAI;MACF;MACA,IAAI,CAACe,OAAO,GAAG,IAAIC,kCAAgB,CAACF,eAAe,CAAW;IAChE,CAAC,CAAC,OAAOG,GAAG,EAAE;MACZ,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;IACnF;IAEA,IAAI,CAACnB,YAAY,CAACoB,EAAE,CAACC,kBAAW,EAAE,IAAI,CAACnB,mBAAmB,CAAC;IAC3D,IAAI,CAACF,YAAY,CAACoB,EAAE,CAACE,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;IAC/D,IAAI,CAACJ,YAAY,CAACoB,EAAE,CAACG,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;IAC/D,IAAI,CAACL,YAAY,CAACoB,EAAE,CAACI,wBAAiB,EAAE,IAAI,CAAClB,mBAAmB,CAAC;IACjE,IAAI,CAACU,OAAO,CAACS,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAClB,oBAAoB,CAAC;IACnE,IAAI,CAACG,OAAO,GAAG,IAAI;EACrB;EAEA,MAAMgB,IAAI,GAAG;IACX,IAAI,IAAI,CAAChB,OAAO,EAAE;MAAA;MAChB,IAAI,CAACV,YAAY,CAAC2B,GAAG,CAACN,kBAAW,EAAE,IAAI,CAACnB,mBAAmB,CAAC;MAC5D,IAAI,CAACF,YAAY,CAAC2B,GAAG,CAACL,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;MAChE,IAAI,CAACJ,YAAY,CAAC2B,GAAG,CAACJ,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;MAChE,IAAI,CAACL,YAAY,CAAC2B,GAAG,CAACH,wBAAiB,EAAE,IAAI,CAAClB,mBAAmB,CAAC;MAClE,qBAAI,CAACU,OAAO,kDAAZ,cAAcY,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAACrB,oBAAoB,CAAC;MACvE,yBAAM,IAAI,CAACS,OAAO,mDAAZ,eAAca,KAAK,EAAE;MAC3B,IAAI,CAACb,OAAO,GAAGc,SAAS;MACxB,IAAI,CAACpB,OAAO,GAAG,KAAK;IACtB;EACF;EAEQR,mBAAmB,CAAC6B,GAAW,EAAEC,KAAY,EAAE;IAAA;IACrD,IAAI,CAAC,IAAI,CAACC,iBAAiB,EAAE;MAC3B;IACF;IACA,sBAAI,CAACjB,OAAO,mDAAZ,eAAckB,WAAW,CAAC;MACxBC,IAAI,EAAEd,kBAAW;MACjBU,GAAG;MACHC;IACF,CAAC,CAAC;EACJ;EAEQ5B,qBAAqB,CAAC2B,GAAW,EAAEC,KAAY,EAAE;IAAA;IACvD,IAAI,CAAC,IAAI,CAACC,iBAAiB,EAAE;MAC3B;IACF;IACA,sBAAI,CAACjB,OAAO,mDAAZ,eAAckB,WAAW,CAAC;MACxBC,IAAI,EAAEb,oBAAa;MACnBS,GAAG;MACHC;IACF,CAAC,CAAC;EACJ;EAEQ3B,qBAAqB,CAAC0B,GAAW,EAAEC,KAAY,EAAEI,QAAgB,EAAE;IAAA;IACzE,IAAI,CAAC,IAAI,CAACH,iBAAiB,EAAE;MAC3B;IACF;IACA,sBAAI,CAACjB,OAAO,mDAAZ,eAAckB,WAAW,CAAC;MACxBC,IAAI,EAAEZ,oBAAa;MACnBQ,GAAG;MACHC,KAAK;MACLI;IACF,CAAC,CAAC;EACJ;EAEQ9B,mBAAmB,CAAC+B,OAAe,EAAE;IAAA;IAC3C,sBAAI,CAACrB,OAAO,mDAAZ,eAAckB,WAAW,CAAC;MACxBC,IAAI,EAAEX,wBAAiB;MACvBa;IACF,CAAC,CAAC;EACJ;;EAEA;EACQ9B,oBAAoB,CAAC+B,GAAgB,EAAE;IAC7C;IACA;IACA;IACA;IACA;IACA;IACA;;IAEA,IAAI,CAACL,iBAAiB,GAAG,KAAK;IAC9B,QAAQK,GAAG,CAACH,IAAI;MACd,KAAKX,wBAAiB;QACpB,IAAI,CAACxB,YAAY,CAACuC,UAAU,EAAE,CAACC,UAAU,CAACF,GAAG,CAACD,OAAO,CAAC;QACtD;MACF,KAAKhB,kBAAW;QACd,IAAI,CAACrB,YAAY,CAACyC,SAAS,CAACH,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,CAAE;QACjD,IAAI,CAAChC,YAAY,CAAC0C,qBAAqB,CAACJ,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,CAAE;QAC7D;MACF,KAAKV,oBAAa;QAChB,IAAI,CAACtB,YAAY,CAAC2C,uBAAuB,CAACL,GAAG,CAACP,GAAG,CAAE;QACnD,IAAI,CAAC/B,YAAY,CAAC4C,WAAW,CAACN,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,CAAE;QACnD;MACF,KAAKT,oBAAa;QAChB,IAAI,CAACvB,YAAY,CAAC6C,WAAW,CAACP,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,EAAGM,GAAG,CAACF,QAAQ,CAAC;QACjE;MACF;QACE;IAAM;IAEV,IAAI,CAACH,iBAAiB,GAAG,IAAI;EAC/B;AACF;AAAC"}
1
+ {"version":3,"file":"SyncStorageService.js","names":["SyncStorageService","constructor","tokenManager","options","onTokenAddedHandler","bind","onTokenRemovedHandler","onTokenRenewedHandler","onSetStorageHandler","onSyncMessageHandler","requiresLeadership","isStarted","started","canStart","syncStorage","isBrowser","start","syncChannelName","channel","BroadcastChannel","err","AuthSdkError","on","EVENT_ADDED","EVENT_REMOVED","EVENT_RENEWED","EVENT_SET_STORAGE","addEventListener","stop","off","removeEventListener","close","undefined","key","token","enablePostMessage","postMessage","type","oldToken","storage","msg","getStorage","setStorage","emitAdded","setExpireEventTimeout","clearExpireEventTimeout","emitRemoved","emitRenewed"],"sources":["../../../lib/services/SyncStorageService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { BroadcastChannel } from 'broadcast-channel';\nimport { isBrowser } from '../features';\nimport {\n ServiceManagerOptions, ServiceInterface\n} from '../core/types';\nimport {\n Token, Tokens, \n EVENT_ADDED, EVENT_REMOVED, EVENT_RENEWED, EVENT_SET_STORAGE, TokenManagerInterface\n} from '../oidc/types';\nimport { AuthSdkError } from '../errors';\n\nexport type SyncMessage = {\n type: string;\n key?: string;\n token?: Token;\n oldToken?: Token;\n storage?: Tokens;\n};\nexport class SyncStorageService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private options: ServiceManagerOptions;\n private channel?: BroadcastChannel<SyncMessage>;\n private started = false;\n private enablePostMessage = true;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.onTokenAddedHandler = this.onTokenAddedHandler.bind(this);\n this.onTokenRemovedHandler = this.onTokenRemovedHandler.bind(this);\n this.onTokenRenewedHandler = this.onTokenRenewedHandler.bind(this);\n this.onSetStorageHandler = this.onSetStorageHandler.bind(this);\n this.onSyncMessageHandler = this.onSyncMessageHandler.bind(this);\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return !!this.options.syncStorage && isBrowser() && !this.started;\n }\n\n async start() {\n if (!this.canStart()) {\n return;\n }\n \n const { syncChannelName } = this.options;\n try {\n // BroadcastChannel throws if no supported method can be found\n this.channel = new BroadcastChannel(syncChannelName as string);\n } catch (err) {\n throw new AuthSdkError('SyncStorageService is not supported in current browser.');\n }\n\n this.tokenManager.on(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.on(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.on(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.on(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel.addEventListener('message', this.onSyncMessageHandler);\n this.started = true;\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.off(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.off(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.off(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel?.removeEventListener('message', this.onSyncMessageHandler);\n await this.channel?.close();\n this.channel = undefined;\n this.started = false;\n }\n }\n\n private onTokenAddedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_ADDED,\n key,\n token\n });\n }\n\n private onTokenRemovedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_REMOVED,\n key,\n token\n });\n }\n\n private onTokenRenewedHandler(key: string, token: Token, oldToken?: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_RENEWED,\n key,\n token,\n oldToken\n });\n }\n\n private onSetStorageHandler(storage: Tokens) {\n this.channel?.postMessage({\n type: EVENT_SET_STORAGE,\n storage\n });\n }\n\n /* eslint-disable complexity */\n private onSyncMessageHandler(msg: SyncMessage) {\n // Notes:\n // 1. Using `enablePostMessage` flag here to prevent sync message loop.\n // If this flag is on, tokenManager event handlers do not post sync message.\n // 2. IE11 has known issue with synchronization of LocalStorage cross tabs.\n // One workaround is to set empty event handler for `window.onstorage`.\n // But it's not 100% working, sometimes you still get old value from LocalStorage.\n // Better approch is to explicitly udpate LocalStorage with `setStorage`.\n\n this.enablePostMessage = false;\n switch (msg.type) {\n case EVENT_SET_STORAGE:\n this.tokenManager.getStorage().setStorage(msg.storage);\n break;\n case EVENT_ADDED:\n this.tokenManager.emitAdded(msg.key!, msg.token!);\n this.tokenManager.setExpireEventTimeout(msg.key!, msg.token!);\n break;\n case EVENT_REMOVED:\n this.tokenManager.clearExpireEventTimeout(msg.key!);\n this.tokenManager.emitRemoved(msg.key!, msg.token!);\n break;\n case EVENT_RENEWED:\n this.tokenManager.emitRenewed(msg.key!, msg.token!, msg.oldToken);\n break;\n default:\n break;\n }\n this.enablePostMessage = true;\n }\n} "],"mappings":";;;;;AAYA;AACA;AAIA;AAIA;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoBO,MAAMA,kBAAkB,CAA6B;EAO1DC,WAAW,CAACC,YAAmC,EAAEC,OAA8B,GAAG,CAAC,CAAC,EAAE;IAAA,+CAHpE,KAAK;IAAA,yDACK,IAAI;IAG9B,IAAI,CAACD,YAAY,GAAGA,YAAY;IAChC,IAAI,CAACC,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,mBAAmB,GAAG,IAAI,CAACA,mBAAmB,CAACC,IAAI,CAAC,IAAI,CAAC;IAC9D,IAAI,CAACC,qBAAqB,GAAG,IAAI,CAACA,qBAAqB,CAACD,IAAI,CAAC,IAAI,CAAC;IAClE,IAAI,CAACE,qBAAqB,GAAG,IAAI,CAACA,qBAAqB,CAACF,IAAI,CAAC,IAAI,CAAC;IAClE,IAAI,CAACG,mBAAmB,GAAG,IAAI,CAACA,mBAAmB,CAACH,IAAI,CAAC,IAAI,CAAC;IAC9D,IAAI,CAACI,oBAAoB,GAAG,IAAI,CAACA,oBAAoB,CAACJ,IAAI,CAAC,IAAI,CAAC;EAClE;EAEAK,kBAAkB,GAAG;IACnB,OAAO,KAAK;EACd;EAEAC,SAAS,GAAG;IACV,OAAO,IAAI,CAACC,OAAO;EACrB;EAEAC,QAAQ,GAAG;IACT,OAAO,CAAC,CAAC,IAAI,CAACV,OAAO,CAACW,WAAW,IAAI,IAAAC,mBAAS,GAAE,IAAI,CAAC,IAAI,CAACH,OAAO;EACnE;EAEA,MAAMI,KAAK,GAAG;IACZ,IAAI,CAAC,IAAI,CAACH,QAAQ,EAAE,EAAE;MACpB;IACF;IAEA,MAAM;MAAEI;IAAgB,CAAC,GAAG,IAAI,CAACd,OAAO;IACxC,IAAI;MACF;MACA,IAAI,CAACe,OAAO,GAAG,IAAIC,kCAAgB,CAACF,eAAe,CAAW;IAChE,CAAC,CAAC,OAAOG,GAAG,EAAE;MACZ,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;IACnF;IAEA,IAAI,CAACnB,YAAY,CAACoB,EAAE,CAACC,kBAAW,EAAE,IAAI,CAACnB,mBAAmB,CAAC;IAC3D,IAAI,CAACF,YAAY,CAACoB,EAAE,CAACE,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;IAC/D,IAAI,CAACJ,YAAY,CAACoB,EAAE,CAACG,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;IAC/D,IAAI,CAACL,YAAY,CAACoB,EAAE,CAACI,wBAAiB,EAAE,IAAI,CAAClB,mBAAmB,CAAC;IACjE,IAAI,CAACU,OAAO,CAACS,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAClB,oBAAoB,CAAC;IACnE,IAAI,CAACG,OAAO,GAAG,IAAI;EACrB;EAEA,MAAMgB,IAAI,GAAG;IACX,IAAI,IAAI,CAAChB,OAAO,EAAE;MAChB,IAAI,CAACV,YAAY,CAAC2B,GAAG,CAACN,kBAAW,EAAE,IAAI,CAACnB,mBAAmB,CAAC;MAC5D,IAAI,CAACF,YAAY,CAAC2B,GAAG,CAACL,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;MAChE,IAAI,CAACJ,YAAY,CAAC2B,GAAG,CAACJ,oBAAa,EAAE,IAAI,CAAClB,qBAAqB,CAAC;MAChE,IAAI,CAACL,YAAY,CAAC2B,GAAG,CAACH,wBAAiB,EAAE,IAAI,CAAClB,mBAAmB,CAAC;MAClE,IAAI,CAACU,OAAO,EAAEY,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAACrB,oBAAoB,CAAC;MACvE,MAAM,IAAI,CAACS,OAAO,EAAEa,KAAK,EAAE;MAC3B,IAAI,CAACb,OAAO,GAAGc,SAAS;MACxB,IAAI,CAACpB,OAAO,GAAG,KAAK;IACtB;EACF;EAEQR,mBAAmB,CAAC6B,GAAW,EAAEC,KAAY,EAAE;IACrD,IAAI,CAAC,IAAI,CAACC,iBAAiB,EAAE;MAC3B;IACF;IACA,IAAI,CAACjB,OAAO,EAAEkB,WAAW,CAAC;MACxBC,IAAI,EAAEd,kBAAW;MACjBU,GAAG;MACHC;IACF,CAAC,CAAC;EACJ;EAEQ5B,qBAAqB,CAAC2B,GAAW,EAAEC,KAAY,EAAE;IACvD,IAAI,CAAC,IAAI,CAACC,iBAAiB,EAAE;MAC3B;IACF;IACA,IAAI,CAACjB,OAAO,EAAEkB,WAAW,CAAC;MACxBC,IAAI,EAAEb,oBAAa;MACnBS,GAAG;MACHC;IACF,CAAC,CAAC;EACJ;EAEQ3B,qBAAqB,CAAC0B,GAAW,EAAEC,KAAY,EAAEI,QAAgB,EAAE;IACzE,IAAI,CAAC,IAAI,CAACH,iBAAiB,EAAE;MAC3B;IACF;IACA,IAAI,CAACjB,OAAO,EAAEkB,WAAW,CAAC;MACxBC,IAAI,EAAEZ,oBAAa;MACnBQ,GAAG;MACHC,KAAK;MACLI;IACF,CAAC,CAAC;EACJ;EAEQ9B,mBAAmB,CAAC+B,OAAe,EAAE;IAC3C,IAAI,CAACrB,OAAO,EAAEkB,WAAW,CAAC;MACxBC,IAAI,EAAEX,wBAAiB;MACvBa;IACF,CAAC,CAAC;EACJ;;EAEA;EACQ9B,oBAAoB,CAAC+B,GAAgB,EAAE;IAC7C;IACA;IACA;IACA;IACA;IACA;IACA;;IAEA,IAAI,CAACL,iBAAiB,GAAG,KAAK;IAC9B,QAAQK,GAAG,CAACH,IAAI;MACd,KAAKX,wBAAiB;QACpB,IAAI,CAACxB,YAAY,CAACuC,UAAU,EAAE,CAACC,UAAU,CAACF,GAAG,CAACD,OAAO,CAAC;QACtD;MACF,KAAKhB,kBAAW;QACd,IAAI,CAACrB,YAAY,CAACyC,SAAS,CAACH,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,CAAE;QACjD,IAAI,CAAChC,YAAY,CAAC0C,qBAAqB,CAACJ,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,CAAE;QAC7D;MACF,KAAKV,oBAAa;QAChB,IAAI,CAACtB,YAAY,CAAC2C,uBAAuB,CAACL,GAAG,CAACP,GAAG,CAAE;QACnD,IAAI,CAAC/B,YAAY,CAAC4C,WAAW,CAACN,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,CAAE;QACnD;MACF,KAAKT,oBAAa;QAChB,IAAI,CAACvB,YAAY,CAAC6C,WAAW,CAACP,GAAG,CAACP,GAAG,EAAGO,GAAG,CAACN,KAAK,EAAGM,GAAG,CAACF,QAAQ,CAAC;QACjE;MACF;QACE;IAAM;IAEV,IAAI,CAACH,iBAAiB,GAAG,IAAI;EAC/B;AACF;AAAC"}