@okta/okta-auth-js 7.5.0 → 7.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (174) hide show
  1. package/CHANGELOG.md +21 -0
  2. package/README.md +27 -5
  3. package/cjs/browser/fingerprint.js +1 -2
  4. package/cjs/browser/fingerprint.js.map +1 -1
  5. package/cjs/core/ServiceManager/browser.js +13 -6
  6. package/cjs/core/ServiceManager/browser.js.map +1 -1
  7. package/cjs/core/types/Service.js.map +1 -1
  8. package/cjs/core/types/api.js.map +1 -1
  9. package/cjs/fetch/fetchRequest.js +1 -2
  10. package/cjs/fetch/fetchRequest.js.map +1 -1
  11. package/cjs/http/OktaUserAgent.js +2 -2
  12. package/cjs/http/request.js +11 -5
  13. package/cjs/http/request.js.map +1 -1
  14. package/cjs/idx/IdxTransactionManager.js +1 -1
  15. package/cjs/idx/IdxTransactionManager.js.map +1 -1
  16. package/cjs/idx/authenticator/Authenticator.js.map +1 -1
  17. package/cjs/idx/authenticator/OktaPassword.js +17 -6
  18. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  19. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +1 -2
  20. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  21. package/cjs/idx/authenticator/getAuthenticator.js +3 -4
  22. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  23. package/cjs/idx/idxState/index.js +1 -1
  24. package/cjs/idx/idxState/index.js.map +1 -1
  25. package/cjs/idx/idxState/v1/generateIdxAction.js +2 -2
  26. package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -1
  27. package/cjs/idx/idxState/v1/idxResponseParser.js +2 -4
  28. package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -1
  29. package/cjs/idx/idxState/v1/makeIdxState.js +1 -2
  30. package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -1
  31. package/cjs/idx/interact.js +1 -2
  32. package/cjs/idx/interact.js.map +1 -1
  33. package/cjs/idx/poll.js +3 -5
  34. package/cjs/idx/poll.js.map +1 -1
  35. package/cjs/idx/proceed.js +1 -1
  36. package/cjs/idx/proceed.js.map +1 -1
  37. package/cjs/idx/remediators/Base/AuthenticatorData.js +1 -1
  38. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  39. package/cjs/idx/remediators/Base/Remediator.js +5 -7
  40. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  41. package/cjs/idx/remediators/Base/SelectAuthenticator.js +3 -4
  42. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  43. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +1 -2
  44. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  45. package/cjs/idx/remediators/EnrollPoll.js +1 -1
  46. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  47. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +2 -3
  48. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  49. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +2 -3
  50. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
  51. package/cjs/idx/remediators/SelectEnrollmentChannel.js +1 -2
  52. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  53. package/cjs/idx/remediators/util.js +2 -4
  54. package/cjs/idx/remediators/util.js.map +1 -1
  55. package/cjs/idx/run.js +6 -10
  56. package/cjs/idx/run.js.map +1 -1
  57. package/cjs/idx/transactionMeta.js +1 -1
  58. package/cjs/idx/transactionMeta.js.map +1 -1
  59. package/cjs/idx/types/idx-js.js.map +1 -1
  60. package/cjs/idx/util.js +3 -6
  61. package/cjs/idx/util.js.map +1 -1
  62. package/cjs/myaccount/emailApi.js +1 -1
  63. package/cjs/myaccount/emailApi.js.map +1 -1
  64. package/cjs/myaccount/passwordApi.js +2 -2
  65. package/cjs/myaccount/passwordApi.js.map +1 -1
  66. package/cjs/myaccount/phoneApi.js +1 -1
  67. package/cjs/myaccount/phoneApi.js.map +1 -1
  68. package/cjs/myaccount/profileApi.js +2 -2
  69. package/cjs/myaccount/profileApi.js.map +1 -1
  70. package/cjs/myaccount/request.js +1 -1
  71. package/cjs/myaccount/request.js.map +1 -1
  72. package/cjs/oidc/TokenManager.js +18 -3
  73. package/cjs/oidc/TokenManager.js.map +1 -1
  74. package/cjs/oidc/TransactionManager.js +1 -1
  75. package/cjs/oidc/TransactionManager.js.map +1 -1
  76. package/cjs/oidc/getToken.js +1 -2
  77. package/cjs/oidc/getToken.js.map +1 -1
  78. package/cjs/oidc/introspect.js +3 -5
  79. package/cjs/oidc/introspect.js.map +1 -1
  80. package/cjs/oidc/mixin/index.js +18 -3
  81. package/cjs/oidc/mixin/index.js.map +1 -1
  82. package/cjs/oidc/options/OAuthOptionsConstructor.js +1 -1
  83. package/cjs/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  84. package/cjs/oidc/renewTokens.js +1 -2
  85. package/cjs/oidc/renewTokens.js.map +1 -1
  86. package/cjs/oidc/types/api.js.map +1 -1
  87. package/cjs/oidc/util/errors.js +2 -2
  88. package/cjs/oidc/util/errors.js.map +1 -1
  89. package/cjs/oidc/util/validateClaims.js +1 -1
  90. package/cjs/oidc/util/validateClaims.js.map +1 -1
  91. package/cjs/oidc/verifyToken.js +1 -1
  92. package/cjs/oidc/verifyToken.js.map +1 -1
  93. package/cjs/services/LeaderElectionService.js +3 -6
  94. package/cjs/services/LeaderElectionService.js.map +1 -1
  95. package/cjs/services/RenewOnTabActivationService.js +64 -0
  96. package/cjs/services/RenewOnTabActivationService.js.map +1 -0
  97. package/cjs/services/SyncStorageService.js +6 -11
  98. package/cjs/services/SyncStorageService.js.map +1 -1
  99. package/cjs/services/index.js +11 -0
  100. package/cjs/services/index.js.map +1 -1
  101. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  102. package/dist/okta-auth-js.authn.min.js +1 -1
  103. package/dist/okta-auth-js.authn.min.js.map +1 -1
  104. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  105. package/dist/okta-auth-js.core.min.js +1 -1
  106. package/dist/okta-auth-js.core.min.js.map +1 -1
  107. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  108. package/dist/okta-auth-js.idx.min.js +1 -1
  109. package/dist/okta-auth-js.idx.min.js.map +1 -1
  110. package/dist/okta-auth-js.min.analyzer.html +2 -2
  111. package/dist/okta-auth-js.min.js +1 -1
  112. package/dist/okta-auth-js.min.js.map +1 -1
  113. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  114. package/dist/okta-auth-js.myaccount.min.js +1 -1
  115. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  116. package/esm/browser/core/ServiceManager/browser.js +9 -2
  117. package/esm/browser/core/ServiceManager/browser.js.map +1 -1
  118. package/esm/browser/http/OktaUserAgent.js +2 -2
  119. package/esm/browser/http/request.js +7 -1
  120. package/esm/browser/http/request.js.map +1 -1
  121. package/esm/browser/idx/authenticator/Authenticator.js.map +1 -1
  122. package/esm/browser/idx/authenticator/OktaPassword.js +17 -4
  123. package/esm/browser/idx/authenticator/OktaPassword.js.map +1 -1
  124. package/esm/browser/idx/types/idx-js.js.map +1 -1
  125. package/esm/browser/oidc/TokenManager.js +12 -1
  126. package/esm/browser/oidc/TokenManager.js.map +1 -1
  127. package/esm/browser/oidc/introspect.js +1 -1
  128. package/esm/browser/oidc/introspect.js.map +1 -1
  129. package/esm/browser/oidc/mixin/index.js +16 -0
  130. package/esm/browser/oidc/mixin/index.js.map +1 -1
  131. package/esm/browser/oidc/options/OAuthOptionsConstructor.js +1 -1
  132. package/esm/browser/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  133. package/esm/browser/oidc/util/validateClaims.js +2 -1
  134. package/esm/browser/oidc/util/validateClaims.js.map +1 -1
  135. package/esm/browser/package.json +1 -1
  136. package/esm/browser/services/RenewOnTabActivationService.js +67 -0
  137. package/esm/browser/services/RenewOnTabActivationService.js.map +1 -0
  138. package/esm/node/http/OktaUserAgent.js +2 -2
  139. package/esm/node/http/request.js +7 -1
  140. package/esm/node/http/request.js.map +1 -1
  141. package/esm/node/idx/authenticator/Authenticator.js.map +1 -1
  142. package/esm/node/idx/authenticator/OktaPassword.js +17 -4
  143. package/esm/node/idx/authenticator/OktaPassword.js.map +1 -1
  144. package/esm/node/idx/types/idx-js.js.map +1 -1
  145. package/esm/node/oidc/TokenManager.js +12 -1
  146. package/esm/node/oidc/TokenManager.js.map +1 -1
  147. package/esm/node/oidc/introspect.js +1 -1
  148. package/esm/node/oidc/introspect.js.map +1 -1
  149. package/esm/node/oidc/mixin/index.js +16 -0
  150. package/esm/node/oidc/mixin/index.js.map +1 -1
  151. package/esm/node/oidc/options/OAuthOptionsConstructor.js +1 -1
  152. package/esm/node/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  153. package/esm/node/oidc/util/validateClaims.js +2 -1
  154. package/esm/node/oidc/util/validateClaims.js.map +1 -1
  155. package/esm/node/package.json +1 -1
  156. package/package.json +4 -6
  157. package/types/lib/core/types/Service.d.ts +7 -1
  158. package/types/lib/core/types/api.d.ts +1 -0
  159. package/types/lib/idx/authenticator/Authenticator.d.ts +1 -1
  160. package/types/lib/idx/authenticator/OktaPassword.d.ts +2 -1
  161. package/types/lib/idx/types/idx-js.d.ts +1 -0
  162. package/types/lib/oidc/types/api.d.ts +1 -0
  163. package/types/lib/services/RenewOnTabActivationService.d.ts +16 -0
  164. package/types/lib/services/index.d.ts +1 -0
  165. package/umd/authn.js +1 -1
  166. package/umd/authn.js.map +1 -1
  167. package/umd/core.js +1 -1
  168. package/umd/core.js.map +1 -1
  169. package/umd/default.js +1 -1
  170. package/umd/default.js.map +1 -1
  171. package/umd/idx.js +1 -1
  172. package/umd/idx.js.map +1 -1
  173. package/umd/myaccount.js +1 -1
  174. package/umd/myaccount.js.map +1 -1
package/cjs/oidc/getToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"mappings":";;;;AAeA;AAMA;AASA;AACA;AACA;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAQ;IACZ,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MAAM,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MAC1Cc,QAAQ,GAAG,OAAO;IACpB,CAAC,MAAM;MACLA,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIC,aAAa,GAAG,IAAAC,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACd,UAAU,CAAC;QACpC,OAAOS,aAAa,CACjBpB,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YAAA;YACpC,yBAAAA,QAAQ,CAACQ,aAAa,0DAAtB,sBAAwBC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIjC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIxC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAsC,YAAY,GAAG,IAAAb,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI1B,WAAW,EAAE;UACfA,WAAW,CAACwC,QAAQ,CAAC5B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAO,CAAC,UAAU6C,OAAO,EAAE5C,MAAM,EAAE;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAW,IAAIA,WAAW,CAAC6C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B7C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAsC,YAAY,CACTlC,IAAI,CAAC,UAAU0B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B7C,MAAM,CAACkD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBtC,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAM,EAAE;YACtC7C,WAAW,CAACiD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN;QACE,MAAM,IAAIlD,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}
1
+ {"version":3,"file":"getToken.js","names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","prepareTokenParams","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","getOAuthUrls","codeVerifier","tokenUrl","authorizeUrl","buildAuthorizeParams","flowType","iframePromise","addPostMessageListener","timeout","state","iframeEl","loadFrame","res","handleOAuthResponse","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"sources":["../../../lib/oidc/getToken.ts"],"sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"mappings":";;;;AAeA;AAMA;AASA;AACA;AACA;AA/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAQ,CAACC,GAA2B,EAAEC,OAAkC,EAAE;EACxF,IAAIC,SAAS,CAACC,MAAM,GAAG,CAAC,EAAE;IACxB,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,qBAAY,CAAC,kEAAkE,CAAC,CAAC;EAC7G;EAEAL,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;;EAEvB;EACA;EACA,MAAMM,WAAW,GAAGN,OAAO,CAACM,WAAW;EACvCN,OAAO,CAACM,WAAW,GAAGC,SAAS;EAE/B,OAAO,IAAAC,sCAAkB,EAACT,GAAG,EAAEC,OAAO,CAAC,CACpCS,IAAI,CAAC,UAAUC,WAAwB,EAAE;IAExC;IACA,IAAIC,qBAAqB,GAAG;MAC1BC,MAAM,EAAE,MAAM;MACdC,YAAY,EAAE,mBAAmB;MACjCC,OAAO,EAAE;IACX,CAAC;IAED,IAAIC,YAAY,GAAG;MACjBD,OAAO,EAAE;IACX,CAAC;IAED,IAAId,OAAO,CAACgB,YAAY,EAAE;MACxBC,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEC,qBAAqB,CAAC;IACnD,CAAC,MAAM,IAAIX,OAAO,CAACmB,GAAG,EAAE;MACtBF,MAAM,CAACC,MAAM,CAACR,WAAW,EAAEK,YAAY,CAAC;IAC1C;;IAEA;IACA,IAAIK,UAAU,EACZC,QAAQ,EACRC,IAAI;;IAEN;IACAA,IAAI,GAAG,IAAAC,kBAAY,EAACxB,GAAG,EAAEW,WAAW,CAAC;IACrCW,QAAQ,GAAGrB,OAAO,CAACwB,YAAY,GAAGF,IAAI,CAACG,QAAQ,GAAGH,IAAI,CAACI,YAAY;IACnEN,UAAU,GAAGC,QAAQ,GAAG,IAAAM,+BAAoB,EAACjB,WAAW,CAAC;;IAEzD;IACA,IAAIkB,QAAQ;IACZ,IAAIlB,WAAW,CAACM,YAAY,IAAIN,WAAW,CAACI,OAAO,KAAK,IAAI,EAAE;MAC5Dc,QAAQ,GAAG,QAAQ;IACrB,CAAC,MAAM,IAAIlB,WAAW,CAACI,OAAO,KAAK,OAAO,EAAE;MAC1Cc,QAAQ,GAAG,OAAO;IACpB,CAAC,MAAM;MACLA,QAAQ,GAAG,UAAU;IACvB;;IAEA;IACA,QAAQA,QAAQ;MACd,KAAK,QAAQ;QACX,IAAIC,aAAa,GAAG,IAAAC,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QACnF,IAAIC,QAAQ,GAAG,IAAAC,eAAS,EAACd,UAAU,CAAC;QACpC,OAAOS,aAAa,CACjBpB,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAIC,QAAQ,CAACC,IAAI,CAACC,QAAQ,CAACP,QAAQ,CAAC,EAAE;YACpCA,QAAQ,CAACQ,aAAa,EAAEC,WAAW,CAACT,QAAQ,CAAC;UAC/C;QACF,CAAC,CAAC;MAEN,KAAK,OAAO;QACV,IAAIU,YAAY,CAAC,CAAC;;QAElB;QACA;QACA,IAAIjC,WAAW,CAACG,YAAY,KAAK,mBAAmB,EAAE;UACpD,IAAI,CAACd,GAAG,CAAC6C,QAAQ,CAACC,2BAA2B,EAAE,EAAE;YAC/C,MAAM,IAAIxC,qBAAY,CAAC,qDAAqD,CAAC;UAC/E;UACAsC,YAAY,GAAG,IAAAb,4BAAsB,EAAC/B,GAAG,EAAEC,OAAO,CAAC+B,OAAO,EAAErB,WAAW,CAACsB,KAAK,CAAC;QAChF;;QAEA;QACA;QACA,IAAI1B,WAAW,EAAE;UACfA,WAAW,CAACwC,QAAQ,CAAC5B,MAAM,CAACE,UAAU,CAAC;QACzC;;QAEA;QACA,IAAI2B,YAAY,GAAG,IAAI5C,OAAO,CAAC,UAAU6C,OAAO,EAAE5C,MAAM,EAAE;UACxD,IAAI6C,WAAW,GAAGC,WAAW,CAAC,YAAY;YACxC,IAAI,CAAC5C,WAAW,IAAIA,WAAW,CAAC6C,MAAM,EAAE;cACtCC,aAAa,CAACH,WAAW,CAAC;cAC1B7C,MAAM,CAAC,IAAIC,qBAAY,CAAC,qCAAqC,CAAC,CAAC;YACjE;UACF,CAAC,EAAE,GAAG,CAAC;;UAEP;UACAsC,YAAY,CACTlC,IAAI,CAAC,UAAU0B,GAAG,EAAE;YACnBiB,aAAa,CAACH,WAAW,CAAC;YAC1BD,OAAO,CAACb,GAAG,CAAC;UACd,CAAC,CAAC,CACDkB,KAAK,CAAC,UAAUC,GAAG,EAAE;YACpBF,aAAa,CAACH,WAAW,CAAC;YAC1B7C,MAAM,CAACkD,GAAG,CAAC;UACb,CAAC,CAAC;QACN,CAAC,CAAC;QAEF,OAAOP,YAAY,CAChBtC,IAAI,CAAC,UAAU0B,GAAG,EAAE;UACnB,OAAO,IAAAC,wCAAmB,EAACrC,GAAG,EAAEW,WAAW,EAAEyB,GAAG,EAAmBb,IAAI,CAAC;QAC1E,CAAC,CAAC,CACDe,OAAO,CAAC,YAAY;UACnB,IAAI/B,WAAW,IAAI,CAACA,WAAW,CAAC6C,MAAM,EAAE;YACtC7C,WAAW,CAACiD,KAAK,EAAE;UACrB;QACF,CAAC,CAAC;MAEN;QACE,MAAM,IAAIlD,qBAAY,CAAC,8CAA8C,CAAC;IAAC;EAE7E,CAAC,CAAC;AACN"}
package/cjs/oidc/introspect.js CHANGED
@@ -38,13 +38,11 @@ async function oidcIntrospect(sdk, kind, token) {
38
38
  throw new _errors.AuthSdkError(`unable to find ${kind} in storage or fn params`);
39
39
  }
40
40
  if (kind !== _types.TokenKind.ACCESS) {
41
- var _token;
42
- issuer = (_token = token) === null || _token === void 0 ? void 0 : _token.issuer;
41
+ issuer = token?.issuer;
43
42
  } else {
44
- var _token2, _token2$claims;
45
- issuer = (_token2 = token) === null || _token2 === void 0 ? void 0 : (_token2$claims = _token2.claims) === null || _token2$claims === void 0 ? void 0 : _token2$claims.iss;
43
+ issuer = token?.claims?.iss;
46
44
  }
47
- issuer ?? (issuer = sdk.options.issuer);
45
+ issuer = issuer || sdk.options.issuer;
48
46
  if (!clientId) {
49
47
  throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');
50
48
  }
package/cjs/oidc/introspect.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"introspect.js","names":["hintMap","accessToken","idToken","refreshToken","oidcIntrospect","sdk","kind","token","issuer","clientId","options","clientSecret","tokenManager","getTokens","AuthSdkError","TokenKind","ACCESS","claims","iss","introspection_endpoint","introspectUrl","getWellKnown","authHeader","btoa","args","toQueryString","token_type_hint","slice","post","headers"],"sources":["../../../lib/oidc/introspect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n accessToken: 'access_token',\n idToken: 'id_token',\n refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n let issuer: string;\n let clientId: string = sdk.options.clientId;\n let clientSecret: string | undefined = sdk.options.clientSecret;\n\n if (!token) {\n token = sdk.tokenManager.getTokens()[kind];\n }\n\n if (!token) {\n throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n }\n\n if (kind !== TokenKind.ACCESS) {\n issuer = (token as any)?.issuer;\n }\n else {\n issuer = (token as any)?.claims?.iss;\n }\n issuer ??= sdk.options.issuer;\n\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n }\n if (!issuer) {\n throw new AuthSdkError('Unable to find issuer');\n }\n\n const { introspection_endpoint: introspectUrl } = await getWellKnown(sdk, issuer);\n const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n const args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: hintMap[kind],\n token: token[kind] // extract raw token string from token object\n }).slice(1);\n return post(sdk, introspectUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + authHeader\n }\n });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA,MAAMA,OAAO,GAAG;EACdC,WAAW,EAAE,cAAc;EAC3BC,OAAO,EAAE,UAAU;EACnBC,YAAY,EAAE;AAChB,CAAC;;AAED;AACO,eAAeC,cAAc,CAAEC,GAAG,EAAEC,IAAe,EAAEC,KAAa,EAAE;EACzE,IAAIC,MAAc;EAClB,IAAIC,QAAgB,GAAGJ,GAAG,CAACK,OAAO,CAACD,QAAQ;EAC3C,IAAIE,YAAgC,GAAGN,GAAG,CAACK,OAAO,CAACC,YAAY;EAE/D,IAAI,CAACJ,KAAK,EAAE;IACVA,KAAK,GAAGF,GAAG,CAACO,YAAY,CAACC,SAAS,EAAE,CAACP,IAAI,CAAC;EAC5C;EAEA,IAAI,CAACC,KAAK,EAAE;IACV,MAAM,IAAIO,oBAAY,CAAE,kBAAiBR,IAAK,0BAAyB,CAAC;EAC1E;EAEA,IAAIA,IAAI,KAAKS,gBAAS,CAACC,MAAM,EAAE;IAAA;IAC7BR,MAAM,aAAID,KAAK,2CAAN,OAAgBC,MAAM;EACjC,CAAC,MACI;IAAA;IACHA,MAAM,cAAID,KAAK,8DAAN,QAAgBU,MAAM,mDAAtB,eAAwBC,GAAG;EACtC;EACAV,MAAM,KAANA,MAAM,GAAKH,GAAG,CAACK,OAAO,CAACF,MAAM;EAE7B,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIK,oBAAY,CAAC,gFAAgF,CAAC;EAC1G;EACA,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIM,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,MAAM;IAAEK,sBAAsB,EAAEC;EAAc,CAAC,GAAI,MAAM,IAAAC,uBAAY,EAAChB,GAAG,EAAEG,MAAM,CAAC;EAClF,MAAMc,UAAU,GAAGX,YAAY,GAAG,IAAAY,YAAI,EAAE,GAAEd,QAAS,IAAGE,YAAa,EAAC,CAAC,GAAG,IAAAY,YAAI,EAACd,QAAQ,CAAC;EACtF,MAAMe,IAAI,GAAG,IAAAC,mBAAa,EAAC;IACzB;IACAC,eAAe,EAAE1B,OAAO,CAACM,IAAI,CAAC;IAC9BC,KAAK,EAAEA,KAAK,CAACD,IAAI,CAAC,CAAI;EACxB,CAAC,CAAC,CAACqB,KAAK,CAAC,CAAC,CAAC;EACX,OAAO,IAAAC,UAAI,EAACvB,GAAG,EAAEe,aAAa,EAAEI,IAAI,EAAE;IACpCK,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnD,eAAe,EAAE,QAAQ,GAAGP;IAC9B;EACF,CAAC,CAAC;AACJ"}
1
+ {"version":3,"file":"introspect.js","names":["hintMap","accessToken","idToken","refreshToken","oidcIntrospect","sdk","kind","token","issuer","clientId","options","clientSecret","tokenManager","getTokens","AuthSdkError","TokenKind","ACCESS","claims","iss","introspection_endpoint","introspectUrl","getWellKnown","authHeader","btoa","args","toQueryString","token_type_hint","slice","post","headers"],"sources":["../../../lib/oidc/introspect.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n accessToken: 'access_token',\n idToken: 'id_token',\n refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n let issuer: string;\n let clientId: string = sdk.options.clientId;\n let clientSecret: string | undefined = sdk.options.clientSecret;\n\n if (!token) {\n token = sdk.tokenManager.getTokens()[kind];\n }\n\n if (!token) {\n throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n }\n\n if (kind !== TokenKind.ACCESS) {\n issuer = (token as any)?.issuer;\n }\n else {\n issuer = (token as any)?.claims?.iss;\n }\n issuer = issuer || sdk.options.issuer;\n\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n }\n if (!issuer) {\n throw new AuthSdkError('Unable to find issuer');\n }\n\n const { introspection_endpoint: introspectUrl } = await getWellKnown(sdk, issuer);\n const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n const args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: hintMap[kind],\n token: token[kind] // extract raw token string from token object\n }).slice(1);\n return post(sdk, introspectUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + authHeader\n }\n });\n}\n"],"mappings":";;;AAaA;AACA;AACA;AACA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA,MAAMA,OAAO,GAAG;EACdC,WAAW,EAAE,cAAc;EAC3BC,OAAO,EAAE,UAAU;EACnBC,YAAY,EAAE;AAChB,CAAC;;AAED;AACO,eAAeC,cAAc,CAAEC,GAAG,EAAEC,IAAe,EAAEC,KAAa,EAAE;EACzE,IAAIC,MAAc;EAClB,IAAIC,QAAgB,GAAGJ,GAAG,CAACK,OAAO,CAACD,QAAQ;EAC3C,IAAIE,YAAgC,GAAGN,GAAG,CAACK,OAAO,CAACC,YAAY;EAE/D,IAAI,CAACJ,KAAK,EAAE;IACVA,KAAK,GAAGF,GAAG,CAACO,YAAY,CAACC,SAAS,EAAE,CAACP,IAAI,CAAC;EAC5C;EAEA,IAAI,CAACC,KAAK,EAAE;IACV,MAAM,IAAIO,oBAAY,CAAE,kBAAiBR,IAAK,0BAAyB,CAAC;EAC1E;EAEA,IAAIA,IAAI,KAAKS,gBAAS,CAACC,MAAM,EAAE;IAC7BR,MAAM,GAAID,KAAK,EAAUC,MAAM;EACjC,CAAC,MACI;IACHA,MAAM,GAAID,KAAK,EAAUU,MAAM,EAAEC,GAAG;EACtC;EACAV,MAAM,GAAGA,MAAM,IAAIH,GAAG,CAACK,OAAO,CAACF,MAAM;EAErC,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIK,oBAAY,CAAC,gFAAgF,CAAC;EAC1G;EACA,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIM,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,MAAM;IAAEK,sBAAsB,EAAEC;EAAc,CAAC,GAAI,MAAM,IAAAC,uBAAY,EAAChB,GAAG,EAAEG,MAAM,CAAC;EAClF,MAAMc,UAAU,GAAGX,YAAY,GAAG,IAAAY,YAAI,EAAE,GAAEd,QAAS,IAAGE,YAAa,EAAC,CAAC,GAAG,IAAAY,YAAI,EAACd,QAAQ,CAAC;EACtF,MAAMe,IAAI,GAAG,IAAAC,mBAAa,EAAC;IACzB;IACAC,eAAe,EAAE1B,OAAO,CAACM,IAAI,CAAC;IAC9BC,KAAK,EAAEA,KAAK,CAACD,IAAI,CAAC,CAAI;EACxB,CAAC,CAAC,CAACqB,KAAK,CAAC,CAAC,CAAC;EACX,OAAO,IAAAC,UAAI,EAACvB,GAAG,EAAEe,aAAa,EAAEI,IAAI,EAAE;IACpCK,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnD,eAAe,EAAE,QAAQ,GAAGP;IAC9B;EACF,CAAC,CAAC;AACJ"}
package/cjs/oidc/mixin/index.js CHANGED
@@ -138,6 +138,22 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
138
138
  } = this.tokenManager.getTokensSync();
139
139
  return refreshToken ? refreshToken.refreshToken : undefined;
140
140
  }
141
+ async getOrRenewAccessToken() {
142
+ const {
143
+ accessToken
144
+ } = this.tokenManager.getTokensSync();
145
+ if (accessToken && !this.tokenManager.hasExpired(accessToken)) {
146
+ return accessToken.accessToken;
147
+ }
148
+ try {
149
+ const key = this.tokenManager.getStorageKeyByType('accessToken');
150
+ const token = await this.tokenManager.renew(key ?? 'accessToken');
151
+ return token?.accessToken ?? null;
152
+ } catch (err) {
153
+ this.emitter.emit('error', err);
154
+ return null;
155
+ }
156
+ }
141
157
 
142
158
  /**
143
159
  * Store parsed tokens from redirect url
@@ -168,7 +184,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
168
184
  async invokeApiMethod(options) {
169
185
  if (!options.accessToken) {
170
186
  const accessToken = (await this.tokenManager.getTokens()).accessToken;
171
- options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
187
+ options.accessToken = accessToken?.accessToken;
172
188
  }
173
189
  return (0, _http.httpRequest)(this, options);
174
190
  }
@@ -231,7 +247,6 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
231
247
  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.
232
248
  // eslint-disable-next-line complexity, max-statements
233
249
  async signOut(options) {
234
- var _options;
235
250
  options = Object.assign({}, options);
236
251
 
237
252
  // postLogoutRedirectUri must be whitelisted in Okta Admin UI
@@ -242,7 +257,7 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
242
257
  // Okta sign-in page or the post_logout_redirect_uri (if specified)."
243
258
  // - https://developer.okta.com/docs/reference/api/oidc/#logout
244
259
  const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null : options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;
245
- const state = (_options = options) === null || _options === void 0 ? void 0 : _options.state;
260
+ const state = options?.state;
246
261
  let accessToken = options.accessToken;
247
262
  let refreshToken = options.refreshToken;
248
263
  const revokeAccessToken = options.revokeAccessToken !== false;
package/cjs/oidc/mixin/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","getStorageKeyByType","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,mBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,oBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;;IAEA;AACJ;AACA;IACI,MAAMkB,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAACtC,KAAK,CAACuC,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAACpC,YAAY,CAACsC,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAACpD,OAAO,CAACC,IAAI;IAC5B;IAEAoD,eAAe,CAACL,YAA+B,EAAW;MACxD,OAAO,IAAAK,sBAAe,EAACL,YAAY,EAAE,IAAI,CAAChD,OAAO,CAAC;IACpD;IAEAsD,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACD,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAME,eAAe,CAACvD,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAAC4C,SAAS,EAAE,EAAE/B,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEA,WAAW;MAChD;MACA,OAAO,IAAAgC,iBAAW,EAAC,IAAI,EAAEzD,OAAO,CAAC;IACnC;;IAEA;IACA,MAAM0D,iBAAiB,CAACjC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAAC4C,SAAS,EAAE,EAAE/B,WAA0B;QAC9E,MAAMkC,cAAc,GAAG,IAAI,CAAC/C,YAAY,CAACgD,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAAChD,YAAY,CAACkB,MAAM,CAAC6B,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAAClC,WAAW,EAAE;QAChB,OAAOoC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACpD,KAAK,CAACqD,MAAM,CAACtC,WAAW,CAAC;IACvC;;IAEA;IACA,MAAMuC,kBAAkB,CAACnB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAAC4C,SAAS,EAAE,EAAEX,YAA4B;QACjF,MAAMoB,eAAe,GAAG,IAAI,CAACrD,YAAY,CAACgD,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAAChD,YAAY,CAACkB,MAAM,CAACmC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACpB,YAAY,EAAE;QACjB,OAAOgB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACpD,KAAK,CAACqD,MAAM,CAAClB,YAAY,CAAC;IACxC;IAEAqB,qBAAqB,CAAClE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPoC,qBAAqB;QACrBC;MACF,CAAC,GAAGpE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIoC,qBAAqB,KAAKvC,SAAS,EAAE;QACvCuC,qBAAqB,GAAG,IAAI,CAACnE,OAAO,CAACmE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAGxC,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAIyC,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC1E,OAAwB,EAAoB;MAAA;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAM2E,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGnE,OAAO,CAACmE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxEnE,OAAO,CAACmE,qBAAqB,IAC3B,IAAI,CAACnE,OAAO,CAACmE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,eAAGpE,OAAO,6CAAP,SAASoE,KAAK;MAG5B,IAAI3C,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMa,iBAAiB,GAAG1D,OAAO,CAAC0D,iBAAiB,KAAK,KAAK;MAC7D,MAAMM,kBAAkB,GAAGhE,OAAO,CAACgE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOnB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAIa,iBAAiB,IAAI,OAAOjC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIiC,kBAAkB,IAAInB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACmB,kBAAkB,CAACnB,YAAY,CAAC;MAC7C;MAEA,IAAIa,iBAAiB,IAAIjC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACiC,iBAAiB,CAACjC,WAAW,CAAC;MAC3C;MAEA,MAAM+C,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGlE,OAAO;QAAEmE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAAC/E,MAAM,CAACqF,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAIjF,OAAO,CAACuF,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAC3E,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAAC4E,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAAC/E,MAAM,CAAC0E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDAvS4BiB,MAAM;AAySrC"}
1
+ {"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","getOrRenewAccessToken","key","getStorageKeyByType","err","emitter","emit","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n async getOrRenewAccessToken(): Promise<string | null> {\n const { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && !this.tokenManager.hasExpired(accessToken)) {\n return accessToken.accessToken;\n }\n try {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n const token = await this.tokenManager.renew(key ?? 'accessToken');\n return (token as AccessToken)?.accessToken ?? null;\n }\n catch (err) {\n this.emitter.emit('error', err);\n return null;\n }\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,mBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,oBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;IAEA,MAAMkB,qBAAqB,GAA2B;MACpD,MAAM;QAAErB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,IAAID,WAAW,IAAI,CAAC,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC7D,OAAOA,WAAW,CAACA,WAAW;MAChC;MACA,IAAI;QACF,MAAMsB,GAAG,GAAG,IAAI,CAACnC,YAAY,CAACoC,mBAAmB,CAAC,aAAa,CAAC;QAChE,MAAMtC,KAAK,GAAG,MAAM,IAAI,CAACE,YAAY,CAACiB,KAAK,CAACkB,GAAG,IAAI,aAAa,CAAC;QACjE,OAAQrC,KAAK,EAAkBe,WAAW,IAAI,IAAI;MACpD,CAAC,CACD,OAAOwB,GAAG,EAAE;QACV,IAAI,CAACC,OAAO,CAACC,IAAI,CAAC,OAAO,EAAEF,GAAG,CAAC;QAC/B,OAAO,IAAI;MACb;IACF;;IAEA;AACJ;AACA;IACI,MAAMG,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAAC5C,KAAK,CAAC6C,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAAC1C,YAAY,CAAC4C,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAAC1D,OAAO,CAACC,IAAI;IAC5B;IAEA0D,eAAe,CAACL,YAA+B,EAAW;MACxD,OAAO,IAAAK,sBAAe,EAACL,YAAY,EAAE,IAAI,CAACtD,OAAO,CAAC;IACpD;IAEA4D,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACD,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAME,eAAe,CAAC7D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACkD,SAAS,EAAE,EAAErC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,EAAEA,WAAW;MAChD;MACA,OAAO,IAAAsC,iBAAW,EAAC,IAAI,EAAE/D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAMgE,iBAAiB,CAACvC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACkD,SAAS,EAAE,EAAErC,WAA0B;QAC9E,MAAMwC,cAAc,GAAG,IAAI,CAACrD,YAAY,CAACoC,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpC,YAAY,CAACkB,MAAM,CAACmC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACxC,WAAW,EAAE;QAChB,OAAOyC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACzD,KAAK,CAAC0D,MAAM,CAAC3C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM4C,kBAAkB,CAACxB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAACkD,SAAS,EAAE,EAAEjB,YAA4B;QACjF,MAAMyB,eAAe,GAAG,IAAI,CAAC1D,YAAY,CAACoC,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpC,YAAY,CAACkB,MAAM,CAACwC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACzB,YAAY,EAAE;QACjB,OAAOqB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACzD,KAAK,CAAC0D,MAAM,CAACvB,YAAY,CAAC;IACxC;IAEA0B,qBAAqB,CAACvE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPyC,qBAAqB;QACrBC;MACF,CAAC,GAAGzE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIyC,qBAAqB,KAAK5C,SAAS,EAAE;QACvC4C,qBAAqB,GAAG,IAAI,CAACxE,OAAO,CAACwE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG7C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI8C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC/E,OAAwB,EAAoB;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAMgF,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGxE,OAAO,CAACwE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxExE,OAAO,CAACwE,qBAAqB,IAC3B,IAAI,CAACxE,OAAO,CAACwE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,GAAGzE,OAAO,EAAEyE,KAAK;MAG5B,IAAIhD,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMmB,iBAAiB,GAAGhE,OAAO,CAACgE,iBAAiB,KAAK,KAAK;MAC7D,MAAMK,kBAAkB,GAAGrE,OAAO,CAACqE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOxB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAImB,iBAAiB,IAAI,OAAOvC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIsC,kBAAkB,IAAIxB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACwB,kBAAkB,CAACxB,YAAY,CAAC;MAC7C;MAEA,IAAImB,iBAAiB,IAAIvC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACuC,iBAAiB,CAACvC,WAAW,CAAC;MAC3C;MAEA,MAAMoD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGvE,OAAO;QAAEwE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAACpF,MAAM,CAAC0F,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAItF,OAAO,CAAC4F,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAChF,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAACiF,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAACpF,MAAM,CAAC+E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDAvT4BiB,MAAM;AAyTrC"}
package/cjs/oidc/options/OAuthOptionsConstructor.js CHANGED
@@ -36,7 +36,7 @@ function assertValidConfig(args) {
36
36
  if (!isUrlRegex.test(issuer)) {
37
37
  throw new _AuthSdkError.default('Issuer must be a valid URL. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
38
38
  }
39
- if (issuer.indexOf('-admin.') !== -1) {
39
+ if (issuer.indexOf('-admin.okta') !== -1) {
40
40
  throw new _AuthSdkError.default('Issuer URL passed to constructor contains "-admin" in subdomain. ' + 'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com})');
41
41
  }
42
42
  }
package/cjs/oidc/options/OAuthOptionsConstructor.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","acrValues","maxAge","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n OAuthResponseMode,\n OAuthResponseType,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n SetLocationFunction,\n TokenManagerOptions,\n TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var issuer = args.issuer!;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nexport function createOAuthOptionsConstructor() {\n const HttpOptionsConstructor = createHttpOptionsConstructor();\n return class OAuthOptionsConstructor\n extends HttpOptionsConstructor\n implements Required<OktaAuthOAuthOptions>\n {\n // CustomUrls\n issuer: string;\n authorizeUrl: string;\n userinfoUrl: string;\n tokenUrl: string;\n revokeUrl: string;\n logoutUrl: string;\n \n // TokenParams\n pkce: boolean;\n clientId: string;\n redirectUri: string;\n responseType: OAuthResponseType | OAuthResponseType[];\n responseMode: OAuthResponseMode;\n state: string;\n scopes: string[];\n ignoreSignature: boolean;\n codeChallenge: string;\n codeChallengeMethod: string;\n acrValues: string;\n maxAge: string | number;\n\n // Additional options\n tokenManager: TokenManagerOptions;\n postLogoutRedirectUri: string;\n restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n transactionManager: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret: string;\n setLocation: SetLocationFunction;\n\n // Workaround for bad client time/clock\n ignoreLifetime: boolean;\n maxClockSkew: number;\n\n\n // eslint-disable-next-line max-statements\n constructor(options: any) {\n super(options);\n \n assertValidConfig(options);\n \n this.issuer = removeTrailingSlash(options.issuer);\n this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n this.clientId = options.clientId;\n this.redirectUri = options.redirectUri;\n if (isBrowser()) {\n this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n }\n this.responseType = options.responseType;\n this.responseMode = options.responseMode;\n this.state = options.state;\n this.scopes = options.scopes;\n // Give the developer the ability to disable token signature validation.\n this.ignoreSignature = !!options.ignoreSignature;\n this.codeChallenge = options.codeChallenge;\n this.codeChallengeMethod = options.codeChallengeMethod;\n this.acrValues = options.acrValues;\n this.maxAge = options.maxAge;\n\n this.tokenManager = options.tokenManager;\n this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n this.restoreOriginalUri = options.restoreOriginalUri;\n this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n \n this.clientSecret = options.clientSecret;\n this.setLocation = options.setLocation;\n \n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.ignoreLifetime = !!options.ignoreLifetime;\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.maxClockSkew = options.maxClockSkew;\n }\n\n }\n };\n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AAUA;AACA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA,SAASA,iBAAiB,CAACC,IAAI,EAAE;EAC/BA,IAAI,GAAGA,IAAI,IAAI,CAAC,CAAC;EAEjB,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAM;EACxB,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,MAAM,CAAC,EAAE;IACpC,MAAM,IAAIG,qBAAY,CAAC,qCAAqC,GAC1D,6DAA6D,CAAC;EAClE;;EAEA;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAO;EACzB,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,qBAAY,CAAC,mCAAmC,GACxD,8FAA8F,CAAC;EACnG;EAEA,IAAIE,UAAU,GAAG,IAAIC,MAAM,CAAC,eAAe,CAAC;EAC5C,IAAI,CAACD,UAAU,CAACE,IAAI,CAACH,MAAM,CAAC,EAAE;IAC5B,MAAM,IAAID,qBAAY,CAAC,8BAA8B,GACnD,8FAA8F,CAAC;EACnG;EAEA,IAAIC,MAAM,CAACI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE;IACpC,MAAM,IAAIL,qBAAY,CAAC,mEAAmE,GACxF,uEAAuE,CAAC;EAC5E;AACF;AAEO,SAASM,6BAA6B,GAAG;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAA4B,GAAE;EAC7D,OAAO,MAAMC,uBAAuB,SAC1BF,sBAAsB,CAEhC;IACE;;IAQA;;IAcA;;IAMA;;IAIA;;IAKA;IACAG,WAAW,CAACC,OAAY,EAAE;MACxB,KAAK,CAACA,OAAO,CAAC;MAEdhB,iBAAiB,CAACgB,OAAO,CAAC;MAE1B,IAAI,CAACV,MAAM,GAAG,IAAAW,wBAAmB,EAACD,OAAO,CAACV,MAAM,CAAC;MACjD,IAAI,CAACY,QAAQ,GAAG,IAAAD,wBAAmB,EAACD,OAAO,CAACE,QAAQ,CAAC;MACrD,IAAI,CAACC,YAAY,GAAG,IAAAF,wBAAmB,EAACD,OAAO,CAACG,YAAY,CAAC;MAC7D,IAAI,CAACC,WAAW,GAAG,IAAAH,wBAAmB,EAACD,OAAO,CAACI,WAAW,CAAC;MAC3D,IAAI,CAACC,SAAS,GAAG,IAAAJ,wBAAmB,EAACD,OAAO,CAACK,SAAS,CAAC;MACvD,IAAI,CAACC,SAAS,GAAG,IAAAL,wBAAmB,EAACD,OAAO,CAACM,SAAS,CAAC;MAEvD,IAAI,CAACC,IAAI,GAAGP,OAAO,CAACO,IAAI,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;MACnD,IAAI,CAACC,QAAQ,GAAGR,OAAO,CAACQ,QAAQ;MAChC,IAAI,CAACC,WAAW,GAAGT,OAAO,CAACS,WAAW;MACtC,IAAI,IAAAC,mBAAS,GAAE,EAAE;QACf,IAAI,CAACD,WAAW,GAAG,IAAAE,kBAAa,EAACX,OAAO,CAACS,WAAW,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC,CAAC,CAAC;MACjF;;MACA,IAAI,CAACC,YAAY,GAAGf,OAAO,CAACe,YAAY;MACxC,IAAI,CAACC,YAAY,GAAGhB,OAAO,CAACgB,YAAY;MACxC,IAAI,CAACC,KAAK,GAAGjB,OAAO,CAACiB,KAAK;MAC1B,IAAI,CAAC/B,MAAM,GAAGc,OAAO,CAACd,MAAM;MAC5B;MACA,IAAI,CAACgC,eAAe,GAAG,CAAC,CAAClB,OAAO,CAACkB,eAAe;MAChD,IAAI,CAACC,aAAa,GAAGnB,OAAO,CAACmB,aAAa;MAC1C,IAAI,CAACC,mBAAmB,GAAGpB,OAAO,CAACoB,mBAAmB;MACtD,IAAI,CAACC,SAAS,GAAGrB,OAAO,CAACqB,SAAS;MAClC,IAAI,CAACC,MAAM,GAAGtB,OAAO,CAACsB,MAAM;MAE5B,IAAI,CAACC,YAAY,GAAGvB,OAAO,CAACuB,YAAY;MACxC,IAAI,CAACC,qBAAqB,GAAGxB,OAAO,CAACwB,qBAAqB;MAC1D,IAAI,CAACC,kBAAkB,GAAGzB,OAAO,CAACyB,kBAAkB;MACpD,IAAI,CAACC,kBAAkB,GAAG;QAAEC,mBAAmB,EAAnBA,yBAAmB;QAAE,GAAG3B,OAAO,CAAC0B;MAAmB,CAAC;MAEhF,IAAI,CAACE,YAAY,GAAG5B,OAAO,CAAC4B,YAAY;MACxC,IAAI,CAACC,WAAW,GAAG7B,OAAO,CAAC6B,WAAW;;MAEtC;MACA;MACA;MACA,IAAI,CAACC,cAAc,GAAG,CAAC,CAAC9B,OAAO,CAAC8B,cAAc;;MAE9C;MACA;MACA;MACA;MACA;MACA;MACA;MACA,IAAI,CAAC9B,OAAO,CAAC+B,YAAY,IAAI/B,OAAO,CAAC+B,YAAY,KAAK,CAAC,EAAE;QACvD,IAAI,CAACA,YAAY,GAAGC,iCAAsB;MAC5C,CAAC,MAAM;QACL,IAAI,CAACD,YAAY,GAAG/B,OAAO,CAAC+B,YAAY;MAC1C;IAEF;EACF,CAAC;AACH"}
1
+ {"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","acrValues","maxAge","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n OAuthResponseMode,\n OAuthResponseType,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n SetLocationFunction,\n TokenManagerOptions,\n TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var issuer = args.issuer!;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.okta') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nexport function createOAuthOptionsConstructor() {\n const HttpOptionsConstructor = createHttpOptionsConstructor();\n return class OAuthOptionsConstructor\n extends HttpOptionsConstructor\n implements Required<OktaAuthOAuthOptions>\n {\n // CustomUrls\n issuer: string;\n authorizeUrl: string;\n userinfoUrl: string;\n tokenUrl: string;\n revokeUrl: string;\n logoutUrl: string;\n \n // TokenParams\n pkce: boolean;\n clientId: string;\n redirectUri: string;\n responseType: OAuthResponseType | OAuthResponseType[];\n responseMode: OAuthResponseMode;\n state: string;\n scopes: string[];\n ignoreSignature: boolean;\n codeChallenge: string;\n codeChallengeMethod: string;\n acrValues: string;\n maxAge: string | number;\n\n // Additional options\n tokenManager: TokenManagerOptions;\n postLogoutRedirectUri: string;\n restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n transactionManager: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret: string;\n setLocation: SetLocationFunction;\n\n // Workaround for bad client time/clock\n ignoreLifetime: boolean;\n maxClockSkew: number;\n\n\n // eslint-disable-next-line max-statements\n constructor(options: any) {\n super(options);\n \n assertValidConfig(options);\n \n this.issuer = removeTrailingSlash(options.issuer);\n this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n this.clientId = options.clientId;\n this.redirectUri = options.redirectUri;\n if (isBrowser()) {\n this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n }\n this.responseType = options.responseType;\n this.responseMode = options.responseMode;\n this.state = options.state;\n this.scopes = options.scopes;\n // Give the developer the ability to disable token signature validation.\n this.ignoreSignature = !!options.ignoreSignature;\n this.codeChallenge = options.codeChallenge;\n this.codeChallengeMethod = options.codeChallengeMethod;\n this.acrValues = options.acrValues;\n this.maxAge = options.maxAge;\n\n this.tokenManager = options.tokenManager;\n this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n this.restoreOriginalUri = options.restoreOriginalUri;\n this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n \n this.clientSecret = options.clientSecret;\n this.setLocation = options.setLocation;\n \n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.ignoreLifetime = !!options.ignoreLifetime;\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.maxClockSkew = options.maxClockSkew;\n }\n\n }\n };\n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AAUA;AACA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA,SAASA,iBAAiB,CAACC,IAAI,EAAE;EAC/BA,IAAI,GAAGA,IAAI,IAAI,CAAC,CAAC;EAEjB,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAM;EACxB,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,MAAM,CAAC,EAAE;IACpC,MAAM,IAAIG,qBAAY,CAAC,qCAAqC,GAC1D,6DAA6D,CAAC;EAClE;;EAEA;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAO;EACzB,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,qBAAY,CAAC,mCAAmC,GACxD,8FAA8F,CAAC;EACnG;EAEA,IAAIE,UAAU,GAAG,IAAIC,MAAM,CAAC,eAAe,CAAC;EAC5C,IAAI,CAACD,UAAU,CAACE,IAAI,CAACH,MAAM,CAAC,EAAE;IAC5B,MAAM,IAAID,qBAAY,CAAC,8BAA8B,GACnD,8FAA8F,CAAC;EACnG;EAEA,IAAIC,MAAM,CAACI,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE;IACxC,MAAM,IAAIL,qBAAY,CAAC,mEAAmE,GACxF,uEAAuE,CAAC;EAC5E;AACF;AAEO,SAASM,6BAA6B,GAAG;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAA4B,GAAE;EAC7D,OAAO,MAAMC,uBAAuB,SAC1BF,sBAAsB,CAEhC;IACE;;IAQA;;IAcA;;IAMA;;IAIA;;IAKA;IACAG,WAAW,CAACC,OAAY,EAAE;MACxB,KAAK,CAACA,OAAO,CAAC;MAEdhB,iBAAiB,CAACgB,OAAO,CAAC;MAE1B,IAAI,CAACV,MAAM,GAAG,IAAAW,wBAAmB,EAACD,OAAO,CAACV,MAAM,CAAC;MACjD,IAAI,CAACY,QAAQ,GAAG,IAAAD,wBAAmB,EAACD,OAAO,CAACE,QAAQ,CAAC;MACrD,IAAI,CAACC,YAAY,GAAG,IAAAF,wBAAmB,EAACD,OAAO,CAACG,YAAY,CAAC;MAC7D,IAAI,CAACC,WAAW,GAAG,IAAAH,wBAAmB,EAACD,OAAO,CAACI,WAAW,CAAC;MAC3D,IAAI,CAACC,SAAS,GAAG,IAAAJ,wBAAmB,EAACD,OAAO,CAACK,SAAS,CAAC;MACvD,IAAI,CAACC,SAAS,GAAG,IAAAL,wBAAmB,EAACD,OAAO,CAACM,SAAS,CAAC;MAEvD,IAAI,CAACC,IAAI,GAAGP,OAAO,CAACO,IAAI,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;MACnD,IAAI,CAACC,QAAQ,GAAGR,OAAO,CAACQ,QAAQ;MAChC,IAAI,CAACC,WAAW,GAAGT,OAAO,CAACS,WAAW;MACtC,IAAI,IAAAC,mBAAS,GAAE,EAAE;QACf,IAAI,CAACD,WAAW,GAAG,IAAAE,kBAAa,EAACX,OAAO,CAACS,WAAW,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC,CAAC,CAAC;MACjF;;MACA,IAAI,CAACC,YAAY,GAAGf,OAAO,CAACe,YAAY;MACxC,IAAI,CAACC,YAAY,GAAGhB,OAAO,CAACgB,YAAY;MACxC,IAAI,CAACC,KAAK,GAAGjB,OAAO,CAACiB,KAAK;MAC1B,IAAI,CAAC/B,MAAM,GAAGc,OAAO,CAACd,MAAM;MAC5B;MACA,IAAI,CAACgC,eAAe,GAAG,CAAC,CAAClB,OAAO,CAACkB,eAAe;MAChD,IAAI,CAACC,aAAa,GAAGnB,OAAO,CAACmB,aAAa;MAC1C,IAAI,CAACC,mBAAmB,GAAGpB,OAAO,CAACoB,mBAAmB;MACtD,IAAI,CAACC,SAAS,GAAGrB,OAAO,CAACqB,SAAS;MAClC,IAAI,CAACC,MAAM,GAAGtB,OAAO,CAACsB,MAAM;MAE5B,IAAI,CAACC,YAAY,GAAGvB,OAAO,CAACuB,YAAY;MACxC,IAAI,CAACC,qBAAqB,GAAGxB,OAAO,CAACwB,qBAAqB;MAC1D,IAAI,CAACC,kBAAkB,GAAGzB,OAAO,CAACyB,kBAAkB;MACpD,IAAI,CAACC,kBAAkB,GAAG;QAAEC,mBAAmB,EAAnBA,yBAAmB;QAAE,GAAG3B,OAAO,CAAC0B;MAAmB,CAAC;MAEhF,IAAI,CAACE,YAAY,GAAG5B,OAAO,CAAC4B,YAAY;MACxC,IAAI,CAACC,WAAW,GAAG7B,OAAO,CAAC6B,WAAW;;MAEtC;MACA;MACA;MACA,IAAI,CAACC,cAAc,GAAG,CAAC,CAAC9B,OAAO,CAAC8B,cAAc;;MAE9C;MACA;MACA;MACA;MACA;MACA;MACA;MACA,IAAI,CAAC9B,OAAO,CAAC+B,YAAY,IAAI/B,OAAO,CAAC+B,YAAY,KAAK,CAAC,EAAE;QACvD,IAAI,CAACA,YAAY,GAAGC,iCAAsB;MAC5C,CAAC,MAAM;QACL,IAAI,CAACD,YAAY,GAAG/B,OAAO,CAAC+B,YAAY;MAC1C;IAEF;EACF,CAAC;AACH"}
package/cjs/oidc/renewTokens.js CHANGED
@@ -21,8 +21,7 @@ var _util = require("./util");
21
21
  // If we have a refresh token, renew using that, otherwise getWithoutPrompt
22
22
  // eslint-disable-next-line complexity
23
23
  async function renewTokens(sdk, options) {
24
- var _options;
25
- const tokens = ((_options = options) === null || _options === void 0 ? void 0 : _options.tokens) ?? sdk.tokenManager.getTokensSync();
24
+ const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();
26
25
  if (tokens.refreshToken) {
27
26
  return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options || {}, tokens.refreshToken);
28
27
  }
package/cjs/oidc/renewTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EAAA;EACnF,MAAMC,MAAM,GAAG,aAAAD,OAAO,6CAAP,SAASC,MAAM,KAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
1
+ {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EACnF,MAAMC,MAAM,GAAGD,OAAO,EAAEC,MAAM,IAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
package/cjs/oidc/types/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface MinimalOktaOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>\n{\n token: BaseTokenAPI;\n transactionManager: TM;\n\n isPKCE(): boolean;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
1
+ {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface MinimalOktaOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>\n{\n token: BaseTokenAPI;\n transactionManager: TM;\n\n isPKCE(): boolean;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n getOrRenewAccessToken(): Promise<string | null>;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
package/cjs/oidc/util/errors.js CHANGED
@@ -30,8 +30,8 @@ function isAuthorizationCodeError(sdk, error) {
30
30
  const authApiError = error;
31
31
  // xhr property doesn't seem to match XMLHttpRequest type
32
32
  const errorResponse = authApiError.xhr;
33
- const responseJSON = errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.responseJSON;
34
- return sdk.options.pkce && (responseJSON === null || responseJSON === void 0 ? void 0 : responseJSON.error) === 'invalid_grant';
33
+ const responseJSON = errorResponse?.responseJSON;
34
+ return sdk.options.pkce && responseJSON?.error === 'invalid_grant';
35
35
  }
36
36
  function isRefreshTokenInvalidError(error) {
37
37
  // error: {"error":"invalid_grant","error_description":"The refresh token is invalid or expired."}
package/cjs/oidc/util/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;AAcA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,0BAA0B,CAACC,KAAY,EAAE;EACvD,IAAIA,KAAK,CAACC,IAAI,KAAK,YAAY,EAAE;IAC/B,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAGF,KAAmB;EACtC,OAAQE,UAAU,CAACC,SAAS,KAAK,sBAAsB;AACzD;AAEO,SAASC,wBAAwB,CAACC,GAA2B,EAAEL,KAAY,EAAE;EAClF,IAAIA,KAAK,CAACC,IAAI,KAAK,cAAc,EAAE;IACjC,OAAO,KAAK;EACd;EACA,MAAMK,YAAY,GAAGN,KAAqB;EAC1C;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAyC;EAC5E,MAAMC,YAAY,GAAGF,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEE,YAAuC;EAC3E,OAAOJ,GAAG,CAACK,OAAO,CAACC,IAAI,IAAK,CAAAF,YAAY,aAAZA,YAAY,uBAAZA,YAAY,CAAET,KAAK,MAAe,eAAgB;AAChF;AAEO,SAASY,0BAA0B,CAACZ,KAAc,EAAW;EAClE;EACA,OAAO,IAAAa,oBAAY,EAACb,KAAK,CAAC,IACxBA,KAAK,CAACG,SAAS,KAAK,eAAe,IACnCH,KAAK,CAACc,YAAY,KAAK,0CAA0C;AACrE"}
1
+ {"version":3,"file":"errors.js","names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce","isRefreshTokenInvalidError","isOAuthError","errorSummary"],"sources":["../../../../lib/oidc/util/errors.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n"],"mappings":";;;;;AAcA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,0BAA0B,CAACC,KAAY,EAAE;EACvD,IAAIA,KAAK,CAACC,IAAI,KAAK,YAAY,EAAE;IAC/B,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAGF,KAAmB;EACtC,OAAQE,UAAU,CAACC,SAAS,KAAK,sBAAsB;AACzD;AAEO,SAASC,wBAAwB,CAACC,GAA2B,EAAEL,KAAY,EAAE;EAClF,IAAIA,KAAK,CAACC,IAAI,KAAK,cAAc,EAAE;IACjC,OAAO,KAAK;EACd;EACA,MAAMK,YAAY,GAAGN,KAAqB;EAC1C;EACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAyC;EAC5E,MAAMC,YAAY,GAAGF,aAAa,EAAEE,YAAuC;EAC3E,OAAOJ,GAAG,CAACK,OAAO,CAACC,IAAI,IAAKF,YAAY,EAAET,KAAK,KAAe,eAAgB;AAChF;AAEO,SAASY,0BAA0B,CAACZ,KAAc,EAAW;EAClE;EACA,OAAO,IAAAa,oBAAY,EAACb,KAAK,CAAC,IACxBA,KAAK,CAACG,SAAS,KAAK,eAAe,IACnCH,KAAK,CAACc,YAAY,KAAK,0CAA0C;AACrE"}
package/cjs/oidc/util/validateClaims.js CHANGED
@@ -33,7 +33,7 @@ function validateClaims(sdk, claims, validationParams) {
33
33
  if (claims.iss !== iss) {
34
34
  throw new _AuthSdkError.default('The issuer [' + claims.iss + '] ' + 'does not match [' + iss + ']');
35
35
  }
36
- if (claims.aud !== aud) {
36
+ if (Array.isArray(claims.aud) && claims.aud.indexOf(aud) < 0 || !Array.isArray(claims.aud) && claims.aud !== aud) {
37
37
  throw new _AuthSdkError.default('The audience [' + claims.aud + '] ' + 'does not match [' + aud + ']');
38
38
  }
39
39
  if (acr && claims.acr !== acr) {
package/cjs/oidc/util/validateClaims.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","acr","acrValues","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n const aud = validationParams.clientId;\n const iss = validationParams.issuer;\n const nonce = validationParams.nonce;\n const acr = validationParams.acrValues;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n const now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (acr && claims.acr !== acr) {\n throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n 'does not match acr_values [' + acr + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"mappings":";;;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKO,SAASA,cAAc,CAACC,GAA2B,EAAEC,MAAkB,EAAEC,gBAAmC,EAAE;EACnH,MAAMC,GAAG,GAAGD,gBAAgB,CAACE,QAAQ;EACrC,MAAMC,GAAG,GAAGH,gBAAgB,CAACI,MAAM;EACnC,MAAMC,KAAK,GAAGL,gBAAgB,CAACK,KAAK;EACpC,MAAMC,GAAG,GAAGN,gBAAgB,CAACO,SAAS;EAEtC,IAAI,CAACR,MAAM,IAAI,CAACI,GAAG,IAAI,CAACF,GAAG,EAAE;IAC3B,MAAM,IAAIO,qBAAY,CAAC,kDAAkD,CAAC;EAC5E;EAEA,IAAIH,KAAK,IAAIN,MAAM,CAACM,KAAK,KAAKA,KAAK,EAAE;IACnC,MAAM,IAAIG,qBAAY,CAAC,wDAAwD,CAAC;EAClF;EAEA,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,EAAE,GAAC,IAAI,CAAC;EAEvC,IAAIV,MAAM,CAACI,GAAG,KAAKA,GAAG,EAAE;IACtB,MAAM,IAAIK,qBAAY,CAAC,cAAc,GAAGT,MAAM,CAACI,GAAG,GAAG,IAAI,GACvD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAIJ,MAAM,CAACE,GAAG,KAAKA,GAAG,EAAE;IACtB,MAAM,IAAIO,qBAAY,CAAC,gBAAgB,GAAGT,MAAM,CAACE,GAAG,GAAG,IAAI,GACzD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAIK,GAAG,IAAIP,MAAM,CAACO,GAAG,KAAKA,GAAG,EAAE;IAC7B,MAAM,IAAIE,qBAAY,CAAC,WAAW,GAAGT,MAAM,CAACO,GAAG,GAAG,IAAI,GACpD,6BAA6B,GAAGA,GAAG,GAAG,GAAG,CAAC;EAC9C;EAEA,IAAIP,MAAM,CAACc,GAAG,GAAId,MAAM,CAACe,GAAI,EAAE;IAC7B,MAAM,IAAIN,qBAAY,CAAC,sCAAsC,CAAC;EAChE;EAEA,IAAI,CAACV,GAAG,CAACiB,OAAO,CAACC,cAAc,EAAE;IAC/B,IAAKP,GAAG,GAAGX,GAAG,CAACiB,OAAO,CAACE,YAAa,GAAIlB,MAAM,CAACe,GAAI,EAAE;MACnD,MAAM,IAAIN,qBAAY,CAAC,wCAAwC,CAAC;IAClE;IAEA,IAAIT,MAAM,CAACc,GAAG,GAAKJ,GAAG,GAAGX,GAAG,CAACiB,OAAO,CAACE,YAAc,EAAE;MACnD,MAAM,IAAIT,qBAAY,CAAC,kCAAkC,CAAC;IAC5D;EACF;AACF"}
1
+ {"version":3,"file":"validateClaims.js","names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","acr","acrValues","AuthSdkError","now","Math","floor","Date","Array","isArray","indexOf","iat","exp","options","ignoreLifetime","maxClockSkew"],"sources":["../../../../lib/oidc/util/validateClaims.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n const aud = validationParams.clientId;\n const iss = validationParams.issuer;\n const nonce = validationParams.nonce;\n const acr = validationParams.acrValues;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n const now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if ((Array.isArray(claims.aud) && claims.aud.indexOf(aud) < 0) ||\n (!Array.isArray(claims.aud) && claims.aud !== aud))\n {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (acr && claims.acr !== acr) {\n throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n 'does not match acr_values [' + acr + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"mappings":";;;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKO,SAASA,cAAc,CAACC,GAA2B,EAAEC,MAAkB,EAAEC,gBAAmC,EAAE;EACnH,MAAMC,GAAG,GAAGD,gBAAgB,CAACE,QAAQ;EACrC,MAAMC,GAAG,GAAGH,gBAAgB,CAACI,MAAM;EACnC,MAAMC,KAAK,GAAGL,gBAAgB,CAACK,KAAK;EACpC,MAAMC,GAAG,GAAGN,gBAAgB,CAACO,SAAS;EAEtC,IAAI,CAACR,MAAM,IAAI,CAACI,GAAG,IAAI,CAACF,GAAG,EAAE;IAC3B,MAAM,IAAIO,qBAAY,CAAC,kDAAkD,CAAC;EAC5E;EAEA,IAAIH,KAAK,IAAIN,MAAM,CAACM,KAAK,KAAKA,KAAK,EAAE;IACnC,MAAM,IAAIG,qBAAY,CAAC,wDAAwD,CAAC;EAClF;EAEA,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,EAAE,GAAC,IAAI,CAAC;EAEvC,IAAIV,MAAM,CAACI,GAAG,KAAKA,GAAG,EAAE;IACtB,MAAM,IAAIK,qBAAY,CAAC,cAAc,GAAGT,MAAM,CAACI,GAAG,GAAG,IAAI,GACvD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAKU,KAAK,CAACC,OAAO,CAACf,MAAM,CAACE,GAAG,CAAC,IAAIF,MAAM,CAACE,GAAG,CAACc,OAAO,CAACd,GAAG,CAAC,GAAG,CAAC,IAC1D,CAACY,KAAK,CAACC,OAAO,CAACf,MAAM,CAACE,GAAG,CAAC,IAAIF,MAAM,CAACE,GAAG,KAAKA,GAAI,EACpD;IACE,MAAM,IAAIO,qBAAY,CAAC,gBAAgB,GAAGT,MAAM,CAACE,GAAG,GAAG,IAAI,GACzD,kBAAkB,GAAGA,GAAG,GAAG,GAAG,CAAC;EACnC;EAEA,IAAIK,GAAG,IAAIP,MAAM,CAACO,GAAG,KAAKA,GAAG,EAAE;IAC7B,MAAM,IAAIE,qBAAY,CAAC,WAAW,GAAGT,MAAM,CAACO,GAAG,GAAG,IAAI,GACpD,6BAA6B,GAAGA,GAAG,GAAG,GAAG,CAAC;EAC9C;EAEA,IAAIP,MAAM,CAACiB,GAAG,GAAIjB,MAAM,CAACkB,GAAI,EAAE;IAC7B,MAAM,IAAIT,qBAAY,CAAC,sCAAsC,CAAC;EAChE;EAEA,IAAI,CAACV,GAAG,CAACoB,OAAO,CAACC,cAAc,EAAE;IAC/B,IAAKV,GAAG,GAAGX,GAAG,CAACoB,OAAO,CAACE,YAAa,GAAIrB,MAAM,CAACkB,GAAI,EAAE;MACnD,MAAM,IAAIT,qBAAY,CAAC,wCAAwC,CAAC;IAClE;IAEA,IAAIT,MAAM,CAACiB,GAAG,GAAKP,GAAG,GAAGX,GAAG,CAACoB,OAAO,CAACE,YAAc,EAAE;MACnD,MAAM,IAAIZ,qBAAY,CAAC,kCAAkC,CAAC;IAC5D;EACF;AACF"}
package/cjs/oidc/verifyToken.js CHANGED
@@ -34,7 +34,7 @@ async function verifyToken(sdk, token, validationParams) {
34
34
 
35
35
  // The configured issuer may point to a frontend proxy.
36
36
  // Get the "real" issuer from .well-known/openid-configuration
37
- const configuredIssuer = (validationParams === null || validationParams === void 0 ? void 0 : validationParams.issuer) || sdk.options.issuer;
37
+ const configuredIssuer = validationParams?.issuer || sdk.options.issuer;
38
38
  const {
39
39
  issuer
40
40
  } = await (0, _wellKnown.getWellKnown)(sdk, configuredIssuer);
package/cjs/oidc/verifyToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","Object","assign","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"mappings":";;;AAcA;AACA;AACA;AAEA;AACA;AAAuC;AAAA;AAnBvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACO,eAAeA,WAAW,CAACC,GAA2B,EAAEC,KAAc,EAAEC,gBAAmC,EAAoB;EACpI,IAAI,CAACD,KAAK,IAAI,CAACA,KAAK,CAACE,OAAO,EAAE;IAC5B,MAAM,IAAIC,oBAAY,CAAC,+BAA+B,CAAC;EACzD;;EAEA;EACA,MAAMC,GAAG,GAAG,IAAAC,wBAAW,EAACL,KAAK,CAACE,OAAO,CAAC;;EAEtC;EACA;EACA,MAAMI,gBAAgB,GAAG,CAAAL,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEM,MAAM,KAAIR,GAAG,CAACS,OAAO,CAACD,MAAM;EACvE,MAAM;IAAEA;EAAO,CAAC,GAAG,MAAM,IAAAE,uBAAY,EAACV,GAAG,EAAEO,gBAAgB,CAAC;EAE5D,MAAMI,iBAAoC,GAAGC,MAAM,CAACC,MAAM,CAAC;IACzD;IACAC,QAAQ,EAAEd,GAAG,CAACS,OAAO,CAACK,QAAQ;IAC9BC,eAAe,EAAEf,GAAG,CAACS,OAAO,CAACM;EAC/B,CAAC,EAAEb,gBAAgB,EAAE;IACnB;IACAM;EACF,CAAC,CAAC;;EAEF;EACA,IAAAQ,oBAAc,EAAChB,GAAG,EAAEK,GAAG,CAACY,OAAO,EAAEN,iBAAiB,CAAC;;EAEnD;EACA;EACA,IAAIA,iBAAiB,CAACI,eAAe,IAAI,IAAI,IAAI,CAACf,GAAG,CAACkB,QAAQ,CAACC,sBAAsB,EAAE,EAAE;IACvF,OAAOlB,KAAK;EACd;;EAEA;EACA,MAAMmB,GAAG,GAAG,MAAM,IAAAC,iBAAM,EAACrB,GAAG,EAAEC,KAAK,CAACO,MAAM,EAAEH,GAAG,CAACiB,MAAM,CAACC,GAAG,CAAE;EAC5D,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAAC1B,WAAW,CAACE,KAAK,CAACE,OAAO,EAAEiB,GAAG,CAAC;EAC7D,IAAI,CAACI,KAAK,EAAE;IACV,MAAM,IAAIpB,oBAAY,CAAC,kCAAkC,CAAC;EAC5D;EACA,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACwB,WAAW,IAAIzB,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAW,CAAC5B,gBAAgB,CAACwB,WAAW,CAAC;IACtE,IAAIG,IAAI,KAAK5B,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;MACjC,MAAM,IAAIxB,oBAAY,CAAC,gCAAgC,CAAC;IAC1D;EACF;EACA,OAAOH,KAAK;AACd"}
1
+ {"version":3,"file":"verifyToken.js","names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","decodeToken","configuredIssuer","issuer","options","getWellKnown","validationOptions","Object","assign","clientId","ignoreSignature","validateClaims","payload","features","isTokenVerifySupported","key","getKey","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"sources":["../../../lib/oidc/verifyToken.ts"],"sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"mappings":";;;AAcA;AACA;AACA;AAEA;AACA;AAAuC;AAAA;AAnBvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACO,eAAeA,WAAW,CAACC,GAA2B,EAAEC,KAAc,EAAEC,gBAAmC,EAAoB;EACpI,IAAI,CAACD,KAAK,IAAI,CAACA,KAAK,CAACE,OAAO,EAAE;IAC5B,MAAM,IAAIC,oBAAY,CAAC,+BAA+B,CAAC;EACzD;;EAEA;EACA,MAAMC,GAAG,GAAG,IAAAC,wBAAW,EAACL,KAAK,CAACE,OAAO,CAAC;;EAEtC;EACA;EACA,MAAMI,gBAAgB,GAAGL,gBAAgB,EAAEM,MAAM,IAAIR,GAAG,CAACS,OAAO,CAACD,MAAM;EACvE,MAAM;IAAEA;EAAO,CAAC,GAAG,MAAM,IAAAE,uBAAY,EAACV,GAAG,EAAEO,gBAAgB,CAAC;EAE5D,MAAMI,iBAAoC,GAAGC,MAAM,CAACC,MAAM,CAAC;IACzD;IACAC,QAAQ,EAAEd,GAAG,CAACS,OAAO,CAACK,QAAQ;IAC9BC,eAAe,EAAEf,GAAG,CAACS,OAAO,CAACM;EAC/B,CAAC,EAAEb,gBAAgB,EAAE;IACnB;IACAM;EACF,CAAC,CAAC;;EAEF;EACA,IAAAQ,oBAAc,EAAChB,GAAG,EAAEK,GAAG,CAACY,OAAO,EAAEN,iBAAiB,CAAC;;EAEnD;EACA;EACA,IAAIA,iBAAiB,CAACI,eAAe,IAAI,IAAI,IAAI,CAACf,GAAG,CAACkB,QAAQ,CAACC,sBAAsB,EAAE,EAAE;IACvF,OAAOlB,KAAK;EACd;;EAEA;EACA,MAAMmB,GAAG,GAAG,MAAM,IAAAC,iBAAM,EAACrB,GAAG,EAAEC,KAAK,CAACO,MAAM,EAAEH,GAAG,CAACiB,MAAM,CAACC,GAAG,CAAE;EAC5D,MAAMC,KAAK,GAAG,MAAMC,SAAS,CAAC1B,WAAW,CAACE,KAAK,CAACE,OAAO,EAAEiB,GAAG,CAAC;EAC7D,IAAI,CAACI,KAAK,EAAE;IACV,MAAM,IAAIpB,oBAAY,CAAC,kCAAkC,CAAC;EAC5D;EACA,IAAIF,gBAAgB,IAAIA,gBAAgB,CAACwB,WAAW,IAAIzB,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;IAC5E,MAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAW,CAAC5B,gBAAgB,CAACwB,WAAW,CAAC;IACtE,IAAIG,IAAI,KAAK5B,KAAK,CAAC0B,MAAM,CAACC,OAAO,EAAE;MACjC,MAAM,IAAIxB,oBAAY,CAAC,gCAAgC,CAAC;IAC1D;EACF;EACA,OAAOH,KAAK;AACd"}
package/cjs/services/LeaderElectionService.js CHANGED
@@ -26,16 +26,13 @@ class LeaderElectionService {
26
26
  }
27
27
  onLeaderDuplicate() {}
28
28
  async onLeader() {
29
- var _this$options$onLeade, _this$options;
30
- await ((_this$options$onLeade = (_this$options = this.options).onLeader) === null || _this$options$onLeade === void 0 ? void 0 : _this$options$onLeade.call(_this$options));
29
+ await this.options.onLeader?.();
31
30
  }
32
31
  isLeader() {
33
- var _this$elector;
34
- return !!((_this$elector = this.elector) !== null && _this$elector !== void 0 && _this$elector.isLeader);
32
+ return !!this.elector?.isLeader;
35
33
  }
36
34
  hasLeader() {
37
- var _this$elector2;
38
- return !!((_this$elector2 = this.elector) !== null && _this$elector2 !== void 0 && _this$elector2.hasLeader);
35
+ return !!this.elector?.hasLeader;
39
36
  }
40
37
  async start() {
41
38
  if (this.canStart()) {
package/cjs/services/LeaderElectionService.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"LeaderElectionService.js","names":["LeaderElectionService","constructor","options","onLeaderDuplicate","bind","onLeader","isLeader","elector","hasLeader","start","canStart","electionChannelName","channel","BroadcastChannel","createLeaderElection","onduplicate","awaitLeadership","then","started","stop","die","undefined","postInternal","Promise","resolve","close","requiresLeadership","isStarted","isBrowser"],"sources":["../../../lib/services/LeaderElectionService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n private options: ServiceOptions;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started = false;\n\n constructor(options: ServiceOptions = {}) {\n this.options = options;\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n }\n\n private onLeaderDuplicate() {\n }\n\n private async onLeader() {\n await this.options.onLeader?.();\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return !!this.elector?.hasLeader;\n }\n\n async start() {\n if (this.canStart()) {\n const { electionChannelName } = this.options;\n this.channel = new BroadcastChannel(electionChannelName as string);\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n if (this.elector) {\n await this.elector.die();\n this.elector = undefined;\n }\n if (this.channel) {\n // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n (this.channel as any).postInternal = () => Promise.resolve();\n await this.channel.close();\n this.channel = undefined;\n }\n this.started = false;\n }\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return isBrowser() && !this.started;\n }\n\n}\n"],"mappings":";;;;;AAcA;AAKA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAgBO,MAAMA,qBAAqB,CAA6B;EAM7DC,WAAW,CAACC,OAAuB,GAAG,CAAC,CAAC,EAAE;IAAA,+CAFxB,KAAK;IAGrB,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,iBAAiB,GAAG,IAAI,CAACA,iBAAiB,CAACC,IAAI,CAAC,IAAI,CAAC;IAC1D,IAAI,CAACC,QAAQ,GAAG,IAAI,CAACA,QAAQ,CAACD,IAAI,CAAC,IAAI,CAAC;EAC1C;EAEQD,iBAAiB,GAAG,CAC5B;EAEA,MAAcE,QAAQ,GAAG;IAAA;IACvB,gCAAM,qBAAI,CAACH,OAAO,EAACG,QAAQ,0DAArB,yCAAyB;EACjC;EAEAC,QAAQ,GAAG;IAAA;IACT,OAAO,CAAC,mBAAC,IAAI,CAACC,OAAO,0CAAZ,cAAcD,QAAQ;EACjC;EAEAE,SAAS,GAAG;IAAA;IACV,OAAO,CAAC,oBAAC,IAAI,CAACD,OAAO,2CAAZ,eAAcC,SAAS;EAClC;EAEA,MAAMC,KAAK,GAAG;IACZ,IAAI,IAAI,CAACC,QAAQ,EAAE,EAAE;MACnB,MAAM;QAAEC;MAAoB,CAAC,GAAG,IAAI,CAACT,OAAO;MAC5C,IAAI,CAACU,OAAO,GAAG,IAAIC,kCAAgB,CAACF,mBAAmB,CAAW;MAClE,IAAI,CAACJ,OAAO,GAAG,IAAAO,sCAAoB,EAAC,IAAI,CAACF,OAAO,CAAC;MACjD,IAAI,CAACL,OAAO,CAACQ,WAAW,GAAG,IAAI,CAACZ,iBAAiB;MACjD,IAAI,CAACI,OAAO,CAACS,eAAe,EAAE,CAACC,IAAI,CAAC,IAAI,CAACZ,QAAQ,CAAC;MAClD,IAAI,CAACa,OAAO,GAAG,IAAI;IACrB;EACF;EAEA,MAAMC,IAAI,GAAG;IACX,IAAI,IAAI,CAACD,OAAO,EAAE;MAChB,IAAI,IAAI,CAACX,OAAO,EAAE;QAChB,MAAM,IAAI,CAACA,OAAO,CAACa,GAAG,EAAE;QACxB,IAAI,CAACb,OAAO,GAAGc,SAAS;MAC1B;MACA,IAAI,IAAI,CAACT,OAAO,EAAE;QAChB;QACC,IAAI,CAACA,OAAO,CAASU,YAAY,GAAG,MAAMC,OAAO,CAACC,OAAO,EAAE;QAC5D,MAAM,IAAI,CAACZ,OAAO,CAACa,KAAK,EAAE;QAC1B,IAAI,CAACb,OAAO,GAAGS,SAAS;MAC1B;MACA,IAAI,CAACH,OAAO,GAAG,KAAK;IACtB;EACF;EAEAQ,kBAAkB,GAAG;IACnB,OAAO,KAAK;EACd;EAEAC,SAAS,GAAG;IACV,OAAO,IAAI,CAACT,OAAO;EACrB;EAEAR,QAAQ,GAAG;IACT,OAAO,IAAAkB,mBAAS,GAAE,IAAI,CAAC,IAAI,CAACV,OAAO;EACrC;AAEF;AAAC"}
1
+ {"version":3,"file":"LeaderElectionService.js","names":["LeaderElectionService","constructor","options","onLeaderDuplicate","bind","onLeader","isLeader","elector","hasLeader","start","canStart","electionChannelName","channel","BroadcastChannel","createLeaderElection","onduplicate","awaitLeadership","then","started","stop","die","undefined","postInternal","Promise","resolve","close","requiresLeadership","isStarted","isBrowser"],"sources":["../../../lib/services/LeaderElectionService.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n private options: ServiceOptions;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started = false;\n\n constructor(options: ServiceOptions = {}) {\n this.options = options;\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n }\n\n private onLeaderDuplicate() {\n }\n\n private async onLeader() {\n await this.options.onLeader?.();\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return !!this.elector?.hasLeader;\n }\n\n async start() {\n if (this.canStart()) {\n const { electionChannelName } = this.options;\n this.channel = new BroadcastChannel(electionChannelName as string);\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n if (this.elector) {\n await this.elector.die();\n this.elector = undefined;\n }\n if (this.channel) {\n // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n (this.channel as any).postInternal = () => Promise.resolve();\n await this.channel.close();\n this.channel = undefined;\n }\n this.started = false;\n }\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return isBrowser() && !this.started;\n }\n\n}\n"],"mappings":";;;;;AAcA;AAKA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAgBO,MAAMA,qBAAqB,CAA6B;EAM7DC,WAAW,CAACC,OAAuB,GAAG,CAAC,CAAC,EAAE;IAAA,+CAFxB,KAAK;IAGrB,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,iBAAiB,GAAG,IAAI,CAACA,iBAAiB,CAACC,IAAI,CAAC,IAAI,CAAC;IAC1D,IAAI,CAACC,QAAQ,GAAG,IAAI,CAACA,QAAQ,CAACD,IAAI,CAAC,IAAI,CAAC;EAC1C;EAEQD,iBAAiB,GAAG,CAC5B;EAEA,MAAcE,QAAQ,GAAG;IACvB,MAAM,IAAI,CAACH,OAAO,CAACG,QAAQ,IAAI;EACjC;EAEAC,QAAQ,GAAG;IACT,OAAO,CAAC,CAAC,IAAI,CAACC,OAAO,EAAED,QAAQ;EACjC;EAEAE,SAAS,GAAG;IACV,OAAO,CAAC,CAAC,IAAI,CAACD,OAAO,EAAEC,SAAS;EAClC;EAEA,MAAMC,KAAK,GAAG;IACZ,IAAI,IAAI,CAACC,QAAQ,EAAE,EAAE;MACnB,MAAM;QAAEC;MAAoB,CAAC,GAAG,IAAI,CAACT,OAAO;MAC5C,IAAI,CAACU,OAAO,GAAG,IAAIC,kCAAgB,CAACF,mBAAmB,CAAW;MAClE,IAAI,CAACJ,OAAO,GAAG,IAAAO,sCAAoB,EAAC,IAAI,CAACF,OAAO,CAAC;MACjD,IAAI,CAACL,OAAO,CAACQ,WAAW,GAAG,IAAI,CAACZ,iBAAiB;MACjD,IAAI,CAACI,OAAO,CAACS,eAAe,EAAE,CAACC,IAAI,CAAC,IAAI,CAACZ,QAAQ,CAAC;MAClD,IAAI,CAACa,OAAO,GAAG,IAAI;IACrB;EACF;EAEA,MAAMC,IAAI,GAAG;IACX,IAAI,IAAI,CAACD,OAAO,EAAE;MAChB,IAAI,IAAI,CAACX,OAAO,EAAE;QAChB,MAAM,IAAI,CAACA,OAAO,CAACa,GAAG,EAAE;QACxB,IAAI,CAACb,OAAO,GAAGc,SAAS;MAC1B;MACA,IAAI,IAAI,CAACT,OAAO,EAAE;QAChB;QACC,IAAI,CAACA,OAAO,CAASU,YAAY,GAAG,MAAMC,OAAO,CAACC,OAAO,EAAE;QAC5D,MAAM,IAAI,CAACZ,OAAO,CAACa,KAAK,EAAE;QAC1B,IAAI,CAACb,OAAO,GAAGS,SAAS;MAC1B;MACA,IAAI,CAACH,OAAO,GAAG,KAAK;IACtB;EACF;EAEAQ,kBAAkB,GAAG;IACnB,OAAO,KAAK;EACd;EAEAC,SAAS,GAAG;IACV,OAAO,IAAI,CAACT,OAAO;EACrB;EAEAR,QAAQ,GAAG;IACT,OAAO,IAAAkB,mBAAS,GAAE,IAAI,CAAC,IAAI,CAACV,OAAO;EACrC;AAEF;AAAC"}