@okta/okta-auth-js 7.5.1 → 7.7.0

package/cjs/features.js.map

@@ -1 +1 @@
-{"version":3,"file":"features.js","names":["isWindowsPhone","isBrowser","document","window","isIE11OrLess","documentMode","getUserAgent","navigator","userAgent","isFingerprintSupported","agent","test","isPopupPostMessageSupported","isIE8or9","postMessage","isTokenVerifySupported","webcrypto","subtle","Uint8Array","hasTextEncoder","TextEncoder","isPKCESupported","isHTTPS","location","protocol","isLocalhost","hostname"],"sources":["../../lib/features.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable node/no-unsupported-features/node-builtins */\n/* global document, window, TextEncoder, navigator */\n\nimport { webcrypto } from './crypto';\n\nconst isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\t\n\nexport function isBrowser() {\n  return typeof document !== 'undefined' && typeof window !== 'undefined';\n}\n\nexport function isIE11OrLess() {\n  if (!isBrowser()) {\n    return false;\n  }\n  const documentMode = (document as any).documentMode;\n  return !!documentMode && documentMode <= 11;\n}\n\nexport function getUserAgent() {\n  return navigator.userAgent;\n}\n\nexport function isFingerprintSupported() {\n  const agent = getUserAgent();\n  return agent && !isWindowsPhone.test(agent);\t\n}\n\nexport function isPopupPostMessageSupported() {\n  if (!isBrowser()) {\n    return false;\n  }\n  const documentMode = (document as any).documentMode;\n  var isIE8or9 = documentMode && documentMode < 10;\n  if (typeof window.postMessage !== 'undefined' && !isIE8or9) {\n    return true;\n  }\n  return false;\n}\n\nexport function isTokenVerifySupported() {\n  return typeof webcrypto !== 'undefined'\n    && webcrypto !== null\n    && typeof webcrypto.subtle !== 'undefined'\n    && typeof Uint8Array !== 'undefined';\n}\n\nexport function hasTextEncoder() {\n  return typeof TextEncoder !== 'undefined';\n}\n\nexport function isPKCESupported() {\n  return isTokenVerifySupported() && hasTextEncoder();\n}\n\nexport function isHTTPS() {\n  if (!isBrowser()) {\n    return false;\n  }\n  return window.location.protocol === 'https:';\n}\n\nexport function isLocalhost() {\n  // eslint-disable-next-line compat/compat\n  return isBrowser() && window.location.hostname === 'localhost';\n}\n\n"],"mappings":";;;;;;;;;;;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA,MAAMA,cAAc,GAAG,mCAAmC;AAEnD,SAASC,SAAS,GAAG;EAC1B,OAAO,OAAOC,QAAQ,KAAK,WAAW,IAAI,OAAOC,MAAM,KAAK,WAAW;AACzE;AAEO,SAASC,YAAY,GAAG;EAC7B,IAAI,CAACH,SAAS,EAAE,EAAE;IAChB,OAAO,KAAK;EACd;EACA,MAAMI,YAAY,GAAIH,QAAQ,CAASG,YAAY;EACnD,OAAO,CAAC,CAACA,YAAY,IAAIA,YAAY,IAAI,EAAE;AAC7C;AAEO,SAASC,YAAY,GAAG;EAC7B,OAAOC,SAAS,CAACC,SAAS;AAC5B;AAEO,SAASC,sBAAsB,GAAG;EACvC,MAAMC,KAAK,GAAGJ,YAAY,EAAE;EAC5B,OAAOI,KAAK,IAAI,CAACV,cAAc,CAACW,IAAI,CAACD,KAAK,CAAC;AAC7C;AAEO,SAASE,2BAA2B,GAAG;EAC5C,IAAI,CAACX,SAAS,EAAE,EAAE;IAChB,OAAO,KAAK;EACd;EACA,MAAMI,YAAY,GAAIH,QAAQ,CAASG,YAAY;EACnD,IAAIQ,QAAQ,GAAGR,YAAY,IAAIA,YAAY,GAAG,EAAE;EAChD,IAAI,OAAOF,MAAM,CAACW,WAAW,KAAK,WAAW,IAAI,CAACD,QAAQ,EAAE;IAC1D,OAAO,IAAI;EACb;EACA,OAAO,KAAK;AACd;AAEO,SAASE,sBAAsB,GAAG;EACvC,OAAO,OAAOC,iBAAS,KAAK,WAAW,IAClCA,iBAAS,KAAK,IAAI,IAClB,OAAOA,iBAAS,CAACC,MAAM,KAAK,WAAW,IACvC,OAAOC,UAAU,KAAK,WAAW;AACxC;AAEO,SAASC,cAAc,GAAG;EAC/B,OAAO,OAAOC,WAAW,KAAK,WAAW;AAC3C;AAEO,SAASC,eAAe,GAAG;EAChC,OAAON,sBAAsB,EAAE,IAAII,cAAc,EAAE;AACrD;AAEO,SAASG,OAAO,GAAG;EACxB,IAAI,CAACrB,SAAS,EAAE,EAAE;IAChB,OAAO,KAAK;EACd;EACA,OAAOE,MAAM,CAACoB,QAAQ,CAACC,QAAQ,KAAK,QAAQ;AAC9C;AAEO,SAASC,WAAW,GAAG;EAC5B;EACA,OAAOxB,SAAS,EAAE,IAAIE,MAAM,CAACoB,QAAQ,CAACG,QAAQ,KAAK,WAAW;AAChE"}
+{"version":3,"file":"features.js","names":["isWindowsPhone","isBrowser","document","window","isIE11OrLess","documentMode","getUserAgent","navigator","userAgent","isFingerprintSupported","agent","test","isPopupPostMessageSupported","isIE8or9","postMessage","isWebCryptoSubtleSupported","webcrypto","subtle","Uint8Array","isTokenVerifySupported","hasTextEncoder","TextEncoder","isPKCESupported","isHTTPS","location","protocol","isLocalhost","hostname","isDPoPSupported","indexedDB"],"sources":["../../lib/features.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable node/no-unsupported-features/node-builtins */\n/* global document, window, TextEncoder, navigator */\n\nimport { webcrypto } from './crypto';\n\nconst isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\t\n\nexport function isBrowser() {\n  return typeof document !== 'undefined' && typeof window !== 'undefined';\n}\n\nexport function isIE11OrLess() {\n  if (!isBrowser()) {\n    return false;\n  }\n  const documentMode = (document as any).documentMode;\n  return !!documentMode && documentMode <= 11;\n}\n\nexport function getUserAgent() {\n  return navigator.userAgent;\n}\n\nexport function isFingerprintSupported() {\n  const agent = getUserAgent();\n  return agent && !isWindowsPhone.test(agent);\t\n}\n\nexport function isPopupPostMessageSupported() {\n  if (!isBrowser()) {\n    return false;\n  }\n  const documentMode = (document as any).documentMode;\n  var isIE8or9 = documentMode && documentMode < 10;\n  if (typeof window.postMessage !== 'undefined' && !isIE8or9) {\n    return true;\n  }\n  return false;\n}\n\nfunction isWebCryptoSubtleSupported () {\n  return typeof webcrypto !== 'undefined'\n    && webcrypto !== null\n    && typeof webcrypto.subtle !== 'undefined'\n    && typeof Uint8Array !== 'undefined';\n}\n\nexport function isTokenVerifySupported() {\n  return isWebCryptoSubtleSupported();\n}\n\nexport function hasTextEncoder() {\n  return typeof TextEncoder !== 'undefined';\n}\n\nexport function isPKCESupported() {\n  return isTokenVerifySupported() && hasTextEncoder();\n}\n\nexport function isHTTPS() {\n  if (!isBrowser()) {\n    return false;\n  }\n  return window.location.protocol === 'https:';\n}\n\nexport function isLocalhost() {\n  // eslint-disable-next-line compat/compat\n  return isBrowser() && window.location.hostname === 'localhost';\n}\n\n// For now, DPoP is only supported on browsers\nexport function isDPoPSupported () {\n  return !isIE11OrLess() &&\n    typeof window.indexedDB !== 'undefined' &&\n    hasTextEncoder() &&\n    isWebCryptoSubtleSupported();\n}\n"],"mappings":";;;;;;;;;;;;;AAeA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA,MAAMA,cAAc,GAAG,mCAAmC;AAEnD,SAASC,SAAS,GAAG;EAC1B,OAAO,OAAOC,QAAQ,KAAK,WAAW,IAAI,OAAOC,MAAM,KAAK,WAAW;AACzE;AAEO,SAASC,YAAY,GAAG;EAC7B,IAAI,CAACH,SAAS,EAAE,EAAE;IAChB,OAAO,KAAK;EACd;EACA,MAAMI,YAAY,GAAIH,QAAQ,CAASG,YAAY;EACnD,OAAO,CAAC,CAACA,YAAY,IAAIA,YAAY,IAAI,EAAE;AAC7C;AAEO,SAASC,YAAY,GAAG;EAC7B,OAAOC,SAAS,CAACC,SAAS;AAC5B;AAEO,SAASC,sBAAsB,GAAG;EACvC,MAAMC,KAAK,GAAGJ,YAAY,EAAE;EAC5B,OAAOI,KAAK,IAAI,CAACV,cAAc,CAACW,IAAI,CAACD,KAAK,CAAC;AAC7C;AAEO,SAASE,2BAA2B,GAAG;EAC5C,IAAI,CAACX,SAAS,EAAE,EAAE;IAChB,OAAO,KAAK;EACd;EACA,MAAMI,YAAY,GAAIH,QAAQ,CAASG,YAAY;EACnD,IAAIQ,QAAQ,GAAGR,YAAY,IAAIA,YAAY,GAAG,EAAE;EAChD,IAAI,OAAOF,MAAM,CAACW,WAAW,KAAK,WAAW,IAAI,CAACD,QAAQ,EAAE;IAC1D,OAAO,IAAI;EACb;EACA,OAAO,KAAK;AACd;AAEA,SAASE,0BAA0B,GAAI;EACrC,OAAO,OAAOC,iBAAS,KAAK,WAAW,IAClCA,iBAAS,KAAK,IAAI,IAClB,OAAOA,iBAAS,CAACC,MAAM,KAAK,WAAW,IACvC,OAAOC,UAAU,KAAK,WAAW;AACxC;AAEO,SAASC,sBAAsB,GAAG;EACvC,OAAOJ,0BAA0B,EAAE;AACrC;AAEO,SAASK,cAAc,GAAG;EAC/B,OAAO,OAAOC,WAAW,KAAK,WAAW;AAC3C;AAEO,SAASC,eAAe,GAAG;EAChC,OAAOH,sBAAsB,EAAE,IAAIC,cAAc,EAAE;AACrD;AAEO,SAASG,OAAO,GAAG;EACxB,IAAI,CAACtB,SAAS,EAAE,EAAE;IAChB,OAAO,KAAK;EACd;EACA,OAAOE,MAAM,CAACqB,QAAQ,CAACC,QAAQ,KAAK,QAAQ;AAC9C;AAEO,SAASC,WAAW,GAAG;EAC5B;EACA,OAAOzB,SAAS,EAAE,IAAIE,MAAM,CAACqB,QAAQ,CAACG,QAAQ,KAAK,WAAW;AAChE;;AAEA;AACO,SAASC,eAAe,GAAI;EACjC,OAAO,CAACxB,YAAY,EAAE,IACpB,OAAOD,MAAM,CAAC0B,SAAS,KAAK,WAAW,IACvCT,cAAc,EAAE,IAChBL,0BAA0B,EAAE;AAChC"}

package/cjs/http/OktaUserAgent.js

@@ -20,7 +20,7 @@ var _features = require("../features");
 class OktaUserAgent {
   constructor() {
     // add base sdk env
-    this.environments = [`okta-auth-js/${"7.5.1"}`];
+    this.environments = [`okta-auth-js/${"7.7.0"}`];
     this.maybeAddNodeEnvironment();
   }
   addEnvironment(env) {
@@ -32,7 +32,7 @@ class OktaUserAgent {
     };
   }
   getVersion() {
-    return "7.5.1";
+    return "7.7.0";
   }
   maybeAddNodeEnvironment() {
     if ((0, _features.isBrowser)() || !process || !process.versions) {

package/cjs/http/request.js

@@ -22,16 +22,6 @@ var _errors = require("../errors");
 
 /* eslint-disable complexity */
 
-const parseInsufficientAuthenticationError = header => {
-  if (!header) {
-    throw new _errors.AuthSdkError('Missing header string');
-  }
-  return header.split(',').map(part => part.trim()).map(part => part.split('=')).reduce((acc, curr) => {
-    // unwrap quotes from value
-    acc[curr[0]] = curr[1].replace(/^"(.*)"$/, '$1');
-    return acc;
-  }, {});
-};
 const formatError = (sdk, error) => {
   if (error instanceof Error) {
     // fetch() can throw exceptions
@@ -58,27 +48,29 @@ const formatError = (sdk, error) => {
   if (sdk.options.transformErrorXHR) {
     resp = sdk.options.transformErrorXHR((0, _util.clone)(resp));
   }
+
+  // 
+  const wwwAuthHeader = _errors.WWWAuthError.getWWWAuthenticateHeader(resp?.headers) ?? '';
   if (serverErr.error && serverErr.error_description) {
-    err = new _errors.OAuthError(serverErr.error, serverErr.error_description);
+    err = new _errors.OAuthError(serverErr.error, serverErr.error_description, resp);
   } else {
-    err = new _errors.AuthApiError(serverErr, resp);
+    err = new _errors.AuthApiError(serverErr, resp, {
+      wwwAuthHeader
+    });
   }
-  if (resp?.status === 403 && !!resp?.headers?.['www-authenticate']) {
-    const {
-      error,
+  if (wwwAuthHeader && resp?.status >= 400 && resp?.status < 500) {
+    const wwwAuthErr = _errors.WWWAuthError.parseHeader(wwwAuthHeader);
+    // check for 403 to avoid breaking change
+    if (resp.status === 403 && wwwAuthErr?.error === 'insufficient_authentication_context') {
       // eslint-disable-next-line camelcase
-      error_description,
-      // eslint-disable-next-line camelcase
-      max_age,
-      // eslint-disable-next-line camelcase
-      acr_values
-    } = parseInsufficientAuthenticationError(resp?.headers?.['www-authenticate']);
-    if (error === 'insufficient_authentication_context') {
+      const {
+        max_age,
+        acr_values
+      } = wwwAuthErr.parameters;
       err = new _errors.AuthApiError({
-        errorSummary: error,
-        // eslint-disable-next-line camelcase
+        errorSummary: wwwAuthErr.error,
         errorCauses: [{
-          errorSummary: error_description
+          errorSummary: wwwAuthErr.errorDescription
         }]
       }, resp, {
         // eslint-disable-next-line camelcase
@@ -88,8 +80,15 @@ const formatError = (sdk, error) => {
           acr_values
         })
       });
+    } else if (wwwAuthErr?.scheme === 'DPoP') {
+      err = wwwAuthErr;
     }
+    // else {
+    //   // WWWAuthError.parseHeader may return null, only overwrite if !null
+    //   err = wwwAuthErr ?? err;
+    // }
   }
+
   return err;
 };
 function httpRequest(sdk, options) {

package/cjs/http/request.js.map

@@ -1 +1 @@
-{"version":3,"file":"request.js","names":["parseInsufficientAuthenticationError","header","AuthSdkError","split","map","part","trim","reduce","acc","curr","replace","formatError","sdk","error","Error","AuthApiError","errorSummary","message","resp","err","serverErr","responseText","isString","JSON","parse","e","status","options","transformErrorXHR","clone","error_description","OAuthError","headers","max_age","acr_values","errorCauses","httpRequest","httpRequestInterceptors","interceptor","url","method","args","saveAuthnState","accessToken","withCredentials","storageUtil","storage","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","Promise","resolve","response","oktaUserAgentHeader","_oktaUserAgent","getHttpHeader","Object","assign","removeNils","ajaxOptions","data","undefined","res","httpRequestClient","then","Array","isArray","forEach","item","stateToken","delete","STATE_TOKEN_KEY_NAME","set","updateStorage","Math","floor","DEFAULT_CACHE_DURATION","catch","errorCode","get","isAbsoluteUrl","getIssuerOrigin","getOptions","post","postOptions"],"sources":["../../../lib/http/request.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport { STATE_TOKEN_KEY_NAME, DEFAULT_CACHE_DURATION } from '../constants';\nimport {\n  OktaAuthHttpInterface,\n  RequestOptions,\n  FetchOptions,\n  RequestData,\n  HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, AuthSdkError, APIError } from '../errors';\n\ntype InsufficientAuthenticationError = {\n  error: string;\n  // eslint-disable-next-line camelcase\n  error_description: string;\n  // eslint-disable-next-line camelcase\n  max_age: string;\n  // eslint-disable-next-line camelcase\n  acr_values: string;\n};\n\nconst parseInsufficientAuthenticationError = (\n  header: string\n): InsufficientAuthenticationError => {\n  if (!header) {\n    throw new AuthSdkError('Missing header string');\n  }\n\n  return header\n    .split(',')\n    .map(part => part.trim())\n    .map(part => part.split('='))\n    .reduce((acc, curr) => {\n      // unwrap quotes from value\n      acc[curr[0]] = curr[1].replace(/^\"(.*)\"$/, '$1');\n      return acc;\n    }, {}) as InsufficientAuthenticationError;\n};\n\nconst formatError = (sdk: OktaAuthHttpInterface, error: HttpResponse | Error): AuthApiError | OAuthError => {\n  if (error instanceof Error) {\n    // fetch() can throw exceptions\n    // see https://developer.mozilla.org/en-US/docs/Web/API/fetch#exceptions\n    return new AuthApiError({\n      errorSummary: error.message,\n    });\n  }\n\n  let resp: HttpResponse = error;\n  let err: AuthApiError | OAuthError;\n  let serverErr: Record<string, any> = {};\n  if (resp.responseText && isString(resp.responseText)) {\n    try {\n      serverErr = JSON.parse(resp.responseText);\n    } catch (e) {\n      serverErr = {\n        errorSummary: 'Unknown error'\n      };\n    }\n  }\n\n  if (resp.status >= 500) {\n    serverErr.errorSummary = 'Unknown error';\n  }\n\n  if (sdk.options.transformErrorXHR) {\n    resp = sdk.options.transformErrorXHR(clone(resp));\n  }\n\n  if (serverErr.error && serverErr.error_description) {\n    err = new OAuthError(serverErr.error, serverErr.error_description);\n  } else {\n    err = new AuthApiError(serverErr as APIError, resp);\n  }\n\n  if (resp?.status === 403 && !!resp?.headers?.['www-authenticate']) {\n    const { \n      error, \n      // eslint-disable-next-line camelcase\n      error_description,\n      // eslint-disable-next-line camelcase\n      max_age,\n      // eslint-disable-next-line camelcase\n      acr_values \n    } = parseInsufficientAuthenticationError(resp?.headers?.['www-authenticate']);\n    if (error === 'insufficient_authentication_context') {\n      err = new AuthApiError(\n        { \n          errorSummary: error,\n          // eslint-disable-next-line camelcase\n          errorCauses: [{ errorSummary: error_description }]\n        }, \n        resp, \n        {\n          // eslint-disable-next-line camelcase\n          max_age: +max_age,\n          // eslint-disable-next-line camelcase\n          ...(acr_values && { acr_values })\n        }\n      );\n    }\n  }\n\n  return err;\n};\n\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n  options = options || {};\n\n  if (sdk.options.httpRequestInterceptors) {\n    for (const interceptor of sdk.options.httpRequestInterceptors) {\n      interceptor(options);\n    }\n  }\n\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials === true, // default value is false\n      storageUtil = sdk.options.storageUtil,\n      storage = storageUtil!.storage,\n      httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url as string];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n  var headers: HeadersInit = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    ...oktaUserAgentHeader\n  };\n  Object.assign(headers, sdk.options.headers, options.headers);\n  headers = removeNils(headers) as HeadersInit;\n\n  if (accessToken && isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions: FetchOptions = {\n    headers,\n    data: args || undefined,\n    withCredentials\n  };\n\n  var err, res;\n  return sdk.options.httpRequestClient!(method!, url!, ajaxOptions)\n    .then(function(resp) {\n      res = resp.responseText;\n      if (res && isString(res)) {\n        res = JSON.parse(res);\n        if (res && typeof res === 'object' && !res.headers) {\n          if (Array.isArray(res)) {\n            res.forEach(item => {\n              item.headers = resp.headers;\n            });\n          } else {\n            res.headers = resp.headers;\n          }\n        }\n      }\n\n      if (saveAuthnState) {\n        if (!res.stateToken) {\n          storage.delete(STATE_TOKEN_KEY_NAME);\n        }\n      }\n\n      if (res && res.stateToken && res.expiresAt) {\n        storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n      }\n\n      if (res && options.cacheResponse) {\n        httpCache.updateStorage(url!, {\n          expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n          response: res\n        });\n      }\n      \n      return res;\n    })\n    .catch(function(resp) {\n      err = formatError(sdk, resp);\n\n      if (err.errorCode === 'E0000011') {\n        storage.delete(STATE_TOKEN_KEY_NAME);\n      }\n\n      throw err;\n    });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  Object.assign(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  Object.assign(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n"],"mappings":";;;;;AAeA;AACA;AAQA;AAxBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAsBA,MAAMA,oCAAoC,GACxCC,MAAc,IACsB;EACpC,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAIC,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,OAAOD,MAAM,CACVE,KAAK,CAAC,GAAG,CAAC,CACVC,GAAG,CAACC,IAAI,IAAIA,IAAI,CAACC,IAAI,EAAE,CAAC,CACxBF,GAAG,CAACC,IAAI,IAAIA,IAAI,CAACF,KAAK,CAAC,GAAG,CAAC,CAAC,CAC5BI,MAAM,CAAC,CAACC,GAAG,EAAEC,IAAI,KAAK;IACrB;IACAD,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAGA,IAAI,CAAC,CAAC,CAAC,CAACC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC;IAChD,OAAOF,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;AACV,CAAC;AAED,MAAMG,WAAW,GAAG,CAACC,GAA0B,EAAEC,KAA2B,KAAgC;EAC1G,IAAIA,KAAK,YAAYC,KAAK,EAAE;IAC1B;IACA;IACA,OAAO,IAAIC,oBAAY,CAAC;MACtBC,YAAY,EAAEH,KAAK,CAACI;IACtB,CAAC,CAAC;EACJ;EAEA,IAAIC,IAAkB,GAAGL,KAAK;EAC9B,IAAIM,GAA8B;EAClC,IAAIC,SAA8B,GAAG,CAAC,CAAC;EACvC,IAAIF,IAAI,CAACG,YAAY,IAAI,IAAAC,cAAQ,EAACJ,IAAI,CAACG,YAAY,CAAC,EAAE;IACpD,IAAI;MACFD,SAAS,GAAGG,IAAI,CAACC,KAAK,CAACN,IAAI,CAACG,YAAY,CAAC;IAC3C,CAAC,CAAC,OAAOI,CAAC,EAAE;MACVL,SAAS,GAAG;QACVJ,YAAY,EAAE;MAChB,CAAC;IACH;EACF;EAEA,IAAIE,IAAI,CAACQ,MAAM,IAAI,GAAG,EAAE;IACtBN,SAAS,CAACJ,YAAY,GAAG,eAAe;EAC1C;EAEA,IAAIJ,GAAG,CAACe,OAAO,CAACC,iBAAiB,EAAE;IACjCV,IAAI,GAAGN,GAAG,CAACe,OAAO,CAACC,iBAAiB,CAAC,IAAAC,WAAK,EAACX,IAAI,CAAC,CAAC;EACnD;EAEA,IAAIE,SAAS,CAACP,KAAK,IAAIO,SAAS,CAACU,iBAAiB,EAAE;IAClDX,GAAG,GAAG,IAAIY,kBAAU,CAACX,SAAS,CAACP,KAAK,EAAEO,SAAS,CAACU,iBAAiB,CAAC;EACpE,CAAC,MAAM;IACLX,GAAG,GAAG,IAAIJ,oBAAY,CAACK,SAAS,EAAcF,IAAI,CAAC;EACrD;EAEA,IAAIA,IAAI,EAAEQ,MAAM,KAAK,GAAG,IAAI,CAAC,CAACR,IAAI,EAAEc,OAAO,GAAG,kBAAkB,CAAC,EAAE;IACjE,MAAM;MACJnB,KAAK;MACL;MACAiB,iBAAiB;MACjB;MACAG,OAAO;MACP;MACAC;IACF,CAAC,GAAGlC,oCAAoC,CAACkB,IAAI,EAAEc,OAAO,GAAG,kBAAkB,CAAC,CAAC;IAC7E,IAAInB,KAAK,KAAK,qCAAqC,EAAE;MACnDM,GAAG,GAAG,IAAIJ,oBAAY,CACpB;QACEC,YAAY,EAAEH,KAAK;QACnB;QACAsB,WAAW,EAAE,CAAC;UAAEnB,YAAY,EAAEc;QAAkB,CAAC;MACnD,CAAC,EACDZ,IAAI,EACJ;QACE;QACAe,OAAO,EAAE,CAACA,OAAO;QACjB;QACA,IAAIC,UAAU,IAAI;UAAEA;QAAW,CAAC;MAClC,CAAC,CACF;IACH;EACF;EAEA,OAAOf,GAAG;AACZ,CAAC;AAEM,SAASiB,WAAW,CAACxB,GAA0B,EAAEe,OAAuB,EAAgB;EAC7FA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EAEvB,IAAIf,GAAG,CAACe,OAAO,CAACU,uBAAuB,EAAE;IACvC,KAAK,MAAMC,WAAW,IAAI1B,GAAG,CAACe,OAAO,CAACU,uBAAuB,EAAE;MAC7DC,WAAW,CAACX,OAAO,CAAC;IACtB;EACF;EAEA,IAAIY,GAAG,GAAGZ,OAAO,CAACY,GAAG;IACjBC,MAAM,GAAGb,OAAO,CAACa,MAAM;IACvBC,IAAI,GAAGd,OAAO,CAACc,IAAI;IACnBC,cAAc,GAAGf,OAAO,CAACe,cAAc;IACvCC,WAAW,GAAGhB,OAAO,CAACgB,WAAW;IACjCC,eAAe,GAAGjB,OAAO,CAACiB,eAAe,KAAK,IAAI;IAAE;IACpDC,WAAW,GAAGjC,GAAG,CAACe,OAAO,CAACkB,WAAW;IACrCC,OAAO,GAAGD,WAAW,CAAEC,OAAO;IAC9BC,SAAS,GAAGnC,GAAG,CAACoC,cAAc,CAACC,YAAY,CAACrC,GAAG,CAACe,OAAO,CAACuB,OAAO,CAAC;EAEpE,IAAIvB,OAAO,CAACwB,aAAa,EAAE;IACzB,IAAIC,aAAa,GAAGL,SAAS,CAACM,UAAU,EAAE;IAC1C,IAAIC,cAAc,GAAGF,aAAa,CAACb,GAAG,CAAW;IACjD,IAAIe,cAAc,IAAIC,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,GAAGF,cAAc,CAACG,SAAS,EAAE;MAChE,OAAOC,OAAO,CAACC,OAAO,CAACL,cAAc,CAACM,QAAQ,CAAC;IACjD;EACF;EAEA,IAAIC,mBAAmB,GAAGjD,GAAG,CAACkD,cAAc,CAACC,aAAa,EAAE;EAC5D,IAAI/B,OAAoB,GAAG;IACzB,QAAQ,EAAE,kBAAkB;IAC5B,cAAc,EAAE,kBAAkB;IAClC,GAAG6B;EACL,CAAC;EACDG,MAAM,CAACC,MAAM,CAACjC,OAAO,EAAEpB,GAAG,CAACe,OAAO,CAACK,OAAO,EAAEL,OAAO,CAACK,OAAO,CAAC;EAC5DA,OAAO,GAAG,IAAAkC,gBAAU,EAAClC,OAAO,CAAgB;EAE5C,IAAIW,WAAW,IAAI,IAAArB,cAAQ,EAACqB,WAAW,CAAC,EAAE;IACxCX,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,GAAGW,WAAW;EACpD;EAEA,IAAIwB,WAAyB,GAAG;IAC9BnC,OAAO;IACPoC,IAAI,EAAE3B,IAAI,IAAI4B,SAAS;IACvBzB;EACF,CAAC;EAED,IAAIzB,GAAG,EAAEmD,GAAG;EACZ,OAAO1D,GAAG,CAACe,OAAO,CAAC4C,iBAAiB,CAAE/B,MAAM,EAAGD,GAAG,EAAG4B,WAAW,CAAC,CAC9DK,IAAI,CAAC,UAAStD,IAAI,EAAE;IACnBoD,GAAG,GAAGpD,IAAI,CAACG,YAAY;IACvB,IAAIiD,GAAG,IAAI,IAAAhD,cAAQ,EAACgD,GAAG,CAAC,EAAE;MACxBA,GAAG,GAAG/C,IAAI,CAACC,KAAK,CAAC8C,GAAG,CAAC;MACrB,IAAIA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,IAAI,CAACA,GAAG,CAACtC,OAAO,EAAE;QAClD,IAAIyC,KAAK,CAACC,OAAO,CAACJ,GAAG,CAAC,EAAE;UACtBA,GAAG,CAACK,OAAO,CAACC,IAAI,IAAI;YAClBA,IAAI,CAAC5C,OAAO,GAAGd,IAAI,CAACc,OAAO;UAC7B,CAAC,CAAC;QACJ,CAAC,MAAM;UACLsC,GAAG,CAACtC,OAAO,GAAGd,IAAI,CAACc,OAAO;QAC5B;MACF;IACF;IAEA,IAAIU,cAAc,EAAE;MAClB,IAAI,CAAC4B,GAAG,CAACO,UAAU,EAAE;QACnB/B,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;MACtC;IACF;IAEA,IAAIT,GAAG,IAAIA,GAAG,CAACO,UAAU,IAAIP,GAAG,CAACb,SAAS,EAAE;MAC1CX,OAAO,CAACkC,GAAG,CAACD,+BAAoB,EAAET,GAAG,CAACO,UAAU,EAAEP,GAAG,CAACb,SAAS,EAAE7C,GAAG,CAACe,OAAO,CAACuB,OAAO,CAAE;IACxF;IAEA,IAAIoB,GAAG,IAAI3C,OAAO,CAACwB,aAAa,EAAE;MAChCJ,SAAS,CAACkC,aAAa,CAAC1C,GAAG,EAAG;QAC5BkB,SAAS,EAAEyB,IAAI,CAACC,KAAK,CAAC5B,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,CAAC,GAAG4B,iCAAsB;QAC/DxB,QAAQ,EAAEU;MACZ,CAAC,CAAC;IACJ;IAEA,OAAOA,GAAG;EACZ,CAAC,CAAC,CACDe,KAAK,CAAC,UAASnE,IAAI,EAAE;IACpBC,GAAG,GAAGR,WAAW,CAACC,GAAG,EAAEM,IAAI,CAAC;IAE5B,IAAIC,GAAG,CAACmE,SAAS,KAAK,UAAU,EAAE;MAChCxC,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;IACtC;IAEA,MAAM5D,GAAG;EACX,CAAC,CAAC;AACN;AAEO,SAASoE,GAAG,CAAC3E,GAA0B,EAAE2B,GAAW,EAAEZ,OAAwB,EAAE;EACrFY,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAG3B,GAAG,CAAC6E,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAImD,UAAU,GAAG;IACfnD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE;EACV,CAAC;EACDwB,MAAM,CAACC,MAAM,CAACyB,UAAU,EAAE/D,OAAO,CAAC;EAClC,OAAOS,WAAW,CAACxB,GAAG,EAAE8E,UAAU,CAAC;AACrC;AAEO,SAASC,IAAI,CAAC/E,GAA0B,EAAE2B,GAAW,EAAEE,IAAkB,EAAEd,OAAwB,EAAE;EAC1GY,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAG3B,GAAG,CAAC6E,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAIqD,WAAW,GAAG;IAChBrD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE,MAAM;IACdC,IAAI,EAAEA,IAAI;IACVC,cAAc,EAAE;EAClB,CAAC;EACDsB,MAAM,CAACC,MAAM,CAAC2B,WAAW,EAAEjE,OAAO,CAAC;EACnC,OAAOS,WAAW,CAACxB,GAAG,EAAEgF,WAAW,CAAC;AACtC"}
+{"version":3,"file":"request.js","names":["formatError","sdk","error","Error","AuthApiError","errorSummary","message","resp","err","serverErr","responseText","isString","JSON","parse","e","status","options","transformErrorXHR","clone","wwwAuthHeader","WWWAuthError","getWWWAuthenticateHeader","headers","error_description","OAuthError","wwwAuthErr","parseHeader","max_age","acr_values","parameters","errorCauses","errorDescription","scheme","httpRequest","httpRequestInterceptors","interceptor","url","method","args","saveAuthnState","accessToken","withCredentials","storageUtil","storage","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","Promise","resolve","response","oktaUserAgentHeader","_oktaUserAgent","getHttpHeader","Object","assign","removeNils","ajaxOptions","data","undefined","res","httpRequestClient","then","Array","isArray","forEach","item","stateToken","delete","STATE_TOKEN_KEY_NAME","set","updateStorage","Math","floor","DEFAULT_CACHE_DURATION","catch","errorCode","get","isAbsoluteUrl","getIssuerOrigin","getOptions","post","postOptions"],"sources":["../../../lib/http/request.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport { STATE_TOKEN_KEY_NAME, DEFAULT_CACHE_DURATION } from '../constants';\nimport {\n  OktaAuthHttpInterface,\n  RequestOptions,\n  FetchOptions,\n  RequestData,\n  HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, APIError, WWWAuthError } from '../errors';\n\n\nconst formatError = (sdk: OktaAuthHttpInterface, error: HttpResponse | Error): AuthApiError | OAuthError => {\n  if (error instanceof Error) {\n    // fetch() can throw exceptions\n    // see https://developer.mozilla.org/en-US/docs/Web/API/fetch#exceptions\n    return new AuthApiError({\n      errorSummary: error.message,\n    });\n  }\n\n  let resp: HttpResponse = error;\n  let err: AuthApiError | OAuthError | WWWAuthError;\n  let serverErr: Record<string, any> = {};\n  if (resp.responseText && isString(resp.responseText)) {\n    try {\n      serverErr = JSON.parse(resp.responseText);\n    } catch (e) {\n      serverErr = {\n        errorSummary: 'Unknown error'\n      };\n    }\n  }\n\n  if (resp.status >= 500) {\n    serverErr.errorSummary = 'Unknown error';\n  }\n\n  if (sdk.options.transformErrorXHR) {\n    resp = sdk.options.transformErrorXHR(clone(resp));\n  }\n\n  // \n  const wwwAuthHeader = WWWAuthError.getWWWAuthenticateHeader(resp?.headers) ?? '';\n\n  if (serverErr.error && serverErr.error_description) {\n    err = new OAuthError(serverErr.error, serverErr.error_description, resp);\n  } else {\n    err = new AuthApiError(serverErr as APIError, resp, { wwwAuthHeader });\n  }\n\n  if (wwwAuthHeader && resp?.status >= 400 && resp?.status < 500) {\n    const wwwAuthErr = WWWAuthError.parseHeader(wwwAuthHeader);\n    // check for 403 to avoid breaking change\n    if (resp.status === 403 && wwwAuthErr?.error === 'insufficient_authentication_context') {\n      // eslint-disable-next-line camelcase\n      const { max_age, acr_values } = wwwAuthErr.parameters;\n      err = new AuthApiError(\n        {\n          errorSummary: wwwAuthErr.error,\n          errorCauses: [{ errorSummary: wwwAuthErr.errorDescription }]\n        },\n        resp,\n        {\n          // eslint-disable-next-line camelcase\n          max_age: +max_age,\n          // eslint-disable-next-line camelcase\n          ...(acr_values && { acr_values })\n        }\n      );\n    }\n    else if (wwwAuthErr?.scheme === 'DPoP') {\n      err = wwwAuthErr;\n    }\n    // else {\n    //   // WWWAuthError.parseHeader may return null, only overwrite if !null\n    //   err = wwwAuthErr ?? err;\n    // }\n  }\n\n  return err;\n};\n\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n  options = options || {};\n\n  if (sdk.options.httpRequestInterceptors) {\n    for (const interceptor of sdk.options.httpRequestInterceptors) {\n      interceptor(options);\n    }\n  }\n\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials === true, // default value is false\n      storageUtil = sdk.options.storageUtil,\n      storage = storageUtil!.storage,\n      httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url as string];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n  var headers: HeadersInit = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    ...oktaUserAgentHeader\n  };\n  Object.assign(headers, sdk.options.headers, options.headers);\n  headers = removeNils(headers) as HeadersInit;\n\n  if (accessToken && isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions: FetchOptions = {\n    headers,\n    data: args || undefined,\n    withCredentials\n  };\n\n  var err, res;\n  return sdk.options.httpRequestClient!(method!, url!, ajaxOptions)\n    .then(function(resp) {\n      res = resp.responseText;\n      if (res && isString(res)) {\n        res = JSON.parse(res);\n        if (res && typeof res === 'object' && !res.headers) {\n          if (Array.isArray(res)) {\n            res.forEach(item => {\n              item.headers = resp.headers;\n            });\n          } else {\n            res.headers = resp.headers;\n          }\n        }\n      }\n\n      if (saveAuthnState) {\n        if (!res.stateToken) {\n          storage.delete(STATE_TOKEN_KEY_NAME);\n        }\n      }\n\n      if (res && res.stateToken && res.expiresAt) {\n        storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n      }\n\n      if (res && options.cacheResponse) {\n        httpCache.updateStorage(url!, {\n          expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n          response: res\n        });\n      }\n      \n      return res;\n    })\n    .catch(function(resp) {\n      err = formatError(sdk, resp);\n\n      if (err.errorCode === 'E0000011') {\n        storage.delete(STATE_TOKEN_KEY_NAME);\n      }\n\n      throw err;\n    });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  Object.assign(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  Object.assign(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n"],"mappings":";;;;;AAeA;AACA;AAQA;AAxBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAaA,MAAMA,WAAW,GAAG,CAACC,GAA0B,EAAEC,KAA2B,KAAgC;EAC1G,IAAIA,KAAK,YAAYC,KAAK,EAAE;IAC1B;IACA;IACA,OAAO,IAAIC,oBAAY,CAAC;MACtBC,YAAY,EAAEH,KAAK,CAACI;IACtB,CAAC,CAAC;EACJ;EAEA,IAAIC,IAAkB,GAAGL,KAAK;EAC9B,IAAIM,GAA6C;EACjD,IAAIC,SAA8B,GAAG,CAAC,CAAC;EACvC,IAAIF,IAAI,CAACG,YAAY,IAAI,IAAAC,cAAQ,EAACJ,IAAI,CAACG,YAAY,CAAC,EAAE;IACpD,IAAI;MACFD,SAAS,GAAGG,IAAI,CAACC,KAAK,CAACN,IAAI,CAACG,YAAY,CAAC;IAC3C,CAAC,CAAC,OAAOI,CAAC,EAAE;MACVL,SAAS,GAAG;QACVJ,YAAY,EAAE;MAChB,CAAC;IACH;EACF;EAEA,IAAIE,IAAI,CAACQ,MAAM,IAAI,GAAG,EAAE;IACtBN,SAAS,CAACJ,YAAY,GAAG,eAAe;EAC1C;EAEA,IAAIJ,GAAG,CAACe,OAAO,CAACC,iBAAiB,EAAE;IACjCV,IAAI,GAAGN,GAAG,CAACe,OAAO,CAACC,iBAAiB,CAAC,IAAAC,WAAK,EAACX,IAAI,CAAC,CAAC;EACnD;;EAEA;EACA,MAAMY,aAAa,GAAGC,oBAAY,CAACC,wBAAwB,CAACd,IAAI,EAAEe,OAAO,CAAC,IAAI,EAAE;EAEhF,IAAIb,SAAS,CAACP,KAAK,IAAIO,SAAS,CAACc,iBAAiB,EAAE;IAClDf,GAAG,GAAG,IAAIgB,kBAAU,CAACf,SAAS,CAACP,KAAK,EAAEO,SAAS,CAACc,iBAAiB,EAAEhB,IAAI,CAAC;EAC1E,CAAC,MAAM;IACLC,GAAG,GAAG,IAAIJ,oBAAY,CAACK,SAAS,EAAcF,IAAI,EAAE;MAAEY;IAAc,CAAC,CAAC;EACxE;EAEA,IAAIA,aAAa,IAAIZ,IAAI,EAAEQ,MAAM,IAAI,GAAG,IAAIR,IAAI,EAAEQ,MAAM,GAAG,GAAG,EAAE;IAC9D,MAAMU,UAAU,GAAGL,oBAAY,CAACM,WAAW,CAACP,aAAa,CAAC;IAC1D;IACA,IAAIZ,IAAI,CAACQ,MAAM,KAAK,GAAG,IAAIU,UAAU,EAAEvB,KAAK,KAAK,qCAAqC,EAAE;MACtF;MACA,MAAM;QAAEyB,OAAO;QAAEC;MAAW,CAAC,GAAGH,UAAU,CAACI,UAAU;MACrDrB,GAAG,GAAG,IAAIJ,oBAAY,CACpB;QACEC,YAAY,EAAEoB,UAAU,CAACvB,KAAK;QAC9B4B,WAAW,EAAE,CAAC;UAAEzB,YAAY,EAAEoB,UAAU,CAACM;QAAiB,CAAC;MAC7D,CAAC,EACDxB,IAAI,EACJ;QACE;QACAoB,OAAO,EAAE,CAACA,OAAO;QACjB;QACA,IAAIC,UAAU,IAAI;UAAEA;QAAW,CAAC;MAClC,CAAC,CACF;IACH,CAAC,MACI,IAAIH,UAAU,EAAEO,MAAM,KAAK,MAAM,EAAE;MACtCxB,GAAG,GAAGiB,UAAU;IAClB;IACA;IACA;IACA;IACA;EACF;;EAEA,OAAOjB,GAAG;AACZ,CAAC;AAEM,SAASyB,WAAW,CAAChC,GAA0B,EAAEe,OAAuB,EAAgB;EAC7FA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EAEvB,IAAIf,GAAG,CAACe,OAAO,CAACkB,uBAAuB,EAAE;IACvC,KAAK,MAAMC,WAAW,IAAIlC,GAAG,CAACe,OAAO,CAACkB,uBAAuB,EAAE;MAC7DC,WAAW,CAACnB,OAAO,CAAC;IACtB;EACF;EAEA,IAAIoB,GAAG,GAAGpB,OAAO,CAACoB,GAAG;IACjBC,MAAM,GAAGrB,OAAO,CAACqB,MAAM;IACvBC,IAAI,GAAGtB,OAAO,CAACsB,IAAI;IACnBC,cAAc,GAAGvB,OAAO,CAACuB,cAAc;IACvCC,WAAW,GAAGxB,OAAO,CAACwB,WAAW;IACjCC,eAAe,GAAGzB,OAAO,CAACyB,eAAe,KAAK,IAAI;IAAE;IACpDC,WAAW,GAAGzC,GAAG,CAACe,OAAO,CAAC0B,WAAW;IACrCC,OAAO,GAAGD,WAAW,CAAEC,OAAO;IAC9BC,SAAS,GAAG3C,GAAG,CAAC4C,cAAc,CAACC,YAAY,CAAC7C,GAAG,CAACe,OAAO,CAAC+B,OAAO,CAAC;EAEpE,IAAI/B,OAAO,CAACgC,aAAa,EAAE;IACzB,IAAIC,aAAa,GAAGL,SAAS,CAACM,UAAU,EAAE;IAC1C,IAAIC,cAAc,GAAGF,aAAa,CAACb,GAAG,CAAW;IACjD,IAAIe,cAAc,IAAIC,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,GAAGF,cAAc,CAACG,SAAS,EAAE;MAChE,OAAOC,OAAO,CAACC,OAAO,CAACL,cAAc,CAACM,QAAQ,CAAC;IACjD;EACF;EAEA,IAAIC,mBAAmB,GAAGzD,GAAG,CAAC0D,cAAc,CAACC,aAAa,EAAE;EAC5D,IAAItC,OAAoB,GAAG;IACzB,QAAQ,EAAE,kBAAkB;IAC5B,cAAc,EAAE,kBAAkB;IAClC,GAAGoC;EACL,CAAC;EACDG,MAAM,CAACC,MAAM,CAACxC,OAAO,EAAErB,GAAG,CAACe,OAAO,CAACM,OAAO,EAAEN,OAAO,CAACM,OAAO,CAAC;EAC5DA,OAAO,GAAG,IAAAyC,gBAAU,EAACzC,OAAO,CAAgB;EAE5C,IAAIkB,WAAW,IAAI,IAAA7B,cAAQ,EAAC6B,WAAW,CAAC,EAAE;IACxClB,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,GAAGkB,WAAW;EACpD;EAEA,IAAIwB,WAAyB,GAAG;IAC9B1C,OAAO;IACP2C,IAAI,EAAE3B,IAAI,IAAI4B,SAAS;IACvBzB;EACF,CAAC;EAED,IAAIjC,GAAG,EAAE2D,GAAG;EACZ,OAAOlE,GAAG,CAACe,OAAO,CAACoD,iBAAiB,CAAE/B,MAAM,EAAGD,GAAG,EAAG4B,WAAW,CAAC,CAC9DK,IAAI,CAAC,UAAS9D,IAAI,EAAE;IACnB4D,GAAG,GAAG5D,IAAI,CAACG,YAAY;IACvB,IAAIyD,GAAG,IAAI,IAAAxD,cAAQ,EAACwD,GAAG,CAAC,EAAE;MACxBA,GAAG,GAAGvD,IAAI,CAACC,KAAK,CAACsD,GAAG,CAAC;MACrB,IAAIA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,IAAI,CAACA,GAAG,CAAC7C,OAAO,EAAE;QAClD,IAAIgD,KAAK,CAACC,OAAO,CAACJ,GAAG,CAAC,EAAE;UACtBA,GAAG,CAACK,OAAO,CAACC,IAAI,IAAI;YAClBA,IAAI,CAACnD,OAAO,GAAGf,IAAI,CAACe,OAAO;UAC7B,CAAC,CAAC;QACJ,CAAC,MAAM;UACL6C,GAAG,CAAC7C,OAAO,GAAGf,IAAI,CAACe,OAAO;QAC5B;MACF;IACF;IAEA,IAAIiB,cAAc,EAAE;MAClB,IAAI,CAAC4B,GAAG,CAACO,UAAU,EAAE;QACnB/B,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;MACtC;IACF;IAEA,IAAIT,GAAG,IAAIA,GAAG,CAACO,UAAU,IAAIP,GAAG,CAACb,SAAS,EAAE;MAC1CX,OAAO,CAACkC,GAAG,CAACD,+BAAoB,EAAET,GAAG,CAACO,UAAU,EAAEP,GAAG,CAACb,SAAS,EAAErD,GAAG,CAACe,OAAO,CAAC+B,OAAO,CAAE;IACxF;IAEA,IAAIoB,GAAG,IAAInD,OAAO,CAACgC,aAAa,EAAE;MAChCJ,SAAS,CAACkC,aAAa,CAAC1C,GAAG,EAAG;QAC5BkB,SAAS,EAAEyB,IAAI,CAACC,KAAK,CAAC5B,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,CAAC,GAAG4B,iCAAsB;QAC/DxB,QAAQ,EAAEU;MACZ,CAAC,CAAC;IACJ;IAEA,OAAOA,GAAG;EACZ,CAAC,CAAC,CACDe,KAAK,CAAC,UAAS3E,IAAI,EAAE;IACpBC,GAAG,GAAGR,WAAW,CAACC,GAAG,EAAEM,IAAI,CAAC;IAE5B,IAAIC,GAAG,CAAC2E,SAAS,KAAK,UAAU,EAAE;MAChCxC,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;IACtC;IAEA,MAAMpE,GAAG;EACX,CAAC,CAAC;AACN;AAEO,SAAS4E,GAAG,CAACnF,GAA0B,EAAEmC,GAAW,EAAEpB,OAAwB,EAAE;EACrFoB,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAGnC,GAAG,CAACqF,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAImD,UAAU,GAAG;IACfnD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE;EACV,CAAC;EACDwB,MAAM,CAACC,MAAM,CAACyB,UAAU,EAAEvE,OAAO,CAAC;EAClC,OAAOiB,WAAW,CAAChC,GAAG,EAAEsF,UAAU,CAAC;AACrC;AAEO,SAASC,IAAI,CAACvF,GAA0B,EAAEmC,GAAW,EAAEE,IAAkB,EAAEtB,OAAwB,EAAE;EAC1GoB,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAGnC,GAAG,CAACqF,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAIqD,WAAW,GAAG;IAChBrD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE,MAAM;IACdC,IAAI,EAAEA,IAAI;IACVC,cAAc,EAAE;EAClB,CAAC;EACDsB,MAAM,CAACC,MAAM,CAAC2B,WAAW,EAAEzE,OAAO,CAAC;EACnC,OAAOiB,WAAW,CAAChC,GAAG,EAAEwF,WAAW,CAAC;AACtC"}

package/cjs/idx/IdxTransactionManager.js

@@ -41,8 +41,13 @@ function createIdxTransactionManager() {
       }
       if (options) {
         const {
+          stateHandle,
           interactionHandle
         } = options;
+        // only perform this check if NOT using generic remediator
+        if (!options.useGenericRemediator && stateHandle && storedValue.stateHandle !== stateHandle) {
+          return null;
+        }
         if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {
           return null;
         }

package/cjs/idx/IdxTransactionManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"IdxTransactionManager.js","names":["createIdxTransactionManager","TransactionManager","createTransactionManager","IdxTransactionManager","constructor","options","clear","clearIdxResponse","saveIdxResponse","data","saveLastResponse","storage","storageManager","getIdxResponseStorage","setStorage","loadIdxResponse","storedValue","getStorage","isRawIdxResponse","rawIdxResponse","interactionHandle","clearStorage"],"sources":["../../../lib/idx/IdxTransactionManager.ts"],"sourcesContent":["import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { interactionHandle } = options;\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n"],"mappings":";;;AACA;AAEA;AAGO,SAASA,2BAA2B,GAM3C;EACE,MAAMC,kBAAkB,GAAG,IAAAC,4CAAwB,GAAQ;EAC3D,OAAO,MAAMC,qBAAqB,SAASF,kBAAkB,CAC7D;IACEG,WAAW,CAACC,OAAkC,EAAE;MAC9C,KAAK,CAACA,OAAO,CAAC;IAChB;IAEAC,KAAK,CAACD,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,KAAK,CAACC,KAAK,CAACD,OAAO,CAAC;MAEpB,IAAIA,OAAO,CAACE,gBAAgB,KAAK,KAAK,EAAE;QACtC,IAAI,CAACA,gBAAgB,EAAE;MACzB;IACF;IAEAC,eAAe,CAACC,IAAsB,EAAQ;MAC5C,IAAI,CAAC,IAAI,CAACC,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ;MACF;MACAA,OAAO,CAACG,UAAU,CAACL,IAAI,CAAC;IAC1B;;IAEA;IACAM,eAAe,CAACV,OAA2B,EAA2B;MACpE,IAAI,CAAC,IAAI,CAACK,gBAAgB,EAAE;QAC1B,OAAO,IAAI;MACb;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ,OAAO,IAAI;MACb;MACA,MAAMK,WAAW,GAAGL,OAAO,CAACM,UAAU,EAAE;MACxC,IAAI,CAACD,WAAW,IAAI,CAAC,IAAAE,uBAAgB,EAACF,WAAW,CAACG,cAAc,CAAC,EAAE;QACjE,OAAO,IAAI;MACb;MAEA,IAAId,OAAO,EAAE;QACX,MAAM;UAAEe;QAAkB,CAAC,GAAGf,OAAO;QACrC,IAAIe,iBAAiB,IAAIJ,WAAW,CAACI,iBAAiB,KAAKA,iBAAiB,EAAE;UAC5E,OAAO,IAAI;QACb;MACF;MAEA,OAAOJ,WAAW;IACpB;IAEAT,gBAAgB,GAAS;MACvB,IAAI,CAAC,IAAI,CAACG,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3DF,OAAO,EAAEU,YAAY,EAAE;IACzB;EACF,CAAC;AACH"}
+{"version":3,"file":"IdxTransactionManager.js","names":["createIdxTransactionManager","TransactionManager","createTransactionManager","IdxTransactionManager","constructor","options","clear","clearIdxResponse","saveIdxResponse","data","saveLastResponse","storage","storageManager","getIdxResponseStorage","setStorage","loadIdxResponse","storedValue","getStorage","isRawIdxResponse","rawIdxResponse","stateHandle","interactionHandle","useGenericRemediator","clearStorage"],"sources":["../../../lib/idx/IdxTransactionManager.ts"],"sourcesContent":["import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { stateHandle, interactionHandle } = options;\n        // only perform this check if NOT using generic remediator\n        if (!options.useGenericRemediator && stateHandle && storedValue.stateHandle !== stateHandle) {\n          return null;\n        }\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n"],"mappings":";;;AACA;AAEA;AAGO,SAASA,2BAA2B,GAM3C;EACE,MAAMC,kBAAkB,GAAG,IAAAC,4CAAwB,GAAQ;EAC3D,OAAO,MAAMC,qBAAqB,SAASF,kBAAkB,CAC7D;IACEG,WAAW,CAACC,OAAkC,EAAE;MAC9C,KAAK,CAACA,OAAO,CAAC;IAChB;IAEAC,KAAK,CAACD,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,KAAK,CAACC,KAAK,CAACD,OAAO,CAAC;MAEpB,IAAIA,OAAO,CAACE,gBAAgB,KAAK,KAAK,EAAE;QACtC,IAAI,CAACA,gBAAgB,EAAE;MACzB;IACF;IAEAC,eAAe,CAACC,IAAsB,EAAQ;MAC5C,IAAI,CAAC,IAAI,CAACC,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ;MACF;MACAA,OAAO,CAACG,UAAU,CAACL,IAAI,CAAC;IAC1B;;IAEA;IACAM,eAAe,CAACV,OAA2B,EAA2B;MACpE,IAAI,CAAC,IAAI,CAACK,gBAAgB,EAAE;QAC1B,OAAO,IAAI;MACb;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ,OAAO,IAAI;MACb;MACA,MAAMK,WAAW,GAAGL,OAAO,CAACM,UAAU,EAAE;MACxC,IAAI,CAACD,WAAW,IAAI,CAAC,IAAAE,uBAAgB,EAACF,WAAW,CAACG,cAAc,CAAC,EAAE;QACjE,OAAO,IAAI;MACb;MAEA,IAAId,OAAO,EAAE;QACX,MAAM;UAAEe,WAAW;UAAEC;QAAkB,CAAC,GAAGhB,OAAO;QAClD;QACA,IAAI,CAACA,OAAO,CAACiB,oBAAoB,IAAIF,WAAW,IAAIJ,WAAW,CAACI,WAAW,KAAKA,WAAW,EAAE;UAC3F,OAAO,IAAI;QACb;QACA,IAAIC,iBAAiB,IAAIL,WAAW,CAACK,iBAAiB,KAAKA,iBAAiB,EAAE;UAC5E,OAAO,IAAI;QACb;MACF;MAEA,OAAOL,WAAW;IACpB;IAEAT,gBAAgB,GAAS;MACvB,IAAI,CAAC,IAAI,CAACG,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3DF,OAAO,EAAEY,YAAY,EAAE;IACzB;EACF,CAAC;AACH"}

package/cjs/idx/authenticator/Authenticator.js.map

@@ -1 +1 @@
-{"version":3,"file":"Authenticator.js","names":["Authenticator","constructor","authenticator","meta"],"sources":["../../../../lib/idx/authenticator/Authenticator.ts"],"sourcesContent":["import { IdxAuthenticator, IdxRemediationValue } from '../types/idx-js';\n\n\nexport interface Credentials {\n  [key: string]: string | undefined;\n}\n\nexport abstract class Authenticator<Values> {\n  meta: IdxAuthenticator;\n\n  constructor(authenticator: IdxAuthenticator) {\n    this.meta = authenticator;\n  }\n\n  abstract canVerify(values: Values): boolean;\n\n  abstract mapCredentials(values: Values): Credentials | undefined;\n\n  abstract getInputs(idxRemediationValue: IdxRemediationValue): any; // TODO: add type\n}\n"],"mappings":";;;AAOO,MAAeA,aAAa,CAAS;EAG1CC,WAAW,CAACC,aAA+B,EAAE;IAC3C,IAAI,CAACC,IAAI,GAAGD,aAAa;EAC3B;;EAMmE;AACrE;AAAC"}
+{"version":3,"file":"Authenticator.js","names":["Authenticator","constructor","authenticator","meta"],"sources":["../../../../lib/idx/authenticator/Authenticator.ts"],"sourcesContent":["import { IdxAuthenticator, IdxRemediationValue } from '../types/idx-js';\n\n\nexport interface Credentials {\n  [key: string]: string | boolean | number | undefined;\n}\n\nexport abstract class Authenticator<Values> {\n  meta: IdxAuthenticator;\n\n  constructor(authenticator: IdxAuthenticator) {\n    this.meta = authenticator;\n  }\n\n  abstract canVerify(values: Values): boolean;\n\n  abstract mapCredentials(values: Values): Credentials | undefined;\n\n  abstract getInputs(idxRemediationValue: IdxRemediationValue): any; // TODO: add type\n}\n"],"mappings":";;;AAOO,MAAeA,aAAa,CAAS;EAG1CC,WAAW,CAACC,aAA+B,EAAE;IAC3C,IAAI,CAACC,IAAI,GAAGD,aAAa;EAC3B;;EAMmE;AACrE;AAAC"}

package/cjs/idx/authenticator/OktaPassword.js

@@ -10,22 +10,34 @@ class OktaPassword extends _Authenticator.Authenticator {
     const {
       credentials,
       password,
-      passcode
+      passcode,
+      revokeSessions
     } = values;
     if (!credentials && !password && !passcode) {
       return;
     }
     return credentials || {
-      passcode: passcode || password
+      passcode: passcode || password,
+      revokeSessions
     };
   }
   getInputs(idxRemediationValue) {
-    return {
+    const inputs = [{
       ...idxRemediationValue.form?.value[0],
       name: 'password',
       type: 'string',
       required: idxRemediationValue.required
-    };
+    }];
+    const revokeSessions = idxRemediationValue.form?.value.find(input => input.name === 'revokeSessions');
+    if (revokeSessions) {
+      inputs.push({
+        name: 'revokeSessions',
+        type: 'boolean',
+        label: 'Sign me out of all other devices',
+        required: false
+      });
+    }
+    return inputs;
   }
 }
 exports.OktaPassword = OktaPassword;

package/cjs/idx/authenticator/OktaPassword.js.map

@@ -1 +1 @@
-{"version":3,"file":"OktaPassword.js","names":["OktaPassword","Authenticator","canVerify","values","credentials","password","passcode","mapCredentials","getInputs","idxRemediationValue","form","value","name","type","required"],"sources":["../../../../lib/idx/authenticator/OktaPassword.ts"],"sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface OktaPasswordInputValues {\n  password?: string;\n  passcode?: string;\n  credentials?: Credentials;\n}\n\nexport class OktaPassword extends Authenticator<OktaPasswordInputValues> {\n  canVerify(values: OktaPasswordInputValues) {\n    return !!(values.credentials || values.password || values.passcode);\n  }\n\n  mapCredentials(values: OktaPasswordInputValues): Credentials | undefined {\n    const { credentials, password, passcode } = values;\n    if (!credentials && !password && !passcode) {\n      return;\n    }\n    return credentials || { passcode: passcode || password };\n  }\n\n  getInputs(idxRemediationValue) {\n    return {\n      ...idxRemediationValue.form?.value[0],\n      name: 'password',\n      type: 'string',\n      required: idxRemediationValue.required\n    };\n  }\n}\n"],"mappings":";;;AAAA;AAQO,MAAMA,YAAY,SAASC,4BAAa,CAA0B;EACvEC,SAAS,CAACC,MAA+B,EAAE;IACzC,OAAO,CAAC,EAAEA,MAAM,CAACC,WAAW,IAAID,MAAM,CAACE,QAAQ,IAAIF,MAAM,CAACG,QAAQ,CAAC;EACrE;EAEAC,cAAc,CAACJ,MAA+B,EAA2B;IACvE,MAAM;MAAEC,WAAW;MAAEC,QAAQ;MAAEC;IAAS,CAAC,GAAGH,MAAM;IAClD,IAAI,CAACC,WAAW,IAAI,CAACC,QAAQ,IAAI,CAACC,QAAQ,EAAE;MAC1C;IACF;IACA,OAAOF,WAAW,IAAI;MAAEE,QAAQ,EAAEA,QAAQ,IAAID;IAAS,CAAC;EAC1D;EAEAG,SAAS,CAACC,mBAAmB,EAAE;IAC7B,OAAO;MACL,GAAGA,mBAAmB,CAACC,IAAI,EAAEC,KAAK,CAAC,CAAC,CAAC;MACrCC,IAAI,EAAE,UAAU;MAChBC,IAAI,EAAE,QAAQ;MACdC,QAAQ,EAAEL,mBAAmB,CAACK;IAChC,CAAC;EACH;AACF;AAAC"}
+{"version":3,"file":"OktaPassword.js","names":["OktaPassword","Authenticator","canVerify","values","credentials","password","passcode","mapCredentials","revokeSessions","getInputs","idxRemediationValue","inputs","form","value","name","type","required","find","input","push","label"],"sources":["../../../../lib/idx/authenticator/OktaPassword.ts"],"sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface OktaPasswordInputValues {\n  password?: string;\n  passcode?: string;\n  credentials?: Credentials;\n  // for ResetAuthenticator\n  revokeSessions?: boolean;\n}\n\nexport class OktaPassword extends Authenticator<OktaPasswordInputValues> {\n  canVerify(values: OktaPasswordInputValues) {\n    return !!(values.credentials || values.password || values.passcode);\n  }\n\n  mapCredentials(values: OktaPasswordInputValues): Credentials | undefined {\n    const { credentials, password, passcode, revokeSessions } = values;\n    if (!credentials && !password && !passcode) {\n      return;\n    }\n    return credentials || {\n      passcode: passcode || password,\n      revokeSessions,\n    };\n  }\n\n  getInputs(idxRemediationValue) {\n    const inputs = [{\n      ...idxRemediationValue.form?.value[0],\n      name: 'password',\n      type: 'string',\n      required: idxRemediationValue.required,\n    }];\n    const revokeSessions = idxRemediationValue.form?.value.find(\n      input => input.name === 'revokeSessions'\n    );\n    if (revokeSessions) {\n      inputs.push({\n        name: 'revokeSessions',\n        type: 'boolean',\n        label: 'Sign me out of all other devices',\n        required: false,\n      });\n    }\n    return inputs;\n  }\n}\n"],"mappings":";;;AAAA;AAUO,MAAMA,YAAY,SAASC,4BAAa,CAA0B;EACvEC,SAAS,CAACC,MAA+B,EAAE;IACzC,OAAO,CAAC,EAAEA,MAAM,CAACC,WAAW,IAAID,MAAM,CAACE,QAAQ,IAAIF,MAAM,CAACG,QAAQ,CAAC;EACrE;EAEAC,cAAc,CAACJ,MAA+B,EAA2B;IACvE,MAAM;MAAEC,WAAW;MAAEC,QAAQ;MAAEC,QAAQ;MAAEE;IAAe,CAAC,GAAGL,MAAM;IAClE,IAAI,CAACC,WAAW,IAAI,CAACC,QAAQ,IAAI,CAACC,QAAQ,EAAE;MAC1C;IACF;IACA,OAAOF,WAAW,IAAI;MACpBE,QAAQ,EAAEA,QAAQ,IAAID,QAAQ;MAC9BG;IACF,CAAC;EACH;EAEAC,SAAS,CAACC,mBAAmB,EAAE;IAC7B,MAAMC,MAAM,GAAG,CAAC;MACd,GAAGD,mBAAmB,CAACE,IAAI,EAAEC,KAAK,CAAC,CAAC,CAAC;MACrCC,IAAI,EAAE,UAAU;MAChBC,IAAI,EAAE,QAAQ;MACdC,QAAQ,EAAEN,mBAAmB,CAACM;IAChC,CAAC,CAAC;IACF,MAAMR,cAAc,GAAGE,mBAAmB,CAACE,IAAI,EAAEC,KAAK,CAACI,IAAI,CACzDC,KAAK,IAAIA,KAAK,CAACJ,IAAI,KAAK,gBAAgB,CACzC;IACD,IAAIN,cAAc,EAAE;MAClBG,MAAM,CAACQ,IAAI,CAAC;QACVL,IAAI,EAAE,gBAAgB;QACtBC,IAAI,EAAE,SAAS;QACfK,KAAK,EAAE,kCAAkC;QACzCJ,QAAQ,EAAE;MACZ,CAAC,CAAC;IACJ;IACA,OAAOL,MAAM;EACf;AACF;AAAC"}

package/cjs/idx/run.js

@@ -85,7 +85,8 @@ async function getDataFromIntrospect(authClient, data) {
     activationToken,
     maxAge,
     acrValues,
-    nonce
+    nonce,
+    useGenericRemediator
   } = options;
   let idxResponse;
   let meta = (0, _transactionMeta.getSavedTransactionMeta)(authClient, {
@@ -98,7 +99,8 @@ async function getDataFromIntrospect(authClient, data) {
     idxResponse = await (0, _introspect.introspect)(authClient, {
       withCredentials,
       version,
-      stateHandle
+      stateHandle,
+      useGenericRemediator
     });
   } else {
     let interactionHandle = meta?.interactionHandle; // may be undefined
@@ -123,7 +125,8 @@ async function getDataFromIntrospect(authClient, data) {
     idxResponse = await (0, _introspect.introspect)(authClient, {
       withCredentials,
       version,
-      interactionHandle
+      interactionHandle,
+      useGenericRemediator
     });
   }
   return {

package/cjs/idx/run.js.map

@@ -1 +1 @@
-{"version":3,"file":"run.js","names":["initializeValues","options","knownOptions","values","forEach","option","initializeData","authClient","data","idx","flow","withCredentials","remediators","actions","status","IdxStatus","PENDING","getFlow","setFlow","flowSpec","getFlowSpecification","getDataFromIntrospect","stateHandle","version","state","scopes","recoveryToken","activationToken","maxAge","acrValues","nonce","idxResponse","meta","getSavedTransactionMeta","introspect","interactionHandle","transactionManager","clear","interactResponse","interact","getDataFromRemediate","autoRemediate","step","useGenericRemediator","shouldRemediate","rawIdxState","idxResponseFromRemediation","nextStep","canceled","remediate","getTokens","interactionCode","clientId","codeVerifier","ignoreSignature","redirectUri","urls","tokenResponse","token","exchangeCodeForTokens","tokens","finalizeData","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","enabledFeatures","availableSteps","messages","terminal","requestDidSucceed","stepUp","getEnabledFeatures","getAvailableSteps","getMessagesFromResponse","isTerminalResponse","TERMINAL","hasActions","Object","keys","length","hasErrors","find","msg","class","isTerminalSuccess","CANCELED","SUCCESS","run","error","saveTransactionMeta","rawIdxResponse","saveIdxResponse","context","neededToProceed","proceed"],"sources":["../../../lib/idx/run.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationValues } from './remediators/Base/Remediator';\nimport { \n  OktaAuthIdxInterface,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  RunOptions,\n  IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport {\n  getAvailableSteps,\n  getEnabledFeatures,\n  getMessagesFromResponse,\n  isTerminalResponse,\n  getFlowSpecification\n} from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n  options: RunOptions;\n  values: RemediationValues;\n  status?: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  idxResponse?: IdxResponse;\n  canceled?: boolean;\n  interactionCode?: string;\n  shouldSaveResponse?: boolean;\n  shouldClearTransaction?: boolean;\n  clearSharedStorage?: boolean;\n  terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n  // remove known options, everything else is assumed to be a value\n  const knownOptions = [\n    'flow', \n    'remediators', \n    'actions', \n    'withCredentials', \n    'step',\n    'useGenericRemediator',\n    'exchangeCodeForTokens',\n  ];\n  const values = { ...options };\n  knownOptions.forEach(option => {\n    delete values[option];\n  });\n  return values;\n}\n\nfunction initializeData(authClient: OktaAuthIdxInterface, data: RunData): RunData {\n  let { options } = data;\n  options = {\n    ...authClient.options.idx,\n    ...options\n  };\n  let {\n    flow,\n    withCredentials,\n    remediators,\n    actions,\n  } = options;\n\n  const status = IdxStatus.PENDING;\n\n  // certain options can be set by the flow specification\n  flow = flow || authClient.idx.getFlow?.() || 'default';\n  if (flow) {\n    authClient.idx.setFlow?.(flow);\n    const flowSpec = getFlowSpecification(authClient, flow);\n    // Favor option values over flow spec\n    withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n    remediators = remediators || flowSpec.remediators;\n    actions = actions || flowSpec.actions;\n  }\n\n  return { \n    ...data,\n    options: { \n      ...options, \n      flow, \n      withCredentials, \n      remediators, \n      actions,\n    },\n    status\n  };\n}\n\nasync function getDataFromIntrospect(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  const { options } = data;\n  const {\n    stateHandle,\n    withCredentials,\n    version,\n    state,\n    scopes,\n    recoveryToken,\n    activationToken,\n    maxAge,\n    acrValues,\n    nonce,\n  } = options;\n\n  let idxResponse;\n  let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n  if (stateHandle) {\n    idxResponse = await introspect(authClient, { withCredentials, version, stateHandle });\n  } else {\n    let interactionHandle = meta?.interactionHandle; // may be undefined\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, {\n        withCredentials,\n        state,\n        scopes,\n        activationToken,\n        recoveryToken,\n        maxAge,\n        acrValues,\n        nonce,\n      }); \n      interactionHandle = interactResponse.interactionHandle;\n      meta = interactResponse.meta;\n    }\n  \n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle });\n  }\n  return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    idxResponse,\n    options,\n    values\n  } = data;\n\n  const {\n    autoRemediate,\n    remediators,\n    actions,\n    flow,\n    step,\n    useGenericRemediator,\n  } = options;\n  \n  const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n  if (!shouldRemediate) {\n    return data;\n  }\n\n  values = { \n    ...values, \n    stateHandle: idxResponse!.rawIdxState.stateHandle \n  };\n\n  // Can we handle the remediations?\n  const { \n    idxResponse: idxResponseFromRemediation, \n    nextStep,\n    canceled,\n  } = await remediate(\n    authClient,\n    idxResponse!, \n    values, \n    {\n      remediators,\n      actions,\n      flow,\n      step,\n      useGenericRemediator,\n    }\n  );\n  idxResponse = idxResponseFromRemediation;\n\n  return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient: OktaAuthIdxInterface, data: RunData): Promise<Tokens> {\n  let { meta, idxResponse } = data;\n  const { interactionCode } = idxResponse as IdxResponse;\n  const {\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    urls,\n    scopes,\n  } = meta as IdxTransactionMeta;\n  const tokenResponse = await authClient.token.exchangeCodeForTokens({\n    interactionCode,\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    scopes\n  }, urls);\n  return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    options,\n    idxResponse,\n    canceled,\n    status,\n  } = data;\n  const { exchangeCodeForTokens } = options;\n  let shouldSaveResponse = false;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let interactionCode;\n  let tokens;\n  let enabledFeatures;\n  let availableSteps;\n  let messages;\n  let terminal;\n\n  if (idxResponse) {\n    shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n    messages = getMessagesFromResponse(idxResponse, options);\n    terminal = isTerminalResponse(idxResponse);\n  }\n\n  if (terminal) {\n    status = IdxStatus.TERMINAL;\n\n    // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n    // A terminal \"success\" is a non-error response with no further actions available.\n    // In these narrow cases, saved transaction data should be cleared.\n    // One example of a terminal success is when the email verify flow is continued in another tab\n    const hasActions = Object.keys(idxResponse!.actions).length > 0;\n    const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n    const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n    if (isTerminalSuccess) {\n      shouldClearTransaction = true;\n    } else {\n      // save response if there are actions available (ignore messages)\n      shouldSaveResponse = !!hasActions;\n    }\n    // leave shared storage intact so the transaction can be continued in another tab\n    clearSharedStorage = false;\n  } else if (canceled) {\n    status = IdxStatus.CANCELED;\n    shouldClearTransaction = true;\n  } else if (idxResponse?.interactionCode) { \n    interactionCode = idxResponse.interactionCode;\n    if (exchangeCodeForTokens === false) {\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = false;\n    } else {\n      tokens = await getTokens(authClient, data);\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = true;\n    }\n  }\n  return {\n    ...data,\n    status,\n    interactionCode,\n    tokens,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    enabledFeatures,\n    availableSteps,\n    messages,\n    terminal\n  };\n}\n\nexport async function run(\n  authClient: OktaAuthIdxInterface, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let data: RunData = {\n    options,\n    values: initializeValues(options)\n  };\n\n  data = initializeData(authClient, data);\n  data = await getDataFromIntrospect(authClient, data);\n  data = await getDataFromRemediate(authClient, data);\n  data = await finalizeData(authClient, data);\n\n  const {\n    idxResponse,\n    meta,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    status,\n    enabledFeatures,\n    availableSteps,\n    tokens,\n    nextStep,\n    messages,\n    error,\n    interactionCode\n  } = data;\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  else {\n    // ensures state is saved to sessionStorage\n    saveTransactionMeta(authClient, { ...meta });\n\n    if (shouldSaveResponse) {\n      // Save intermediate idx response in storage to reduce introspect call\n      const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n      authClient.transactionManager.saveIdxResponse({\n        rawIdxResponse,\n        requestDidSucceed,\n        stateHandle: idxResponse!.context?.stateHandle,\n        interactionHandle: meta?.interactionHandle\n      });\n    }\n  }\n  \n  // copy all fields from idxResponse which are needed by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n  return {\n    status: status!,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && messages.length && { messages }),\n    ...(error && { error }),\n    ...(stepUp && { stepUp }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions: actions!,\n    context: context!,\n    neededToProceed: neededToProceed!,\n    proceed: proceed!,\n    rawIdxState: rawIdxState!,\n    requestDidSucceed\n  };\n}\n"],"mappings":";;;AAeA;AACA;AACA;AAEA;AAUA;AACA;AA9BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;;AA6CA,SAASA,gBAAgB,CAACC,OAAmB,EAAE;EAC7C;EACA,MAAMC,YAAY,GAAG,CACnB,MAAM,EACN,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,MAAM,EACN,sBAAsB,EACtB,uBAAuB,CACxB;EACD,MAAMC,MAAM,GAAG;IAAE,GAAGF;EAAQ,CAAC;EAC7BC,YAAY,CAACE,OAAO,CAACC,MAAM,IAAI;IAC7B,OAAOF,MAAM,CAACE,MAAM,CAAC;EACvB,CAAC,CAAC;EACF,OAAOF,MAAM;AACf;AAEA,SAASG,cAAc,CAACC,UAAgC,EAAEC,IAAa,EAAW;EAChF,IAAI;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACtBP,OAAO,GAAG;IACR,GAAGM,UAAU,CAACN,OAAO,CAACQ,GAAG;IACzB,GAAGR;EACL,CAAC;EACD,IAAI;IACFS,IAAI;IACJC,eAAe;IACfC,WAAW;IACXC;EACF,CAAC,GAAGZ,OAAO;EAEX,MAAMa,MAAM,GAAGC,gBAAS,CAACC,OAAO;;EAEhC;EACAN,IAAI,GAAGA,IAAI,IAAIH,UAAU,CAACE,GAAG,CAACQ,OAAO,IAAI,IAAI,SAAS;EACtD,IAAIP,IAAI,EAAE;IACRH,UAAU,CAACE,GAAG,CAACS,OAAO,GAAGR,IAAI,CAAC;IAC9B,MAAMS,QAAQ,GAAG,IAAAC,0BAAoB,EAACb,UAAU,EAAEG,IAAI,CAAC;IACvD;IACAC,eAAe,GAAI,OAAOA,eAAe,KAAK,WAAW,GAAIA,eAAe,GAAGQ,QAAQ,CAACR,eAAe;IACvGC,WAAW,GAAGA,WAAW,IAAIO,QAAQ,CAACP,WAAW;IACjDC,OAAO,GAAGA,OAAO,IAAIM,QAAQ,CAACN,OAAO;EACvC;EAEA,OAAO;IACL,GAAGL,IAAI;IACPP,OAAO,EAAE;MACP,GAAGA,OAAO;MACVS,IAAI;MACJC,eAAe;MACfC,WAAW;MACXC;IACF,CAAC;IACDC;EACF,CAAC;AACH;AAEA,eAAeO,qBAAqB,CAACd,UAAgC,EAAEC,IAAa,EAAoB;EACtG,MAAM;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACxB,MAAM;IACJc,WAAW;IACXX,eAAe;IACfY,OAAO;IACPC,KAAK;IACLC,MAAM;IACNC,aAAa;IACbC,eAAe;IACfC,MAAM;IACNC,SAAS;IACTC;EACF,CAAC,GAAG7B,OAAO;EAEX,IAAI8B,WAAW;EACf,IAAIC,IAAI,GAAG,IAAAC,wCAAuB,EAAC1B,UAAU,EAAE;IAAEiB,KAAK;IAAEE,aAAa;IAAEC;EAAgB,CAAC,CAAC,CAAC,CAAC;;EAE3F,IAAIL,WAAW,EAAE;IACfS,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC3B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAED;IAAY,CAAC,CAAC;EACvF,CAAC,MAAM;IACL,IAAIa,iBAAiB,GAAGH,IAAI,EAAEG,iBAAiB,CAAC,CAAC;IACjD,IAAI,CAACA,iBAAiB,EAAE;MACtB;MACA5B,UAAU,CAAC6B,kBAAkB,CAACC,KAAK,EAAE;MACrC,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,kBAAQ,EAAChC,UAAU,EAAE;QAClDI,eAAe;QACfa,KAAK;QACLC,MAAM;QACNE,eAAe;QACfD,aAAa;QACbE,MAAM;QACNC,SAAS;QACTC;MACF,CAAC,CAAC;MACFK,iBAAiB,GAAGG,gBAAgB,CAACH,iBAAiB;MACtDH,IAAI,GAAGM,gBAAgB,CAACN,IAAI;IAC9B;;IAEA;IACAD,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC3B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAEY;IAAkB,CAAC,CAAC;EAC7F;EACA,OAAO;IAAE,GAAG3B,IAAI;IAAEuB,WAAW;IAAEC;EAAK,CAAC;AACvC;AAEA,eAAeQ,oBAAoB,CAACjC,UAAgC,EAAEC,IAAa,EAAoB;EACrG,IAAI;IACFuB,WAAW;IACX9B,OAAO;IACPE;EACF,CAAC,GAAGK,IAAI;EAER,MAAM;IACJiC,aAAa;IACb7B,WAAW;IACXC,OAAO;IACPH,IAAI;IACJgC,IAAI;IACJC;EACF,CAAC,GAAG1C,OAAO;EAEX,MAAM2C,eAAe,GAAIH,aAAa,KAAK,KAAK,KAAK7B,WAAW,IAAIC,OAAO,IAAI6B,IAAI,CAAE;EACrF,IAAI,CAACE,eAAe,EAAE;IACpB,OAAOpC,IAAI;EACb;EAEAL,MAAM,GAAG;IACP,GAAGA,MAAM;IACTmB,WAAW,EAAES,WAAW,CAAEc,WAAW,CAACvB;EACxC,CAAC;;EAED;EACA,MAAM;IACJS,WAAW,EAAEe,0BAA0B;IACvCC,QAAQ;IACRC;EACF,CAAC,GAAG,MAAM,IAAAC,oBAAS,EACjB1C,UAAU,EACVwB,WAAW,EACX5B,MAAM,EACN;IACES,WAAW;IACXC,OAAO;IACPH,IAAI;IACJgC,IAAI;IACJC;EACF,CAAC,CACF;EACDZ,WAAW,GAAGe,0BAA0B;EAExC,OAAO;IAAE,GAAGtC,IAAI;IAAEuB,WAAW;IAAEgB,QAAQ;IAAEC;EAAS,CAAC;AACrD;AAEA,eAAeE,SAAS,CAAC3C,UAAgC,EAAEC,IAAa,EAAmB;EACzF,IAAI;IAAEwB,IAAI;IAAED;EAAY,CAAC,GAAGvB,IAAI;EAChC,MAAM;IAAE2C;EAAgB,CAAC,GAAGpB,WAA0B;EACtD,MAAM;IACJqB,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACXC,IAAI;IACJ/B;EACF,CAAC,GAAGO,IAA0B;EAC9B,MAAMyB,aAAa,GAAG,MAAMlD,UAAU,CAACmD,KAAK,CAACC,qBAAqB,CAAC;IACjER,eAAe;IACfC,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACX9B;EACF,CAAC,EAAE+B,IAAI,CAAC;EACR,OAAOC,aAAa,CAACG,MAAM;AAC7B;AAEA,eAAeC,YAAY,CAACtD,UAAgC,EAAEC,IAAa,EAAoB;EAC7F,IAAI;IACFP,OAAO;IACP8B,WAAW;IACXiB,QAAQ;IACRlC;EACF,CAAC,GAAGN,IAAI;EACR,MAAM;IAAEmD;EAAsB,CAAC,GAAG1D,OAAO;EACzC,IAAI6D,kBAAkB,GAAG,KAAK;EAC9B,IAAIC,sBAAsB,GAAG,KAAK;EAClC,IAAIC,kBAAkB,GAAG,IAAI;EAC7B,IAAIb,eAAe;EACnB,IAAIS,MAAM;EACV,IAAIK,eAAe;EACnB,IAAIC,cAAc;EAClB,IAAIC,QAAQ;EACZ,IAAIC,QAAQ;EAEZ,IAAIrC,WAAW,EAAE;IACf+B,kBAAkB,GAAG,CAAC,EAAE/B,WAAW,CAACsC,iBAAiB,IAAItC,WAAW,CAACuC,MAAM,CAAC;IAC5EL,eAAe,GAAG,IAAAM,wBAAkB,EAACxC,WAAW,CAAC;IACjDmC,cAAc,GAAG,IAAAM,uBAAiB,EAACjE,UAAU,EAAEwB,WAAW,EAAE9B,OAAO,CAAC0C,oBAAoB,CAAC;IACzFwB,QAAQ,GAAG,IAAAM,6BAAuB,EAAC1C,WAAW,EAAE9B,OAAO,CAAC;IACxDmE,QAAQ,GAAG,IAAAM,wBAAkB,EAAC3C,WAAW,CAAC;EAC5C;EAEA,IAAIqC,QAAQ,EAAE;IACZtD,MAAM,GAAGC,gBAAS,CAAC4D,QAAQ;;IAE3B;IACA;IACA;IACA;IACA,MAAMC,UAAU,GAAGC,MAAM,CAACC,IAAI,CAAC/C,WAAW,CAAElB,OAAO,CAAC,CAACkE,MAAM,GAAG,CAAC;IAC/D,MAAMC,SAAS,GAAG,CAAC,CAACb,QAAQ,CAACc,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACC,KAAK,KAAK,OAAO,CAAC;IAC/D,MAAMC,iBAAiB,GAAG,CAACR,UAAU,IAAI,CAACI,SAAS,IAAIjD,WAAW,CAAEsC,iBAAiB,KAAK,IAAI;IAC9F,IAAIe,iBAAiB,EAAE;MACrBrB,sBAAsB,GAAG,IAAI;IAC/B,CAAC,MAAM;MACL;MACAD,kBAAkB,GAAG,CAAC,CAACc,UAAU;IACnC;IACA;IACAZ,kBAAkB,GAAG,KAAK;EAC5B,CAAC,MAAM,IAAIhB,QAAQ,EAAE;IACnBlC,MAAM,GAAGC,gBAAS,CAACsE,QAAQ;IAC3BtB,sBAAsB,GAAG,IAAI;EAC/B,CAAC,MAAM,IAAIhC,WAAW,EAAEoB,eAAe,EAAE;IACvCA,eAAe,GAAGpB,WAAW,CAACoB,eAAe;IAC7C,IAAIQ,qBAAqB,KAAK,KAAK,EAAE;MACnC7C,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,KAAK;IAChC,CAAC,MAAM;MACLH,MAAM,GAAG,MAAMV,SAAS,CAAC3C,UAAU,EAAEC,IAAI,CAAC;MAC1CM,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,IAAI;IAC/B;EACF;EACA,OAAO;IACL,GAAGvD,IAAI;IACPM,MAAM;IACNqC,eAAe;IACfS,MAAM;IACNE,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBC,eAAe;IACfC,cAAc;IACdC,QAAQ;IACRC;EACF,CAAC;AACH;AAEO,eAAemB,GAAG,CACvBhF,UAAgC,EAChCN,OAAmB,GAAG,CAAC,CAAC,EACC;EACzB,IAAIO,IAAa,GAAG;IAClBP,OAAO;IACPE,MAAM,EAAEH,gBAAgB,CAACC,OAAO;EAClC,CAAC;EAEDO,IAAI,GAAGF,cAAc,CAACC,UAAU,EAAEC,IAAI,CAAC;EACvCA,IAAI,GAAG,MAAMa,qBAAqB,CAACd,UAAU,EAAEC,IAAI,CAAC;EACpDA,IAAI,GAAG,MAAMgC,oBAAoB,CAACjC,UAAU,EAAEC,IAAI,CAAC;EACnDA,IAAI,GAAG,MAAMqD,YAAY,CAACtD,UAAU,EAAEC,IAAI,CAAC;EAE3C,MAAM;IACJuB,WAAW;IACXC,IAAI;IACJ8B,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBlD,MAAM;IACNmD,eAAe;IACfC,cAAc;IACdN,MAAM;IACNb,QAAQ;IACRoB,QAAQ;IACRqB,KAAK;IACLrC;EACF,CAAC,GAAG3C,IAAI;EAER,IAAIuD,sBAAsB,EAAE;IAC1BxD,UAAU,CAAC6B,kBAAkB,CAACC,KAAK,CAAC;MAAE2B;IAAmB,CAAC,CAAC;EAC7D,CAAC,MACI;IACH;IACA,IAAAyB,oCAAmB,EAAClF,UAAU,EAAE;MAAE,GAAGyB;IAAK,CAAC,CAAC;IAE5C,IAAI8B,kBAAkB,EAAE;MACtB;MACA,MAAM;QAAEjB,WAAW,EAAE6C,cAAc;QAAErB;MAAkB,CAAC,GAAGtC,WAAY;MACvExB,UAAU,CAAC6B,kBAAkB,CAACuD,eAAe,CAAC;QAC5CD,cAAc;QACdrB,iBAAiB;QACjB/C,WAAW,EAAES,WAAW,CAAE6D,OAAO,EAAEtE,WAAW;QAC9Ca,iBAAiB,EAAEH,IAAI,EAAEG;MAC3B,CAAC,CAAC;IACJ;EACF;;EAEA;EACA,MAAM;IAAEtB,OAAO;IAAE+E,OAAO;IAAEC,eAAe;IAAEC,OAAO;IAAEjD,WAAW;IAAEwB,iBAAiB;IAAEC;EAAO,CAAC,GAAGvC,WAAW,IAAI,CAAC,CAAC;EAChH,OAAO;IACLjB,MAAM,EAAEA,MAAO;IACf,IAAIkB,IAAI,IAAI;MAAEA;IAAK,CAAC,CAAC;IACrB,IAAIiC,eAAe,IAAI;MAAEA;IAAgB,CAAC,CAAC;IAC3C,IAAIC,cAAc,IAAI;MAAEA;IAAe,CAAC,CAAC;IACzC,IAAIN,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzB,IAAIb,QAAQ,IAAI;MAAEA;IAAS,CAAC,CAAC;IAC7B,IAAIoB,QAAQ,IAAIA,QAAQ,CAACY,MAAM,IAAI;MAAEZ;IAAS,CAAC,CAAC;IAChD,IAAIqB,KAAK,IAAI;MAAEA;IAAM,CAAC,CAAC;IACvB,IAAIlB,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzBnB,eAAe;IAAE;;IAEjB;IACAtC,OAAO,EAAEA,OAAQ;IACjB+E,OAAO,EAAEA,OAAQ;IACjBC,eAAe,EAAEA,eAAgB;IACjCC,OAAO,EAAEA,OAAQ;IACjBjD,WAAW,EAAEA,WAAY;IACzBwB;EACF,CAAC;AACH"}
+{"version":3,"file":"run.js","names":["initializeValues","options","knownOptions","values","forEach","option","initializeData","authClient","data","idx","flow","withCredentials","remediators","actions","status","IdxStatus","PENDING","getFlow","setFlow","flowSpec","getFlowSpecification","getDataFromIntrospect","stateHandle","version","state","scopes","recoveryToken","activationToken","maxAge","acrValues","nonce","useGenericRemediator","idxResponse","meta","getSavedTransactionMeta","introspect","interactionHandle","transactionManager","clear","interactResponse","interact","getDataFromRemediate","autoRemediate","step","shouldRemediate","rawIdxState","idxResponseFromRemediation","nextStep","canceled","remediate","getTokens","interactionCode","clientId","codeVerifier","ignoreSignature","redirectUri","urls","tokenResponse","token","exchangeCodeForTokens","tokens","finalizeData","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","enabledFeatures","availableSteps","messages","terminal","requestDidSucceed","stepUp","getEnabledFeatures","getAvailableSteps","getMessagesFromResponse","isTerminalResponse","TERMINAL","hasActions","Object","keys","length","hasErrors","find","msg","class","isTerminalSuccess","CANCELED","SUCCESS","run","error","saveTransactionMeta","rawIdxResponse","saveIdxResponse","context","neededToProceed","proceed"],"sources":["../../../lib/idx/run.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationValues } from './remediators/Base/Remediator';\nimport { \n  OktaAuthIdxInterface,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  RunOptions,\n  IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport {\n  getAvailableSteps,\n  getEnabledFeatures,\n  getMessagesFromResponse,\n  isTerminalResponse,\n  getFlowSpecification\n} from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n  options: RunOptions;\n  values: RemediationValues;\n  status?: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  idxResponse?: IdxResponse;\n  canceled?: boolean;\n  interactionCode?: string;\n  shouldSaveResponse?: boolean;\n  shouldClearTransaction?: boolean;\n  clearSharedStorage?: boolean;\n  terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n  // remove known options, everything else is assumed to be a value\n  const knownOptions = [\n    'flow', \n    'remediators', \n    'actions', \n    'withCredentials', \n    'step',\n    'useGenericRemediator',\n    'exchangeCodeForTokens',\n  ];\n  const values = { ...options };\n  knownOptions.forEach(option => {\n    delete values[option];\n  });\n  return values;\n}\n\nfunction initializeData(authClient: OktaAuthIdxInterface, data: RunData): RunData {\n  let { options } = data;\n  options = {\n    ...authClient.options.idx,\n    ...options\n  };\n  let {\n    flow,\n    withCredentials,\n    remediators,\n    actions,\n  } = options;\n\n  const status = IdxStatus.PENDING;\n\n  // certain options can be set by the flow specification\n  flow = flow || authClient.idx.getFlow?.() || 'default';\n  if (flow) {\n    authClient.idx.setFlow?.(flow);\n    const flowSpec = getFlowSpecification(authClient, flow);\n    // Favor option values over flow spec\n    withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n    remediators = remediators || flowSpec.remediators;\n    actions = actions || flowSpec.actions;\n  }\n\n  return { \n    ...data,\n    options: { \n      ...options, \n      flow, \n      withCredentials, \n      remediators, \n      actions,\n    },\n    status\n  };\n}\n\nasync function getDataFromIntrospect(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  const { options } = data;\n  const {\n    stateHandle,\n    withCredentials,\n    version,\n    state,\n    scopes,\n    recoveryToken,\n    activationToken,\n    maxAge,\n    acrValues,\n    nonce,\n    useGenericRemediator,\n  } = options;\n\n  let idxResponse;\n  let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n  if (stateHandle) {\n    idxResponse = await introspect(authClient, { withCredentials, version, stateHandle, useGenericRemediator });\n  } else {\n    let interactionHandle = meta?.interactionHandle; // may be undefined\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, {\n        withCredentials,\n        state,\n        scopes,\n        activationToken,\n        recoveryToken,\n        maxAge,\n        acrValues,\n        nonce,\n      }); \n      interactionHandle = interactResponse.interactionHandle;\n      meta = interactResponse.meta;\n    }\n  \n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle, useGenericRemediator });\n  }\n  return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    idxResponse,\n    options,\n    values\n  } = data;\n\n  const {\n    autoRemediate,\n    remediators,\n    actions,\n    flow,\n    step,\n    useGenericRemediator,\n  } = options;\n  \n  const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n  if (!shouldRemediate) {\n    return data;\n  }\n\n  values = { \n    ...values, \n    stateHandle: idxResponse!.rawIdxState.stateHandle \n  };\n\n  // Can we handle the remediations?\n  const { \n    idxResponse: idxResponseFromRemediation, \n    nextStep,\n    canceled,\n  } = await remediate(\n    authClient,\n    idxResponse!, \n    values, \n    {\n      remediators,\n      actions,\n      flow,\n      step,\n      useGenericRemediator,\n    }\n  );\n  idxResponse = idxResponseFromRemediation;\n\n  return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient: OktaAuthIdxInterface, data: RunData): Promise<Tokens> {\n  let { meta, idxResponse } = data;\n  const { interactionCode } = idxResponse as IdxResponse;\n  const {\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    urls,\n    scopes,\n  } = meta as IdxTransactionMeta;\n  const tokenResponse = await authClient.token.exchangeCodeForTokens({\n    interactionCode,\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    scopes\n  }, urls);\n  return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    options,\n    idxResponse,\n    canceled,\n    status,\n  } = data;\n  const { exchangeCodeForTokens } = options;\n  let shouldSaveResponse = false;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let interactionCode;\n  let tokens;\n  let enabledFeatures;\n  let availableSteps;\n  let messages;\n  let terminal;\n\n  if (idxResponse) {\n    shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n    messages = getMessagesFromResponse(idxResponse, options);\n    terminal = isTerminalResponse(idxResponse);\n  }\n\n  if (terminal) {\n    status = IdxStatus.TERMINAL;\n\n    // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n    // A terminal \"success\" is a non-error response with no further actions available.\n    // In these narrow cases, saved transaction data should be cleared.\n    // One example of a terminal success is when the email verify flow is continued in another tab\n    const hasActions = Object.keys(idxResponse!.actions).length > 0;\n    const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n    const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n    if (isTerminalSuccess) {\n      shouldClearTransaction = true;\n    } else {\n      // save response if there are actions available (ignore messages)\n      shouldSaveResponse = !!hasActions;\n    }\n    // leave shared storage intact so the transaction can be continued in another tab\n    clearSharedStorage = false;\n  } else if (canceled) {\n    status = IdxStatus.CANCELED;\n    shouldClearTransaction = true;\n  } else if (idxResponse?.interactionCode) { \n    interactionCode = idxResponse.interactionCode;\n    if (exchangeCodeForTokens === false) {\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = false;\n    } else {\n      tokens = await getTokens(authClient, data);\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = true;\n    }\n  }\n  return {\n    ...data,\n    status,\n    interactionCode,\n    tokens,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    enabledFeatures,\n    availableSteps,\n    messages,\n    terminal\n  };\n}\n\nexport async function run(\n  authClient: OktaAuthIdxInterface, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let data: RunData = {\n    options,\n    values: initializeValues(options)\n  };\n\n  data = initializeData(authClient, data);\n  data = await getDataFromIntrospect(authClient, data);\n  data = await getDataFromRemediate(authClient, data);\n  data = await finalizeData(authClient, data);\n\n  const {\n    idxResponse,\n    meta,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    status,\n    enabledFeatures,\n    availableSteps,\n    tokens,\n    nextStep,\n    messages,\n    error,\n    interactionCode\n  } = data;\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  else {\n    // ensures state is saved to sessionStorage\n    saveTransactionMeta(authClient, { ...meta });\n\n    if (shouldSaveResponse) {\n      // Save intermediate idx response in storage to reduce introspect call\n      const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n      authClient.transactionManager.saveIdxResponse({\n        rawIdxResponse,\n        requestDidSucceed,\n        stateHandle: idxResponse!.context?.stateHandle,\n        interactionHandle: meta?.interactionHandle\n      });\n    }\n  }\n  \n  // copy all fields from idxResponse which are needed by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n  return {\n    status: status!,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && messages.length && { messages }),\n    ...(error && { error }),\n    ...(stepUp && { stepUp }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions: actions!,\n    context: context!,\n    neededToProceed: neededToProceed!,\n    proceed: proceed!,\n    rawIdxState: rawIdxState!,\n    requestDidSucceed\n  };\n}\n"],"mappings":";;;AAeA;AACA;AACA;AAEA;AAUA;AACA;AA9BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;;AA6CA,SAASA,gBAAgB,CAACC,OAAmB,EAAE;EAC7C;EACA,MAAMC,YAAY,GAAG,CACnB,MAAM,EACN,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,MAAM,EACN,sBAAsB,EACtB,uBAAuB,CACxB;EACD,MAAMC,MAAM,GAAG;IAAE,GAAGF;EAAQ,CAAC;EAC7BC,YAAY,CAACE,OAAO,CAACC,MAAM,IAAI;IAC7B,OAAOF,MAAM,CAACE,MAAM,CAAC;EACvB,CAAC,CAAC;EACF,OAAOF,MAAM;AACf;AAEA,SAASG,cAAc,CAACC,UAAgC,EAAEC,IAAa,EAAW;EAChF,IAAI;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACtBP,OAAO,GAAG;IACR,GAAGM,UAAU,CAACN,OAAO,CAACQ,GAAG;IACzB,GAAGR;EACL,CAAC;EACD,IAAI;IACFS,IAAI;IACJC,eAAe;IACfC,WAAW;IACXC;EACF,CAAC,GAAGZ,OAAO;EAEX,MAAMa,MAAM,GAAGC,gBAAS,CAACC,OAAO;;EAEhC;EACAN,IAAI,GAAGA,IAAI,IAAIH,UAAU,CAACE,GAAG,CAACQ,OAAO,IAAI,IAAI,SAAS;EACtD,IAAIP,IAAI,EAAE;IACRH,UAAU,CAACE,GAAG,CAACS,OAAO,GAAGR,IAAI,CAAC;IAC9B,MAAMS,QAAQ,GAAG,IAAAC,0BAAoB,EAACb,UAAU,EAAEG,IAAI,CAAC;IACvD;IACAC,eAAe,GAAI,OAAOA,eAAe,KAAK,WAAW,GAAIA,eAAe,GAAGQ,QAAQ,CAACR,eAAe;IACvGC,WAAW,GAAGA,WAAW,IAAIO,QAAQ,CAACP,WAAW;IACjDC,OAAO,GAAGA,OAAO,IAAIM,QAAQ,CAACN,OAAO;EACvC;EAEA,OAAO;IACL,GAAGL,IAAI;IACPP,OAAO,EAAE;MACP,GAAGA,OAAO;MACVS,IAAI;MACJC,eAAe;MACfC,WAAW;MACXC;IACF,CAAC;IACDC;EACF,CAAC;AACH;AAEA,eAAeO,qBAAqB,CAACd,UAAgC,EAAEC,IAAa,EAAoB;EACtG,MAAM;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACxB,MAAM;IACJc,WAAW;IACXX,eAAe;IACfY,OAAO;IACPC,KAAK;IACLC,MAAM;IACNC,aAAa;IACbC,eAAe;IACfC,MAAM;IACNC,SAAS;IACTC,KAAK;IACLC;EACF,CAAC,GAAG9B,OAAO;EAEX,IAAI+B,WAAW;EACf,IAAIC,IAAI,GAAG,IAAAC,wCAAuB,EAAC3B,UAAU,EAAE;IAAEiB,KAAK;IAAEE,aAAa;IAAEC;EAAgB,CAAC,CAAC,CAAC,CAAC;;EAE3F,IAAIL,WAAW,EAAE;IACfU,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC5B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAED,WAAW;MAAES;IAAqB,CAAC,CAAC;EAC7G,CAAC,MAAM;IACL,IAAIK,iBAAiB,GAAGH,IAAI,EAAEG,iBAAiB,CAAC,CAAC;IACjD,IAAI,CAACA,iBAAiB,EAAE;MACtB;MACA7B,UAAU,CAAC8B,kBAAkB,CAACC,KAAK,EAAE;MACrC,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,kBAAQ,EAACjC,UAAU,EAAE;QAClDI,eAAe;QACfa,KAAK;QACLC,MAAM;QACNE,eAAe;QACfD,aAAa;QACbE,MAAM;QACNC,SAAS;QACTC;MACF,CAAC,CAAC;MACFM,iBAAiB,GAAGG,gBAAgB,CAACH,iBAAiB;MACtDH,IAAI,GAAGM,gBAAgB,CAACN,IAAI;IAC9B;;IAEA;IACAD,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC5B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAEa,iBAAiB;MAAEL;IAAqB,CAAC,CAAC;EACnH;EACA,OAAO;IAAE,GAAGvB,IAAI;IAAEwB,WAAW;IAAEC;EAAK,CAAC;AACvC;AAEA,eAAeQ,oBAAoB,CAAClC,UAAgC,EAAEC,IAAa,EAAoB;EACrG,IAAI;IACFwB,WAAW;IACX/B,OAAO;IACPE;EACF,CAAC,GAAGK,IAAI;EAER,MAAM;IACJkC,aAAa;IACb9B,WAAW;IACXC,OAAO;IACPH,IAAI;IACJiC,IAAI;IACJZ;EACF,CAAC,GAAG9B,OAAO;EAEX,MAAM2C,eAAe,GAAIF,aAAa,KAAK,KAAK,KAAK9B,WAAW,IAAIC,OAAO,IAAI8B,IAAI,CAAE;EACrF,IAAI,CAACC,eAAe,EAAE;IACpB,OAAOpC,IAAI;EACb;EAEAL,MAAM,GAAG;IACP,GAAGA,MAAM;IACTmB,WAAW,EAAEU,WAAW,CAAEa,WAAW,CAACvB;EACxC,CAAC;;EAED;EACA,MAAM;IACJU,WAAW,EAAEc,0BAA0B;IACvCC,QAAQ;IACRC;EACF,CAAC,GAAG,MAAM,IAAAC,oBAAS,EACjB1C,UAAU,EACVyB,WAAW,EACX7B,MAAM,EACN;IACES,WAAW;IACXC,OAAO;IACPH,IAAI;IACJiC,IAAI;IACJZ;EACF,CAAC,CACF;EACDC,WAAW,GAAGc,0BAA0B;EAExC,OAAO;IAAE,GAAGtC,IAAI;IAAEwB,WAAW;IAAEe,QAAQ;IAAEC;EAAS,CAAC;AACrD;AAEA,eAAeE,SAAS,CAAC3C,UAAgC,EAAEC,IAAa,EAAmB;EACzF,IAAI;IAAEyB,IAAI;IAAED;EAAY,CAAC,GAAGxB,IAAI;EAChC,MAAM;IAAE2C;EAAgB,CAAC,GAAGnB,WAA0B;EACtD,MAAM;IACJoB,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACXC,IAAI;IACJ/B;EACF,CAAC,GAAGQ,IAA0B;EAC9B,MAAMwB,aAAa,GAAG,MAAMlD,UAAU,CAACmD,KAAK,CAACC,qBAAqB,CAAC;IACjER,eAAe;IACfC,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACX9B;EACF,CAAC,EAAE+B,IAAI,CAAC;EACR,OAAOC,aAAa,CAACG,MAAM;AAC7B;AAEA,eAAeC,YAAY,CAACtD,UAAgC,EAAEC,IAAa,EAAoB;EAC7F,IAAI;IACFP,OAAO;IACP+B,WAAW;IACXgB,QAAQ;IACRlC;EACF,CAAC,GAAGN,IAAI;EACR,MAAM;IAAEmD;EAAsB,CAAC,GAAG1D,OAAO;EACzC,IAAI6D,kBAAkB,GAAG,KAAK;EAC9B,IAAIC,sBAAsB,GAAG,KAAK;EAClC,IAAIC,kBAAkB,GAAG,IAAI;EAC7B,IAAIb,eAAe;EACnB,IAAIS,MAAM;EACV,IAAIK,eAAe;EACnB,IAAIC,cAAc;EAClB,IAAIC,QAAQ;EACZ,IAAIC,QAAQ;EAEZ,IAAIpC,WAAW,EAAE;IACf8B,kBAAkB,GAAG,CAAC,EAAE9B,WAAW,CAACqC,iBAAiB,IAAIrC,WAAW,CAACsC,MAAM,CAAC;IAC5EL,eAAe,GAAG,IAAAM,wBAAkB,EAACvC,WAAW,CAAC;IACjDkC,cAAc,GAAG,IAAAM,uBAAiB,EAACjE,UAAU,EAAEyB,WAAW,EAAE/B,OAAO,CAAC8B,oBAAoB,CAAC;IACzFoC,QAAQ,GAAG,IAAAM,6BAAuB,EAACzC,WAAW,EAAE/B,OAAO,CAAC;IACxDmE,QAAQ,GAAG,IAAAM,wBAAkB,EAAC1C,WAAW,CAAC;EAC5C;EAEA,IAAIoC,QAAQ,EAAE;IACZtD,MAAM,GAAGC,gBAAS,CAAC4D,QAAQ;;IAE3B;IACA;IACA;IACA;IACA,MAAMC,UAAU,GAAGC,MAAM,CAACC,IAAI,CAAC9C,WAAW,CAAEnB,OAAO,CAAC,CAACkE,MAAM,GAAG,CAAC;IAC/D,MAAMC,SAAS,GAAG,CAAC,CAACb,QAAQ,CAACc,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACC,KAAK,KAAK,OAAO,CAAC;IAC/D,MAAMC,iBAAiB,GAAG,CAACR,UAAU,IAAI,CAACI,SAAS,IAAIhD,WAAW,CAAEqC,iBAAiB,KAAK,IAAI;IAC9F,IAAIe,iBAAiB,EAAE;MACrBrB,sBAAsB,GAAG,IAAI;IAC/B,CAAC,MAAM;MACL;MACAD,kBAAkB,GAAG,CAAC,CAACc,UAAU;IACnC;IACA;IACAZ,kBAAkB,GAAG,KAAK;EAC5B,CAAC,MAAM,IAAIhB,QAAQ,EAAE;IACnBlC,MAAM,GAAGC,gBAAS,CAACsE,QAAQ;IAC3BtB,sBAAsB,GAAG,IAAI;EAC/B,CAAC,MAAM,IAAI/B,WAAW,EAAEmB,eAAe,EAAE;IACvCA,eAAe,GAAGnB,WAAW,CAACmB,eAAe;IAC7C,IAAIQ,qBAAqB,KAAK,KAAK,EAAE;MACnC7C,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,KAAK;IAChC,CAAC,MAAM;MACLH,MAAM,GAAG,MAAMV,SAAS,CAAC3C,UAAU,EAAEC,IAAI,CAAC;MAC1CM,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,IAAI;IAC/B;EACF;EACA,OAAO;IACL,GAAGvD,IAAI;IACPM,MAAM;IACNqC,eAAe;IACfS,MAAM;IACNE,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBC,eAAe;IACfC,cAAc;IACdC,QAAQ;IACRC;EACF,CAAC;AACH;AAEO,eAAemB,GAAG,CACvBhF,UAAgC,EAChCN,OAAmB,GAAG,CAAC,CAAC,EACC;EACzB,IAAIO,IAAa,GAAG;IAClBP,OAAO;IACPE,MAAM,EAAEH,gBAAgB,CAACC,OAAO;EAClC,CAAC;EAEDO,IAAI,GAAGF,cAAc,CAACC,UAAU,EAAEC,IAAI,CAAC;EACvCA,IAAI,GAAG,MAAMa,qBAAqB,CAACd,UAAU,EAAEC,IAAI,CAAC;EACpDA,IAAI,GAAG,MAAMiC,oBAAoB,CAAClC,UAAU,EAAEC,IAAI,CAAC;EACnDA,IAAI,GAAG,MAAMqD,YAAY,CAACtD,UAAU,EAAEC,IAAI,CAAC;EAE3C,MAAM;IACJwB,WAAW;IACXC,IAAI;IACJ6B,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBlD,MAAM;IACNmD,eAAe;IACfC,cAAc;IACdN,MAAM;IACNb,QAAQ;IACRoB,QAAQ;IACRqB,KAAK;IACLrC;EACF,CAAC,GAAG3C,IAAI;EAER,IAAIuD,sBAAsB,EAAE;IAC1BxD,UAAU,CAAC8B,kBAAkB,CAACC,KAAK,CAAC;MAAE0B;IAAmB,CAAC,CAAC;EAC7D,CAAC,MACI;IACH;IACA,IAAAyB,oCAAmB,EAAClF,UAAU,EAAE;MAAE,GAAG0B;IAAK,CAAC,CAAC;IAE5C,IAAI6B,kBAAkB,EAAE;MACtB;MACA,MAAM;QAAEjB,WAAW,EAAE6C,cAAc;QAAErB;MAAkB,CAAC,GAAGrC,WAAY;MACvEzB,UAAU,CAAC8B,kBAAkB,CAACsD,eAAe,CAAC;QAC5CD,cAAc;QACdrB,iBAAiB;QACjB/C,WAAW,EAAEU,WAAW,CAAE4D,OAAO,EAAEtE,WAAW;QAC9Cc,iBAAiB,EAAEH,IAAI,EAAEG;MAC3B,CAAC,CAAC;IACJ;EACF;;EAEA;EACA,MAAM;IAAEvB,OAAO;IAAE+E,OAAO;IAAEC,eAAe;IAAEC,OAAO;IAAEjD,WAAW;IAAEwB,iBAAiB;IAAEC;EAAO,CAAC,GAAGtC,WAAW,IAAI,CAAC,CAAC;EAChH,OAAO;IACLlB,MAAM,EAAEA,MAAO;IACf,IAAImB,IAAI,IAAI;MAAEA;IAAK,CAAC,CAAC;IACrB,IAAIgC,eAAe,IAAI;MAAEA;IAAgB,CAAC,CAAC;IAC3C,IAAIC,cAAc,IAAI;MAAEA;IAAe,CAAC,CAAC;IACzC,IAAIN,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzB,IAAIb,QAAQ,IAAI;MAAEA;IAAS,CAAC,CAAC;IAC7B,IAAIoB,QAAQ,IAAIA,QAAQ,CAACY,MAAM,IAAI;MAAEZ;IAAS,CAAC,CAAC;IAChD,IAAIqB,KAAK,IAAI;MAAEA;IAAM,CAAC,CAAC;IACvB,IAAIlB,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzBnB,eAAe;IAAE;;IAEjB;IACAtC,OAAO,EAAEA,OAAQ;IACjB+E,OAAO,EAAEA,OAAQ;IACjBC,eAAe,EAAEA,eAAgB;IACjCC,OAAO,EAAEA,OAAQ;IACjBjD,WAAW,EAAEA,WAAY;IACzBwB;EACF,CAAC;AACH"}

package/cjs/idx/types/idx-js.js.map

@@ -1 +1 @@
-{"version":3,"file":"idx-js.js","names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"sources":["../../../../lib/idx/types/idx-js.ts"],"sourcesContent":["/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n  challenge: string; \n  userVerification: string; \n  extensions?: {\n    appid: string;\n  };\n}\nexport interface ActivationData {\n  challenge: string;\n  rp: {\n    name: string;\n  };\n  user: {\n    id: string;\n    name: string;\n    displayName: string;\n  };\n  pubKeyCredParams: {\n    type: string;\n    alg: number;\n  }[];\n  attestation?: string;\n  authenticatorSelection?: {\n    userVerification?: string;\n    authenticatorAttachment?: string;\n    requireResidentKey?: boolean;\n    residentKey?: string;\n  };\n  excludeCredentials?: {\n    id: string;\n    type: string;\n  }[];\n}\nexport interface IdxAuthenticatorMethod {\n  type: string;\n}\nexport interface IdxAuthenticator {\n  displayName: string;\n  id: string;\n  key: string;\n  methods: IdxAuthenticatorMethod[];\n  type: string;\n  settings?: {\n    complexity?: unknown;\n    age?: unknown;\n  };\n  contextualData?: {\n    enrolledQuestion?: {\n      question: string;\n      questionKey: string;\n    };\n    qrcode?: { \n      href: string; \n      method: string; \n      type: string; \n    };\n    sharedSecret?: string;\n    questions?: {\n      questionKey: string;\n      question: string;\n    }[];\n    questionKeys?: string[];\n    selectedChannel?: string;\n    activationData?: ActivationData;\n    challengeData?: ChallengeData;\n  };\n  credentialId?: string;\n  enrollmentId?: string;\n  profile?: Record<string, unknown>;\n  resend?: Record<string, unknown>;\n  poll?: Record<string, unknown>;\n  recover?: Record<string, unknown>;\n  deviceKnown?: boolean;\n}\n\nexport interface IdxForm {\n  value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n  value: string | {form: IdxForm} | Input[];\n  label: string;\n  relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n  id: string;\n  name: string;\n}\n\nexport interface IdxRemediationValueForm {\n  form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n  name: string;\n  type?: string;\n  required?: boolean;\n  secret?: boolean;\n  visible?: boolean;\n  mutable?: boolean;\n  value?: string | IdxRemediationValueForm;\n  label?: string;\n  form?: IdxForm;\n  options?: IdxOption[];\n  messages?: IdxMessages;\n  minLength?: number;\n  maxLength?: number;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n}\n\nexport interface IdxRemediation {\n  name: string;\n  label?: string;\n  value?: IdxRemediationValue[];\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  idp?: IdpConfig;\n  href?: string;\n  method?: string;\n  type?: string;\n  accepts?: string;\n  produces?: string;\n  refresh?: number;\n  rel?: string[];\n  action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n  version: string;\n  stateHandle: string;\n  expiresAt: string;\n  intent: string;\n  currentAuthenticator: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  currentAuthenticatorEnrollment: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  authenticators: {\n    type: string;\n    value: IdxAuthenticator[];\n  };\n  authenticatorEnrollments: {\n    type: string;\n    value: IdxAuthenticator[];\n  };\n  enrollmentAuthenticator: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  user?: {\n    type: string;\n    value: Record<string, unknown>;\n  };\n  uiDisplay?: IdxContextUIDisplay\n  app: {\n    type: string;\n    value: Record<string, unknown>;\n  };\n  messages?: IdxMessages;\n  success?: IdxRemediation;\n  failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n  type: string;\n  value: {\n    label?: string;\n    buttonLabel?: string;\n  }\n}\n\nexport interface IdxMessage {\n  message: string;\n  class: string;\n  i18n: {\n    key: string;\n    params?: unknown[];\n  };\n}\n\nexport interface IdxMessages {\n  type: 'array';\n  value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n  version: string;\n  stateHandle: string;\n  intent?: string;\n  expiresAt?: string;\n  remediation?: {\n    type: 'array';\n    value: IdxRemediation[];\n  };\n  messages?: IdxMessages;\n  success?: boolean;\n  successWithInteractionCode?: IdxRemediation;\n  currentAuthenticator?: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  currentAuthenticatorEnrollment?: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n  return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n  [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n  [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n  interactionHandle?: string;\n  withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n  (params: IdxActionParams): Promise<IdxResponse>;\n  neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  toPersist: IdxToPersist;\n  context?: IdxContext;\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n  return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;;AAoMA;;AAuBO,SAASA,gBAAgB,CAACC,GAAQ,EAAyB;EAChE,OAAOA,GAAG,IAAIA,GAAG,CAACC,OAAO;AAC3B;AAgCO,SAASC,aAAa,CAACF,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAW,CAAC;AACjD"}
+{"version":3,"file":"idx-js.js","names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"sources":["../../../../lib/idx/types/idx-js.ts"],"sourcesContent":["/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n  challenge: string; \n  userVerification: string; \n  extensions?: {\n    appid: string;\n  };\n}\nexport interface ActivationData {\n  challenge: string;\n  rp: {\n    name: string;\n  };\n  user: {\n    id: string;\n    name: string;\n    displayName: string;\n  };\n  pubKeyCredParams: {\n    type: string;\n    alg: number;\n  }[];\n  attestation?: string;\n  authenticatorSelection?: {\n    userVerification?: string;\n    authenticatorAttachment?: string;\n    requireResidentKey?: boolean;\n    residentKey?: string;\n  };\n  excludeCredentials?: {\n    id: string;\n    type: string;\n  }[];\n}\nexport interface IdxAuthenticatorMethod {\n  type: string;\n}\nexport interface IdxAuthenticator {\n  displayName: string;\n  id: string;\n  key: string;\n  methods: IdxAuthenticatorMethod[];\n  type: string;\n  settings?: {\n    complexity?: unknown;\n    age?: unknown;\n  };\n  contextualData?: {\n    enrolledQuestion?: {\n      question: string;\n      questionKey: string;\n    };\n    qrcode?: { \n      href: string; \n      method: string; \n      type: string; \n    };\n    sharedSecret?: string;\n    questions?: {\n      questionKey: string;\n      question: string;\n    }[];\n    questionKeys?: string[];\n    selectedChannel?: string;\n    activationData?: ActivationData;\n    challengeData?: ChallengeData;\n  };\n  credentialId?: string;\n  enrollmentId?: string;\n  profile?: Record<string, unknown>;\n  resend?: Record<string, unknown>;\n  poll?: Record<string, unknown>;\n  recover?: Record<string, unknown>;\n  deviceKnown?: boolean;\n  nickname?: string;\n}\n\nexport interface IdxForm {\n  value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n  value: string | {form: IdxForm} | Input[];\n  label: string;\n  relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n  id: string;\n  name: string;\n}\n\nexport interface IdxRemediationValueForm {\n  form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n  name: string;\n  type?: string;\n  required?: boolean;\n  secret?: boolean;\n  visible?: boolean;\n  mutable?: boolean;\n  value?: string | IdxRemediationValueForm;\n  label?: string;\n  form?: IdxForm;\n  options?: IdxOption[];\n  messages?: IdxMessages;\n  minLength?: number;\n  maxLength?: number;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n}\n\nexport interface IdxRemediation {\n  name: string;\n  label?: string;\n  value?: IdxRemediationValue[];\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  idp?: IdpConfig;\n  href?: string;\n  method?: string;\n  type?: string;\n  accepts?: string;\n  produces?: string;\n  refresh?: number;\n  rel?: string[];\n  action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n  version: string;\n  stateHandle: string;\n  expiresAt: string;\n  intent: string;\n  currentAuthenticator: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  currentAuthenticatorEnrollment: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  authenticators: {\n    type: string;\n    value: IdxAuthenticator[];\n  };\n  authenticatorEnrollments: {\n    type: string;\n    value: IdxAuthenticator[];\n  };\n  enrollmentAuthenticator: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  user?: {\n    type: string;\n    value: Record<string, unknown>;\n  };\n  uiDisplay?: IdxContextUIDisplay\n  app: {\n    type: string;\n    value: Record<string, unknown>;\n  };\n  messages?: IdxMessages;\n  success?: IdxRemediation;\n  failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n  type: string;\n  value: {\n    label?: string;\n    buttonLabel?: string;\n  }\n}\n\nexport interface IdxMessage {\n  message: string;\n  class: string;\n  i18n: {\n    key: string;\n    params?: unknown[];\n  };\n}\n\nexport interface IdxMessages {\n  type: 'array';\n  value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n  version: string;\n  stateHandle: string;\n  intent?: string;\n  expiresAt?: string;\n  remediation?: {\n    type: 'array';\n    value: IdxRemediation[];\n  };\n  messages?: IdxMessages;\n  success?: boolean;\n  successWithInteractionCode?: IdxRemediation;\n  currentAuthenticator?: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  currentAuthenticatorEnrollment?: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n  return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n  [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n  [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n  interactionHandle?: string;\n  withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n  (params: IdxActionParams): Promise<IdxResponse>;\n  neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  toPersist: IdxToPersist;\n  context?: IdxContext;\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n  return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;;AAqMA;;AAuBO,SAASA,gBAAgB,CAACC,GAAQ,EAAyB;EAChE,OAAOA,GAAG,IAAIA,GAAG,CAACC,OAAO;AAC3B;AAgCO,SAASC,aAAa,CAACF,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAW,CAAC;AACjD"}

package/cjs/idx/types/options.js.map

@@ -1 +1 @@
-{"version":3,"file":"options.js","names":[],"sources":["../../../../lib/idx/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { RemediationFlow } from '../flow';\nimport { RemediateAction } from '../remediate';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  AuthenticatorVerificationDataValues,\n  EnrollProfileValues,\n  ResetAuthenticatorValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SkipValues,\n  EnrollPollValues as EnrollPollOptions,\n  SelectEnrollmentChannelValues as SelectEnrollmentChannelOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n} from '../remediators';\nimport { IdxTransactionMeta } from './meta';\nimport { OktaAuthCoreOptions } from '../../core/types';\nimport { TransactionMetaOptions } from '../../oidc/types';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\n\nexport interface IdxOptions {\n  flow?: FlowIdentifier;\n  exchangeCodeForTokens?: boolean;\n  autoRemediate?: boolean;\n  step?: string;\n  withCredentials?: boolean;\n}\n\nexport interface InteractOptions extends IdxOptions {\n  state?: string;\n  scopes?: string[];\n  codeChallenge?: string;\n  codeChallengeMethod?: string;\n  activationToken?: string;\n  recoveryToken?: string;\n  clientSecret?: string;\n  maxAge?: string | number;\n  acrValues?: string;\n  nonce?: string;\n}\n\nexport interface IntrospectOptions extends IdxOptions {\n  interactionHandle?: string;\n  stateHandle?: string;\n  version?: string;\n}\n\nexport interface RemediateOptions extends IdxOptions {\n  remediators?: RemediationFlow;\n  actions?: RemediateAction[];\n  useGenericRemediator?: boolean; // beta\n}\n\nexport interface RunOptions extends RemediateOptions, InteractOptions, IntrospectOptions {}\n\nexport interface AuthenticationOptions extends\n  RunOptions, \n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  SelectAuthenticatorEnrollValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  EnrollAuthenticatorValues\n{}\n\nexport interface RegistrationOptions extends\n  RunOptions,\n  IdentifyValues,\n  EnrollProfileValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SkipValues\n{}\n\nexport interface PasswordRecoveryOptions extends \n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ResetAuthenticatorValues,\n  AuthenticatorVerificationDataValues,\n  ReEnrollAuthenticatorValues\n{}\n\nexport interface AccountUnlockOptions extends\n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  AuthenticatorVerificationDataValues\n{}\n\nexport interface ProceedOptions extends\n  AuthenticationOptions,\n  RegistrationOptions,\n  PasswordRecoveryOptions,\n  AccountUnlockOptions,\n  EnrollPollOptions,\n  SelectEnrollmentChannelOptions\n{}\n\nexport type CancelOptions = IdxOptions\n\nexport type StartOptions = RunOptions\n\nexport interface IdxTransactionMetaOptions\n  extends TransactionMetaOptions,\n  Pick<IdxTransactionMeta,\n    'state' |\n    'codeChallenge' |\n    'codeChallengeMethod' |\n    'codeVerifier' |\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{}\n\nexport interface OktaAuthIdxOptions \n  extends OktaAuthCoreOptions,\n  Pick<IdxTransactionMeta,\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{\n    // BETA WARNING: configs in this section are subject to change without a breaking change notice\n    idx?: Pick<RunOptions,\n      'useGenericRemediator' |\n      'exchangeCodeForTokens'\n    >;\n}\n\nexport type OktaAuthIdxOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthIdxOptions>;\n"],"mappings":""}
+{"version":3,"file":"options.js","names":[],"sources":["../../../../lib/idx/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { RemediationFlow } from '../flow';\nimport { RemediateAction } from '../remediate';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  AuthenticatorVerificationDataValues,\n  EnrollProfileValues,\n  ResetAuthenticatorValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SkipValues,\n  EnrollPollValues as EnrollPollOptions,\n  SelectEnrollmentChannelValues as SelectEnrollmentChannelOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n} from '../remediators';\nimport { IdxTransactionMeta } from './meta';\nimport { OktaAuthCoreOptions } from '../../core/types';\nimport { TransactionMetaOptions } from '../../oidc/types';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\n\nexport interface IdxOptions {\n  flow?: FlowIdentifier;\n  exchangeCodeForTokens?: boolean;\n  autoRemediate?: boolean;\n  step?: string;\n  withCredentials?: boolean;\n}\n\nexport interface InteractOptions extends IdxOptions {\n  state?: string;\n  scopes?: string[];\n  codeChallenge?: string;\n  codeChallengeMethod?: string;\n  activationToken?: string;\n  recoveryToken?: string;\n  clientSecret?: string;\n  maxAge?: string | number;\n  acrValues?: string;\n  nonce?: string;\n}\n\nexport interface IntrospectOptions extends IdxOptions {\n  interactionHandle?: string;\n  stateHandle?: string;\n  version?: string;\n  useGenericRemediator?: boolean;\n}\n\nexport interface RemediateOptions extends IdxOptions {\n  remediators?: RemediationFlow;\n  actions?: RemediateAction[];\n  useGenericRemediator?: boolean; // beta\n}\n\nexport interface RunOptions extends RemediateOptions, InteractOptions, IntrospectOptions {}\n\nexport interface AuthenticationOptions extends\n  RunOptions, \n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  SelectAuthenticatorEnrollValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  EnrollAuthenticatorValues\n{}\n\nexport interface RegistrationOptions extends\n  RunOptions,\n  IdentifyValues,\n  EnrollProfileValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SkipValues\n{}\n\nexport interface PasswordRecoveryOptions extends \n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ResetAuthenticatorValues,\n  AuthenticatorVerificationDataValues,\n  ReEnrollAuthenticatorValues\n{}\n\nexport interface AccountUnlockOptions extends\n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  AuthenticatorVerificationDataValues\n{}\n\nexport interface ProceedOptions extends\n  AuthenticationOptions,\n  RegistrationOptions,\n  PasswordRecoveryOptions,\n  AccountUnlockOptions,\n  EnrollPollOptions,\n  SelectEnrollmentChannelOptions\n{}\n\nexport type CancelOptions = IdxOptions\n\nexport type StartOptions = RunOptions\n\nexport interface IdxTransactionMetaOptions\n  extends TransactionMetaOptions,\n  Pick<IdxTransactionMeta,\n    'state' |\n    'codeChallenge' |\n    'codeChallengeMethod' |\n    'codeVerifier' |\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{}\n\nexport interface OktaAuthIdxOptions \n  extends OktaAuthCoreOptions,\n  Pick<IdxTransactionMeta,\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{\n    // BETA WARNING: configs in this section are subject to change without a breaking change notice\n    idx?: Pick<RunOptions,\n      'useGenericRemediator' |\n      'exchangeCodeForTokens'\n    >;\n}\n\nexport type OktaAuthIdxOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthIdxOptions>;\n"],"mappings":""}

package/cjs/oidc/TokenManager.js

@@ -341,7 +341,15 @@ class TokenManager {
     }
     try {
       var token = this.getSync(key);
-      if (!token) {
+      let shouldRenew = token !== undefined;
+      // explicitly check if key='accessToken' because token keys are not guaranteed (long story, features dragons)
+      if (!token && key === 'accessToken') {
+        // attempt token renewal if refresh token is present (improves consistency of autoRenew)
+        const refreshKey = this.getStorageKeyByType('refreshToken');
+        const refreshToken = this.getSync(refreshKey);
+        shouldRenew = refreshToken !== undefined;
+      }
+      if (!shouldRenew) {
         throw new _errors.AuthSdkError('The tokenManager has no token for the key: ' + key);
       }
     } catch (err) {
@@ -357,6 +365,14 @@ class TokenManager {
     const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens().then(tokens => {
       this.setTokens(tokens);
 
+      // return accessToken in case where access token doesn't exist
+      // but refresh token exists
+      if (!token && key === 'accessToken') {
+        const accessToken = tokens['accessToken'];
+        this.emitRenewed(key, accessToken, null);
+        return accessToken;
+      }
+
       // resolve token based on the key
       const tokenType = this.getTokenType(token);
       return tokens[tokenType];