@okta/okta-auth-js 7.6.0 → 7.7.1

package/cjs/http/request.js.map

@@ -1 +1 @@
-{"version":3,"file":"request.js","names":["parseInsufficientAuthenticationError","header","AuthSdkError","split","map","part","trim","reduce","acc","curr","replace","formatError","sdk","error","Error","AuthApiError","errorSummary","message","resp","err","serverErr","responseText","isString","JSON","parse","e","status","options","transformErrorXHR","clone","error_description","OAuthError","headers","max_age","acr_values","errorCauses","httpRequest","httpRequestInterceptors","interceptor","url","method","args","saveAuthnState","accessToken","withCredentials","storageUtil","storage","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","Promise","resolve","response","oktaUserAgentHeader","_oktaUserAgent","getHttpHeader","Object","assign","removeNils","ajaxOptions","data","undefined","res","httpRequestClient","then","Array","isArray","forEach","item","stateToken","delete","STATE_TOKEN_KEY_NAME","set","updateStorage","Math","floor","DEFAULT_CACHE_DURATION","catch","errorCode","get","isAbsoluteUrl","getIssuerOrigin","getOptions","post","postOptions"],"sources":["../../../lib/http/request.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport { STATE_TOKEN_KEY_NAME, DEFAULT_CACHE_DURATION } from '../constants';\nimport {\n  OktaAuthHttpInterface,\n  RequestOptions,\n  FetchOptions,\n  RequestData,\n  HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, AuthSdkError, APIError } from '../errors';\n\ntype InsufficientAuthenticationError = {\n  error: string;\n  // eslint-disable-next-line camelcase\n  error_description: string;\n  // eslint-disable-next-line camelcase\n  max_age: string;\n  // eslint-disable-next-line camelcase\n  acr_values: string;\n};\n\nconst parseInsufficientAuthenticationError = (\n  header: string\n): InsufficientAuthenticationError => {\n  if (!header) {\n    throw new AuthSdkError('Missing header string');\n  }\n\n  return header\n    .split(',')\n    .map(part => part.trim())\n    .map(part => part.split('='))\n    .reduce((acc, curr) => {\n      // unwrap quotes from value\n      acc[curr[0]] = curr[1].replace(/^\"(.*)\"$/, '$1');\n      return acc;\n    }, {}) as InsufficientAuthenticationError;\n};\n\nconst formatError = (sdk: OktaAuthHttpInterface, error: HttpResponse | Error): AuthApiError | OAuthError => {\n  if (error instanceof Error) {\n    // fetch() can throw exceptions\n    // see https://developer.mozilla.org/en-US/docs/Web/API/fetch#exceptions\n    return new AuthApiError({\n      errorSummary: error.message,\n    });\n  }\n\n  let resp: HttpResponse = error;\n  let err: AuthApiError | OAuthError;\n  let serverErr: Record<string, any> = {};\n  if (resp.responseText && isString(resp.responseText)) {\n    try {\n      serverErr = JSON.parse(resp.responseText);\n    } catch (e) {\n      serverErr = {\n        errorSummary: 'Unknown error'\n      };\n    }\n  }\n\n  if (resp.status >= 500) {\n    serverErr.errorSummary = 'Unknown error';\n  }\n\n  if (sdk.options.transformErrorXHR) {\n    resp = sdk.options.transformErrorXHR(clone(resp));\n  }\n\n  if (serverErr.error && serverErr.error_description) {\n    err = new OAuthError(serverErr.error, serverErr.error_description);\n  } else {\n    err = new AuthApiError(serverErr as APIError, resp);\n  }\n\n  if (resp?.status === 403 && !!resp?.headers?.['www-authenticate']) {\n    const { \n      error, \n      // eslint-disable-next-line camelcase\n      error_description,\n      // eslint-disable-next-line camelcase\n      max_age,\n      // eslint-disable-next-line camelcase\n      acr_values \n    } = parseInsufficientAuthenticationError(resp?.headers?.['www-authenticate']);\n    if (error === 'insufficient_authentication_context') {\n      err = new AuthApiError(\n        { \n          errorSummary: error,\n          // eslint-disable-next-line camelcase\n          errorCauses: [{ errorSummary: error_description }]\n        }, \n        resp, \n        {\n          // eslint-disable-next-line camelcase\n          max_age: +max_age,\n          // eslint-disable-next-line camelcase\n          ...(acr_values && { acr_values })\n        }\n      );\n    }\n  }\n\n  return err;\n};\n\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n  options = options || {};\n\n  if (sdk.options.httpRequestInterceptors) {\n    for (const interceptor of sdk.options.httpRequestInterceptors) {\n      interceptor(options);\n    }\n  }\n\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials === true, // default value is false\n      storageUtil = sdk.options.storageUtil,\n      storage = storageUtil!.storage,\n      httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url as string];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n  var headers: HeadersInit = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    ...oktaUserAgentHeader\n  };\n  Object.assign(headers, sdk.options.headers, options.headers);\n  headers = removeNils(headers) as HeadersInit;\n\n  if (accessToken && isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions: FetchOptions = {\n    headers,\n    data: args || undefined,\n    withCredentials\n  };\n\n  var err, res;\n  return sdk.options.httpRequestClient!(method!, url!, ajaxOptions)\n    .then(function(resp) {\n      res = resp.responseText;\n      if (res && isString(res)) {\n        res = JSON.parse(res);\n        if (res && typeof res === 'object' && !res.headers) {\n          if (Array.isArray(res)) {\n            res.forEach(item => {\n              item.headers = resp.headers;\n            });\n          } else {\n            res.headers = resp.headers;\n          }\n        }\n      }\n\n      if (saveAuthnState) {\n        if (!res.stateToken) {\n          storage.delete(STATE_TOKEN_KEY_NAME);\n        }\n      }\n\n      if (res && res.stateToken && res.expiresAt) {\n        storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n      }\n\n      if (res && options.cacheResponse) {\n        httpCache.updateStorage(url!, {\n          expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n          response: res\n        });\n      }\n      \n      return res;\n    })\n    .catch(function(resp) {\n      err = formatError(sdk, resp);\n\n      if (err.errorCode === 'E0000011') {\n        storage.delete(STATE_TOKEN_KEY_NAME);\n      }\n\n      throw err;\n    });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  Object.assign(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  Object.assign(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n"],"mappings":";;;;;AAeA;AACA;AAQA;AAxBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAsBA,MAAMA,oCAAoC,GACxCC,MAAc,IACsB;EACpC,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAIC,oBAAY,CAAC,uBAAuB,CAAC;EACjD;EAEA,OAAOD,MAAM,CACVE,KAAK,CAAC,GAAG,CAAC,CACVC,GAAG,CAACC,IAAI,IAAIA,IAAI,CAACC,IAAI,EAAE,CAAC,CACxBF,GAAG,CAACC,IAAI,IAAIA,IAAI,CAACF,KAAK,CAAC,GAAG,CAAC,CAAC,CAC5BI,MAAM,CAAC,CAACC,GAAG,EAAEC,IAAI,KAAK;IACrB;IACAD,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAGA,IAAI,CAAC,CAAC,CAAC,CAACC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC;IAChD,OAAOF,GAAG;EACZ,CAAC,EAAE,CAAC,CAAC,CAAC;AACV,CAAC;AAED,MAAMG,WAAW,GAAG,CAACC,GAA0B,EAAEC,KAA2B,KAAgC;EAC1G,IAAIA,KAAK,YAAYC,KAAK,EAAE;IAC1B;IACA;IACA,OAAO,IAAIC,oBAAY,CAAC;MACtBC,YAAY,EAAEH,KAAK,CAACI;IACtB,CAAC,CAAC;EACJ;EAEA,IAAIC,IAAkB,GAAGL,KAAK;EAC9B,IAAIM,GAA8B;EAClC,IAAIC,SAA8B,GAAG,CAAC,CAAC;EACvC,IAAIF,IAAI,CAACG,YAAY,IAAI,IAAAC,cAAQ,EAACJ,IAAI,CAACG,YAAY,CAAC,EAAE;IACpD,IAAI;MACFD,SAAS,GAAGG,IAAI,CAACC,KAAK,CAACN,IAAI,CAACG,YAAY,CAAC;IAC3C,CAAC,CAAC,OAAOI,CAAC,EAAE;MACVL,SAAS,GAAG;QACVJ,YAAY,EAAE;MAChB,CAAC;IACH;EACF;EAEA,IAAIE,IAAI,CAACQ,MAAM,IAAI,GAAG,EAAE;IACtBN,SAAS,CAACJ,YAAY,GAAG,eAAe;EAC1C;EAEA,IAAIJ,GAAG,CAACe,OAAO,CAACC,iBAAiB,EAAE;IACjCV,IAAI,GAAGN,GAAG,CAACe,OAAO,CAACC,iBAAiB,CAAC,IAAAC,WAAK,EAACX,IAAI,CAAC,CAAC;EACnD;EAEA,IAAIE,SAAS,CAACP,KAAK,IAAIO,SAAS,CAACU,iBAAiB,EAAE;IAClDX,GAAG,GAAG,IAAIY,kBAAU,CAACX,SAAS,CAACP,KAAK,EAAEO,SAAS,CAACU,iBAAiB,CAAC;EACpE,CAAC,MAAM;IACLX,GAAG,GAAG,IAAIJ,oBAAY,CAACK,SAAS,EAAcF,IAAI,CAAC;EACrD;EAEA,IAAIA,IAAI,EAAEQ,MAAM,KAAK,GAAG,IAAI,CAAC,CAACR,IAAI,EAAEc,OAAO,GAAG,kBAAkB,CAAC,EAAE;IACjE,MAAM;MACJnB,KAAK;MACL;MACAiB,iBAAiB;MACjB;MACAG,OAAO;MACP;MACAC;IACF,CAAC,GAAGlC,oCAAoC,CAACkB,IAAI,EAAEc,OAAO,GAAG,kBAAkB,CAAC,CAAC;IAC7E,IAAInB,KAAK,KAAK,qCAAqC,EAAE;MACnDM,GAAG,GAAG,IAAIJ,oBAAY,CACpB;QACEC,YAAY,EAAEH,KAAK;QACnB;QACAsB,WAAW,EAAE,CAAC;UAAEnB,YAAY,EAAEc;QAAkB,CAAC;MACnD,CAAC,EACDZ,IAAI,EACJ;QACE;QACAe,OAAO,EAAE,CAACA,OAAO;QACjB;QACA,IAAIC,UAAU,IAAI;UAAEA;QAAW,CAAC;MAClC,CAAC,CACF;IACH;EACF;EAEA,OAAOf,GAAG;AACZ,CAAC;AAEM,SAASiB,WAAW,CAACxB,GAA0B,EAAEe,OAAuB,EAAgB;EAC7FA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EAEvB,IAAIf,GAAG,CAACe,OAAO,CAACU,uBAAuB,EAAE;IACvC,KAAK,MAAMC,WAAW,IAAI1B,GAAG,CAACe,OAAO,CAACU,uBAAuB,EAAE;MAC7DC,WAAW,CAACX,OAAO,CAAC;IACtB;EACF;EAEA,IAAIY,GAAG,GAAGZ,OAAO,CAACY,GAAG;IACjBC,MAAM,GAAGb,OAAO,CAACa,MAAM;IACvBC,IAAI,GAAGd,OAAO,CAACc,IAAI;IACnBC,cAAc,GAAGf,OAAO,CAACe,cAAc;IACvCC,WAAW,GAAGhB,OAAO,CAACgB,WAAW;IACjCC,eAAe,GAAGjB,OAAO,CAACiB,eAAe,KAAK,IAAI;IAAE;IACpDC,WAAW,GAAGjC,GAAG,CAACe,OAAO,CAACkB,WAAW;IACrCC,OAAO,GAAGD,WAAW,CAAEC,OAAO;IAC9BC,SAAS,GAAGnC,GAAG,CAACoC,cAAc,CAACC,YAAY,CAACrC,GAAG,CAACe,OAAO,CAACuB,OAAO,CAAC;EAEpE,IAAIvB,OAAO,CAACwB,aAAa,EAAE;IACzB,IAAIC,aAAa,GAAGL,SAAS,CAACM,UAAU,EAAE;IAC1C,IAAIC,cAAc,GAAGF,aAAa,CAACb,GAAG,CAAW;IACjD,IAAIe,cAAc,IAAIC,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,GAAGF,cAAc,CAACG,SAAS,EAAE;MAChE,OAAOC,OAAO,CAACC,OAAO,CAACL,cAAc,CAACM,QAAQ,CAAC;IACjD;EACF;EAEA,IAAIC,mBAAmB,GAAGjD,GAAG,CAACkD,cAAc,CAACC,aAAa,EAAE;EAC5D,IAAI/B,OAAoB,GAAG;IACzB,QAAQ,EAAE,kBAAkB;IAC5B,cAAc,EAAE,kBAAkB;IAClC,GAAG6B;EACL,CAAC;EACDG,MAAM,CAACC,MAAM,CAACjC,OAAO,EAAEpB,GAAG,CAACe,OAAO,CAACK,OAAO,EAAEL,OAAO,CAACK,OAAO,CAAC;EAC5DA,OAAO,GAAG,IAAAkC,gBAAU,EAAClC,OAAO,CAAgB;EAE5C,IAAIW,WAAW,IAAI,IAAArB,cAAQ,EAACqB,WAAW,CAAC,EAAE;IACxCX,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,GAAGW,WAAW;EACpD;EAEA,IAAIwB,WAAyB,GAAG;IAC9BnC,OAAO;IACPoC,IAAI,EAAE3B,IAAI,IAAI4B,SAAS;IACvBzB;EACF,CAAC;EAED,IAAIzB,GAAG,EAAEmD,GAAG;EACZ,OAAO1D,GAAG,CAACe,OAAO,CAAC4C,iBAAiB,CAAE/B,MAAM,EAAGD,GAAG,EAAG4B,WAAW,CAAC,CAC9DK,IAAI,CAAC,UAAStD,IAAI,EAAE;IACnBoD,GAAG,GAAGpD,IAAI,CAACG,YAAY;IACvB,IAAIiD,GAAG,IAAI,IAAAhD,cAAQ,EAACgD,GAAG,CAAC,EAAE;MACxBA,GAAG,GAAG/C,IAAI,CAACC,KAAK,CAAC8C,GAAG,CAAC;MACrB,IAAIA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,IAAI,CAACA,GAAG,CAACtC,OAAO,EAAE;QAClD,IAAIyC,KAAK,CAACC,OAAO,CAACJ,GAAG,CAAC,EAAE;UACtBA,GAAG,CAACK,OAAO,CAACC,IAAI,IAAI;YAClBA,IAAI,CAAC5C,OAAO,GAAGd,IAAI,CAACc,OAAO;UAC7B,CAAC,CAAC;QACJ,CAAC,MAAM;UACLsC,GAAG,CAACtC,OAAO,GAAGd,IAAI,CAACc,OAAO;QAC5B;MACF;IACF;IAEA,IAAIU,cAAc,EAAE;MAClB,IAAI,CAAC4B,GAAG,CAACO,UAAU,EAAE;QACnB/B,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;MACtC;IACF;IAEA,IAAIT,GAAG,IAAIA,GAAG,CAACO,UAAU,IAAIP,GAAG,CAACb,SAAS,EAAE;MAC1CX,OAAO,CAACkC,GAAG,CAACD,+BAAoB,EAAET,GAAG,CAACO,UAAU,EAAEP,GAAG,CAACb,SAAS,EAAE7C,GAAG,CAACe,OAAO,CAACuB,OAAO,CAAE;IACxF;IAEA,IAAIoB,GAAG,IAAI3C,OAAO,CAACwB,aAAa,EAAE;MAChCJ,SAAS,CAACkC,aAAa,CAAC1C,GAAG,EAAG;QAC5BkB,SAAS,EAAEyB,IAAI,CAACC,KAAK,CAAC5B,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,CAAC,GAAG4B,iCAAsB;QAC/DxB,QAAQ,EAAEU;MACZ,CAAC,CAAC;IACJ;IAEA,OAAOA,GAAG;EACZ,CAAC,CAAC,CACDe,KAAK,CAAC,UAASnE,IAAI,EAAE;IACpBC,GAAG,GAAGR,WAAW,CAACC,GAAG,EAAEM,IAAI,CAAC;IAE5B,IAAIC,GAAG,CAACmE,SAAS,KAAK,UAAU,EAAE;MAChCxC,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;IACtC;IAEA,MAAM5D,GAAG;EACX,CAAC,CAAC;AACN;AAEO,SAASoE,GAAG,CAAC3E,GAA0B,EAAE2B,GAAW,EAAEZ,OAAwB,EAAE;EACrFY,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAG3B,GAAG,CAAC6E,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAImD,UAAU,GAAG;IACfnD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE;EACV,CAAC;EACDwB,MAAM,CAACC,MAAM,CAACyB,UAAU,EAAE/D,OAAO,CAAC;EAClC,OAAOS,WAAW,CAACxB,GAAG,EAAE8E,UAAU,CAAC;AACrC;AAEO,SAASC,IAAI,CAAC/E,GAA0B,EAAE2B,GAAW,EAAEE,IAAkB,EAAEd,OAAwB,EAAE;EAC1GY,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAG3B,GAAG,CAAC6E,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAIqD,WAAW,GAAG;IAChBrD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE,MAAM;IACdC,IAAI,EAAEA,IAAI;IACVC,cAAc,EAAE;EAClB,CAAC;EACDsB,MAAM,CAACC,MAAM,CAAC2B,WAAW,EAAEjE,OAAO,CAAC;EACnC,OAAOS,WAAW,CAACxB,GAAG,EAAEgF,WAAW,CAAC;AACtC"}
+{"version":3,"file":"request.js","names":["formatError","sdk","error","Error","AuthApiError","errorSummary","message","resp","err","serverErr","responseText","isString","JSON","parse","e","status","options","transformErrorXHR","clone","wwwAuthHeader","WWWAuthError","getWWWAuthenticateHeader","headers","error_description","OAuthError","wwwAuthErr","parseHeader","max_age","acr_values","parameters","errorCauses","errorDescription","scheme","httpRequest","httpRequestInterceptors","interceptor","url","method","args","saveAuthnState","accessToken","withCredentials","storageUtil","storage","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","Promise","resolve","response","oktaUserAgentHeader","_oktaUserAgent","getHttpHeader","Object","assign","removeNils","ajaxOptions","data","undefined","res","httpRequestClient","then","Array","isArray","forEach","item","stateToken","delete","STATE_TOKEN_KEY_NAME","set","updateStorage","Math","floor","DEFAULT_CACHE_DURATION","catch","errorCode","get","isAbsoluteUrl","getIssuerOrigin","getOptions","post","postOptions"],"sources":["../../../lib/http/request.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport { STATE_TOKEN_KEY_NAME, DEFAULT_CACHE_DURATION } from '../constants';\nimport {\n  OktaAuthHttpInterface,\n  RequestOptions,\n  FetchOptions,\n  RequestData,\n  HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, APIError, WWWAuthError } from '../errors';\n\n\nconst formatError = (sdk: OktaAuthHttpInterface, error: HttpResponse | Error): AuthApiError | OAuthError => {\n  if (error instanceof Error) {\n    // fetch() can throw exceptions\n    // see https://developer.mozilla.org/en-US/docs/Web/API/fetch#exceptions\n    return new AuthApiError({\n      errorSummary: error.message,\n    });\n  }\n\n  let resp: HttpResponse = error;\n  let err: AuthApiError | OAuthError | WWWAuthError;\n  let serverErr: Record<string, any> = {};\n  if (resp.responseText && isString(resp.responseText)) {\n    try {\n      serverErr = JSON.parse(resp.responseText);\n    } catch (e) {\n      serverErr = {\n        errorSummary: 'Unknown error'\n      };\n    }\n  }\n\n  if (resp.status >= 500) {\n    serverErr.errorSummary = 'Unknown error';\n  }\n\n  if (sdk.options.transformErrorXHR) {\n    resp = sdk.options.transformErrorXHR(clone(resp));\n  }\n\n  // \n  const wwwAuthHeader = WWWAuthError.getWWWAuthenticateHeader(resp?.headers) ?? '';\n\n  if (serverErr.error && serverErr.error_description) {\n    err = new OAuthError(serverErr.error, serverErr.error_description, resp);\n  } else {\n    err = new AuthApiError(serverErr as APIError, resp, { wwwAuthHeader });\n  }\n\n  if (wwwAuthHeader && resp?.status >= 400 && resp?.status < 500) {\n    const wwwAuthErr = WWWAuthError.parseHeader(wwwAuthHeader);\n    // check for 403 to avoid breaking change\n    if (resp.status === 403 && wwwAuthErr?.error === 'insufficient_authentication_context') {\n      // eslint-disable-next-line camelcase\n      const { max_age, acr_values } = wwwAuthErr.parameters;\n      err = new AuthApiError(\n        {\n          errorSummary: wwwAuthErr.error,\n          errorCauses: [{ errorSummary: wwwAuthErr.errorDescription }]\n        },\n        resp,\n        {\n          // eslint-disable-next-line camelcase\n          max_age: +max_age,\n          // eslint-disable-next-line camelcase\n          ...(acr_values && { acr_values })\n        }\n      );\n    }\n    else if (wwwAuthErr?.scheme === 'DPoP') {\n      err = wwwAuthErr;\n    }\n    // else {\n    //   // WWWAuthError.parseHeader may return null, only overwrite if !null\n    //   err = wwwAuthErr ?? err;\n    // }\n  }\n\n  return err;\n};\n\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n  options = options || {};\n\n  if (sdk.options.httpRequestInterceptors) {\n    for (const interceptor of sdk.options.httpRequestInterceptors) {\n      interceptor(options);\n    }\n  }\n\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials === true, // default value is false\n      storageUtil = sdk.options.storageUtil,\n      storage = storageUtil!.storage,\n      httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url as string];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n  var headers: HeadersInit = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    ...oktaUserAgentHeader\n  };\n  Object.assign(headers, sdk.options.headers, options.headers);\n  headers = removeNils(headers) as HeadersInit;\n\n  if (accessToken && isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions: FetchOptions = {\n    headers,\n    data: args || undefined,\n    withCredentials\n  };\n\n  var err, res;\n  return sdk.options.httpRequestClient!(method!, url!, ajaxOptions)\n    .then(function(resp) {\n      res = resp.responseText;\n      if (res && isString(res)) {\n        res = JSON.parse(res);\n        if (res && typeof res === 'object' && !res.headers) {\n          if (Array.isArray(res)) {\n            res.forEach(item => {\n              item.headers = resp.headers;\n            });\n          } else {\n            res.headers = resp.headers;\n          }\n        }\n      }\n\n      if (saveAuthnState) {\n        if (!res.stateToken) {\n          storage.delete(STATE_TOKEN_KEY_NAME);\n        }\n      }\n\n      if (res && res.stateToken && res.expiresAt) {\n        storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n      }\n\n      if (res && options.cacheResponse) {\n        httpCache.updateStorage(url!, {\n          expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n          response: res\n        });\n      }\n      \n      return res;\n    })\n    .catch(function(resp) {\n      err = formatError(sdk, resp);\n\n      if (err.errorCode === 'E0000011') {\n        storage.delete(STATE_TOKEN_KEY_NAME);\n      }\n\n      throw err;\n    });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  Object.assign(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  Object.assign(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n"],"mappings":";;;;;AAeA;AACA;AAQA;AAxBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAaA,MAAMA,WAAW,GAAG,CAACC,GAA0B,EAAEC,KAA2B,KAAgC;EAC1G,IAAIA,KAAK,YAAYC,KAAK,EAAE;IAC1B;IACA;IACA,OAAO,IAAIC,oBAAY,CAAC;MACtBC,YAAY,EAAEH,KAAK,CAACI;IACtB,CAAC,CAAC;EACJ;EAEA,IAAIC,IAAkB,GAAGL,KAAK;EAC9B,IAAIM,GAA6C;EACjD,IAAIC,SAA8B,GAAG,CAAC,CAAC;EACvC,IAAIF,IAAI,CAACG,YAAY,IAAI,IAAAC,cAAQ,EAACJ,IAAI,CAACG,YAAY,CAAC,EAAE;IACpD,IAAI;MACFD,SAAS,GAAGG,IAAI,CAACC,KAAK,CAACN,IAAI,CAACG,YAAY,CAAC;IAC3C,CAAC,CAAC,OAAOI,CAAC,EAAE;MACVL,SAAS,GAAG;QACVJ,YAAY,EAAE;MAChB,CAAC;IACH;EACF;EAEA,IAAIE,IAAI,CAACQ,MAAM,IAAI,GAAG,EAAE;IACtBN,SAAS,CAACJ,YAAY,GAAG,eAAe;EAC1C;EAEA,IAAIJ,GAAG,CAACe,OAAO,CAACC,iBAAiB,EAAE;IACjCV,IAAI,GAAGN,GAAG,CAACe,OAAO,CAACC,iBAAiB,CAAC,IAAAC,WAAK,EAACX,IAAI,CAAC,CAAC;EACnD;;EAEA;EACA,MAAMY,aAAa,GAAGC,oBAAY,CAACC,wBAAwB,CAACd,IAAI,EAAEe,OAAO,CAAC,IAAI,EAAE;EAEhF,IAAIb,SAAS,CAACP,KAAK,IAAIO,SAAS,CAACc,iBAAiB,EAAE;IAClDf,GAAG,GAAG,IAAIgB,kBAAU,CAACf,SAAS,CAACP,KAAK,EAAEO,SAAS,CAACc,iBAAiB,EAAEhB,IAAI,CAAC;EAC1E,CAAC,MAAM;IACLC,GAAG,GAAG,IAAIJ,oBAAY,CAACK,SAAS,EAAcF,IAAI,EAAE;MAAEY;IAAc,CAAC,CAAC;EACxE;EAEA,IAAIA,aAAa,IAAIZ,IAAI,EAAEQ,MAAM,IAAI,GAAG,IAAIR,IAAI,EAAEQ,MAAM,GAAG,GAAG,EAAE;IAC9D,MAAMU,UAAU,GAAGL,oBAAY,CAACM,WAAW,CAACP,aAAa,CAAC;IAC1D;IACA,IAAIZ,IAAI,CAACQ,MAAM,KAAK,GAAG,IAAIU,UAAU,EAAEvB,KAAK,KAAK,qCAAqC,EAAE;MACtF;MACA,MAAM;QAAEyB,OAAO;QAAEC;MAAW,CAAC,GAAGH,UAAU,CAACI,UAAU;MACrDrB,GAAG,GAAG,IAAIJ,oBAAY,CACpB;QACEC,YAAY,EAAEoB,UAAU,CAACvB,KAAK;QAC9B4B,WAAW,EAAE,CAAC;UAAEzB,YAAY,EAAEoB,UAAU,CAACM;QAAiB,CAAC;MAC7D,CAAC,EACDxB,IAAI,EACJ;QACE;QACAoB,OAAO,EAAE,CAACA,OAAO;QACjB;QACA,IAAIC,UAAU,IAAI;UAAEA;QAAW,CAAC;MAClC,CAAC,CACF;IACH,CAAC,MACI,IAAIH,UAAU,EAAEO,MAAM,KAAK,MAAM,EAAE;MACtCxB,GAAG,GAAGiB,UAAU;IAClB;IACA;IACA;IACA;IACA;EACF;;EAEA,OAAOjB,GAAG;AACZ,CAAC;AAEM,SAASyB,WAAW,CAAChC,GAA0B,EAAEe,OAAuB,EAAgB;EAC7FA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EAEvB,IAAIf,GAAG,CAACe,OAAO,CAACkB,uBAAuB,EAAE;IACvC,KAAK,MAAMC,WAAW,IAAIlC,GAAG,CAACe,OAAO,CAACkB,uBAAuB,EAAE;MAC7DC,WAAW,CAACnB,OAAO,CAAC;IACtB;EACF;EAEA,IAAIoB,GAAG,GAAGpB,OAAO,CAACoB,GAAG;IACjBC,MAAM,GAAGrB,OAAO,CAACqB,MAAM;IACvBC,IAAI,GAAGtB,OAAO,CAACsB,IAAI;IACnBC,cAAc,GAAGvB,OAAO,CAACuB,cAAc;IACvCC,WAAW,GAAGxB,OAAO,CAACwB,WAAW;IACjCC,eAAe,GAAGzB,OAAO,CAACyB,eAAe,KAAK,IAAI;IAAE;IACpDC,WAAW,GAAGzC,GAAG,CAACe,OAAO,CAAC0B,WAAW;IACrCC,OAAO,GAAGD,WAAW,CAAEC,OAAO;IAC9BC,SAAS,GAAG3C,GAAG,CAAC4C,cAAc,CAACC,YAAY,CAAC7C,GAAG,CAACe,OAAO,CAAC+B,OAAO,CAAC;EAEpE,IAAI/B,OAAO,CAACgC,aAAa,EAAE;IACzB,IAAIC,aAAa,GAAGL,SAAS,CAACM,UAAU,EAAE;IAC1C,IAAIC,cAAc,GAAGF,aAAa,CAACb,GAAG,CAAW;IACjD,IAAIe,cAAc,IAAIC,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,GAAGF,cAAc,CAACG,SAAS,EAAE;MAChE,OAAOC,OAAO,CAACC,OAAO,CAACL,cAAc,CAACM,QAAQ,CAAC;IACjD;EACF;EAEA,IAAIC,mBAAmB,GAAGzD,GAAG,CAAC0D,cAAc,CAACC,aAAa,EAAE;EAC5D,IAAItC,OAAoB,GAAG;IACzB,QAAQ,EAAE,kBAAkB;IAC5B,cAAc,EAAE,kBAAkB;IAClC,GAAGoC;EACL,CAAC;EACDG,MAAM,CAACC,MAAM,CAACxC,OAAO,EAAErB,GAAG,CAACe,OAAO,CAACM,OAAO,EAAEN,OAAO,CAACM,OAAO,CAAC;EAC5DA,OAAO,GAAG,IAAAyC,gBAAU,EAACzC,OAAO,CAAgB;EAE5C,IAAIkB,WAAW,IAAI,IAAA7B,cAAQ,EAAC6B,WAAW,CAAC,EAAE;IACxClB,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,GAAGkB,WAAW;EACpD;EAEA,IAAIwB,WAAyB,GAAG;IAC9B1C,OAAO;IACP2C,IAAI,EAAE3B,IAAI,IAAI4B,SAAS;IACvBzB;EACF,CAAC;EAED,IAAIjC,GAAG,EAAE2D,GAAG;EACZ,OAAOlE,GAAG,CAACe,OAAO,CAACoD,iBAAiB,CAAE/B,MAAM,EAAGD,GAAG,EAAG4B,WAAW,CAAC,CAC9DK,IAAI,CAAC,UAAS9D,IAAI,EAAE;IACnB4D,GAAG,GAAG5D,IAAI,CAACG,YAAY;IACvB,IAAIyD,GAAG,IAAI,IAAAxD,cAAQ,EAACwD,GAAG,CAAC,EAAE;MACxBA,GAAG,GAAGvD,IAAI,CAACC,KAAK,CAACsD,GAAG,CAAC;MACrB,IAAIA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,IAAI,CAACA,GAAG,CAAC7C,OAAO,EAAE;QAClD,IAAIgD,KAAK,CAACC,OAAO,CAACJ,GAAG,CAAC,EAAE;UACtBA,GAAG,CAACK,OAAO,CAACC,IAAI,IAAI;YAClBA,IAAI,CAACnD,OAAO,GAAGf,IAAI,CAACe,OAAO;UAC7B,CAAC,CAAC;QACJ,CAAC,MAAM;UACL6C,GAAG,CAAC7C,OAAO,GAAGf,IAAI,CAACe,OAAO;QAC5B;MACF;IACF;IAEA,IAAIiB,cAAc,EAAE;MAClB,IAAI,CAAC4B,GAAG,CAACO,UAAU,EAAE;QACnB/B,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;MACtC;IACF;IAEA,IAAIT,GAAG,IAAIA,GAAG,CAACO,UAAU,IAAIP,GAAG,CAACb,SAAS,EAAE;MAC1CX,OAAO,CAACkC,GAAG,CAACD,+BAAoB,EAAET,GAAG,CAACO,UAAU,EAAEP,GAAG,CAACb,SAAS,EAAErD,GAAG,CAACe,OAAO,CAAC+B,OAAO,CAAE;IACxF;IAEA,IAAIoB,GAAG,IAAInD,OAAO,CAACgC,aAAa,EAAE;MAChCJ,SAAS,CAACkC,aAAa,CAAC1C,GAAG,EAAG;QAC5BkB,SAAS,EAAEyB,IAAI,CAACC,KAAK,CAAC5B,IAAI,CAACC,GAAG,EAAE,GAAC,IAAI,CAAC,GAAG4B,iCAAsB;QAC/DxB,QAAQ,EAAEU;MACZ,CAAC,CAAC;IACJ;IAEA,OAAOA,GAAG;EACZ,CAAC,CAAC,CACDe,KAAK,CAAC,UAAS3E,IAAI,EAAE;IACpBC,GAAG,GAAGR,WAAW,CAACC,GAAG,EAAEM,IAAI,CAAC;IAE5B,IAAIC,GAAG,CAAC2E,SAAS,KAAK,UAAU,EAAE;MAChCxC,OAAO,CAACgC,MAAM,CAACC,+BAAoB,CAAC;IACtC;IAEA,MAAMpE,GAAG;EACX,CAAC,CAAC;AACN;AAEO,SAAS4E,GAAG,CAACnF,GAA0B,EAAEmC,GAAW,EAAEpB,OAAwB,EAAE;EACrFoB,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAGnC,GAAG,CAACqF,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAImD,UAAU,GAAG;IACfnD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE;EACV,CAAC;EACDwB,MAAM,CAACC,MAAM,CAACyB,UAAU,EAAEvE,OAAO,CAAC;EAClC,OAAOiB,WAAW,CAAChC,GAAG,EAAEsF,UAAU,CAAC;AACrC;AAEO,SAASC,IAAI,CAACvF,GAA0B,EAAEmC,GAAW,EAAEE,IAAkB,EAAEtB,OAAwB,EAAE;EAC1GoB,GAAG,GAAG,IAAAiD,mBAAa,EAACjD,GAAG,CAAC,GAAGA,GAAG,GAAGnC,GAAG,CAACqF,eAAe,EAAE,GAAGlD,GAAG;EAC5D,IAAIqD,WAAW,GAAG;IAChBrD,GAAG,EAAEA,GAAG;IACRC,MAAM,EAAE,MAAM;IACdC,IAAI,EAAEA,IAAI;IACVC,cAAc,EAAE;EAClB,CAAC;EACDsB,MAAM,CAACC,MAAM,CAAC2B,WAAW,EAAEzE,OAAO,CAAC;EACnC,OAAOiB,WAAW,CAAChC,GAAG,EAAEwF,WAAW,CAAC;AACtC"}

package/cjs/idx/IdxTransactionManager.js

@@ -41,8 +41,13 @@ function createIdxTransactionManager() {
       }
       if (options) {
         const {
+          stateHandle,
           interactionHandle
         } = options;
+        // only perform this check if NOT using generic remediator
+        if (!options.useGenericRemediator && stateHandle && storedValue.stateHandle !== stateHandle) {
+          return null;
+        }
         if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {
           return null;
         }

package/cjs/idx/IdxTransactionManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"IdxTransactionManager.js","names":["createIdxTransactionManager","TransactionManager","createTransactionManager","IdxTransactionManager","constructor","options","clear","clearIdxResponse","saveIdxResponse","data","saveLastResponse","storage","storageManager","getIdxResponseStorage","setStorage","loadIdxResponse","storedValue","getStorage","isRawIdxResponse","rawIdxResponse","interactionHandle","clearStorage"],"sources":["../../../lib/idx/IdxTransactionManager.ts"],"sourcesContent":["import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { interactionHandle } = options;\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n"],"mappings":";;;AACA;AAEA;AAGO,SAASA,2BAA2B,GAM3C;EACE,MAAMC,kBAAkB,GAAG,IAAAC,4CAAwB,GAAQ;EAC3D,OAAO,MAAMC,qBAAqB,SAASF,kBAAkB,CAC7D;IACEG,WAAW,CAACC,OAAkC,EAAE;MAC9C,KAAK,CAACA,OAAO,CAAC;IAChB;IAEAC,KAAK,CAACD,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,KAAK,CAACC,KAAK,CAACD,OAAO,CAAC;MAEpB,IAAIA,OAAO,CAACE,gBAAgB,KAAK,KAAK,EAAE;QACtC,IAAI,CAACA,gBAAgB,EAAE;MACzB;IACF;IAEAC,eAAe,CAACC,IAAsB,EAAQ;MAC5C,IAAI,CAAC,IAAI,CAACC,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ;MACF;MACAA,OAAO,CAACG,UAAU,CAACL,IAAI,CAAC;IAC1B;;IAEA;IACAM,eAAe,CAACV,OAA2B,EAA2B;MACpE,IAAI,CAAC,IAAI,CAACK,gBAAgB,EAAE;QAC1B,OAAO,IAAI;MACb;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ,OAAO,IAAI;MACb;MACA,MAAMK,WAAW,GAAGL,OAAO,CAACM,UAAU,EAAE;MACxC,IAAI,CAACD,WAAW,IAAI,CAAC,IAAAE,uBAAgB,EAACF,WAAW,CAACG,cAAc,CAAC,EAAE;QACjE,OAAO,IAAI;MACb;MAEA,IAAId,OAAO,EAAE;QACX,MAAM;UAAEe;QAAkB,CAAC,GAAGf,OAAO;QACrC,IAAIe,iBAAiB,IAAIJ,WAAW,CAACI,iBAAiB,KAAKA,iBAAiB,EAAE;UAC5E,OAAO,IAAI;QACb;MACF;MAEA,OAAOJ,WAAW;IACpB;IAEAT,gBAAgB,GAAS;MACvB,IAAI,CAAC,IAAI,CAACG,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3DF,OAAO,EAAEU,YAAY,EAAE;IACzB;EACF,CAAC;AACH"}
+{"version":3,"file":"IdxTransactionManager.js","names":["createIdxTransactionManager","TransactionManager","createTransactionManager","IdxTransactionManager","constructor","options","clear","clearIdxResponse","saveIdxResponse","data","saveLastResponse","storage","storageManager","getIdxResponseStorage","setStorage","loadIdxResponse","storedValue","getStorage","isRawIdxResponse","rawIdxResponse","stateHandle","interactionHandle","useGenericRemediator","clearStorage"],"sources":["../../../lib/idx/IdxTransactionManager.ts"],"sourcesContent":["import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { stateHandle, interactionHandle } = options;\n        // only perform this check if NOT using generic remediator\n        if (!options.useGenericRemediator && stateHandle && storedValue.stateHandle !== stateHandle) {\n          return null;\n        }\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n"],"mappings":";;;AACA;AAEA;AAGO,SAASA,2BAA2B,GAM3C;EACE,MAAMC,kBAAkB,GAAG,IAAAC,4CAAwB,GAAQ;EAC3D,OAAO,MAAMC,qBAAqB,SAASF,kBAAkB,CAC7D;IACEG,WAAW,CAACC,OAAkC,EAAE;MAC9C,KAAK,CAACA,OAAO,CAAC;IAChB;IAEAC,KAAK,CAACD,OAAoC,GAAG,CAAC,CAAC,EAAE;MAC/C,KAAK,CAACC,KAAK,CAACD,OAAO,CAAC;MAEpB,IAAIA,OAAO,CAACE,gBAAgB,KAAK,KAAK,EAAE;QACtC,IAAI,CAACA,gBAAgB,EAAE;MACzB;IACF;IAEAC,eAAe,CAACC,IAAsB,EAAQ;MAC5C,IAAI,CAAC,IAAI,CAACC,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ;MACF;MACAA,OAAO,CAACG,UAAU,CAACL,IAAI,CAAC;IAC1B;;IAEA;IACAM,eAAe,CAACV,OAA2B,EAA2B;MACpE,IAAI,CAAC,IAAI,CAACK,gBAAgB,EAAE;QAC1B,OAAO,IAAI;MACb;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3D,IAAI,CAACF,OAAO,EAAE;QACZ,OAAO,IAAI;MACb;MACA,MAAMK,WAAW,GAAGL,OAAO,CAACM,UAAU,EAAE;MACxC,IAAI,CAACD,WAAW,IAAI,CAAC,IAAAE,uBAAgB,EAACF,WAAW,CAACG,cAAc,CAAC,EAAE;QACjE,OAAO,IAAI;MACb;MAEA,IAAId,OAAO,EAAE;QACX,MAAM;UAAEe,WAAW;UAAEC;QAAkB,CAAC,GAAGhB,OAAO;QAClD;QACA,IAAI,CAACA,OAAO,CAACiB,oBAAoB,IAAIF,WAAW,IAAIJ,WAAW,CAACI,WAAW,KAAKA,WAAW,EAAE;UAC3F,OAAO,IAAI;QACb;QACA,IAAIC,iBAAiB,IAAIL,WAAW,CAACK,iBAAiB,KAAKA,iBAAiB,EAAE;UAC5E,OAAO,IAAI;QACb;MACF;MAEA,OAAOL,WAAW;IACpB;IAEAT,gBAAgB,GAAS;MACvB,IAAI,CAAC,IAAI,CAACG,gBAAgB,EAAE;QAC1B;MACF;MACA,MAAMC,OAAO,GAAG,IAAI,CAACC,cAAc,CAACC,qBAAqB,EAAE;MAC3DF,OAAO,EAAEY,YAAY,EAAE;IACzB;EACF,CAAC;AACH"}

package/cjs/idx/run.js

@@ -85,7 +85,8 @@ async function getDataFromIntrospect(authClient, data) {
     activationToken,
     maxAge,
     acrValues,
-    nonce
+    nonce,
+    useGenericRemediator
   } = options;
   let idxResponse;
   let meta = (0, _transactionMeta.getSavedTransactionMeta)(authClient, {
@@ -98,7 +99,8 @@ async function getDataFromIntrospect(authClient, data) {
     idxResponse = await (0, _introspect.introspect)(authClient, {
       withCredentials,
       version,
-      stateHandle
+      stateHandle,
+      useGenericRemediator
     });
   } else {
     let interactionHandle = meta?.interactionHandle; // may be undefined
@@ -123,7 +125,8 @@ async function getDataFromIntrospect(authClient, data) {
     idxResponse = await (0, _introspect.introspect)(authClient, {
       withCredentials,
       version,
-      interactionHandle
+      interactionHandle,
+      useGenericRemediator
     });
   }
   return {

package/cjs/idx/run.js.map

@@ -1 +1 @@
-{"version":3,"file":"run.js","names":["initializeValues","options","knownOptions","values","forEach","option","initializeData","authClient","data","idx","flow","withCredentials","remediators","actions","status","IdxStatus","PENDING","getFlow","setFlow","flowSpec","getFlowSpecification","getDataFromIntrospect","stateHandle","version","state","scopes","recoveryToken","activationToken","maxAge","acrValues","nonce","idxResponse","meta","getSavedTransactionMeta","introspect","interactionHandle","transactionManager","clear","interactResponse","interact","getDataFromRemediate","autoRemediate","step","useGenericRemediator","shouldRemediate","rawIdxState","idxResponseFromRemediation","nextStep","canceled","remediate","getTokens","interactionCode","clientId","codeVerifier","ignoreSignature","redirectUri","urls","tokenResponse","token","exchangeCodeForTokens","tokens","finalizeData","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","enabledFeatures","availableSteps","messages","terminal","requestDidSucceed","stepUp","getEnabledFeatures","getAvailableSteps","getMessagesFromResponse","isTerminalResponse","TERMINAL","hasActions","Object","keys","length","hasErrors","find","msg","class","isTerminalSuccess","CANCELED","SUCCESS","run","error","saveTransactionMeta","rawIdxResponse","saveIdxResponse","context","neededToProceed","proceed"],"sources":["../../../lib/idx/run.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationValues } from './remediators/Base/Remediator';\nimport { \n  OktaAuthIdxInterface,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  RunOptions,\n  IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport {\n  getAvailableSteps,\n  getEnabledFeatures,\n  getMessagesFromResponse,\n  isTerminalResponse,\n  getFlowSpecification\n} from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n  options: RunOptions;\n  values: RemediationValues;\n  status?: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  idxResponse?: IdxResponse;\n  canceled?: boolean;\n  interactionCode?: string;\n  shouldSaveResponse?: boolean;\n  shouldClearTransaction?: boolean;\n  clearSharedStorage?: boolean;\n  terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n  // remove known options, everything else is assumed to be a value\n  const knownOptions = [\n    'flow', \n    'remediators', \n    'actions', \n    'withCredentials', \n    'step',\n    'useGenericRemediator',\n    'exchangeCodeForTokens',\n  ];\n  const values = { ...options };\n  knownOptions.forEach(option => {\n    delete values[option];\n  });\n  return values;\n}\n\nfunction initializeData(authClient: OktaAuthIdxInterface, data: RunData): RunData {\n  let { options } = data;\n  options = {\n    ...authClient.options.idx,\n    ...options\n  };\n  let {\n    flow,\n    withCredentials,\n    remediators,\n    actions,\n  } = options;\n\n  const status = IdxStatus.PENDING;\n\n  // certain options can be set by the flow specification\n  flow = flow || authClient.idx.getFlow?.() || 'default';\n  if (flow) {\n    authClient.idx.setFlow?.(flow);\n    const flowSpec = getFlowSpecification(authClient, flow);\n    // Favor option values over flow spec\n    withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n    remediators = remediators || flowSpec.remediators;\n    actions = actions || flowSpec.actions;\n  }\n\n  return { \n    ...data,\n    options: { \n      ...options, \n      flow, \n      withCredentials, \n      remediators, \n      actions,\n    },\n    status\n  };\n}\n\nasync function getDataFromIntrospect(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  const { options } = data;\n  const {\n    stateHandle,\n    withCredentials,\n    version,\n    state,\n    scopes,\n    recoveryToken,\n    activationToken,\n    maxAge,\n    acrValues,\n    nonce,\n  } = options;\n\n  let idxResponse;\n  let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n  if (stateHandle) {\n    idxResponse = await introspect(authClient, { withCredentials, version, stateHandle });\n  } else {\n    let interactionHandle = meta?.interactionHandle; // may be undefined\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, {\n        withCredentials,\n        state,\n        scopes,\n        activationToken,\n        recoveryToken,\n        maxAge,\n        acrValues,\n        nonce,\n      }); \n      interactionHandle = interactResponse.interactionHandle;\n      meta = interactResponse.meta;\n    }\n  \n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle });\n  }\n  return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    idxResponse,\n    options,\n    values\n  } = data;\n\n  const {\n    autoRemediate,\n    remediators,\n    actions,\n    flow,\n    step,\n    useGenericRemediator,\n  } = options;\n  \n  const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n  if (!shouldRemediate) {\n    return data;\n  }\n\n  values = { \n    ...values, \n    stateHandle: idxResponse!.rawIdxState.stateHandle \n  };\n\n  // Can we handle the remediations?\n  const { \n    idxResponse: idxResponseFromRemediation, \n    nextStep,\n    canceled,\n  } = await remediate(\n    authClient,\n    idxResponse!, \n    values, \n    {\n      remediators,\n      actions,\n      flow,\n      step,\n      useGenericRemediator,\n    }\n  );\n  idxResponse = idxResponseFromRemediation;\n\n  return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient: OktaAuthIdxInterface, data: RunData): Promise<Tokens> {\n  let { meta, idxResponse } = data;\n  const { interactionCode } = idxResponse as IdxResponse;\n  const {\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    urls,\n    scopes,\n  } = meta as IdxTransactionMeta;\n  const tokenResponse = await authClient.token.exchangeCodeForTokens({\n    interactionCode,\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    scopes\n  }, urls);\n  return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    options,\n    idxResponse,\n    canceled,\n    status,\n  } = data;\n  const { exchangeCodeForTokens } = options;\n  let shouldSaveResponse = false;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let interactionCode;\n  let tokens;\n  let enabledFeatures;\n  let availableSteps;\n  let messages;\n  let terminal;\n\n  if (idxResponse) {\n    shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n    messages = getMessagesFromResponse(idxResponse, options);\n    terminal = isTerminalResponse(idxResponse);\n  }\n\n  if (terminal) {\n    status = IdxStatus.TERMINAL;\n\n    // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n    // A terminal \"success\" is a non-error response with no further actions available.\n    // In these narrow cases, saved transaction data should be cleared.\n    // One example of a terminal success is when the email verify flow is continued in another tab\n    const hasActions = Object.keys(idxResponse!.actions).length > 0;\n    const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n    const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n    if (isTerminalSuccess) {\n      shouldClearTransaction = true;\n    } else {\n      // save response if there are actions available (ignore messages)\n      shouldSaveResponse = !!hasActions;\n    }\n    // leave shared storage intact so the transaction can be continued in another tab\n    clearSharedStorage = false;\n  } else if (canceled) {\n    status = IdxStatus.CANCELED;\n    shouldClearTransaction = true;\n  } else if (idxResponse?.interactionCode) { \n    interactionCode = idxResponse.interactionCode;\n    if (exchangeCodeForTokens === false) {\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = false;\n    } else {\n      tokens = await getTokens(authClient, data);\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = true;\n    }\n  }\n  return {\n    ...data,\n    status,\n    interactionCode,\n    tokens,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    enabledFeatures,\n    availableSteps,\n    messages,\n    terminal\n  };\n}\n\nexport async function run(\n  authClient: OktaAuthIdxInterface, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let data: RunData = {\n    options,\n    values: initializeValues(options)\n  };\n\n  data = initializeData(authClient, data);\n  data = await getDataFromIntrospect(authClient, data);\n  data = await getDataFromRemediate(authClient, data);\n  data = await finalizeData(authClient, data);\n\n  const {\n    idxResponse,\n    meta,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    status,\n    enabledFeatures,\n    availableSteps,\n    tokens,\n    nextStep,\n    messages,\n    error,\n    interactionCode\n  } = data;\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  else {\n    // ensures state is saved to sessionStorage\n    saveTransactionMeta(authClient, { ...meta });\n\n    if (shouldSaveResponse) {\n      // Save intermediate idx response in storage to reduce introspect call\n      const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n      authClient.transactionManager.saveIdxResponse({\n        rawIdxResponse,\n        requestDidSucceed,\n        stateHandle: idxResponse!.context?.stateHandle,\n        interactionHandle: meta?.interactionHandle\n      });\n    }\n  }\n  \n  // copy all fields from idxResponse which are needed by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n  return {\n    status: status!,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && messages.length && { messages }),\n    ...(error && { error }),\n    ...(stepUp && { stepUp }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions: actions!,\n    context: context!,\n    neededToProceed: neededToProceed!,\n    proceed: proceed!,\n    rawIdxState: rawIdxState!,\n    requestDidSucceed\n  };\n}\n"],"mappings":";;;AAeA;AACA;AACA;AAEA;AAUA;AACA;AA9BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;;AA6CA,SAASA,gBAAgB,CAACC,OAAmB,EAAE;EAC7C;EACA,MAAMC,YAAY,GAAG,CACnB,MAAM,EACN,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,MAAM,EACN,sBAAsB,EACtB,uBAAuB,CACxB;EACD,MAAMC,MAAM,GAAG;IAAE,GAAGF;EAAQ,CAAC;EAC7BC,YAAY,CAACE,OAAO,CAACC,MAAM,IAAI;IAC7B,OAAOF,MAAM,CAACE,MAAM,CAAC;EACvB,CAAC,CAAC;EACF,OAAOF,MAAM;AACf;AAEA,SAASG,cAAc,CAACC,UAAgC,EAAEC,IAAa,EAAW;EAChF,IAAI;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACtBP,OAAO,GAAG;IACR,GAAGM,UAAU,CAACN,OAAO,CAACQ,GAAG;IACzB,GAAGR;EACL,CAAC;EACD,IAAI;IACFS,IAAI;IACJC,eAAe;IACfC,WAAW;IACXC;EACF,CAAC,GAAGZ,OAAO;EAEX,MAAMa,MAAM,GAAGC,gBAAS,CAACC,OAAO;;EAEhC;EACAN,IAAI,GAAGA,IAAI,IAAIH,UAAU,CAACE,GAAG,CAACQ,OAAO,IAAI,IAAI,SAAS;EACtD,IAAIP,IAAI,EAAE;IACRH,UAAU,CAACE,GAAG,CAACS,OAAO,GAAGR,IAAI,CAAC;IAC9B,MAAMS,QAAQ,GAAG,IAAAC,0BAAoB,EAACb,UAAU,EAAEG,IAAI,CAAC;IACvD;IACAC,eAAe,GAAI,OAAOA,eAAe,KAAK,WAAW,GAAIA,eAAe,GAAGQ,QAAQ,CAACR,eAAe;IACvGC,WAAW,GAAGA,WAAW,IAAIO,QAAQ,CAACP,WAAW;IACjDC,OAAO,GAAGA,OAAO,IAAIM,QAAQ,CAACN,OAAO;EACvC;EAEA,OAAO;IACL,GAAGL,IAAI;IACPP,OAAO,EAAE;MACP,GAAGA,OAAO;MACVS,IAAI;MACJC,eAAe;MACfC,WAAW;MACXC;IACF,CAAC;IACDC;EACF,CAAC;AACH;AAEA,eAAeO,qBAAqB,CAACd,UAAgC,EAAEC,IAAa,EAAoB;EACtG,MAAM;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACxB,MAAM;IACJc,WAAW;IACXX,eAAe;IACfY,OAAO;IACPC,KAAK;IACLC,MAAM;IACNC,aAAa;IACbC,eAAe;IACfC,MAAM;IACNC,SAAS;IACTC;EACF,CAAC,GAAG7B,OAAO;EAEX,IAAI8B,WAAW;EACf,IAAIC,IAAI,GAAG,IAAAC,wCAAuB,EAAC1B,UAAU,EAAE;IAAEiB,KAAK;IAAEE,aAAa;IAAEC;EAAgB,CAAC,CAAC,CAAC,CAAC;;EAE3F,IAAIL,WAAW,EAAE;IACfS,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC3B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAED;IAAY,CAAC,CAAC;EACvF,CAAC,MAAM;IACL,IAAIa,iBAAiB,GAAGH,IAAI,EAAEG,iBAAiB,CAAC,CAAC;IACjD,IAAI,CAACA,iBAAiB,EAAE;MACtB;MACA5B,UAAU,CAAC6B,kBAAkB,CAACC,KAAK,EAAE;MACrC,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,kBAAQ,EAAChC,UAAU,EAAE;QAClDI,eAAe;QACfa,KAAK;QACLC,MAAM;QACNE,eAAe;QACfD,aAAa;QACbE,MAAM;QACNC,SAAS;QACTC;MACF,CAAC,CAAC;MACFK,iBAAiB,GAAGG,gBAAgB,CAACH,iBAAiB;MACtDH,IAAI,GAAGM,gBAAgB,CAACN,IAAI;IAC9B;;IAEA;IACAD,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC3B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAEY;IAAkB,CAAC,CAAC;EAC7F;EACA,OAAO;IAAE,GAAG3B,IAAI;IAAEuB,WAAW;IAAEC;EAAK,CAAC;AACvC;AAEA,eAAeQ,oBAAoB,CAACjC,UAAgC,EAAEC,IAAa,EAAoB;EACrG,IAAI;IACFuB,WAAW;IACX9B,OAAO;IACPE;EACF,CAAC,GAAGK,IAAI;EAER,MAAM;IACJiC,aAAa;IACb7B,WAAW;IACXC,OAAO;IACPH,IAAI;IACJgC,IAAI;IACJC;EACF,CAAC,GAAG1C,OAAO;EAEX,MAAM2C,eAAe,GAAIH,aAAa,KAAK,KAAK,KAAK7B,WAAW,IAAIC,OAAO,IAAI6B,IAAI,CAAE;EACrF,IAAI,CAACE,eAAe,EAAE;IACpB,OAAOpC,IAAI;EACb;EAEAL,MAAM,GAAG;IACP,GAAGA,MAAM;IACTmB,WAAW,EAAES,WAAW,CAAEc,WAAW,CAACvB;EACxC,CAAC;;EAED;EACA,MAAM;IACJS,WAAW,EAAEe,0BAA0B;IACvCC,QAAQ;IACRC;EACF,CAAC,GAAG,MAAM,IAAAC,oBAAS,EACjB1C,UAAU,EACVwB,WAAW,EACX5B,MAAM,EACN;IACES,WAAW;IACXC,OAAO;IACPH,IAAI;IACJgC,IAAI;IACJC;EACF,CAAC,CACF;EACDZ,WAAW,GAAGe,0BAA0B;EAExC,OAAO;IAAE,GAAGtC,IAAI;IAAEuB,WAAW;IAAEgB,QAAQ;IAAEC;EAAS,CAAC;AACrD;AAEA,eAAeE,SAAS,CAAC3C,UAAgC,EAAEC,IAAa,EAAmB;EACzF,IAAI;IAAEwB,IAAI;IAAED;EAAY,CAAC,GAAGvB,IAAI;EAChC,MAAM;IAAE2C;EAAgB,CAAC,GAAGpB,WAA0B;EACtD,MAAM;IACJqB,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACXC,IAAI;IACJ/B;EACF,CAAC,GAAGO,IAA0B;EAC9B,MAAMyB,aAAa,GAAG,MAAMlD,UAAU,CAACmD,KAAK,CAACC,qBAAqB,CAAC;IACjER,eAAe;IACfC,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACX9B;EACF,CAAC,EAAE+B,IAAI,CAAC;EACR,OAAOC,aAAa,CAACG,MAAM;AAC7B;AAEA,eAAeC,YAAY,CAACtD,UAAgC,EAAEC,IAAa,EAAoB;EAC7F,IAAI;IACFP,OAAO;IACP8B,WAAW;IACXiB,QAAQ;IACRlC;EACF,CAAC,GAAGN,IAAI;EACR,MAAM;IAAEmD;EAAsB,CAAC,GAAG1D,OAAO;EACzC,IAAI6D,kBAAkB,GAAG,KAAK;EAC9B,IAAIC,sBAAsB,GAAG,KAAK;EAClC,IAAIC,kBAAkB,GAAG,IAAI;EAC7B,IAAIb,eAAe;EACnB,IAAIS,MAAM;EACV,IAAIK,eAAe;EACnB,IAAIC,cAAc;EAClB,IAAIC,QAAQ;EACZ,IAAIC,QAAQ;EAEZ,IAAIrC,WAAW,EAAE;IACf+B,kBAAkB,GAAG,CAAC,EAAE/B,WAAW,CAACsC,iBAAiB,IAAItC,WAAW,CAACuC,MAAM,CAAC;IAC5EL,eAAe,GAAG,IAAAM,wBAAkB,EAACxC,WAAW,CAAC;IACjDmC,cAAc,GAAG,IAAAM,uBAAiB,EAACjE,UAAU,EAAEwB,WAAW,EAAE9B,OAAO,CAAC0C,oBAAoB,CAAC;IACzFwB,QAAQ,GAAG,IAAAM,6BAAuB,EAAC1C,WAAW,EAAE9B,OAAO,CAAC;IACxDmE,QAAQ,GAAG,IAAAM,wBAAkB,EAAC3C,WAAW,CAAC;EAC5C;EAEA,IAAIqC,QAAQ,EAAE;IACZtD,MAAM,GAAGC,gBAAS,CAAC4D,QAAQ;;IAE3B;IACA;IACA;IACA;IACA,MAAMC,UAAU,GAAGC,MAAM,CAACC,IAAI,CAAC/C,WAAW,CAAElB,OAAO,CAAC,CAACkE,MAAM,GAAG,CAAC;IAC/D,MAAMC,SAAS,GAAG,CAAC,CAACb,QAAQ,CAACc,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACC,KAAK,KAAK,OAAO,CAAC;IAC/D,MAAMC,iBAAiB,GAAG,CAACR,UAAU,IAAI,CAACI,SAAS,IAAIjD,WAAW,CAAEsC,iBAAiB,KAAK,IAAI;IAC9F,IAAIe,iBAAiB,EAAE;MACrBrB,sBAAsB,GAAG,IAAI;IAC/B,CAAC,MAAM;MACL;MACAD,kBAAkB,GAAG,CAAC,CAACc,UAAU;IACnC;IACA;IACAZ,kBAAkB,GAAG,KAAK;EAC5B,CAAC,MAAM,IAAIhB,QAAQ,EAAE;IACnBlC,MAAM,GAAGC,gBAAS,CAACsE,QAAQ;IAC3BtB,sBAAsB,GAAG,IAAI;EAC/B,CAAC,MAAM,IAAIhC,WAAW,EAAEoB,eAAe,EAAE;IACvCA,eAAe,GAAGpB,WAAW,CAACoB,eAAe;IAC7C,IAAIQ,qBAAqB,KAAK,KAAK,EAAE;MACnC7C,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,KAAK;IAChC,CAAC,MAAM;MACLH,MAAM,GAAG,MAAMV,SAAS,CAAC3C,UAAU,EAAEC,IAAI,CAAC;MAC1CM,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,IAAI;IAC/B;EACF;EACA,OAAO;IACL,GAAGvD,IAAI;IACPM,MAAM;IACNqC,eAAe;IACfS,MAAM;IACNE,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBC,eAAe;IACfC,cAAc;IACdC,QAAQ;IACRC;EACF,CAAC;AACH;AAEO,eAAemB,GAAG,CACvBhF,UAAgC,EAChCN,OAAmB,GAAG,CAAC,CAAC,EACC;EACzB,IAAIO,IAAa,GAAG;IAClBP,OAAO;IACPE,MAAM,EAAEH,gBAAgB,CAACC,OAAO;EAClC,CAAC;EAEDO,IAAI,GAAGF,cAAc,CAACC,UAAU,EAAEC,IAAI,CAAC;EACvCA,IAAI,GAAG,MAAMa,qBAAqB,CAACd,UAAU,EAAEC,IAAI,CAAC;EACpDA,IAAI,GAAG,MAAMgC,oBAAoB,CAACjC,UAAU,EAAEC,IAAI,CAAC;EACnDA,IAAI,GAAG,MAAMqD,YAAY,CAACtD,UAAU,EAAEC,IAAI,CAAC;EAE3C,MAAM;IACJuB,WAAW;IACXC,IAAI;IACJ8B,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBlD,MAAM;IACNmD,eAAe;IACfC,cAAc;IACdN,MAAM;IACNb,QAAQ;IACRoB,QAAQ;IACRqB,KAAK;IACLrC;EACF,CAAC,GAAG3C,IAAI;EAER,IAAIuD,sBAAsB,EAAE;IAC1BxD,UAAU,CAAC6B,kBAAkB,CAACC,KAAK,CAAC;MAAE2B;IAAmB,CAAC,CAAC;EAC7D,CAAC,MACI;IACH;IACA,IAAAyB,oCAAmB,EAAClF,UAAU,EAAE;MAAE,GAAGyB;IAAK,CAAC,CAAC;IAE5C,IAAI8B,kBAAkB,EAAE;MACtB;MACA,MAAM;QAAEjB,WAAW,EAAE6C,cAAc;QAAErB;MAAkB,CAAC,GAAGtC,WAAY;MACvExB,UAAU,CAAC6B,kBAAkB,CAACuD,eAAe,CAAC;QAC5CD,cAAc;QACdrB,iBAAiB;QACjB/C,WAAW,EAAES,WAAW,CAAE6D,OAAO,EAAEtE,WAAW;QAC9Ca,iBAAiB,EAAEH,IAAI,EAAEG;MAC3B,CAAC,CAAC;IACJ;EACF;;EAEA;EACA,MAAM;IAAEtB,OAAO;IAAE+E,OAAO;IAAEC,eAAe;IAAEC,OAAO;IAAEjD,WAAW;IAAEwB,iBAAiB;IAAEC;EAAO,CAAC,GAAGvC,WAAW,IAAI,CAAC,CAAC;EAChH,OAAO;IACLjB,MAAM,EAAEA,MAAO;IACf,IAAIkB,IAAI,IAAI;MAAEA;IAAK,CAAC,CAAC;IACrB,IAAIiC,eAAe,IAAI;MAAEA;IAAgB,CAAC,CAAC;IAC3C,IAAIC,cAAc,IAAI;MAAEA;IAAe,CAAC,CAAC;IACzC,IAAIN,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzB,IAAIb,QAAQ,IAAI;MAAEA;IAAS,CAAC,CAAC;IAC7B,IAAIoB,QAAQ,IAAIA,QAAQ,CAACY,MAAM,IAAI;MAAEZ;IAAS,CAAC,CAAC;IAChD,IAAIqB,KAAK,IAAI;MAAEA;IAAM,CAAC,CAAC;IACvB,IAAIlB,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzBnB,eAAe;IAAE;;IAEjB;IACAtC,OAAO,EAAEA,OAAQ;IACjB+E,OAAO,EAAEA,OAAQ;IACjBC,eAAe,EAAEA,eAAgB;IACjCC,OAAO,EAAEA,OAAQ;IACjBjD,WAAW,EAAEA,WAAY;IACzBwB;EACF,CAAC;AACH"}
+{"version":3,"file":"run.js","names":["initializeValues","options","knownOptions","values","forEach","option","initializeData","authClient","data","idx","flow","withCredentials","remediators","actions","status","IdxStatus","PENDING","getFlow","setFlow","flowSpec","getFlowSpecification","getDataFromIntrospect","stateHandle","version","state","scopes","recoveryToken","activationToken","maxAge","acrValues","nonce","useGenericRemediator","idxResponse","meta","getSavedTransactionMeta","introspect","interactionHandle","transactionManager","clear","interactResponse","interact","getDataFromRemediate","autoRemediate","step","shouldRemediate","rawIdxState","idxResponseFromRemediation","nextStep","canceled","remediate","getTokens","interactionCode","clientId","codeVerifier","ignoreSignature","redirectUri","urls","tokenResponse","token","exchangeCodeForTokens","tokens","finalizeData","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","enabledFeatures","availableSteps","messages","terminal","requestDidSucceed","stepUp","getEnabledFeatures","getAvailableSteps","getMessagesFromResponse","isTerminalResponse","TERMINAL","hasActions","Object","keys","length","hasErrors","find","msg","class","isTerminalSuccess","CANCELED","SUCCESS","run","error","saveTransactionMeta","rawIdxResponse","saveIdxResponse","context","neededToProceed","proceed"],"sources":["../../../lib/idx/run.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationValues } from './remediators/Base/Remediator';\nimport { \n  OktaAuthIdxInterface,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  RunOptions,\n  IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport {\n  getAvailableSteps,\n  getEnabledFeatures,\n  getMessagesFromResponse,\n  isTerminalResponse,\n  getFlowSpecification\n} from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n  options: RunOptions;\n  values: RemediationValues;\n  status?: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  idxResponse?: IdxResponse;\n  canceled?: boolean;\n  interactionCode?: string;\n  shouldSaveResponse?: boolean;\n  shouldClearTransaction?: boolean;\n  clearSharedStorage?: boolean;\n  terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n  // remove known options, everything else is assumed to be a value\n  const knownOptions = [\n    'flow', \n    'remediators', \n    'actions', \n    'withCredentials', \n    'step',\n    'useGenericRemediator',\n    'exchangeCodeForTokens',\n  ];\n  const values = { ...options };\n  knownOptions.forEach(option => {\n    delete values[option];\n  });\n  return values;\n}\n\nfunction initializeData(authClient: OktaAuthIdxInterface, data: RunData): RunData {\n  let { options } = data;\n  options = {\n    ...authClient.options.idx,\n    ...options\n  };\n  let {\n    flow,\n    withCredentials,\n    remediators,\n    actions,\n  } = options;\n\n  const status = IdxStatus.PENDING;\n\n  // certain options can be set by the flow specification\n  flow = flow || authClient.idx.getFlow?.() || 'default';\n  if (flow) {\n    authClient.idx.setFlow?.(flow);\n    const flowSpec = getFlowSpecification(authClient, flow);\n    // Favor option values over flow spec\n    withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n    remediators = remediators || flowSpec.remediators;\n    actions = actions || flowSpec.actions;\n  }\n\n  return { \n    ...data,\n    options: { \n      ...options, \n      flow, \n      withCredentials, \n      remediators, \n      actions,\n    },\n    status\n  };\n}\n\nasync function getDataFromIntrospect(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  const { options } = data;\n  const {\n    stateHandle,\n    withCredentials,\n    version,\n    state,\n    scopes,\n    recoveryToken,\n    activationToken,\n    maxAge,\n    acrValues,\n    nonce,\n    useGenericRemediator,\n  } = options;\n\n  let idxResponse;\n  let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n  if (stateHandle) {\n    idxResponse = await introspect(authClient, { withCredentials, version, stateHandle, useGenericRemediator });\n  } else {\n    let interactionHandle = meta?.interactionHandle; // may be undefined\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, {\n        withCredentials,\n        state,\n        scopes,\n        activationToken,\n        recoveryToken,\n        maxAge,\n        acrValues,\n        nonce,\n      }); \n      interactionHandle = interactResponse.interactionHandle;\n      meta = interactResponse.meta;\n    }\n  \n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle, useGenericRemediator });\n  }\n  return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    idxResponse,\n    options,\n    values\n  } = data;\n\n  const {\n    autoRemediate,\n    remediators,\n    actions,\n    flow,\n    step,\n    useGenericRemediator,\n  } = options;\n  \n  const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n  if (!shouldRemediate) {\n    return data;\n  }\n\n  values = { \n    ...values, \n    stateHandle: idxResponse!.rawIdxState.stateHandle \n  };\n\n  // Can we handle the remediations?\n  const { \n    idxResponse: idxResponseFromRemediation, \n    nextStep,\n    canceled,\n  } = await remediate(\n    authClient,\n    idxResponse!, \n    values, \n    {\n      remediators,\n      actions,\n      flow,\n      step,\n      useGenericRemediator,\n    }\n  );\n  idxResponse = idxResponseFromRemediation;\n\n  return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient: OktaAuthIdxInterface, data: RunData): Promise<Tokens> {\n  let { meta, idxResponse } = data;\n  const { interactionCode } = idxResponse as IdxResponse;\n  const {\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    urls,\n    scopes,\n  } = meta as IdxTransactionMeta;\n  const tokenResponse = await authClient.token.exchangeCodeForTokens({\n    interactionCode,\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    scopes\n  }, urls);\n  return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n  let {\n    options,\n    idxResponse,\n    canceled,\n    status,\n  } = data;\n  const { exchangeCodeForTokens } = options;\n  let shouldSaveResponse = false;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let interactionCode;\n  let tokens;\n  let enabledFeatures;\n  let availableSteps;\n  let messages;\n  let terminal;\n\n  if (idxResponse) {\n    shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n    messages = getMessagesFromResponse(idxResponse, options);\n    terminal = isTerminalResponse(idxResponse);\n  }\n\n  if (terminal) {\n    status = IdxStatus.TERMINAL;\n\n    // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n    // A terminal \"success\" is a non-error response with no further actions available.\n    // In these narrow cases, saved transaction data should be cleared.\n    // One example of a terminal success is when the email verify flow is continued in another tab\n    const hasActions = Object.keys(idxResponse!.actions).length > 0;\n    const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n    const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n    if (isTerminalSuccess) {\n      shouldClearTransaction = true;\n    } else {\n      // save response if there are actions available (ignore messages)\n      shouldSaveResponse = !!hasActions;\n    }\n    // leave shared storage intact so the transaction can be continued in another tab\n    clearSharedStorage = false;\n  } else if (canceled) {\n    status = IdxStatus.CANCELED;\n    shouldClearTransaction = true;\n  } else if (idxResponse?.interactionCode) { \n    interactionCode = idxResponse.interactionCode;\n    if (exchangeCodeForTokens === false) {\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = false;\n    } else {\n      tokens = await getTokens(authClient, data);\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = true;\n    }\n  }\n  return {\n    ...data,\n    status,\n    interactionCode,\n    tokens,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    enabledFeatures,\n    availableSteps,\n    messages,\n    terminal\n  };\n}\n\nexport async function run(\n  authClient: OktaAuthIdxInterface, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let data: RunData = {\n    options,\n    values: initializeValues(options)\n  };\n\n  data = initializeData(authClient, data);\n  data = await getDataFromIntrospect(authClient, data);\n  data = await getDataFromRemediate(authClient, data);\n  data = await finalizeData(authClient, data);\n\n  const {\n    idxResponse,\n    meta,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    status,\n    enabledFeatures,\n    availableSteps,\n    tokens,\n    nextStep,\n    messages,\n    error,\n    interactionCode\n  } = data;\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  else {\n    // ensures state is saved to sessionStorage\n    saveTransactionMeta(authClient, { ...meta });\n\n    if (shouldSaveResponse) {\n      // Save intermediate idx response in storage to reduce introspect call\n      const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n      authClient.transactionManager.saveIdxResponse({\n        rawIdxResponse,\n        requestDidSucceed,\n        stateHandle: idxResponse!.context?.stateHandle,\n        interactionHandle: meta?.interactionHandle\n      });\n    }\n  }\n  \n  // copy all fields from idxResponse which are needed by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n  return {\n    status: status!,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && messages.length && { messages }),\n    ...(error && { error }),\n    ...(stepUp && { stepUp }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions: actions!,\n    context: context!,\n    neededToProceed: neededToProceed!,\n    proceed: proceed!,\n    rawIdxState: rawIdxState!,\n    requestDidSucceed\n  };\n}\n"],"mappings":";;;AAeA;AACA;AACA;AAEA;AAUA;AACA;AA9BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;;AA6CA,SAASA,gBAAgB,CAACC,OAAmB,EAAE;EAC7C;EACA,MAAMC,YAAY,GAAG,CACnB,MAAM,EACN,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,MAAM,EACN,sBAAsB,EACtB,uBAAuB,CACxB;EACD,MAAMC,MAAM,GAAG;IAAE,GAAGF;EAAQ,CAAC;EAC7BC,YAAY,CAACE,OAAO,CAACC,MAAM,IAAI;IAC7B,OAAOF,MAAM,CAACE,MAAM,CAAC;EACvB,CAAC,CAAC;EACF,OAAOF,MAAM;AACf;AAEA,SAASG,cAAc,CAACC,UAAgC,EAAEC,IAAa,EAAW;EAChF,IAAI;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACtBP,OAAO,GAAG;IACR,GAAGM,UAAU,CAACN,OAAO,CAACQ,GAAG;IACzB,GAAGR;EACL,CAAC;EACD,IAAI;IACFS,IAAI;IACJC,eAAe;IACfC,WAAW;IACXC;EACF,CAAC,GAAGZ,OAAO;EAEX,MAAMa,MAAM,GAAGC,gBAAS,CAACC,OAAO;;EAEhC;EACAN,IAAI,GAAGA,IAAI,IAAIH,UAAU,CAACE,GAAG,CAACQ,OAAO,IAAI,IAAI,SAAS;EACtD,IAAIP,IAAI,EAAE;IACRH,UAAU,CAACE,GAAG,CAACS,OAAO,GAAGR,IAAI,CAAC;IAC9B,MAAMS,QAAQ,GAAG,IAAAC,0BAAoB,EAACb,UAAU,EAAEG,IAAI,CAAC;IACvD;IACAC,eAAe,GAAI,OAAOA,eAAe,KAAK,WAAW,GAAIA,eAAe,GAAGQ,QAAQ,CAACR,eAAe;IACvGC,WAAW,GAAGA,WAAW,IAAIO,QAAQ,CAACP,WAAW;IACjDC,OAAO,GAAGA,OAAO,IAAIM,QAAQ,CAACN,OAAO;EACvC;EAEA,OAAO;IACL,GAAGL,IAAI;IACPP,OAAO,EAAE;MACP,GAAGA,OAAO;MACVS,IAAI;MACJC,eAAe;MACfC,WAAW;MACXC;IACF,CAAC;IACDC;EACF,CAAC;AACH;AAEA,eAAeO,qBAAqB,CAACd,UAAgC,EAAEC,IAAa,EAAoB;EACtG,MAAM;IAAEP;EAAQ,CAAC,GAAGO,IAAI;EACxB,MAAM;IACJc,WAAW;IACXX,eAAe;IACfY,OAAO;IACPC,KAAK;IACLC,MAAM;IACNC,aAAa;IACbC,eAAe;IACfC,MAAM;IACNC,SAAS;IACTC,KAAK;IACLC;EACF,CAAC,GAAG9B,OAAO;EAEX,IAAI+B,WAAW;EACf,IAAIC,IAAI,GAAG,IAAAC,wCAAuB,EAAC3B,UAAU,EAAE;IAAEiB,KAAK;IAAEE,aAAa;IAAEC;EAAgB,CAAC,CAAC,CAAC,CAAC;;EAE3F,IAAIL,WAAW,EAAE;IACfU,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC5B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAED,WAAW;MAAES;IAAqB,CAAC,CAAC;EAC7G,CAAC,MAAM;IACL,IAAIK,iBAAiB,GAAGH,IAAI,EAAEG,iBAAiB,CAAC,CAAC;IACjD,IAAI,CAACA,iBAAiB,EAAE;MACtB;MACA7B,UAAU,CAAC8B,kBAAkB,CAACC,KAAK,EAAE;MACrC,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,kBAAQ,EAACjC,UAAU,EAAE;QAClDI,eAAe;QACfa,KAAK;QACLC,MAAM;QACNE,eAAe;QACfD,aAAa;QACbE,MAAM;QACNC,SAAS;QACTC;MACF,CAAC,CAAC;MACFM,iBAAiB,GAAGG,gBAAgB,CAACH,iBAAiB;MACtDH,IAAI,GAAGM,gBAAgB,CAACN,IAAI;IAC9B;;IAEA;IACAD,WAAW,GAAG,MAAM,IAAAG,sBAAU,EAAC5B,UAAU,EAAE;MAAEI,eAAe;MAAEY,OAAO;MAAEa,iBAAiB;MAAEL;IAAqB,CAAC,CAAC;EACnH;EACA,OAAO;IAAE,GAAGvB,IAAI;IAAEwB,WAAW;IAAEC;EAAK,CAAC;AACvC;AAEA,eAAeQ,oBAAoB,CAAClC,UAAgC,EAAEC,IAAa,EAAoB;EACrG,IAAI;IACFwB,WAAW;IACX/B,OAAO;IACPE;EACF,CAAC,GAAGK,IAAI;EAER,MAAM;IACJkC,aAAa;IACb9B,WAAW;IACXC,OAAO;IACPH,IAAI;IACJiC,IAAI;IACJZ;EACF,CAAC,GAAG9B,OAAO;EAEX,MAAM2C,eAAe,GAAIF,aAAa,KAAK,KAAK,KAAK9B,WAAW,IAAIC,OAAO,IAAI8B,IAAI,CAAE;EACrF,IAAI,CAACC,eAAe,EAAE;IACpB,OAAOpC,IAAI;EACb;EAEAL,MAAM,GAAG;IACP,GAAGA,MAAM;IACTmB,WAAW,EAAEU,WAAW,CAAEa,WAAW,CAACvB;EACxC,CAAC;;EAED;EACA,MAAM;IACJU,WAAW,EAAEc,0BAA0B;IACvCC,QAAQ;IACRC;EACF,CAAC,GAAG,MAAM,IAAAC,oBAAS,EACjB1C,UAAU,EACVyB,WAAW,EACX7B,MAAM,EACN;IACES,WAAW;IACXC,OAAO;IACPH,IAAI;IACJiC,IAAI;IACJZ;EACF,CAAC,CACF;EACDC,WAAW,GAAGc,0BAA0B;EAExC,OAAO;IAAE,GAAGtC,IAAI;IAAEwB,WAAW;IAAEe,QAAQ;IAAEC;EAAS,CAAC;AACrD;AAEA,eAAeE,SAAS,CAAC3C,UAAgC,EAAEC,IAAa,EAAmB;EACzF,IAAI;IAAEyB,IAAI;IAAED;EAAY,CAAC,GAAGxB,IAAI;EAChC,MAAM;IAAE2C;EAAgB,CAAC,GAAGnB,WAA0B;EACtD,MAAM;IACJoB,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACXC,IAAI;IACJ/B;EACF,CAAC,GAAGQ,IAA0B;EAC9B,MAAMwB,aAAa,GAAG,MAAMlD,UAAU,CAACmD,KAAK,CAACC,qBAAqB,CAAC;IACjER,eAAe;IACfC,QAAQ;IACRC,YAAY;IACZC,eAAe;IACfC,WAAW;IACX9B;EACF,CAAC,EAAE+B,IAAI,CAAC;EACR,OAAOC,aAAa,CAACG,MAAM;AAC7B;AAEA,eAAeC,YAAY,CAACtD,UAAgC,EAAEC,IAAa,EAAoB;EAC7F,IAAI;IACFP,OAAO;IACP+B,WAAW;IACXgB,QAAQ;IACRlC;EACF,CAAC,GAAGN,IAAI;EACR,MAAM;IAAEmD;EAAsB,CAAC,GAAG1D,OAAO;EACzC,IAAI6D,kBAAkB,GAAG,KAAK;EAC9B,IAAIC,sBAAsB,GAAG,KAAK;EAClC,IAAIC,kBAAkB,GAAG,IAAI;EAC7B,IAAIb,eAAe;EACnB,IAAIS,MAAM;EACV,IAAIK,eAAe;EACnB,IAAIC,cAAc;EAClB,IAAIC,QAAQ;EACZ,IAAIC,QAAQ;EAEZ,IAAIpC,WAAW,EAAE;IACf8B,kBAAkB,GAAG,CAAC,EAAE9B,WAAW,CAACqC,iBAAiB,IAAIrC,WAAW,CAACsC,MAAM,CAAC;IAC5EL,eAAe,GAAG,IAAAM,wBAAkB,EAACvC,WAAW,CAAC;IACjDkC,cAAc,GAAG,IAAAM,uBAAiB,EAACjE,UAAU,EAAEyB,WAAW,EAAE/B,OAAO,CAAC8B,oBAAoB,CAAC;IACzFoC,QAAQ,GAAG,IAAAM,6BAAuB,EAACzC,WAAW,EAAE/B,OAAO,CAAC;IACxDmE,QAAQ,GAAG,IAAAM,wBAAkB,EAAC1C,WAAW,CAAC;EAC5C;EAEA,IAAIoC,QAAQ,EAAE;IACZtD,MAAM,GAAGC,gBAAS,CAAC4D,QAAQ;;IAE3B;IACA;IACA;IACA;IACA,MAAMC,UAAU,GAAGC,MAAM,CAACC,IAAI,CAAC9C,WAAW,CAAEnB,OAAO,CAAC,CAACkE,MAAM,GAAG,CAAC;IAC/D,MAAMC,SAAS,GAAG,CAAC,CAACb,QAAQ,CAACc,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACC,KAAK,KAAK,OAAO,CAAC;IAC/D,MAAMC,iBAAiB,GAAG,CAACR,UAAU,IAAI,CAACI,SAAS,IAAIhD,WAAW,CAAEqC,iBAAiB,KAAK,IAAI;IAC9F,IAAIe,iBAAiB,EAAE;MACrBrB,sBAAsB,GAAG,IAAI;IAC/B,CAAC,MAAM;MACL;MACAD,kBAAkB,GAAG,CAAC,CAACc,UAAU;IACnC;IACA;IACAZ,kBAAkB,GAAG,KAAK;EAC5B,CAAC,MAAM,IAAIhB,QAAQ,EAAE;IACnBlC,MAAM,GAAGC,gBAAS,CAACsE,QAAQ;IAC3BtB,sBAAsB,GAAG,IAAI;EAC/B,CAAC,MAAM,IAAI/B,WAAW,EAAEmB,eAAe,EAAE;IACvCA,eAAe,GAAGnB,WAAW,CAACmB,eAAe;IAC7C,IAAIQ,qBAAqB,KAAK,KAAK,EAAE;MACnC7C,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,KAAK;IAChC,CAAC,MAAM;MACLH,MAAM,GAAG,MAAMV,SAAS,CAAC3C,UAAU,EAAEC,IAAI,CAAC;MAC1CM,MAAM,GAAGC,gBAAS,CAACuE,OAAO;MAC1BvB,sBAAsB,GAAG,IAAI;IAC/B;EACF;EACA,OAAO;IACL,GAAGvD,IAAI;IACPM,MAAM;IACNqC,eAAe;IACfS,MAAM;IACNE,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBC,eAAe;IACfC,cAAc;IACdC,QAAQ;IACRC;EACF,CAAC;AACH;AAEO,eAAemB,GAAG,CACvBhF,UAAgC,EAChCN,OAAmB,GAAG,CAAC,CAAC,EACC;EACzB,IAAIO,IAAa,GAAG;IAClBP,OAAO;IACPE,MAAM,EAAEH,gBAAgB,CAACC,OAAO;EAClC,CAAC;EAEDO,IAAI,GAAGF,cAAc,CAACC,UAAU,EAAEC,IAAI,CAAC;EACvCA,IAAI,GAAG,MAAMa,qBAAqB,CAACd,UAAU,EAAEC,IAAI,CAAC;EACpDA,IAAI,GAAG,MAAMiC,oBAAoB,CAAClC,UAAU,EAAEC,IAAI,CAAC;EACnDA,IAAI,GAAG,MAAMqD,YAAY,CAACtD,UAAU,EAAEC,IAAI,CAAC;EAE3C,MAAM;IACJwB,WAAW;IACXC,IAAI;IACJ6B,kBAAkB;IAClBC,sBAAsB;IACtBC,kBAAkB;IAClBlD,MAAM;IACNmD,eAAe;IACfC,cAAc;IACdN,MAAM;IACNb,QAAQ;IACRoB,QAAQ;IACRqB,KAAK;IACLrC;EACF,CAAC,GAAG3C,IAAI;EAER,IAAIuD,sBAAsB,EAAE;IAC1BxD,UAAU,CAAC8B,kBAAkB,CAACC,KAAK,CAAC;MAAE0B;IAAmB,CAAC,CAAC;EAC7D,CAAC,MACI;IACH;IACA,IAAAyB,oCAAmB,EAAClF,UAAU,EAAE;MAAE,GAAG0B;IAAK,CAAC,CAAC;IAE5C,IAAI6B,kBAAkB,EAAE;MACtB;MACA,MAAM;QAAEjB,WAAW,EAAE6C,cAAc;QAAErB;MAAkB,CAAC,GAAGrC,WAAY;MACvEzB,UAAU,CAAC8B,kBAAkB,CAACsD,eAAe,CAAC;QAC5CD,cAAc;QACdrB,iBAAiB;QACjB/C,WAAW,EAAEU,WAAW,CAAE4D,OAAO,EAAEtE,WAAW;QAC9Cc,iBAAiB,EAAEH,IAAI,EAAEG;MAC3B,CAAC,CAAC;IACJ;EACF;;EAEA;EACA,MAAM;IAAEvB,OAAO;IAAE+E,OAAO;IAAEC,eAAe;IAAEC,OAAO;IAAEjD,WAAW;IAAEwB,iBAAiB;IAAEC;EAAO,CAAC,GAAGtC,WAAW,IAAI,CAAC,CAAC;EAChH,OAAO;IACLlB,MAAM,EAAEA,MAAO;IACf,IAAImB,IAAI,IAAI;MAAEA;IAAK,CAAC,CAAC;IACrB,IAAIgC,eAAe,IAAI;MAAEA;IAAgB,CAAC,CAAC;IAC3C,IAAIC,cAAc,IAAI;MAAEA;IAAe,CAAC,CAAC;IACzC,IAAIN,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzB,IAAIb,QAAQ,IAAI;MAAEA;IAAS,CAAC,CAAC;IAC7B,IAAIoB,QAAQ,IAAIA,QAAQ,CAACY,MAAM,IAAI;MAAEZ;IAAS,CAAC,CAAC;IAChD,IAAIqB,KAAK,IAAI;MAAEA;IAAM,CAAC,CAAC;IACvB,IAAIlB,MAAM,IAAI;MAAEA;IAAO,CAAC,CAAC;IACzBnB,eAAe;IAAE;;IAEjB;IACAtC,OAAO,EAAEA,OAAQ;IACjB+E,OAAO,EAAEA,OAAQ;IACjBC,eAAe,EAAEA,eAAgB;IACjCC,OAAO,EAAEA,OAAQ;IACjBjD,WAAW,EAAEA,WAAY;IACzBwB;EACF,CAAC;AACH"}

package/cjs/idx/types/options.js.map

@@ -1 +1 @@
-{"version":3,"file":"options.js","names":[],"sources":["../../../../lib/idx/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { RemediationFlow } from '../flow';\nimport { RemediateAction } from '../remediate';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  AuthenticatorVerificationDataValues,\n  EnrollProfileValues,\n  ResetAuthenticatorValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SkipValues,\n  EnrollPollValues as EnrollPollOptions,\n  SelectEnrollmentChannelValues as SelectEnrollmentChannelOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n} from '../remediators';\nimport { IdxTransactionMeta } from './meta';\nimport { OktaAuthCoreOptions } from '../../core/types';\nimport { TransactionMetaOptions } from '../../oidc/types';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\n\nexport interface IdxOptions {\n  flow?: FlowIdentifier;\n  exchangeCodeForTokens?: boolean;\n  autoRemediate?: boolean;\n  step?: string;\n  withCredentials?: boolean;\n}\n\nexport interface InteractOptions extends IdxOptions {\n  state?: string;\n  scopes?: string[];\n  codeChallenge?: string;\n  codeChallengeMethod?: string;\n  activationToken?: string;\n  recoveryToken?: string;\n  clientSecret?: string;\n  maxAge?: string | number;\n  acrValues?: string;\n  nonce?: string;\n}\n\nexport interface IntrospectOptions extends IdxOptions {\n  interactionHandle?: string;\n  stateHandle?: string;\n  version?: string;\n}\n\nexport interface RemediateOptions extends IdxOptions {\n  remediators?: RemediationFlow;\n  actions?: RemediateAction[];\n  useGenericRemediator?: boolean; // beta\n}\n\nexport interface RunOptions extends RemediateOptions, InteractOptions, IntrospectOptions {}\n\nexport interface AuthenticationOptions extends\n  RunOptions, \n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  SelectAuthenticatorEnrollValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  EnrollAuthenticatorValues\n{}\n\nexport interface RegistrationOptions extends\n  RunOptions,\n  IdentifyValues,\n  EnrollProfileValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SkipValues\n{}\n\nexport interface PasswordRecoveryOptions extends \n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ResetAuthenticatorValues,\n  AuthenticatorVerificationDataValues,\n  ReEnrollAuthenticatorValues\n{}\n\nexport interface AccountUnlockOptions extends\n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  AuthenticatorVerificationDataValues\n{}\n\nexport interface ProceedOptions extends\n  AuthenticationOptions,\n  RegistrationOptions,\n  PasswordRecoveryOptions,\n  AccountUnlockOptions,\n  EnrollPollOptions,\n  SelectEnrollmentChannelOptions\n{}\n\nexport type CancelOptions = IdxOptions\n\nexport type StartOptions = RunOptions\n\nexport interface IdxTransactionMetaOptions\n  extends TransactionMetaOptions,\n  Pick<IdxTransactionMeta,\n    'state' |\n    'codeChallenge' |\n    'codeChallengeMethod' |\n    'codeVerifier' |\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{}\n\nexport interface OktaAuthIdxOptions \n  extends OktaAuthCoreOptions,\n  Pick<IdxTransactionMeta,\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{\n    // BETA WARNING: configs in this section are subject to change without a breaking change notice\n    idx?: Pick<RunOptions,\n      'useGenericRemediator' |\n      'exchangeCodeForTokens'\n    >;\n}\n\nexport type OktaAuthIdxOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthIdxOptions>;\n"],"mappings":""}
+{"version":3,"file":"options.js","names":[],"sources":["../../../../lib/idx/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { RemediationFlow } from '../flow';\nimport { RemediateAction } from '../remediate';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  AuthenticatorVerificationDataValues,\n  EnrollProfileValues,\n  ResetAuthenticatorValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SkipValues,\n  EnrollPollValues as EnrollPollOptions,\n  SelectEnrollmentChannelValues as SelectEnrollmentChannelOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n} from '../remediators';\nimport { IdxTransactionMeta } from './meta';\nimport { OktaAuthCoreOptions } from '../../core/types';\nimport { TransactionMetaOptions } from '../../oidc/types';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\n\nexport interface IdxOptions {\n  flow?: FlowIdentifier;\n  exchangeCodeForTokens?: boolean;\n  autoRemediate?: boolean;\n  step?: string;\n  withCredentials?: boolean;\n}\n\nexport interface InteractOptions extends IdxOptions {\n  state?: string;\n  scopes?: string[];\n  codeChallenge?: string;\n  codeChallengeMethod?: string;\n  activationToken?: string;\n  recoveryToken?: string;\n  clientSecret?: string;\n  maxAge?: string | number;\n  acrValues?: string;\n  nonce?: string;\n}\n\nexport interface IntrospectOptions extends IdxOptions {\n  interactionHandle?: string;\n  stateHandle?: string;\n  version?: string;\n  useGenericRemediator?: boolean;\n}\n\nexport interface RemediateOptions extends IdxOptions {\n  remediators?: RemediationFlow;\n  actions?: RemediateAction[];\n  useGenericRemediator?: boolean; // beta\n}\n\nexport interface RunOptions extends RemediateOptions, InteractOptions, IntrospectOptions {}\n\nexport interface AuthenticationOptions extends\n  RunOptions, \n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  SelectAuthenticatorEnrollValues,\n  ChallengeAuthenticatorValues,\n  ReEnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  EnrollAuthenticatorValues\n{}\n\nexport interface RegistrationOptions extends\n  RunOptions,\n  IdentifyValues,\n  EnrollProfileValues,\n  SelectAuthenticatorEnrollValues,\n  EnrollAuthenticatorValues,\n  AuthenticatorEnrollmentDataValues,\n  SkipValues\n{}\n\nexport interface PasswordRecoveryOptions extends \n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  ResetAuthenticatorValues,\n  AuthenticatorVerificationDataValues,\n  ReEnrollAuthenticatorValues\n{}\n\nexport interface AccountUnlockOptions extends\n  RunOptions,\n  IdentifyValues,\n  SelectAuthenticatorUnlockAccountValues,\n  SelectAuthenticatorAuthenticateValues,\n  ChallengeAuthenticatorValues,\n  AuthenticatorVerificationDataValues\n{}\n\nexport interface ProceedOptions extends\n  AuthenticationOptions,\n  RegistrationOptions,\n  PasswordRecoveryOptions,\n  AccountUnlockOptions,\n  EnrollPollOptions,\n  SelectEnrollmentChannelOptions\n{}\n\nexport type CancelOptions = IdxOptions\n\nexport type StartOptions = RunOptions\n\nexport interface IdxTransactionMetaOptions\n  extends TransactionMetaOptions,\n  Pick<IdxTransactionMeta,\n    'state' |\n    'codeChallenge' |\n    'codeChallengeMethod' |\n    'codeVerifier' |\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{}\n\nexport interface OktaAuthIdxOptions \n  extends OktaAuthCoreOptions,\n  Pick<IdxTransactionMeta,\n    'flow' |\n    'activationToken' |\n    'recoveryToken'\n  >\n{\n    // BETA WARNING: configs in this section are subject to change without a breaking change notice\n    idx?: Pick<RunOptions,\n      'useGenericRemediator' |\n      'exchangeCodeForTokens'\n    >;\n}\n\nexport type OktaAuthIdxOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthIdxOptions>;\n"],"mappings":""}

package/cjs/oidc/dpop.js

@@ -0,0 +1,231 @@
+"use strict";
+
+exports.clearAllDPoPKeyPairs = clearAllDPoPKeyPairs;
+exports.clearDPoPKeyPair = clearDPoPKeyPair;
+exports.clearDPoPKeyPairAfterRevoke = clearDPoPKeyPairAfterRevoke;
+exports.createDPoPKeyPair = createDPoPKeyPair;
+exports.createJwt = createJwt;
+exports.cryptoRandomValue = cryptoRandomValue;
+exports.findKeyPair = findKeyPair;
+exports.generateDPoPForTokenRequest = generateDPoPForTokenRequest;
+exports.generateDPoPProof = generateDPoPProof;
+exports.generateKeyPair = generateKeyPair;
+exports.isDPoPNonceError = isDPoPNonceError;
+var _crypto = require("../crypto");
+var _errors = require("../errors");
+// References:
+// https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage
+// https://datatracker.ietf.org/doc/html/rfc9449
+
+const INDEXEDDB_NAME = 'OktaAuthJs';
+const DB_KEY = 'DPoPKeys';
+function isDPoPNonceError(obj) {
+  return ((0, _errors.isOAuthError)(obj) || (0, _errors.isWWWAuthError)(obj)) && obj.errorCode === 'use_dpop_nonce';
+}
+
+/////////// crypto ///////////
+
+async function createJwt(header, claims, signingKey) {
+  const head = (0, _crypto.stringToBase64Url)(JSON.stringify(header));
+  const body = (0, _crypto.stringToBase64Url)(JSON.stringify(claims));
+  const signature = await _crypto.webcrypto.subtle.sign({
+    name: signingKey.algorithm.name
+  }, signingKey, (0, _crypto.stringToBuffer)(`${head}.${body}`));
+  return `${head}.${body}.${(0, _crypto.base64ToBase64Url)((0, _crypto.bufferToBase64Url)(signature))}`;
+}
+function cryptoRandomValue(byteLen = 32) {
+  return [..._crypto.webcrypto.getRandomValues(new Uint8Array(byteLen))].map(v => v.toString(16)).join('');
+}
+async function generateKeyPair() {
+  const algorithm = {
+    name: 'RSASSA-PKCS1-v1_5',
+    hash: 'SHA-256',
+    modulusLength: 2048,
+    publicExponent: new Uint8Array([0x01, 0x00, 0x01])
+  };
+
+  // The "false" here makes it non-exportable
+  // https://caniuse.com/mdn-api_subtlecrypto_generatekey
+  return _crypto.webcrypto.subtle.generateKey(algorithm, false, ['sign', 'verify']);
+}
+async function hashAccessToken(accessToken) {
+  const buffer = new TextEncoder().encode(accessToken);
+  const hash = await _crypto.webcrypto.subtle.digest('SHA-256', buffer);
+  return (0, _crypto.btoa)(String.fromCharCode.apply(null, new Uint8Array(hash))).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+
+/////////// indexeddb / keystore ///////////
+
+// https://developer.mozilla.org/en-US/docs/Web/API/IDBObjectStore#instance_methods
+// add additional methods as needed
+
+// convenience abstraction for exposing IDBObjectStore instance
+function keyStore() {
+  return new Promise((resolve, reject) => {
+    try {
+      const indexedDB = window.indexedDB;
+      const req = indexedDB.open(INDEXEDDB_NAME, 1);
+      req.onerror = function () {
+        reject(req.error);
+      };
+      req.onupgradeneeded = function () {
+        const db = req.result;
+        db.createObjectStore(DB_KEY);
+      };
+      req.onsuccess = function () {
+        const db = req.result;
+        const tx = db.transaction(DB_KEY, 'readwrite');
+        tx.onerror = function () {
+          reject(tx.error);
+        };
+        const store = tx.objectStore(DB_KEY);
+        resolve(store);
+        tx.oncomplete = function () {
+          db.close();
+        };
+      };
+    } catch (err) {
+      reject(err);
+    }
+  });
+}
+
+// convenience abstraction for wrapping IDBObjectStore methods in promises
+async function invokeStoreMethod(method, ...args) {
+  const store = await keyStore();
+  return new Promise((resolve, reject) => {
+    // https://github.com/microsoft/TypeScript/issues/49700
+    // https://github.com/microsoft/TypeScript/issues/49802
+    // @ts-expect-error ts(2556)
+    const req = store[method](...args);
+    req.onsuccess = function () {
+      resolve(req);
+    };
+    req.onerror = function () {
+      reject(req.error);
+    };
+  });
+}
+async function storeKeyPair(pairId, keyPair) {
+  await invokeStoreMethod('add', keyPair, pairId);
+  return keyPair;
+}
+
+// attempts to find keyPair stored at given key, otherwise throws
+async function findKeyPair(pairId) {
+  if (pairId) {
+    const req = await invokeStoreMethod('get', pairId);
+    if (req.result) {
+      return req.result;
+    }
+  }
+
+  // defaults to throwing unless keyPair is found
+  throw new _errors.AuthSdkError(`Unable to locate dpop key pair required for refresh${pairId ? ` (${pairId})` : ''}`);
+}
+async function clearDPoPKeyPair(pairId) {
+  await invokeStoreMethod('delete', pairId);
+}
+async function clearAllDPoPKeyPairs() {
+  await invokeStoreMethod('clear');
+}
+
+// generates a crypto (non-extractable) private key pair and writes it to indexeddb, returns key (id)
+async function createDPoPKeyPair() {
+  const keyPairId = cryptoRandomValue(4);
+  const keyPair = await generateKeyPair();
+  await storeKeyPair(keyPairId, keyPair);
+  return {
+    keyPair,
+    keyPairId
+  };
+}
+
+// will clear PK from storage if certain token conditions are met
+/* eslint max-len: [2, 132], complexity: [2, 12] */
+async function clearDPoPKeyPairAfterRevoke(revokedToken, tokens) {
+  let shouldClear = false;
+  const {
+    accessToken,
+    refreshToken
+  } = tokens;
+
+  // revoking access token and refresh token doesn't exist
+  if (revokedToken === 'access' && accessToken && accessToken.tokenType === 'DPoP' && !refreshToken) {
+    shouldClear = true;
+  }
+
+  // revoking refresh token and access token doesn't exist
+  if (revokedToken === 'refresh' && refreshToken && !accessToken) {
+    shouldClear = true;
+  }
+  const pairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;
+  if (shouldClear && pairId) {
+    await clearDPoPKeyPair(pairId);
+  }
+}
+
+/////////// proof generation methods ///////////
+
+async function generateDPoPProof({
+  keyPair,
+  url,
+  method,
+  nonce,
+  accessToken
+}) {
+  const {
+    kty,
+    crv,
+    e,
+    n,
+    x,
+    y
+  } = await _crypto.webcrypto.subtle.exportKey('jwk', keyPair.publicKey);
+  const header = {
+    alg: 'RS256',
+    typ: 'dpop+jwt',
+    jwk: {
+      kty,
+      crv,
+      e,
+      n,
+      x,
+      y
+    }
+  };
+  const claims = {
+    htm: method,
+    htu: url,
+    iat: Math.floor(Date.now() / 1000),
+    jti: cryptoRandomValue()
+  };
+  if (nonce) {
+    claims.nonce = nonce;
+  }
+
+  // encode access token
+  if (accessToken) {
+    claims.ath = await hashAccessToken(accessToken);
+  }
+  return createJwt(header, claims, keyPair.privateKey);
+}
+
+/* eslint max-len: [2, 132] */
+async function generateDPoPForTokenRequest({
+  keyPair,
+  url,
+  method,
+  nonce
+}) {
+  const params = {
+    keyPair,
+    url,
+    method
+  };
+  if (nonce) {
+    params.nonce = nonce;
+  }
+  return generateDPoPProof(params);
+}
+//# sourceMappingURL=dpop.js.map

package/cjs/oidc/dpop.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dpop.js","names":["INDEXEDDB_NAME","DB_KEY","isDPoPNonceError","obj","isOAuthError","isWWWAuthError","errorCode","createJwt","header","claims","signingKey","head","stringToBase64Url","JSON","stringify","body","signature","webcrypto","subtle","sign","name","algorithm","stringToBuffer","base64ToBase64Url","bufferToBase64Url","cryptoRandomValue","byteLen","getRandomValues","Uint8Array","map","v","toString","join","generateKeyPair","hash","modulusLength","publicExponent","generateKey","hashAccessToken","accessToken","buffer","TextEncoder","encode","digest","btoa","String","fromCharCode","apply","replace","keyStore","Promise","resolve","reject","indexedDB","window","req","open","onerror","error","onupgradeneeded","db","result","createObjectStore","onsuccess","tx","transaction","store","objectStore","oncomplete","close","err","invokeStoreMethod","method","args","storeKeyPair","pairId","keyPair","findKeyPair","AuthSdkError","clearDPoPKeyPair","clearAllDPoPKeyPairs","createDPoPKeyPair","keyPairId","clearDPoPKeyPairAfterRevoke","revokedToken","tokens","shouldClear","refreshToken","tokenType","dpopPairId","generateDPoPProof","url","nonce","kty","crv","e","n","x","y","exportKey","publicKey","alg","typ","jwk","htm","htu","iat","Math","floor","Date","now","jti","ath","privateKey","generateDPoPForTokenRequest","params"],"sources":["../../../lib/oidc/dpop.ts"],"sourcesContent":["// References:\n// https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage\n// https://datatracker.ietf.org/doc/html/rfc9449\n\nimport {\n  webcrypto,\n  stringToBase64Url,\n  stringToBuffer,\n  bufferToBase64Url,\n  base64ToBase64Url,\n  btoa\n} from '../crypto';\nimport { AuthSdkError, OAuthError, WWWAuthError, isOAuthError, isWWWAuthError } from '../errors';\nimport { Tokens } from './types';\n\nexport interface DPoPClaims {\n  htm: string;\n  htu: string;\n  iat: number;\n  jti: string;\n  nonce?: string;\n  ath?: string;\n}\n\nexport interface DPoPProofParams {\n  keyPair: CryptoKeyPair;\n  url: string;\n  method: string;\n  nonce?: string;\n  accessToken?: string;\n}\n\nexport type ResourceDPoPProofParams = Omit<DPoPProofParams, 'keyPair' | 'nonce'>;\ntype DPoPProofTokenRequestParams = Omit<DPoPProofParams, 'accessToken'>;\n\nconst INDEXEDDB_NAME = 'OktaAuthJs';\nconst DB_KEY = 'DPoPKeys';\n\nexport function isDPoPNonceError(obj: any): obj is OAuthError | WWWAuthError {\n  return (\n    (isOAuthError(obj) || isWWWAuthError(obj)) &&\n    obj.errorCode === 'use_dpop_nonce'\n  );\n}\n\n/////////// crypto ///////////\n\nexport async function createJwt(header: object, claims: object, signingKey: CryptoKey): Promise<string> {\n  const head = stringToBase64Url(JSON.stringify(header));\n  const body = stringToBase64Url(JSON.stringify(claims));\n  const signature = await webcrypto.subtle.sign(\n    { name: signingKey.algorithm.name }, signingKey, stringToBuffer(`${head}.${body}`)\n  );\n  return `${head}.${body}.${base64ToBase64Url(bufferToBase64Url(signature))}`;\n}\n\nexport function cryptoRandomValue (byteLen = 32) {\n  return [...webcrypto.getRandomValues(new Uint8Array(byteLen))].map(v => v.toString(16)).join('');\n}\n\nexport async function generateKeyPair (): Promise<CryptoKeyPair> {\n  const algorithm = {\n    name: 'RSASSA-PKCS1-v1_5',\n    hash: 'SHA-256',\n    modulusLength: 2048,\n    publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n  };\n\n  // The \"false\" here makes it non-exportable\n  // https://caniuse.com/mdn-api_subtlecrypto_generatekey\n  return webcrypto.subtle.generateKey(algorithm, false, ['sign', 'verify']);\n}\n\nasync function hashAccessToken (accessToken: string): Promise<string> {\n  const buffer = new TextEncoder().encode(accessToken);\n  const hash = await webcrypto.subtle.digest('SHA-256', buffer);\n\n  return btoa(String.fromCharCode.apply(null, new Uint8Array(hash) as unknown as number[]))\n    .replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n/////////// indexeddb / keystore ///////////\n\n\n// https://developer.mozilla.org/en-US/docs/Web/API/IDBObjectStore#instance_methods\n// add additional methods as needed\nexport type StoreMethod = 'get' | 'add' | 'delete' | 'clear';\n\n// convenience abstraction for exposing IDBObjectStore instance\nfunction keyStore (): Promise<IDBObjectStore> {\n  return new Promise((resolve, reject) => {\n    try {\n      const indexedDB = window.indexedDB;\n      const req = indexedDB.open(INDEXEDDB_NAME, 1);\n\n      req.onerror = function () {\n        reject(req.error!);\n      };\n\n      req.onupgradeneeded = function () {\n        const db = req.result;\n        db.createObjectStore(DB_KEY);\n      };\n\n      req.onsuccess = function () {\n        const db = req.result;\n        const tx = db.transaction(DB_KEY, 'readwrite');\n\n        tx.onerror = function () {\n          reject(tx.error!);\n        };\n\n        const store = tx.objectStore(DB_KEY);\n\n        resolve(store);\n\n        tx.oncomplete = function () {\n          db.close();\n        };\n      };\n    }\n    catch (err) {\n      reject(err);\n    }\n  });\n}\n\n// convenience abstraction for wrapping IDBObjectStore methods in promises\nasync function invokeStoreMethod (method: StoreMethod, ...args: any[]): Promise<IDBRequest> {\n  const store = await keyStore();\n  return new Promise((resolve, reject) => {\n    // https://github.com/microsoft/TypeScript/issues/49700\n    // https://github.com/microsoft/TypeScript/issues/49802\n    // @ts-expect-error ts(2556)\n    const req = store[method](...args);\n    req.onsuccess = function () {\n      resolve(req);\n    };\n    req.onerror = function () {\n      reject(req.error);\n    };\n  });\n}\n\nasync function storeKeyPair (pairId: string, keyPair: CryptoKeyPair) {\n  await invokeStoreMethod('add', keyPair, pairId);\n  return keyPair;\n}\n\n// attempts to find keyPair stored at given key, otherwise throws\nexport async function findKeyPair (pairId?: string): Promise<CryptoKeyPair> {\n  if (pairId) {\n    const req = await invokeStoreMethod('get', pairId);\n    if (req.result) {\n      return req.result;\n    }\n  }\n\n  // defaults to throwing unless keyPair is found\n  throw new AuthSdkError(`Unable to locate dpop key pair required for refresh${pairId ? ` (${pairId})` : ''}`);\n}\n\nexport async function clearDPoPKeyPair (pairId: string): Promise<void> {\n  await invokeStoreMethod('delete', pairId);\n}\n\nexport async function clearAllDPoPKeyPairs (): Promise<void> {\n  await invokeStoreMethod('clear');\n}\n\n// generates a crypto (non-extractable) private key pair and writes it to indexeddb, returns key (id)\nexport async function createDPoPKeyPair (): Promise<{keyPair: CryptoKeyPair, keyPairId: string}> {\n  const keyPairId = cryptoRandomValue(4);\n  const keyPair = await generateKeyPair();\n  await storeKeyPair(keyPairId, keyPair);\n  return { keyPair, keyPairId };\n}\n\n// will clear PK from storage if certain token conditions are met\n/* eslint max-len: [2, 132], complexity: [2, 12] */\nexport async function clearDPoPKeyPairAfterRevoke (revokedToken: 'access' | 'refresh', tokens: Tokens): Promise<void> {\n  let shouldClear = false;\n\n  const { accessToken, refreshToken } = tokens;\n\n  // revoking access token and refresh token doesn't exist\n  if (revokedToken === 'access' && accessToken && accessToken.tokenType === 'DPoP' && !refreshToken) {\n    shouldClear = true;\n  }\n\n  // revoking refresh token and access token doesn't exist\n  if (revokedToken === 'refresh' && refreshToken && !accessToken) {\n    shouldClear = true;\n  }\n\n  const pairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;\n  if (shouldClear && pairId) {\n    await clearDPoPKeyPair(pairId);\n  }\n}\n\n/////////// proof generation methods ///////////\n\nexport async function generateDPoPProof ({ keyPair, url, method, nonce, accessToken }: DPoPProofParams): Promise<string> {\n  const { kty, crv, e, n, x, y } = await webcrypto.subtle.exportKey('jwk', keyPair.publicKey);\n  const header = {\n    alg: 'RS256',\n    typ: 'dpop+jwt',\n    jwk: { kty, crv, e, n, x, y }\n  };\n\n  const claims: DPoPClaims = {\n    htm: method,\n    htu: url,\n    iat: Math.floor(Date.now() / 1000),\n    jti: cryptoRandomValue(),\n  };\n\n  if (nonce) {\n    claims.nonce = nonce;\n  }\n\n  // encode access token\n  if (accessToken) {\n    claims.ath = await hashAccessToken(accessToken);\n  }\n\n  return createJwt(header, claims, keyPair.privateKey);\n}\n\n/* eslint max-len: [2, 132] */\nexport async function generateDPoPForTokenRequest ({ keyPair, url, method, nonce }: DPoPProofTokenRequestParams): Promise<string> {\n  const params: DPoPProofParams = { keyPair, url, method };\n  if (nonce) {\n    params.nonce = nonce;\n  }\n\n  return generateDPoPProof(params);\n}\n"],"mappings":";;;;;;;;;;;;;AAIA;AAQA;AAZA;AACA;AACA;;AAiCA,MAAMA,cAAc,GAAG,YAAY;AACnC,MAAMC,MAAM,GAAG,UAAU;AAElB,SAASC,gBAAgB,CAACC,GAAQ,EAAoC;EAC3E,OACE,CAAC,IAAAC,oBAAY,EAACD,GAAG,CAAC,IAAI,IAAAE,sBAAc,EAACF,GAAG,CAAC,KACzCA,GAAG,CAACG,SAAS,KAAK,gBAAgB;AAEtC;;AAEA;;AAEO,eAAeC,SAAS,CAACC,MAAc,EAAEC,MAAc,EAAEC,UAAqB,EAAmB;EACtG,MAAMC,IAAI,GAAG,IAAAC,yBAAiB,EAACC,IAAI,CAACC,SAAS,CAACN,MAAM,CAAC,CAAC;EACtD,MAAMO,IAAI,GAAG,IAAAH,yBAAiB,EAACC,IAAI,CAACC,SAAS,CAACL,MAAM,CAAC,CAAC;EACtD,MAAMO,SAAS,GAAG,MAAMC,iBAAS,CAACC,MAAM,CAACC,IAAI,CAC3C;IAAEC,IAAI,EAAEV,UAAU,CAACW,SAAS,CAACD;EAAK,CAAC,EAAEV,UAAU,EAAE,IAAAY,sBAAc,EAAE,GAAEX,IAAK,IAAGI,IAAK,EAAC,CAAC,CACnF;EACD,OAAQ,GAAEJ,IAAK,IAAGI,IAAK,IAAG,IAAAQ,yBAAiB,EAAC,IAAAC,yBAAiB,EAACR,SAAS,CAAC,CAAE,EAAC;AAC7E;AAEO,SAASS,iBAAiB,CAAEC,OAAO,GAAG,EAAE,EAAE;EAC/C,OAAO,CAAC,GAAGT,iBAAS,CAACU,eAAe,CAAC,IAAIC,UAAU,CAACF,OAAO,CAAC,CAAC,CAAC,CAACG,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAACC,IAAI,CAAC,EAAE,CAAC;AAClG;AAEO,eAAeC,eAAe,GAA4B;EAC/D,MAAMZ,SAAS,GAAG;IAChBD,IAAI,EAAE,mBAAmB;IACzBc,IAAI,EAAE,SAAS;IACfC,aAAa,EAAE,IAAI;IACnBC,cAAc,EAAE,IAAIR,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC;EACnD,CAAC;;EAED;EACA;EACA,OAAOX,iBAAS,CAACC,MAAM,CAACmB,WAAW,CAAChB,SAAS,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC3E;AAEA,eAAeiB,eAAe,CAAEC,WAAmB,EAAmB;EACpE,MAAMC,MAAM,GAAG,IAAIC,WAAW,EAAE,CAACC,MAAM,CAACH,WAAW,CAAC;EACpD,MAAML,IAAI,GAAG,MAAMjB,iBAAS,CAACC,MAAM,CAACyB,MAAM,CAAC,SAAS,EAAEH,MAAM,CAAC;EAE7D,OAAO,IAAAI,YAAI,EAACC,MAAM,CAACC,YAAY,CAACC,KAAK,CAAC,IAAI,EAAE,IAAInB,UAAU,CAACM,IAAI,CAAC,CAAwB,CAAC,CACtFc,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAACA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAACA,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AAC/D;;AAEA;;AAGA;AACA;;AAGA;AACA,SAASC,QAAQ,GAA6B;EAC5C,OAAO,IAAIC,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;IACtC,IAAI;MACF,MAAMC,SAAS,GAAGC,MAAM,CAACD,SAAS;MAClC,MAAME,GAAG,GAAGF,SAAS,CAACG,IAAI,CAACxD,cAAc,EAAE,CAAC,CAAC;MAE7CuD,GAAG,CAACE,OAAO,GAAG,YAAY;QACxBL,MAAM,CAACG,GAAG,CAACG,KAAK,CAAE;MACpB,CAAC;MAEDH,GAAG,CAACI,eAAe,GAAG,YAAY;QAChC,MAAMC,EAAE,GAAGL,GAAG,CAACM,MAAM;QACrBD,EAAE,CAACE,iBAAiB,CAAC7D,MAAM,CAAC;MAC9B,CAAC;MAEDsD,GAAG,CAACQ,SAAS,GAAG,YAAY;QAC1B,MAAMH,EAAE,GAAGL,GAAG,CAACM,MAAM;QACrB,MAAMG,EAAE,GAAGJ,EAAE,CAACK,WAAW,CAAChE,MAAM,EAAE,WAAW,CAAC;QAE9C+D,EAAE,CAACP,OAAO,GAAG,YAAY;UACvBL,MAAM,CAACY,EAAE,CAACN,KAAK,CAAE;QACnB,CAAC;QAED,MAAMQ,KAAK,GAAGF,EAAE,CAACG,WAAW,CAAClE,MAAM,CAAC;QAEpCkD,OAAO,CAACe,KAAK,CAAC;QAEdF,EAAE,CAACI,UAAU,GAAG,YAAY;UAC1BR,EAAE,CAACS,KAAK,EAAE;QACZ,CAAC;MACH,CAAC;IACH,CAAC,CACD,OAAOC,GAAG,EAAE;MACVlB,MAAM,CAACkB,GAAG,CAAC;IACb;EACF,CAAC,CAAC;AACJ;;AAEA;AACA,eAAeC,iBAAiB,CAAEC,MAAmB,EAAE,GAAGC,IAAW,EAAuB;EAC1F,MAAMP,KAAK,GAAG,MAAMjB,QAAQ,EAAE;EAC9B,OAAO,IAAIC,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;IACtC;IACA;IACA;IACA,MAAMG,GAAG,GAAGW,KAAK,CAACM,MAAM,CAAC,CAAC,GAAGC,IAAI,CAAC;IAClClB,GAAG,CAACQ,SAAS,GAAG,YAAY;MAC1BZ,OAAO,CAACI,GAAG,CAAC;IACd,CAAC;IACDA,GAAG,CAACE,OAAO,GAAG,YAAY;MACxBL,MAAM,CAACG,GAAG,CAACG,KAAK,CAAC;IACnB,CAAC;EACH,CAAC,CAAC;AACJ;AAEA,eAAegB,YAAY,CAAEC,MAAc,EAAEC,OAAsB,EAAE;EACnE,MAAML,iBAAiB,CAAC,KAAK,EAAEK,OAAO,EAAED,MAAM,CAAC;EAC/C,OAAOC,OAAO;AAChB;;AAEA;AACO,eAAeC,WAAW,CAAEF,MAAe,EAA0B;EAC1E,IAAIA,MAAM,EAAE;IACV,MAAMpB,GAAG,GAAG,MAAMgB,iBAAiB,CAAC,KAAK,EAAEI,MAAM,CAAC;IAClD,IAAIpB,GAAG,CAACM,MAAM,EAAE;MACd,OAAON,GAAG,CAACM,MAAM;IACnB;EACF;;EAEA;EACA,MAAM,IAAIiB,oBAAY,CAAE,sDAAqDH,MAAM,GAAI,KAAIA,MAAO,GAAE,GAAG,EAAG,EAAC,CAAC;AAC9G;AAEO,eAAeI,gBAAgB,CAAEJ,MAAc,EAAiB;EACrE,MAAMJ,iBAAiB,CAAC,QAAQ,EAAEI,MAAM,CAAC;AAC3C;AAEO,eAAeK,oBAAoB,GAAmB;EAC3D,MAAMT,iBAAiB,CAAC,OAAO,CAAC;AAClC;;AAEA;AACO,eAAeU,iBAAiB,GAA0D;EAC/F,MAAMC,SAAS,GAAGzD,iBAAiB,CAAC,CAAC,CAAC;EACtC,MAAMmD,OAAO,GAAG,MAAM3C,eAAe,EAAE;EACvC,MAAMyC,YAAY,CAACQ,SAAS,EAAEN,OAAO,CAAC;EACtC,OAAO;IAAEA,OAAO;IAAEM;EAAU,CAAC;AAC/B;;AAEA;AACA;AACO,eAAeC,2BAA2B,CAAEC,YAAkC,EAAEC,MAAc,EAAiB;EACpH,IAAIC,WAAW,GAAG,KAAK;EAEvB,MAAM;IAAE/C,WAAW;IAAEgD;EAAa,CAAC,GAAGF,MAAM;;EAE5C;EACA,IAAID,YAAY,KAAK,QAAQ,IAAI7C,WAAW,IAAIA,WAAW,CAACiD,SAAS,KAAK,MAAM,IAAI,CAACD,YAAY,EAAE;IACjGD,WAAW,GAAG,IAAI;EACpB;;EAEA;EACA,IAAIF,YAAY,KAAK,SAAS,IAAIG,YAAY,IAAI,CAAChD,WAAW,EAAE;IAC9D+C,WAAW,GAAG,IAAI;EACpB;EAEA,MAAMX,MAAM,GAAGpC,WAAW,EAAEkD,UAAU,IAAIF,YAAY,EAAEE,UAAU;EAClE,IAAIH,WAAW,IAAIX,MAAM,EAAE;IACzB,MAAMI,gBAAgB,CAACJ,MAAM,CAAC;EAChC;AACF;;AAEA;;AAEO,eAAee,iBAAiB,CAAE;EAAEd,OAAO;EAAEe,GAAG;EAAEnB,MAAM;EAAEoB,KAAK;EAAErD;AAA6B,CAAC,EAAmB;EACvH,MAAM;IAAEsD,GAAG;IAAEC,GAAG;IAAEC,CAAC;IAAEC,CAAC;IAAEC,CAAC;IAAEC;EAAE,CAAC,GAAG,MAAMjF,iBAAS,CAACC,MAAM,CAACiF,SAAS,CAAC,KAAK,EAAEvB,OAAO,CAACwB,SAAS,CAAC;EAC3F,MAAM5F,MAAM,GAAG;IACb6F,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,UAAU;IACfC,GAAG,EAAE;MAAEV,GAAG;MAAEC,GAAG;MAAEC,CAAC;MAAEC,CAAC;MAAEC,CAAC;MAAEC;IAAE;EAC9B,CAAC;EAED,MAAMzF,MAAkB,GAAG;IACzB+F,GAAG,EAAEhC,MAAM;IACXiC,GAAG,EAAEd,GAAG;IACRe,GAAG,EAAEC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,EAAE,GAAG,IAAI,CAAC;IAClCC,GAAG,EAAEtF,iBAAiB;EACxB,CAAC;EAED,IAAImE,KAAK,EAAE;IACTnF,MAAM,CAACmF,KAAK,GAAGA,KAAK;EACtB;;EAEA;EACA,IAAIrD,WAAW,EAAE;IACf9B,MAAM,CAACuG,GAAG,GAAG,MAAM1E,eAAe,CAACC,WAAW,CAAC;EACjD;EAEA,OAAOhC,SAAS,CAACC,MAAM,EAAEC,MAAM,EAAEmE,OAAO,CAACqC,UAAU,CAAC;AACtD;;AAEA;AACO,eAAeC,2BAA2B,CAAE;EAAEtC,OAAO;EAAEe,GAAG;EAAEnB,MAAM;EAAEoB;AAAmC,CAAC,EAAmB;EAChI,MAAMuB,MAAuB,GAAG;IAAEvC,OAAO;IAAEe,GAAG;IAAEnB;EAAO,CAAC;EACxD,IAAIoB,KAAK,EAAE;IACTuB,MAAM,CAACvB,KAAK,GAAGA,KAAK;EACtB;EAEA,OAAOF,iBAAiB,CAACyB,MAAM,CAAC;AAClC"}