@okta/okta-auth-js 7.6.0 → 7.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (392) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/README.md +142 -0
  3. package/cjs/base/types.js.map +1 -1
  4. package/cjs/errors/OAuthError.js +9 -1
  5. package/cjs/errors/OAuthError.js.map +1 -1
  6. package/cjs/errors/WWWAuthError.js +98 -0
  7. package/cjs/errors/WWWAuthError.js.map +1 -0
  8. package/cjs/errors/index.js +14 -1
  9. package/cjs/errors/index.js.map +1 -1
  10. package/cjs/features.js +10 -1
  11. package/cjs/features.js.map +1 -1
  12. package/cjs/http/OktaUserAgent.js +2 -2
  13. package/cjs/http/request.js +24 -25
  14. package/cjs/http/request.js.map +1 -1
  15. package/cjs/idx/IdxTransactionManager.js +5 -0
  16. package/cjs/idx/IdxTransactionManager.js.map +1 -1
  17. package/cjs/idx/run.js +6 -3
  18. package/cjs/idx/run.js.map +1 -1
  19. package/cjs/idx/types/options.js.map +1 -1
  20. package/cjs/oidc/dpop.js +231 -0
  21. package/cjs/oidc/dpop.js.map +1 -0
  22. package/cjs/oidc/endpoints/token.js +82 -28
  23. package/cjs/oidc/endpoints/token.js.map +1 -1
  24. package/cjs/oidc/exchangeCodeForTokens.js +53 -28
  25. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  26. package/cjs/oidc/getUserInfo.js +32 -17
  27. package/cjs/oidc/getUserInfo.js.map +1 -1
  28. package/cjs/oidc/handleOAuthResponse.js +21 -0
  29. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  30. package/cjs/oidc/mixin/index.js +63 -2
  31. package/cjs/oidc/mixin/index.js.map +1 -1
  32. package/cjs/oidc/options/OAuthOptionsConstructor.js +2 -0
  33. package/cjs/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  34. package/cjs/oidc/renewToken.js +6 -2
  35. package/cjs/oidc/renewToken.js.map +1 -1
  36. package/cjs/oidc/renewTokens.js +5 -1
  37. package/cjs/oidc/renewTokens.js.map +1 -1
  38. package/cjs/oidc/renewTokensWithRefresh.js +17 -2
  39. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  40. package/cjs/oidc/types/Token.js.map +1 -1
  41. package/cjs/oidc/types/api.js.map +1 -1
  42. package/cjs/oidc/types/meta.js.map +1 -1
  43. package/cjs/oidc/types/options.js.map +1 -1
  44. package/cjs/oidc/util/defaultTokenParams.js +4 -2
  45. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  46. package/cjs/oidc/util/oauthMeta.js +2 -1
  47. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  48. package/cjs/oidc/util/prepareTokenParams.js +3 -0
  49. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  50. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  51. package/dist/okta-auth-js.authn.min.js +1 -1
  52. package/dist/okta-auth-js.authn.min.js.map +1 -1
  53. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  54. package/dist/okta-auth-js.core.min.js +1 -1
  55. package/dist/okta-auth-js.core.min.js.map +1 -1
  56. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  57. package/dist/okta-auth-js.idx.min.js +1 -1
  58. package/dist/okta-auth-js.idx.min.js.map +1 -1
  59. package/dist/okta-auth-js.min.analyzer.html +2 -2
  60. package/dist/okta-auth-js.min.js +1 -1
  61. package/dist/okta-auth-js.min.js.map +1 -1
  62. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  63. package/dist/okta-auth-js.myaccount.min.js +1 -1
  64. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  65. package/esm/browser/authn/api.js +1 -0
  66. package/esm/browser/authn/api.js.map +1 -1
  67. package/esm/browser/authn/util/link2fn.js +1 -0
  68. package/esm/browser/authn/util/link2fn.js.map +1 -1
  69. package/esm/browser/authn/util/poll.js +1 -0
  70. package/esm/browser/authn/util/poll.js.map +1 -1
  71. package/esm/browser/browser/fingerprint.js +1 -0
  72. package/esm/browser/browser/fingerprint.js.map +1 -1
  73. package/esm/browser/core/AuthStateManager.js +1 -0
  74. package/esm/browser/core/AuthStateManager.js.map +1 -1
  75. package/esm/browser/core/options.js +1 -0
  76. package/esm/browser/core/options.js.map +1 -1
  77. package/esm/browser/crypto/base64.js +1 -0
  78. package/esm/browser/crypto/base64.js.map +1 -1
  79. package/esm/browser/errors/OAuthError.js +5 -1
  80. package/esm/browser/errors/OAuthError.js.map +1 -1
  81. package/esm/browser/errors/WWWAuthError.js +61 -0
  82. package/esm/browser/errors/WWWAuthError.js.map +1 -0
  83. package/esm/browser/errors/index.js +6 -1
  84. package/esm/browser/errors/index.js.map +1 -1
  85. package/esm/browser/exports/exports/authn.js +2 -1
  86. package/esm/browser/exports/exports/authn.js.map +1 -1
  87. package/esm/browser/exports/exports/core.js +2 -1
  88. package/esm/browser/exports/exports/core.js.map +1 -1
  89. package/esm/browser/exports/exports/default.js +2 -1
  90. package/esm/browser/exports/exports/default.js.map +1 -1
  91. package/esm/browser/exports/exports/idx.js +2 -1
  92. package/esm/browser/exports/exports/idx.js.map +1 -1
  93. package/esm/browser/exports/exports/myaccount.js +2 -1
  94. package/esm/browser/exports/exports/myaccount.js.map +1 -1
  95. package/esm/browser/features.js +12 -2
  96. package/esm/browser/features.js.map +1 -1
  97. package/esm/browser/http/OktaUserAgent.js +2 -2
  98. package/esm/browser/http/options.js +1 -0
  99. package/esm/browser/http/options.js.map +1 -1
  100. package/esm/browser/http/request.js +14 -25
  101. package/esm/browser/http/request.js.map +1 -1
  102. package/esm/browser/idx/IdxTransactionManager.js +4 -1
  103. package/esm/browser/idx/IdxTransactionManager.js.map +1 -1
  104. package/esm/browser/idx/cancel.js +1 -0
  105. package/esm/browser/idx/cancel.js.map +1 -1
  106. package/esm/browser/idx/factory/api.js +1 -0
  107. package/esm/browser/idx/factory/api.js.map +1 -1
  108. package/esm/browser/idx/flow/AccountUnlockFlow.js +1 -0
  109. package/esm/browser/idx/flow/AccountUnlockFlow.js.map +1 -1
  110. package/esm/browser/idx/flow/AuthenticationFlow.js +1 -0
  111. package/esm/browser/idx/flow/AuthenticationFlow.js.map +1 -1
  112. package/esm/browser/idx/flow/PasswordRecoveryFlow.js +1 -0
  113. package/esm/browser/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  114. package/esm/browser/idx/flow/RegistrationFlow.js +1 -0
  115. package/esm/browser/idx/flow/RegistrationFlow.js.map +1 -1
  116. package/esm/browser/idx/handleInteractionCodeRedirect.js +1 -0
  117. package/esm/browser/idx/handleInteractionCodeRedirect.js.map +1 -1
  118. package/esm/browser/idx/idxState/v1/generateIdxAction.js +1 -0
  119. package/esm/browser/idx/idxState/v1/generateIdxAction.js.map +1 -1
  120. package/esm/browser/idx/idxState/v1/idxResponseParser.js +1 -0
  121. package/esm/browser/idx/idxState/v1/idxResponseParser.js.map +1 -1
  122. package/esm/browser/idx/interact.js +1 -0
  123. package/esm/browser/idx/interact.js.map +1 -1
  124. package/esm/browser/idx/proceed.js +1 -0
  125. package/esm/browser/idx/proceed.js.map +1 -1
  126. package/esm/browser/idx/recoverPassword.js +1 -0
  127. package/esm/browser/idx/recoverPassword.js.map +1 -1
  128. package/esm/browser/idx/register.js +1 -0
  129. package/esm/browser/idx/register.js.map +1 -1
  130. package/esm/browser/idx/remediate.js +1 -0
  131. package/esm/browser/idx/remediate.js.map +1 -1
  132. package/esm/browser/idx/remediators/GenericRemediator/util.js +2 -0
  133. package/esm/browser/idx/remediators/GenericRemediator/util.js.map +1 -1
  134. package/esm/browser/idx/run.js +3 -3
  135. package/esm/browser/idx/run.js.map +1 -1
  136. package/esm/browser/idx/transactionMeta.js +1 -0
  137. package/esm/browser/idx/transactionMeta.js.map +1 -1
  138. package/esm/browser/idx/unlockAccount.js +1 -0
  139. package/esm/browser/idx/unlockAccount.js.map +1 -1
  140. package/esm/browser/myaccount/request.js +1 -0
  141. package/esm/browser/myaccount/request.js.map +1 -1
  142. package/esm/browser/oidc/TokenManager.js +1 -0
  143. package/esm/browser/oidc/TokenManager.js.map +1 -1
  144. package/esm/browser/oidc/decodeToken.js +1 -0
  145. package/esm/browser/oidc/decodeToken.js.map +1 -1
  146. package/esm/browser/oidc/dpop.js +160 -0
  147. package/esm/browser/oidc/dpop.js.map +1 -0
  148. package/esm/browser/oidc/endpoints/authorize.js +1 -0
  149. package/esm/browser/oidc/endpoints/authorize.js.map +1 -1
  150. package/esm/browser/oidc/endpoints/token.js +62 -25
  151. package/esm/browser/oidc/endpoints/token.js.map +1 -1
  152. package/esm/browser/oidc/endpoints/well-known.js +1 -0
  153. package/esm/browser/oidc/endpoints/well-known.js.map +1 -1
  154. package/esm/browser/oidc/enrollAuthenticator.js +1 -0
  155. package/esm/browser/oidc/enrollAuthenticator.js.map +1 -1
  156. package/esm/browser/oidc/exchangeCodeForTokens.js +41 -25
  157. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  158. package/esm/browser/oidc/factory/api.js +1 -0
  159. package/esm/browser/oidc/factory/api.js.map +1 -1
  160. package/esm/browser/oidc/factory/baseApi.js +1 -0
  161. package/esm/browser/oidc/factory/baseApi.js.map +1 -1
  162. package/esm/browser/oidc/getToken.js +1 -0
  163. package/esm/browser/oidc/getToken.js.map +1 -1
  164. package/esm/browser/oidc/getUserInfo.js +22 -18
  165. package/esm/browser/oidc/getUserInfo.js.map +1 -1
  166. package/esm/browser/oidc/getWithPopup.js +1 -0
  167. package/esm/browser/oidc/getWithPopup.js.map +1 -1
  168. package/esm/browser/oidc/getWithRedirect.js +1 -0
  169. package/esm/browser/oidc/getWithRedirect.js.map +1 -1
  170. package/esm/browser/oidc/getWithoutPrompt.js +1 -0
  171. package/esm/browser/oidc/getWithoutPrompt.js.map +1 -1
  172. package/esm/browser/oidc/handleOAuthResponse.js +19 -0
  173. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  174. package/esm/browser/oidc/introspect.js +1 -0
  175. package/esm/browser/oidc/introspect.js.map +1 -1
  176. package/esm/browser/oidc/mixin/index.js +62 -2
  177. package/esm/browser/oidc/mixin/index.js.map +1 -1
  178. package/esm/browser/oidc/mixin/minimal.js +1 -0
  179. package/esm/browser/oidc/mixin/minimal.js.map +1 -1
  180. package/esm/browser/oidc/options/OAuthOptionsConstructor.js +1 -0
  181. package/esm/browser/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  182. package/esm/browser/oidc/parseFromUrl.js +1 -0
  183. package/esm/browser/oidc/parseFromUrl.js.map +1 -1
  184. package/esm/browser/oidc/renewToken.js +5 -2
  185. package/esm/browser/oidc/renewToken.js.map +1 -1
  186. package/esm/browser/oidc/renewTokens.js +6 -1
  187. package/esm/browser/oidc/renewTokens.js.map +1 -1
  188. package/esm/browser/oidc/renewTokensWithRefresh.js +15 -5
  189. package/esm/browser/oidc/renewTokensWithRefresh.js.map +1 -1
  190. package/esm/browser/oidc/revokeToken.js +1 -0
  191. package/esm/browser/oidc/revokeToken.js.map +1 -1
  192. package/esm/browser/oidc/storage.js +1 -0
  193. package/esm/browser/oidc/storage.js.map +1 -1
  194. package/esm/browser/oidc/types/Token.js.map +1 -1
  195. package/esm/browser/oidc/util/browser.js +1 -0
  196. package/esm/browser/oidc/util/browser.js.map +1 -1
  197. package/esm/browser/oidc/util/defaultTokenParams.js +3 -2
  198. package/esm/browser/oidc/util/defaultTokenParams.js.map +1 -1
  199. package/esm/browser/oidc/util/oauthMeta.js +1 -0
  200. package/esm/browser/oidc/util/oauthMeta.js.map +1 -1
  201. package/esm/browser/oidc/util/prepareEnrollAuthenticatorParams.js +1 -0
  202. package/esm/browser/oidc/util/prepareEnrollAuthenticatorParams.js.map +1 -1
  203. package/esm/browser/oidc/util/prepareTokenParams.js +4 -0
  204. package/esm/browser/oidc/util/prepareTokenParams.js.map +1 -1
  205. package/esm/browser/oidc/util/validateToken.js +1 -0
  206. package/esm/browser/oidc/util/validateToken.js.map +1 -1
  207. package/esm/browser/oidc/verifyToken.js +1 -0
  208. package/esm/browser/oidc/verifyToken.js.map +1 -1
  209. package/esm/browser/package.json +1 -1
  210. package/esm/browser/services/AutoRenewService.js +1 -0
  211. package/esm/browser/services/AutoRenewService.js.map +1 -1
  212. package/esm/browser/services/SyncStorageService.js +1 -0
  213. package/esm/browser/services/SyncStorageService.js.map +1 -1
  214. package/esm/browser/session/api.js +1 -0
  215. package/esm/browser/session/api.js.map +1 -1
  216. package/esm/node/authn/api.js +1 -0
  217. package/esm/node/authn/api.js.map +1 -1
  218. package/esm/node/authn/util/link2fn.js +1 -0
  219. package/esm/node/authn/util/link2fn.js.map +1 -1
  220. package/esm/node/authn/util/poll.js +1 -0
  221. package/esm/node/authn/util/poll.js.map +1 -1
  222. package/esm/node/browser/fingerprint.js +1 -0
  223. package/esm/node/browser/fingerprint.js.map +1 -1
  224. package/esm/node/core/AuthStateManager.js +1 -0
  225. package/esm/node/core/AuthStateManager.js.map +1 -1
  226. package/esm/node/core/options.js +1 -0
  227. package/esm/node/core/options.js.map +1 -1
  228. package/esm/node/crypto/base64.js +1 -0
  229. package/esm/node/crypto/base64.js.map +1 -1
  230. package/esm/node/errors/OAuthError.js +5 -1
  231. package/esm/node/errors/OAuthError.js.map +1 -1
  232. package/esm/node/errors/WWWAuthError.js +61 -0
  233. package/esm/node/errors/WWWAuthError.js.map +1 -0
  234. package/esm/node/errors/index.js +6 -1
  235. package/esm/node/errors/index.js.map +1 -1
  236. package/esm/node/exports/exports/authn.js +2 -1
  237. package/esm/node/exports/exports/authn.js.map +1 -1
  238. package/esm/node/exports/exports/core.js +2 -1
  239. package/esm/node/exports/exports/core.js.map +1 -1
  240. package/esm/node/exports/exports/default.js +2 -1
  241. package/esm/node/exports/exports/default.js.map +1 -1
  242. package/esm/node/exports/exports/idx.js +2 -1
  243. package/esm/node/exports/exports/idx.js.map +1 -1
  244. package/esm/node/exports/exports/myaccount.js +2 -1
  245. package/esm/node/exports/exports/myaccount.js.map +1 -1
  246. package/esm/node/features.js +12 -2
  247. package/esm/node/features.js.map +1 -1
  248. package/esm/node/http/OktaUserAgent.js +2 -2
  249. package/esm/node/http/options.js +1 -0
  250. package/esm/node/http/options.js.map +1 -1
  251. package/esm/node/http/request.js +14 -25
  252. package/esm/node/http/request.js.map +1 -1
  253. package/esm/node/idx/IdxTransactionManager.js +4 -1
  254. package/esm/node/idx/IdxTransactionManager.js.map +1 -1
  255. package/esm/node/idx/cancel.js +1 -0
  256. package/esm/node/idx/cancel.js.map +1 -1
  257. package/esm/node/idx/factory/api.js +1 -0
  258. package/esm/node/idx/factory/api.js.map +1 -1
  259. package/esm/node/idx/flow/AccountUnlockFlow.js +1 -0
  260. package/esm/node/idx/flow/AccountUnlockFlow.js.map +1 -1
  261. package/esm/node/idx/flow/AuthenticationFlow.js +1 -0
  262. package/esm/node/idx/flow/AuthenticationFlow.js.map +1 -1
  263. package/esm/node/idx/flow/PasswordRecoveryFlow.js +1 -0
  264. package/esm/node/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  265. package/esm/node/idx/flow/RegistrationFlow.js +1 -0
  266. package/esm/node/idx/flow/RegistrationFlow.js.map +1 -1
  267. package/esm/node/idx/handleInteractionCodeRedirect.js +1 -0
  268. package/esm/node/idx/handleInteractionCodeRedirect.js.map +1 -1
  269. package/esm/node/idx/idxState/v1/generateIdxAction.js +1 -0
  270. package/esm/node/idx/idxState/v1/generateIdxAction.js.map +1 -1
  271. package/esm/node/idx/idxState/v1/idxResponseParser.js +1 -0
  272. package/esm/node/idx/idxState/v1/idxResponseParser.js.map +1 -1
  273. package/esm/node/idx/interact.js +1 -0
  274. package/esm/node/idx/interact.js.map +1 -1
  275. package/esm/node/idx/proceed.js +1 -0
  276. package/esm/node/idx/proceed.js.map +1 -1
  277. package/esm/node/idx/recoverPassword.js +1 -0
  278. package/esm/node/idx/recoverPassword.js.map +1 -1
  279. package/esm/node/idx/register.js +1 -0
  280. package/esm/node/idx/register.js.map +1 -1
  281. package/esm/node/idx/remediate.js +1 -0
  282. package/esm/node/idx/remediate.js.map +1 -1
  283. package/esm/node/idx/remediators/GenericRemediator/util.js +2 -0
  284. package/esm/node/idx/remediators/GenericRemediator/util.js.map +1 -1
  285. package/esm/node/idx/run.js +3 -3
  286. package/esm/node/idx/run.js.map +1 -1
  287. package/esm/node/idx/transactionMeta.js +1 -0
  288. package/esm/node/idx/transactionMeta.js.map +1 -1
  289. package/esm/node/idx/unlockAccount.js +1 -0
  290. package/esm/node/idx/unlockAccount.js.map +1 -1
  291. package/esm/node/myaccount/request.js +1 -0
  292. package/esm/node/myaccount/request.js.map +1 -1
  293. package/esm/node/oidc/TokenManager.js +1 -0
  294. package/esm/node/oidc/TokenManager.js.map +1 -1
  295. package/esm/node/oidc/decodeToken.js +1 -0
  296. package/esm/node/oidc/decodeToken.js.map +1 -1
  297. package/esm/node/oidc/dpop.js +160 -0
  298. package/esm/node/oidc/dpop.js.map +1 -0
  299. package/esm/node/oidc/endpoints/authorize.js +1 -0
  300. package/esm/node/oidc/endpoints/authorize.js.map +1 -1
  301. package/esm/node/oidc/endpoints/token.js +62 -25
  302. package/esm/node/oidc/endpoints/token.js.map +1 -1
  303. package/esm/node/oidc/endpoints/well-known.js +1 -0
  304. package/esm/node/oidc/endpoints/well-known.js.map +1 -1
  305. package/esm/node/oidc/enrollAuthenticator.js +1 -0
  306. package/esm/node/oidc/enrollAuthenticator.js.map +1 -1
  307. package/esm/node/oidc/exchangeCodeForTokens.js +41 -25
  308. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  309. package/esm/node/oidc/factory/api.js +1 -0
  310. package/esm/node/oidc/factory/api.js.map +1 -1
  311. package/esm/node/oidc/factory/baseApi.js +1 -0
  312. package/esm/node/oidc/factory/baseApi.js.map +1 -1
  313. package/esm/node/oidc/getToken.js +1 -0
  314. package/esm/node/oidc/getToken.js.map +1 -1
  315. package/esm/node/oidc/getUserInfo.js +22 -18
  316. package/esm/node/oidc/getUserInfo.js.map +1 -1
  317. package/esm/node/oidc/getWithPopup.js +1 -0
  318. package/esm/node/oidc/getWithPopup.js.map +1 -1
  319. package/esm/node/oidc/getWithRedirect.js +1 -0
  320. package/esm/node/oidc/getWithRedirect.js.map +1 -1
  321. package/esm/node/oidc/getWithoutPrompt.js +1 -0
  322. package/esm/node/oidc/getWithoutPrompt.js.map +1 -1
  323. package/esm/node/oidc/handleOAuthResponse.js +19 -0
  324. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  325. package/esm/node/oidc/introspect.js +1 -0
  326. package/esm/node/oidc/introspect.js.map +1 -1
  327. package/esm/node/oidc/mixin/index.js +62 -2
  328. package/esm/node/oidc/mixin/index.js.map +1 -1
  329. package/esm/node/oidc/mixin/minimal.js +1 -0
  330. package/esm/node/oidc/mixin/minimal.js.map +1 -1
  331. package/esm/node/oidc/options/OAuthOptionsConstructor.js +1 -0
  332. package/esm/node/oidc/options/OAuthOptionsConstructor.js.map +1 -1
  333. package/esm/node/oidc/parseFromUrl.js +1 -0
  334. package/esm/node/oidc/parseFromUrl.js.map +1 -1
  335. package/esm/node/oidc/renewToken.js +5 -2
  336. package/esm/node/oidc/renewToken.js.map +1 -1
  337. package/esm/node/oidc/renewTokens.js +6 -1
  338. package/esm/node/oidc/renewTokens.js.map +1 -1
  339. package/esm/node/oidc/renewTokensWithRefresh.js +15 -5
  340. package/esm/node/oidc/renewTokensWithRefresh.js.map +1 -1
  341. package/esm/node/oidc/revokeToken.js +1 -0
  342. package/esm/node/oidc/revokeToken.js.map +1 -1
  343. package/esm/node/oidc/storage.js +1 -0
  344. package/esm/node/oidc/storage.js.map +1 -1
  345. package/esm/node/oidc/types/Token.js.map +1 -1
  346. package/esm/node/oidc/util/browser.js +1 -0
  347. package/esm/node/oidc/util/browser.js.map +1 -1
  348. package/esm/node/oidc/util/defaultTokenParams.js +3 -2
  349. package/esm/node/oidc/util/defaultTokenParams.js.map +1 -1
  350. package/esm/node/oidc/util/oauthMeta.js +1 -0
  351. package/esm/node/oidc/util/oauthMeta.js.map +1 -1
  352. package/esm/node/oidc/util/prepareEnrollAuthenticatorParams.js +1 -0
  353. package/esm/node/oidc/util/prepareEnrollAuthenticatorParams.js.map +1 -1
  354. package/esm/node/oidc/util/prepareTokenParams.js +4 -0
  355. package/esm/node/oidc/util/prepareTokenParams.js.map +1 -1
  356. package/esm/node/oidc/util/validateToken.js +1 -0
  357. package/esm/node/oidc/util/validateToken.js.map +1 -1
  358. package/esm/node/oidc/verifyToken.js +1 -0
  359. package/esm/node/oidc/verifyToken.js.map +1 -1
  360. package/esm/node/package.json +1 -1
  361. package/esm/node/server/serverStorage.js +1 -0
  362. package/esm/node/server/serverStorage.js.map +1 -1
  363. package/esm/node/session/api.js +1 -0
  364. package/esm/node/session/api.js.map +1 -1
  365. package/esm/node/storage/options/StorageOptionsConstructor.js +1 -0
  366. package/esm/node/storage/options/StorageOptionsConstructor.js.map +1 -1
  367. package/package.json +4 -3
  368. package/types/lib/base/types.d.ts +1 -0
  369. package/types/lib/core/options.d.ts +1 -0
  370. package/types/lib/errors/OAuthError.d.ts +3 -1
  371. package/types/lib/errors/WWWAuthError.d.ts +29 -0
  372. package/types/lib/errors/index.d.ts +3 -1
  373. package/types/lib/features.d.ts +1 -0
  374. package/types/lib/idx/options.d.ts +1 -0
  375. package/types/lib/idx/types/options.d.ts +1 -0
  376. package/types/lib/oidc/dpop.d.ts +35 -0
  377. package/types/lib/oidc/endpoints/token.d.ts +5 -2
  378. package/types/lib/oidc/options/OAuthOptionsConstructor.d.ts +1 -0
  379. package/types/lib/oidc/types/Token.d.ts +3 -0
  380. package/types/lib/oidc/types/api.d.ts +13 -0
  381. package/types/lib/oidc/types/meta.d.ts +1 -1
  382. package/types/lib/oidc/types/options.d.ts +3 -0
  383. package/umd/authn.js +1 -1
  384. package/umd/authn.js.map +1 -1
  385. package/umd/core.js +1 -1
  386. package/umd/core.js.map +1 -1
  387. package/umd/default.js +1 -1
  388. package/umd/default.js.map +1 -1
  389. package/umd/idx.js +1 -1
  390. package/umd/idx.js.map +1 -1
  391. package/umd/myaccount.js +1 -1
  392. package/umd/myaccount.js.map +1 -1
package/cjs/oidc/mixin/index.js CHANGED
@@ -10,6 +10,8 @@ var _pkce = _interopRequireDefault(require("../util/pkce"));
10
10
  var _api = require("../factory/api");
11
11
  var _TokenManager = require("../TokenManager");
12
12
  var _util2 = require("../util");
13
+ var _dpop = require("../dpop");
14
+ var _errors = require("../../errors");
13
15
  var _node = require("./node");
14
16
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
15
17
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -192,9 +194,13 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
192
194
  // Revokes the access token for the application session
193
195
  async revokeAccessToken(accessToken) {
194
196
  if (!accessToken) {
195
- accessToken = (await this.tokenManager.getTokens()).accessToken;
197
+ const tokens = await this.tokenManager.getTokens();
198
+ accessToken = tokens.accessToken;
196
199
  const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');
197
200
  this.tokenManager.remove(accessTokenKey);
201
+ if (this.options.dpop) {
202
+ await (0, _dpop.clearDPoPKeyPairAfterRevoke)('access', tokens);
203
+ }
198
204
  }
199
205
  // Access token may have been removed. In this case, we will silently succeed.
200
206
  if (!accessToken) {
@@ -206,9 +212,13 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
206
212
  // Revokes the refresh token for the application session
207
213
  async revokeRefreshToken(refreshToken) {
208
214
  if (!refreshToken) {
209
- refreshToken = (await this.tokenManager.getTokens()).refreshToken;
215
+ const tokens = await this.tokenManager.getTokens();
216
+ refreshToken = tokens.refreshToken;
210
217
  const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');
211
218
  this.tokenManager.remove(refreshTokenKey);
219
+ if (this.options.dpop) {
220
+ await (0, _dpop.clearDPoPKeyPairAfterRevoke)('refresh', tokens);
221
+ }
212
222
  }
213
223
  // Refresh token may have been removed. In this case, we will silently succeed.
214
224
  if (!refreshToken) {
@@ -277,6 +287,10 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
277
287
  if (revokeAccessToken && accessToken) {
278
288
  await this.revokeAccessToken(accessToken);
279
289
  }
290
+ const dpopPairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;
291
+ if (this.options.dpop && dpopPairId) {
292
+ await (0, _dpop.clearDPoPKeyPair)(dpopPairId);
293
+ }
280
294
  const logoutUri = this.getSignOutRedirectUrl({
281
295
  ...options,
282
296
  postLogoutRedirectUri
@@ -309,6 +323,53 @@ function mixinOAuth(Base, TransactionManagerConstructor) {
309
323
  return true;
310
324
  }
311
325
  }
326
+ async getDPoPAuthorizationHeaders(params) {
327
+ if (!this.options.dpop) {
328
+ throw new _errors.AuthSdkError('DPoP is not configured for this client instance');
329
+ }
330
+ let {
331
+ accessToken
332
+ } = params;
333
+ if (!accessToken) {
334
+ accessToken = this.tokenManager.getTokensSync().accessToken;
335
+ }
336
+ if (!accessToken) {
337
+ throw new _errors.AuthSdkError('AccessToken is required to generate a DPoP Proof');
338
+ }
339
+ const keyPair = await (0, _dpop.findKeyPair)(accessToken?.dpopPairId);
340
+ const proof = await (0, _dpop.generateDPoPProof)({
341
+ ...params,
342
+ keyPair,
343
+ accessToken: accessToken.accessToken
344
+ });
345
+ return {
346
+ Authorization: `DPoP ${accessToken.accessToken}`,
347
+ Dpop: proof
348
+ };
349
+ }
350
+ async clearDPoPStorage(clearAll = false) {
351
+ if (clearAll) {
352
+ return (0, _dpop.clearAllDPoPKeyPairs)();
353
+ }
354
+ const tokens = await this.tokenManager.getTokens();
355
+ const keyPair = tokens.accessToken?.dpopPairId || tokens.refreshToken?.dpopPairId;
356
+ if (keyPair) {
357
+ await (0, _dpop.clearDPoPKeyPair)(keyPair);
358
+ }
359
+ }
360
+ parseUseDPoPNonceError(headers) {
361
+ const wwwAuth = _errors.WWWAuthError.getWWWAuthenticateHeader(headers);
362
+ const wwwErr = _errors.WWWAuthError.parseHeader(wwwAuth ?? '');
363
+ if ((0, _dpop.isDPoPNonceError)(wwwErr)) {
364
+ let nonce = null;
365
+ if ((0, _util.isFunction)(headers?.get)) {
366
+ nonce = headers.get('DPoP-Nonce');
367
+ }
368
+ nonce = nonce ?? headers['dpop-nonce'] ?? headers['DPoP-Nonce'];
369
+ return nonce;
370
+ }
371
+ return null;
372
+ }
312
373
  }, (0, _defineProperty2.default)(_class, "crypto", crypto), _class;
313
374
  }
314
375
  //# sourceMappingURL=index.js.map
package/cjs/oidc/mixin/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","getOrRenewAccessToken","key","getStorageKeyByType","err","emitter","emit","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n async getOrRenewAccessToken(): Promise<string | null> {\n const { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && !this.tokenManager.hasExpired(accessToken)) {\n return accessToken.accessToken;\n }\n try {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n const token = await this.tokenManager.renew(key ?? 'accessToken');\n return (token as AccessToken)?.accessToken ?? null;\n }\n catch (err) {\n this.emitter.emit('error', err);\n return null;\n }\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAIA;AAuBA;AACA;AACA;AACA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,mBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,oBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;IAEA,MAAMkB,qBAAqB,GAA2B;MACpD,MAAM;QAAErB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,IAAID,WAAW,IAAI,CAAC,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC7D,OAAOA,WAAW,CAACA,WAAW;MAChC;MACA,IAAI;QACF,MAAMsB,GAAG,GAAG,IAAI,CAACnC,YAAY,CAACoC,mBAAmB,CAAC,aAAa,CAAC;QAChE,MAAMtC,KAAK,GAAG,MAAM,IAAI,CAACE,YAAY,CAACiB,KAAK,CAACkB,GAAG,IAAI,aAAa,CAAC;QACjE,OAAQrC,KAAK,EAAkBe,WAAW,IAAI,IAAI;MACpD,CAAC,CACD,OAAOwB,GAAG,EAAE;QACV,IAAI,CAACC,OAAO,CAACC,IAAI,CAAC,OAAO,EAAEF,GAAG,CAAC;QAC/B,OAAO,IAAI;MACb;IACF;;IAEA;AACJ;AACA;IACI,MAAMG,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAAC5C,KAAK,CAAC6C,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAAC1C,YAAY,CAAC4C,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAAC1D,OAAO,CAACC,IAAI;IAC5B;IAEA0D,eAAe,CAACL,YAA+B,EAAW;MACxD,OAAO,IAAAK,sBAAe,EAACL,YAAY,EAAE,IAAI,CAACtD,OAAO,CAAC;IACpD;IAEA4D,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACD,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAME,eAAe,CAAC7D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACkD,SAAS,EAAE,EAAErC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,EAAEA,WAAW;MAChD;MACA,OAAO,IAAAsC,iBAAW,EAAC,IAAI,EAAE/D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAMgE,iBAAiB,CAACvC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChBA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACkD,SAAS,EAAE,EAAErC,WAA0B;QAC9E,MAAMwC,cAAc,GAAG,IAAI,CAACrD,YAAY,CAACoC,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpC,YAAY,CAACkB,MAAM,CAACmC,cAAc,CAAC;MAC1C;MACA;MACA,IAAI,CAACxC,WAAW,EAAE;QAChB,OAAOyC,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACzD,KAAK,CAAC0D,MAAM,CAAC3C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM4C,kBAAkB,CAACxB,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjBA,YAAY,GAAG,CAAC,MAAM,IAAI,CAACjC,YAAY,CAACkD,SAAS,EAAE,EAAEjB,YAA4B;QACjF,MAAMyB,eAAe,GAAG,IAAI,CAAC1D,YAAY,CAACoC,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpC,YAAY,CAACkB,MAAM,CAACwC,eAAe,CAAC;MAC3C;MACA;MACA,IAAI,CAACzB,YAAY,EAAE;QACjB,OAAOqB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAACzD,KAAK,CAAC0D,MAAM,CAACvB,YAAY,CAAC;IACxC;IAEA0B,qBAAqB,CAACvE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACPyC,qBAAqB;QACrBC;MACF,CAAC,GAAGzE,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAIyC,qBAAqB,KAAK5C,SAAS,EAAE;QACvC4C,qBAAqB,GAAG,IAAI,CAACxE,OAAO,CAACwE,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG7C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAI8C,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAAC/E,OAAwB,EAAoB;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAMgF,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAGxE,OAAO,CAACwE,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxExE,OAAO,CAACwE,qBAAqB,IAC3B,IAAI,CAACxE,OAAO,CAACwE,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,GAAGzE,OAAO,EAAEyE,KAAK;MAG5B,IAAIhD,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMmB,iBAAiB,GAAGhE,OAAO,CAACgE,iBAAiB,KAAK,KAAK;MAC7D,MAAMK,kBAAkB,GAAGrE,OAAO,CAACqE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAOxB,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAImB,iBAAiB,IAAI,OAAOvC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIsC,kBAAkB,IAAIxB,YAAY,EAAE;QACtC,MAAM,IAAI,CAACwB,kBAAkB,CAACxB,YAAY,CAAC;MAC7C;MAEA,IAAImB,iBAAiB,IAAIvC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACuC,iBAAiB,CAACvC,WAAW,CAAC;MAC3C;MAEA,MAAMoD,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGvE,OAAO;QAAEwE;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMS,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACjB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTe,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAElB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGG,WAAW,CAACH,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAACpF,MAAM,CAAC0F,WAAW,CAACH,IAAI,CAAC;QAC1C;QACA,OAAOC,aAAa;MACtB,CAAC,MAAM;QACL,IAAItF,OAAO,CAAC4F,yBAAyB,EAAE;UACrC;UACA,IAAI,CAAChF,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAACiF,qBAAqB,EAAE;QAC3C;QACA;QACAZ,MAAM,CAACC,QAAQ,CAACpF,MAAM,CAAC+E,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;EAEF,CAAC,kDAvT4BiB,MAAM;AAyTrC"}
1
+ {"version":3,"file":"index.js","names":["mixinOAuth","Base","TransactionManagerConstructor","WithOriginalUri","provideOriginalUri","OktaAuthOAuth","constructor","args","transactionManager","Object","assign","storageManager","options","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","_pending","handleLogin","_tokenQueue","PromiseQueue","token","createTokenAPI","tokenManager","TokenManager","endpoints","createEndpoints","clearStorage","clear","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","accessToken","getTokensSync","hasExpired","undefined","renew","remove","idToken","signInWithRedirect","opts","originalUri","additionalParams","setOriginalUri","params","scopes","getWithRedirect","getUser","getUserInfo","getIdToken","getAccessToken","getRefreshToken","refreshToken","getOrRenewAccessToken","key","getStorageKeyByType","err","emitter","emit","storeTokensFromRedirect","tokens","responseType","parseFromUrl","setTokens","isLoginRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","getTokens","httpRequest","revokeAccessToken","accessTokenKey","dpop","clearDPoPKeyPairAfterRevoke","Promise","resolve","revoke","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","state","logoutUrl","getOAuthUrls","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","window","location","origin","currentUri","href","dpopPairId","clearDPoPKeyPair","sessionClosed","closeSession","redirectUri","URL","searchParams","append","clearTokensBeforeRedirect","addPendingRemoveFlags","getDPoPAuthorizationHeaders","AuthSdkError","keyPair","findKeyPair","proof","generateDPoPProof","Authorization","Dpop","clearDPoPStorage","clearAll","clearAllDPoPKeyPairs","parseUseDPoPNonceError","headers","wwwAuth","WWWAuthError","getWWWAuthenticateHeader","wwwErr","parseHeader","isDPoPNonceError","nonce","isFunction","get","crypto"],"sources":["../../../../lib/oidc/mixin/index.ts"],"sourcesContent":["import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n isFunction\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n DPoPRequest,\n DPoPHeaders\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\nimport { \n generateDPoPProof,\n clearDPoPKeyPair,\n clearAllDPoPKeyPairs,\n clearDPoPKeyPairAfterRevoke,\n findKeyPair,\n isDPoPNonceError\n} from '../dpop';\nimport { AuthSdkError, WWWAuthError } from '../../errors';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n async getOrRenewAccessToken(): Promise<string | null> {\n const { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && !this.tokenManager.hasExpired(accessToken)) {\n return accessToken.accessToken;\n }\n try {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n const token = await this.tokenManager.renew(key ?? 'accessToken');\n return (token as AccessToken)?.accessToken ?? null;\n }\n catch (err) {\n this.emitter.emit('error', err);\n return null;\n }\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n const tokens = await this.tokenManager.getTokens();\n accessToken = tokens.accessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n\n if (this.options.dpop) {\n await clearDPoPKeyPairAfterRevoke('access', tokens);\n }\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n const tokens = await this.tokenManager.getTokens();\n refreshToken = tokens.refreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n\n if (this.options.dpop) {\n await clearDPoPKeyPairAfterRevoke('refresh', tokens);\n }\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const dpopPairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;\n if (this.options.dpop && dpopPairId) {\n await clearDPoPKeyPair(dpopPairId);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n async getDPoPAuthorizationHeaders (params: DPoPRequest): Promise<DPoPHeaders> {\n if (!this.options.dpop) {\n throw new AuthSdkError('DPoP is not configured for this client instance');\n }\n\n let { accessToken } = params;\n if (!accessToken) {\n accessToken = (this.tokenManager.getTokensSync()).accessToken;\n }\n\n if (!accessToken) {\n throw new AuthSdkError('AccessToken is required to generate a DPoP Proof');\n }\n\n const keyPair = await findKeyPair(accessToken?.dpopPairId);\n const proof = await generateDPoPProof({...params, keyPair, accessToken: accessToken.accessToken});\n return {\n Authorization: `DPoP ${accessToken.accessToken}`,\n Dpop: proof\n };\n }\n\n async clearDPoPStorage (clearAll=false): Promise<void> {\n if (clearAll) {\n return clearAllDPoPKeyPairs();\n }\n\n const tokens = await this.tokenManager.getTokens();\n const keyPair = tokens.accessToken?.dpopPairId || tokens.refreshToken?.dpopPairId;\n\n if (keyPair) {\n await clearDPoPKeyPair(keyPair);\n }\n }\n\n parseUseDPoPNonceError (headers: HeadersInit): string | null {\n const wwwAuth = WWWAuthError.getWWWAuthenticateHeader(headers);\n const wwwErr = WWWAuthError.parseHeader(wwwAuth ?? '');\n if (isDPoPNonceError(wwwErr)) {\n let nonce: string | null = null;\n if (isFunction((headers as Headers)?.get)) {\n nonce = (headers as Headers).get('DPoP-Nonce');\n }\n nonce = nonce ?? headers['dpop-nonce'] ?? headers['DPoP-Nonce'];\n return nonce;\n }\n\n return null;\n }\n };\n\n}\n"],"mappings":";;;;;AAAA;AAEA;AAKA;AAyBA;AACA;AACA;AACA;AACA;AAQA;AAGA;AAA4C;AAAA;AACrC,SAASA,UAAU,CAUxBC,IAAW,EACXC,6BAAgE,EAElE;EAAA;EACE,MAAMC,eAAe,GAAG,IAAAC,wBAAkB,EAACH,IAAI,CAAC;EAChD,gBAAO,MAAMI,aAAa,SAASF,eAAe,CAElD;IAWEG,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,kBAAkB,GAAG,IAAIN,6BAA6B,CAACO,MAAM,CAACC,MAAM,CAAC;QACxEC,cAAc,EAAE,IAAI,CAACA;MACvB,CAAC,EAAE,IAAI,CAACC,OAAO,CAACJ,kBAAkB,CAAC,CAAC;MAEpC,IAAI,CAACK,IAAI,GAAG;QACVC,6BAA6B,EAAEC,aAAI,CAACD,6BAA6B;QACjEE,gBAAgB,EAAED,aAAI,CAACC,gBAAgB;QACvCC,gBAAgB,EAAEF,aAAI,CAACE;MACzB,CAAC;MAED,IAAI,CAACC,QAAQ,GAAG;QAAEC,WAAW,EAAE;MAAM,CAAC;MAEtC,IAAI,CAACC,WAAW,GAAG,IAAIC,kBAAY,EAAE;MAErC,IAAI,CAACC,KAAK,GAAG,IAAAC,mBAAc,EAAC,IAAI,EAAE,IAAI,CAACH,WAAW,CAAC;;MAEnD;MACA,IAAI,CAACI,YAAY,GAAG,IAAIC,0BAAY,CAAC,IAAI,EAAE,IAAI,CAACb,OAAO,CAACY,YAAY,CAAC;MAErE,IAAI,CAACE,SAAS,GAAG,IAAAC,oBAAe,EAAC,IAAI,CAAC;IACxC;;IAEA;IACAC,YAAY,GAAS;MACnB,KAAK,CAACA,YAAY,EAAE;;MAEpB;MACA,IAAI,CAACJ,YAAY,CAACK,KAAK,EAAE;IAC3B;;IAEA;IACA;IACA;IACA,MAAMC,eAAe,CAAClB,OAA+B,GAAG,CAAC,CAAC,EAAoB;MAC5E;MACA,MAAM;QAAEmB,SAAS;QAAEC;MAAW,CAAC,GAAG,IAAI,CAACR,YAAY,CAACS,UAAU,EAAE;MAEhE,MAAMC,WAAW,GAAGtB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,OAAO,GAAGJ,SAAS;MAC3F,MAAMK,YAAY,GAAGxB,OAAO,CAACuB,cAAc,GAAGvB,OAAO,CAACuB,cAAc,KAAK,QAAQ,GAAGH,UAAU;MAE9F,IAAI;QAAEK;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACvD,IAAID,WAAW,IAAI,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC5DA,WAAW,GAAGG,SAAS;QACvB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFG,WAAW,GAAG,MAAM,IAAI,CAACb,YAAY,CAACiB,KAAK,CAAC,aAAa,CAAgB;UAC3E,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,aAAa,CAAC;QACzC;MACF;MAEA,IAAI;QAAEC;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACnD,IAAIK,OAAO,IAAI,IAAI,CAACnB,YAAY,CAACe,UAAU,CAACI,OAAO,CAAC,EAAE;QACpDA,OAAO,GAAGH,SAAS;QACnB,IAAIN,WAAW,EAAE;UACf,IAAI;YACFS,OAAO,GAAG,MAAM,IAAI,CAACnB,YAAY,CAACiB,KAAK,CAAC,SAAS,CAAY;UAC/D,CAAC,CAAC,MAAM;YACN;UACF;QACF,CAAC,MAAM,IAAIL,YAAY,EAAE;UACvB,IAAI,CAACZ,YAAY,CAACkB,MAAM,CAAC,SAAS,CAAC;QACrC;MACF;MAEA,OAAO,CAAC,EAAEL,WAAW,IAAIM,OAAO,CAAC;IACnC;IAGA,MAAMC,kBAAkB,CAACC,IAA+B,GAAG,CAAC,CAAC,EAAE;MAC7D,MAAM;QAAEC,WAAW;QAAE,GAAGC;MAAiB,CAAC,GAAGF,IAAI;MACjD,IAAG,IAAI,CAAC3B,QAAQ,CAACC,WAAW,EAAE;QAC5B;QACA;MACF;MAEA,IAAI,CAACD,QAAQ,CAACC,WAAW,GAAG,IAAI;MAChC,IAAI;QACF;QACA,IAAI2B,WAAW,EAAE;UACf,IAAI,CAACE,cAAc,CAACF,WAAW,CAAC;QAClC;QACA,MAAMG,MAAM,GAAGxC,MAAM,CAACC,MAAM,CAAC;UAC3B;UACAwC,MAAM,EAAE,IAAI,CAACtC,OAAO,CAACsC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS;QAC9D,CAAC,EAAEH,gBAAgB,CAAC;QACpB,MAAM,IAAI,CAACzB,KAAK,CAAC6B,eAAe,CAACF,MAAM,CAAC;MAC1C,CAAC,SAAS;QACR,IAAI,CAAC/B,QAAQ,CAACC,WAAW,GAAG,KAAK;MACnC;IACF;IAEA,MAAMiC,OAAO,GAA0E;MACrF,MAAM;QAAET,OAAO;QAAEN;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MAClE,OAAO,IAAI,CAAChB,KAAK,CAAC+B,WAAW,CAAChB,WAAW,EAAEM,OAAO,CAAC;IACrD;IAEAW,UAAU,GAAuB;MAC/B,MAAM;QAAEX;MAAQ,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE;MACrD,OAAOK,OAAO,GAAGA,OAAO,CAACA,OAAO,GAAGH,SAAS;IAC9C;IAEAe,cAAc,GAAuB;MACnC,MAAM;QAAElB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,OAAOD,WAAW,GAAGA,WAAW,CAACA,WAAW,GAAGG,SAAS;IAC1D;IAEAgB,eAAe,GAAuB;MACpC,MAAM;QAAEC;MAAa,CAAC,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE;MAC1D,OAAOmB,YAAY,GAAGA,YAAY,CAACA,YAAY,GAAGjB,SAAS;IAC7D;IAEA,MAAMkB,qBAAqB,GAA2B;MACpD,MAAM;QAAErB;MAAY,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE;MACzD,IAAID,WAAW,IAAI,CAAC,IAAI,CAACb,YAAY,CAACe,UAAU,CAACF,WAAW,CAAC,EAAE;QAC7D,OAAOA,WAAW,CAACA,WAAW;MAChC;MACA,IAAI;QACF,MAAMsB,GAAG,GAAG,IAAI,CAACnC,YAAY,CAACoC,mBAAmB,CAAC,aAAa,CAAC;QAChE,MAAMtC,KAAK,GAAG,MAAM,IAAI,CAACE,YAAY,CAACiB,KAAK,CAACkB,GAAG,IAAI,aAAa,CAAC;QACjE,OAAQrC,KAAK,EAAkBe,WAAW,IAAI,IAAI;MACpD,CAAC,CACD,OAAOwB,GAAG,EAAE;QACV,IAAI,CAACC,OAAO,CAACC,IAAI,CAAC,OAAO,EAAEF,GAAG,CAAC;QAC/B,OAAO,IAAI;MACb;IACF;;IAEA;AACJ;AACA;IACI,MAAMG,uBAAuB,GAAkB;MAC7C,MAAM;QAAEC,MAAM;QAAEC;MAAa,CAAC,GAAG,MAAM,IAAI,CAAC5C,KAAK,CAAC6C,YAAY,EAAE;MAChE,IAAID,YAAY,KAAK,MAAM,EAAE;QAC3B,IAAI,CAAC1C,YAAY,CAAC4C,SAAS,CAACH,MAAM,CAAC;MACrC;IACF;IAEAI,eAAe,GAAY;MACzB,OAAO,IAAAA,sBAAe,EAAC,IAAI,CAAC;IAC9B;IAEAC,MAAM,GAAY;MAChB,OAAO,CAAC,CAAC,IAAI,CAAC1D,OAAO,CAACC,IAAI;IAC5B;IAEA0D,eAAe,CAACL,YAA+B,EAAW;MACxD,OAAO,IAAAK,sBAAe,EAACL,YAAY,EAAE,IAAI,CAACtD,OAAO,CAAC;IACpD;IAEA4D,uBAAuB,GAAY;MACjC,OAAO,IAAI,CAACD,eAAe,CAAC,MAAM,CAAC;IACrC;;IAEA;IACA,MAAME,eAAe,CAAC7D,OAAuB,EAAoB;MAC/D,IAAI,CAACA,OAAO,CAACyB,WAAW,EAAE;QACxB,MAAMA,WAAW,GAAG,CAAC,MAAM,IAAI,CAACb,YAAY,CAACkD,SAAS,EAAE,EAAErC,WAA0B;QACpFzB,OAAO,CAACyB,WAAW,GAAGA,WAAW,EAAEA,WAAW;MAChD;MACA,OAAO,IAAAsC,iBAAW,EAAC,IAAI,EAAE/D,OAAO,CAAC;IACnC;;IAEA;IACA,MAAMgE,iBAAiB,CAACvC,WAAyB,EAAoB;MACnE,IAAI,CAACA,WAAW,EAAE;QAChB,MAAM4B,MAAM,GAAG,MAAM,IAAI,CAACzC,YAAY,CAACkD,SAAS,EAAE;QAClDrC,WAAW,GAAG4B,MAAM,CAAC5B,WAAW;QAChC,MAAMwC,cAAc,GAAG,IAAI,CAACrD,YAAY,CAACoC,mBAAmB,CAAC,aAAa,CAAC;QAC3E,IAAI,CAACpC,YAAY,CAACkB,MAAM,CAACmC,cAAc,CAAC;QAExC,IAAI,IAAI,CAACjE,OAAO,CAACkE,IAAI,EAAE;UACrB,MAAM,IAAAC,iCAA2B,EAAC,QAAQ,EAAEd,MAAM,CAAC;QACrD;MACF;MACA;MACA,IAAI,CAAC5B,WAAW,EAAE;QAChB,OAAO2C,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAAC3D,KAAK,CAAC4D,MAAM,CAAC7C,WAAW,CAAC;IACvC;;IAEA;IACA,MAAM8C,kBAAkB,CAAC1B,YAA2B,EAAoB;MACtE,IAAI,CAACA,YAAY,EAAE;QACjB,MAAMQ,MAAM,GAAG,MAAM,IAAI,CAACzC,YAAY,CAACkD,SAAS,EAAE;QAClDjB,YAAY,GAAGQ,MAAM,CAACR,YAAY;QAClC,MAAM2B,eAAe,GAAG,IAAI,CAAC5D,YAAY,CAACoC,mBAAmB,CAAC,cAAc,CAAC;QAC7E,IAAI,CAACpC,YAAY,CAACkB,MAAM,CAAC0C,eAAe,CAAC;QAEzC,IAAI,IAAI,CAACxE,OAAO,CAACkE,IAAI,EAAE;UACrB,MAAM,IAAAC,iCAA2B,EAAC,SAAS,EAAEd,MAAM,CAAC;QACtD;MACF;MACA;MACA,IAAI,CAACR,YAAY,EAAE;QACjB,OAAOuB,OAAO,CAACC,OAAO,CAAC,IAAI,CAAC;MAC9B;MACA,OAAO,IAAI,CAAC3D,KAAK,CAAC4D,MAAM,CAACzB,YAAY,CAAC;IACxC;IAEA4B,qBAAqB,CAACzE,OAAkC,GAAG,CAAC,CAAC,EAAE;MAC7D,IAAI;QACF+B,OAAO;QACP2C,qBAAqB;QACrBC;MACF,CAAC,GAAG3E,OAAO;MACX,IAAI,CAAC+B,OAAO,EAAE;QACZA,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MAChE;MACA,IAAI,CAACA,OAAO,EAAE;QACZ,OAAO,EAAE;MACX;MACA,IAAI2C,qBAAqB,KAAK9C,SAAS,EAAE;QACvC8C,qBAAqB,GAAG,IAAI,CAAC1E,OAAO,CAAC0E,qBAAqB;MAC5D;MAEA,MAAME,SAAS,GAAG,IAAAC,mBAAY,EAAC,IAAI,CAAC,CAACD,SAAS;MAC9C,MAAME,WAAW,GAAG/C,OAAO,CAACA,OAAO,CAAC,CAAC;MACrC,IAAIgD,SAAS,GAAGH,SAAS,GAAG,iBAAiB,GAAGI,kBAAkB,CAACF,WAAW,CAAC;MAC/E,IAAIJ,qBAAqB,EAAE;QACzBK,SAAS,IAAI,4BAA4B,GAAGC,kBAAkB,CAACN,qBAAqB,CAAC;MACvF;MACA;MACA,IAAIC,KAAK,EAAE;QACTI,SAAS,IAAI,SAAS,GAAGC,kBAAkB,CAACL,KAAK,CAAC;MACpD;MAEA,OAAOI,SAAS;IAClB;;IAEA;IACA;IACA,MAAME,OAAO,CAACjF,OAAwB,EAAoB;MACxDA,OAAO,GAAGH,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEE,OAAO,CAAC;;MAEpC;MACA,MAAMkF,UAAU,GAAGC,MAAM,CAACC,QAAQ,CAACC,MAAM;MACzC,MAAMC,UAAU,GAAGH,MAAM,CAACC,QAAQ,CAACG,IAAI;MACvC;MACA;MACA;MACA;MACA,MAAMb,qBAAqB,GAAG1E,OAAO,CAAC0E,qBAAqB,KAAK,IAAI,GAAG,IAAI,GACxE1E,OAAO,CAAC0E,qBAAqB,IAC3B,IAAI,CAAC1E,OAAO,CAAC0E,qBAAqB,IAClCQ,UAAW;MAChB,MAAMP,KAAK,GAAG3E,OAAO,EAAE2E,KAAK;MAG5B,IAAIlD,WAAW,GAAGzB,OAAO,CAACyB,WAAW;MACrC,IAAIoB,YAAY,GAAG7C,OAAO,CAAC6C,YAAY;MACvC,MAAMmB,iBAAiB,GAAGhE,OAAO,CAACgE,iBAAiB,KAAK,KAAK;MAC7D,MAAMO,kBAAkB,GAAGvE,OAAO,CAACuE,kBAAkB,KAAK,KAAK;MAE/D,IAAIA,kBAAkB,IAAI,OAAO1B,YAAY,KAAK,WAAW,EAAE;QAC7DA,YAAY,GAAG,IAAI,CAACjC,YAAY,CAACc,aAAa,EAAE,CAACmB,YAA4B;MAC/E;MAEA,IAAImB,iBAAiB,IAAI,OAAOvC,WAAW,KAAK,WAAW,EAAE;QAC3DA,WAAW,GAAG,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAACD,WAA0B;MAC5E;MAEA,IAAI,CAACzB,OAAO,CAAC+B,OAAO,EAAE;QACpB/B,OAAO,CAAC+B,OAAO,GAAG,IAAI,CAACnB,YAAY,CAACc,aAAa,EAAE,CAACK,OAAkB;MACxE;MAEA,IAAIwC,kBAAkB,IAAI1B,YAAY,EAAE;QACtC,MAAM,IAAI,CAAC0B,kBAAkB,CAAC1B,YAAY,CAAC;MAC7C;MAEA,IAAImB,iBAAiB,IAAIvC,WAAW,EAAE;QACpC,MAAM,IAAI,CAACuC,iBAAiB,CAACvC,WAAW,CAAC;MAC3C;MAEA,MAAM+D,UAAU,GAAG/D,WAAW,EAAE+D,UAAU,IAAI3C,YAAY,EAAE2C,UAAU;MACtE,IAAI,IAAI,CAACxF,OAAO,CAACkE,IAAI,IAAIsB,UAAU,EAAE;QACnC,MAAM,IAAAC,sBAAgB,EAACD,UAAU,CAAC;MACpC;MAEA,MAAMT,SAAS,GAAG,IAAI,CAACN,qBAAqB,CAAC;QAAE,GAAGzE,OAAO;QAAE0E;MAAsB,CAAC,CAAC;MACnF;MACA;MACA,IAAI,CAACK,SAAS,EAAE;QACd;QACA,MAAMW,aAAa,GAAG,MAAM,IAAI,CAACC,YAAY,EAAE,CAAC,CAAG;QACnD,MAAMC,WAAW,GAAG,IAAIC,GAAG,CAACnB,qBAAqB,IAAIQ,UAAU,CAAC,CAAC,CAAC;QAClE,IAAIP,KAAK,EAAE;UACTiB,WAAW,CAACE,YAAY,CAACC,MAAM,CAAC,OAAO,EAAEpB,KAAK,CAAC;QACjD;QACA,IAAID,qBAAqB,KAAKY,UAAU,EAAE;UACxC;UACAH,MAAM,CAACC,QAAQ,CAACG,IAAI,GAAGK,WAAW,CAACL,IAAI;QACzC,CAAC,MAAM;UACLJ,MAAM,CAACC,QAAQ,CAACtF,MAAM,CAAC8F,WAAW,CAACL,IAAI,CAAC;QAC1C;QACA,OAAOG,aAAa;MACtB,CAAC,MAAM;QACL,IAAI1F,OAAO,CAACgG,yBAAyB,EAAE;UACrC;UACA,IAAI,CAACpF,YAAY,CAACK,KAAK,EAAE;QAC3B,CAAC,MAAM;UACL,IAAI,CAACL,YAAY,CAACqF,qBAAqB,EAAE;QAC3C;QACA;QACAd,MAAM,CAACC,QAAQ,CAACtF,MAAM,CAACiF,SAAS,CAAC;QACjC,OAAO,IAAI;MACb;IACF;IAEA,MAAMmB,2BAA2B,CAAE7D,MAAmB,EAAwB;MAC5E,IAAI,CAAC,IAAI,CAACrC,OAAO,CAACkE,IAAI,EAAE;QACtB,MAAM,IAAIiC,oBAAY,CAAC,iDAAiD,CAAC;MAC3E;MAEA,IAAI;QAAE1E;MAAY,CAAC,GAAGY,MAAM;MAC5B,IAAI,CAACZ,WAAW,EAAE;QAChBA,WAAW,GAAI,IAAI,CAACb,YAAY,CAACc,aAAa,EAAE,CAAED,WAAW;MAC/D;MAEA,IAAI,CAACA,WAAW,EAAE;QAChB,MAAM,IAAI0E,oBAAY,CAAC,kDAAkD,CAAC;MAC5E;MAEA,MAAMC,OAAO,GAAG,MAAM,IAAAC,iBAAW,EAAC5E,WAAW,EAAE+D,UAAU,CAAC;MAC1D,MAAMc,KAAK,GAAG,MAAM,IAAAC,uBAAiB,EAAC;QAAC,GAAGlE,MAAM;QAAE+D,OAAO;QAAE3E,WAAW,EAAEA,WAAW,CAACA;MAAW,CAAC,CAAC;MACjG,OAAO;QACL+E,aAAa,EAAG,QAAO/E,WAAW,CAACA,WAAY,EAAC;QAChDgF,IAAI,EAAEH;MACR,CAAC;IACH;IAEA,MAAMI,gBAAgB,CAAEC,QAAQ,GAAC,KAAK,EAAiB;MACrD,IAAIA,QAAQ,EAAE;QACZ,OAAO,IAAAC,0BAAoB,GAAE;MAC/B;MAEA,MAAMvD,MAAM,GAAG,MAAM,IAAI,CAACzC,YAAY,CAACkD,SAAS,EAAE;MAClD,MAAMsC,OAAO,GAAG/C,MAAM,CAAC5B,WAAW,EAAE+D,UAAU,IAAInC,MAAM,CAACR,YAAY,EAAE2C,UAAU;MAEjF,IAAIY,OAAO,EAAE;QACX,MAAM,IAAAX,sBAAgB,EAACW,OAAO,CAAC;MACjC;IACF;IAEAS,sBAAsB,CAAEC,OAAoB,EAAiB;MAC3D,MAAMC,OAAO,GAAGC,oBAAY,CAACC,wBAAwB,CAACH,OAAO,CAAC;MAC9D,MAAMI,MAAM,GAAGF,oBAAY,CAACG,WAAW,CAACJ,OAAO,IAAI,EAAE,CAAC;MACtD,IAAI,IAAAK,sBAAgB,EAACF,MAAM,CAAC,EAAE;QAC5B,IAAIG,KAAoB,GAAG,IAAI;QAC/B,IAAI,IAAAC,gBAAU,EAAER,OAAO,EAAcS,GAAG,CAAC,EAAE;UACzCF,KAAK,GAAIP,OAAO,CAAaS,GAAG,CAAC,YAAY,CAAC;QAChD;QACAF,KAAK,GAAGA,KAAK,IAAIP,OAAO,CAAC,YAAY,CAAC,IAAIA,OAAO,CAAC,YAAY,CAAC;QAC/D,OAAOO,KAAK;MACd;MAEA,OAAO,IAAI;IACb;EACF,CAAC,kDAvX4BG,MAAM;AAyXrC"}
package/cjs/oidc/options/OAuthOptionsConstructor.js CHANGED
@@ -80,6 +80,8 @@ function createOAuthOptionsConstructor() {
80
80
  this.codeChallengeMethod = options.codeChallengeMethod;
81
81
  this.acrValues = options.acrValues;
82
82
  this.maxAge = options.maxAge;
83
+ this.dpop = options.dpop === true; // dpop defaults to false
84
+
83
85
  this.tokenManager = options.tokenManager;
84
86
  this.postLogoutRedirectUri = options.postLogoutRedirectUri;
85
87
  this.restoreOriginalUri = options.restoreOriginalUri;
package/cjs/oidc/options/OAuthOptionsConstructor.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","acrValues","maxAge","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n OAuthResponseMode,\n OAuthResponseType,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n SetLocationFunction,\n TokenManagerOptions,\n TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var issuer = args.issuer!;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.okta') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nexport function createOAuthOptionsConstructor() {\n const HttpOptionsConstructor = createHttpOptionsConstructor();\n return class OAuthOptionsConstructor\n extends HttpOptionsConstructor\n implements Required<OktaAuthOAuthOptions>\n {\n // CustomUrls\n issuer: string;\n authorizeUrl: string;\n userinfoUrl: string;\n tokenUrl: string;\n revokeUrl: string;\n logoutUrl: string;\n \n // TokenParams\n pkce: boolean;\n clientId: string;\n redirectUri: string;\n responseType: OAuthResponseType | OAuthResponseType[];\n responseMode: OAuthResponseMode;\n state: string;\n scopes: string[];\n ignoreSignature: boolean;\n codeChallenge: string;\n codeChallengeMethod: string;\n acrValues: string;\n maxAge: string | number;\n\n // Additional options\n tokenManager: TokenManagerOptions;\n postLogoutRedirectUri: string;\n restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n transactionManager: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret: string;\n setLocation: SetLocationFunction;\n\n // Workaround for bad client time/clock\n ignoreLifetime: boolean;\n maxClockSkew: number;\n\n\n // eslint-disable-next-line max-statements\n constructor(options: any) {\n super(options);\n \n assertValidConfig(options);\n \n this.issuer = removeTrailingSlash(options.issuer);\n this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n this.clientId = options.clientId;\n this.redirectUri = options.redirectUri;\n if (isBrowser()) {\n this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n }\n this.responseType = options.responseType;\n this.responseMode = options.responseMode;\n this.state = options.state;\n this.scopes = options.scopes;\n // Give the developer the ability to disable token signature validation.\n this.ignoreSignature = !!options.ignoreSignature;\n this.codeChallenge = options.codeChallenge;\n this.codeChallengeMethod = options.codeChallengeMethod;\n this.acrValues = options.acrValues;\n this.maxAge = options.maxAge;\n\n this.tokenManager = options.tokenManager;\n this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n this.restoreOriginalUri = options.restoreOriginalUri;\n this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n \n this.clientSecret = options.clientSecret;\n this.setLocation = options.setLocation;\n \n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.ignoreLifetime = !!options.ignoreLifetime;\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.maxClockSkew = options.maxClockSkew;\n }\n\n }\n };\n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AAUA;AACA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA,SAASA,iBAAiB,CAACC,IAAI,EAAE;EAC/BA,IAAI,GAAGA,IAAI,IAAI,CAAC,CAAC;EAEjB,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAM;EACxB,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,MAAM,CAAC,EAAE;IACpC,MAAM,IAAIG,qBAAY,CAAC,qCAAqC,GAC1D,6DAA6D,CAAC;EAClE;;EAEA;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAO;EACzB,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,qBAAY,CAAC,mCAAmC,GACxD,8FAA8F,CAAC;EACnG;EAEA,IAAIE,UAAU,GAAG,IAAIC,MAAM,CAAC,eAAe,CAAC;EAC5C,IAAI,CAACD,UAAU,CAACE,IAAI,CAACH,MAAM,CAAC,EAAE;IAC5B,MAAM,IAAID,qBAAY,CAAC,8BAA8B,GACnD,8FAA8F,CAAC;EACnG;EAEA,IAAIC,MAAM,CAACI,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE;IACxC,MAAM,IAAIL,qBAAY,CAAC,mEAAmE,GACxF,uEAAuE,CAAC;EAC5E;AACF;AAEO,SAASM,6BAA6B,GAAG;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAA4B,GAAE;EAC7D,OAAO,MAAMC,uBAAuB,SAC1BF,sBAAsB,CAEhC;IACE;;IAQA;;IAcA;;IAMA;;IAIA;;IAKA;IACAG,WAAW,CAACC,OAAY,EAAE;MACxB,KAAK,CAACA,OAAO,CAAC;MAEdhB,iBAAiB,CAACgB,OAAO,CAAC;MAE1B,IAAI,CAACV,MAAM,GAAG,IAAAW,wBAAmB,EAACD,OAAO,CAACV,MAAM,CAAC;MACjD,IAAI,CAACY,QAAQ,GAAG,IAAAD,wBAAmB,EAACD,OAAO,CAACE,QAAQ,CAAC;MACrD,IAAI,CAACC,YAAY,GAAG,IAAAF,wBAAmB,EAACD,OAAO,CAACG,YAAY,CAAC;MAC7D,IAAI,CAACC,WAAW,GAAG,IAAAH,wBAAmB,EAACD,OAAO,CAACI,WAAW,CAAC;MAC3D,IAAI,CAACC,SAAS,GAAG,IAAAJ,wBAAmB,EAACD,OAAO,CAACK,SAAS,CAAC;MACvD,IAAI,CAACC,SAAS,GAAG,IAAAL,wBAAmB,EAACD,OAAO,CAACM,SAAS,CAAC;MAEvD,IAAI,CAACC,IAAI,GAAGP,OAAO,CAACO,IAAI,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;MACnD,IAAI,CAACC,QAAQ,GAAGR,OAAO,CAACQ,QAAQ;MAChC,IAAI,CAACC,WAAW,GAAGT,OAAO,CAACS,WAAW;MACtC,IAAI,IAAAC,mBAAS,GAAE,EAAE;QACf,IAAI,CAACD,WAAW,GAAG,IAAAE,kBAAa,EAACX,OAAO,CAACS,WAAW,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC,CAAC,CAAC;MACjF;;MACA,IAAI,CAACC,YAAY,GAAGf,OAAO,CAACe,YAAY;MACxC,IAAI,CAACC,YAAY,GAAGhB,OAAO,CAACgB,YAAY;MACxC,IAAI,CAACC,KAAK,GAAGjB,OAAO,CAACiB,KAAK;MAC1B,IAAI,CAAC/B,MAAM,GAAGc,OAAO,CAACd,MAAM;MAC5B;MACA,IAAI,CAACgC,eAAe,GAAG,CAAC,CAAClB,OAAO,CAACkB,eAAe;MAChD,IAAI,CAACC,aAAa,GAAGnB,OAAO,CAACmB,aAAa;MAC1C,IAAI,CAACC,mBAAmB,GAAGpB,OAAO,CAACoB,mBAAmB;MACtD,IAAI,CAACC,SAAS,GAAGrB,OAAO,CAACqB,SAAS;MAClC,IAAI,CAACC,MAAM,GAAGtB,OAAO,CAACsB,MAAM;MAE5B,IAAI,CAACC,YAAY,GAAGvB,OAAO,CAACuB,YAAY;MACxC,IAAI,CAACC,qBAAqB,GAAGxB,OAAO,CAACwB,qBAAqB;MAC1D,IAAI,CAACC,kBAAkB,GAAGzB,OAAO,CAACyB,kBAAkB;MACpD,IAAI,CAACC,kBAAkB,GAAG;QAAEC,mBAAmB,EAAnBA,yBAAmB;QAAE,GAAG3B,OAAO,CAAC0B;MAAmB,CAAC;MAEhF,IAAI,CAACE,YAAY,GAAG5B,OAAO,CAAC4B,YAAY;MACxC,IAAI,CAACC,WAAW,GAAG7B,OAAO,CAAC6B,WAAW;;MAEtC;MACA;MACA;MACA,IAAI,CAACC,cAAc,GAAG,CAAC,CAAC9B,OAAO,CAAC8B,cAAc;;MAE9C;MACA;MACA;MACA;MACA;MACA;MACA;MACA,IAAI,CAAC9B,OAAO,CAAC+B,YAAY,IAAI/B,OAAO,CAAC+B,YAAY,KAAK,CAAC,EAAE;QACvD,IAAI,CAACA,YAAY,GAAGC,iCAAsB;MAC5C,CAAC,MAAM;QACL,IAAI,CAACD,YAAY,GAAG/B,OAAO,CAAC+B,YAAY;MAC1C;IAEF;EACF,CAAC;AACH"}
1
+ {"version":3,"file":"OAuthOptionsConstructor.js","names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","createOAuthOptionsConstructor","HttpOptionsConstructor","createHttpOptionsConstructor","OAuthOptionsConstructor","constructor","options","removeTrailingSlash","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","pkce","clientId","redirectUri","isBrowser","toAbsoluteUrl","window","location","origin","responseType","responseMode","state","ignoreSignature","codeChallenge","codeChallengeMethod","acrValues","maxAge","dpop","tokenManager","postLogoutRedirectUri","restoreOriginalUri","transactionManager","enableSharedStorage","clientSecret","setLocation","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW"],"sources":["../../../../lib/oidc/options/OAuthOptionsConstructor.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n OAuthResponseMode,\n OAuthResponseType,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n SetLocationFunction,\n TokenManagerOptions,\n TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var issuer = args.issuer!;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.okta') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nexport function createOAuthOptionsConstructor() {\n const HttpOptionsConstructor = createHttpOptionsConstructor();\n return class OAuthOptionsConstructor\n extends HttpOptionsConstructor\n implements Required<OktaAuthOAuthOptions>\n {\n // CustomUrls\n issuer: string;\n authorizeUrl: string;\n userinfoUrl: string;\n tokenUrl: string;\n revokeUrl: string;\n logoutUrl: string;\n \n // TokenParams\n pkce: boolean;\n clientId: string;\n redirectUri: string;\n responseType: OAuthResponseType | OAuthResponseType[];\n responseMode: OAuthResponseMode;\n state: string;\n scopes: string[];\n ignoreSignature: boolean;\n codeChallenge: string;\n codeChallengeMethod: string;\n acrValues: string;\n maxAge: string | number;\n dpop: boolean;\n\n // Additional options\n tokenManager: TokenManagerOptions;\n postLogoutRedirectUri: string;\n restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n transactionManager: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret: string;\n setLocation: SetLocationFunction;\n\n // Workaround for bad client time/clock\n ignoreLifetime: boolean;\n maxClockSkew: number;\n\n\n // eslint-disable-next-line max-statements\n constructor(options: any) {\n super(options);\n \n assertValidConfig(options);\n \n this.issuer = removeTrailingSlash(options.issuer);\n this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n this.clientId = options.clientId;\n this.redirectUri = options.redirectUri;\n if (isBrowser()) {\n this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n }\n this.responseType = options.responseType;\n this.responseMode = options.responseMode;\n this.state = options.state;\n this.scopes = options.scopes;\n // Give the developer the ability to disable token signature validation.\n this.ignoreSignature = !!options.ignoreSignature;\n this.codeChallenge = options.codeChallenge;\n this.codeChallengeMethod = options.codeChallengeMethod;\n this.acrValues = options.acrValues;\n this.maxAge = options.maxAge;\n this.dpop = options.dpop === true; // dpop defaults to false\n\n this.tokenManager = options.tokenManager;\n this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n this.restoreOriginalUri = options.restoreOriginalUri;\n this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n \n this.clientSecret = options.clientSecret;\n this.setLocation = options.setLocation;\n \n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.ignoreLifetime = !!options.ignoreLifetime;\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.maxClockSkew = options.maxClockSkew;\n }\n\n }\n };\n}\n"],"mappings":";;;;AAYA;AACA;AACA;AACA;AAUA;AACA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA,SAASA,iBAAiB,CAACC,IAAI,EAAE;EAC/BA,IAAI,GAAGA,IAAI,IAAI,CAAC,CAAC;EAEjB,IAAIC,MAAM,GAAGD,IAAI,CAACC,MAAM;EACxB,IAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,MAAM,CAAC,EAAE;IACpC,MAAM,IAAIG,qBAAY,CAAC,qCAAqC,GAC1D,6DAA6D,CAAC;EAClE;;EAEA;EACA,IAAIC,MAAM,GAAGL,IAAI,CAACK,MAAO;EACzB,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,qBAAY,CAAC,mCAAmC,GACxD,8FAA8F,CAAC;EACnG;EAEA,IAAIE,UAAU,GAAG,IAAIC,MAAM,CAAC,eAAe,CAAC;EAC5C,IAAI,CAACD,UAAU,CAACE,IAAI,CAACH,MAAM,CAAC,EAAE;IAC5B,MAAM,IAAID,qBAAY,CAAC,8BAA8B,GACnD,8FAA8F,CAAC;EACnG;EAEA,IAAIC,MAAM,CAACI,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE;IACxC,MAAM,IAAIL,qBAAY,CAAC,mEAAmE,GACxF,uEAAuE,CAAC;EAC5E;AACF;AAEO,SAASM,6BAA6B,GAAG;EAC9C,MAAMC,sBAAsB,GAAG,IAAAC,qCAA4B,GAAE;EAC7D,OAAO,MAAMC,uBAAuB,SAC1BF,sBAAsB,CAEhC;IACE;;IAQA;;IAeA;;IAMA;;IAIA;;IAKA;IACAG,WAAW,CAACC,OAAY,EAAE;MACxB,KAAK,CAACA,OAAO,CAAC;MAEdhB,iBAAiB,CAACgB,OAAO,CAAC;MAE1B,IAAI,CAACV,MAAM,GAAG,IAAAW,wBAAmB,EAACD,OAAO,CAACV,MAAM,CAAC;MACjD,IAAI,CAACY,QAAQ,GAAG,IAAAD,wBAAmB,EAACD,OAAO,CAACE,QAAQ,CAAC;MACrD,IAAI,CAACC,YAAY,GAAG,IAAAF,wBAAmB,EAACD,OAAO,CAACG,YAAY,CAAC;MAC7D,IAAI,CAACC,WAAW,GAAG,IAAAH,wBAAmB,EAACD,OAAO,CAACI,WAAW,CAAC;MAC3D,IAAI,CAACC,SAAS,GAAG,IAAAJ,wBAAmB,EAACD,OAAO,CAACK,SAAS,CAAC;MACvD,IAAI,CAACC,SAAS,GAAG,IAAAL,wBAAmB,EAACD,OAAO,CAACM,SAAS,CAAC;MAEvD,IAAI,CAACC,IAAI,GAAGP,OAAO,CAACO,IAAI,KAAK,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;MACnD,IAAI,CAACC,QAAQ,GAAGR,OAAO,CAACQ,QAAQ;MAChC,IAAI,CAACC,WAAW,GAAGT,OAAO,CAACS,WAAW;MACtC,IAAI,IAAAC,mBAAS,GAAE,EAAE;QACf,IAAI,CAACD,WAAW,GAAG,IAAAE,kBAAa,EAACX,OAAO,CAACS,WAAW,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC,CAAC,CAAC;MACjF;;MACA,IAAI,CAACC,YAAY,GAAGf,OAAO,CAACe,YAAY;MACxC,IAAI,CAACC,YAAY,GAAGhB,OAAO,CAACgB,YAAY;MACxC,IAAI,CAACC,KAAK,GAAGjB,OAAO,CAACiB,KAAK;MAC1B,IAAI,CAAC/B,MAAM,GAAGc,OAAO,CAACd,MAAM;MAC5B;MACA,IAAI,CAACgC,eAAe,GAAG,CAAC,CAAClB,OAAO,CAACkB,eAAe;MAChD,IAAI,CAACC,aAAa,GAAGnB,OAAO,CAACmB,aAAa;MAC1C,IAAI,CAACC,mBAAmB,GAAGpB,OAAO,CAACoB,mBAAmB;MACtD,IAAI,CAACC,SAAS,GAAGrB,OAAO,CAACqB,SAAS;MAClC,IAAI,CAACC,MAAM,GAAGtB,OAAO,CAACsB,MAAM;MAC5B,IAAI,CAACC,IAAI,GAAGvB,OAAO,CAACuB,IAAI,KAAK,IAAI,CAAC,CAAC;;MAEnC,IAAI,CAACC,YAAY,GAAGxB,OAAO,CAACwB,YAAY;MACxC,IAAI,CAACC,qBAAqB,GAAGzB,OAAO,CAACyB,qBAAqB;MAC1D,IAAI,CAACC,kBAAkB,GAAG1B,OAAO,CAAC0B,kBAAkB;MACpD,IAAI,CAACC,kBAAkB,GAAG;QAAEC,mBAAmB,EAAnBA,yBAAmB;QAAE,GAAG5B,OAAO,CAAC2B;MAAmB,CAAC;MAEhF,IAAI,CAACE,YAAY,GAAG7B,OAAO,CAAC6B,YAAY;MACxC,IAAI,CAACC,WAAW,GAAG9B,OAAO,CAAC8B,WAAW;;MAEtC;MACA;MACA;MACA,IAAI,CAACC,cAAc,GAAG,CAAC,CAAC/B,OAAO,CAAC+B,cAAc;;MAE9C;MACA;MACA;MACA;MACA;MACA;MACA;MACA,IAAI,CAAC/B,OAAO,CAACgC,YAAY,IAAIhC,OAAO,CAACgC,YAAY,KAAK,CAAC,EAAE;QACvD,IAAI,CAACA,YAAY,GAAGC,iCAAsB;MAC5C,CAAC,MAAM;QACL,IAAI,CAACD,YAAY,GAAGhC,OAAO,CAACgC,YAAY;MAC1C;IAEF;EACF,CAAC;AACH"}
package/cjs/oidc/renewToken.js CHANGED
@@ -57,14 +57,18 @@ async function renewToken(sdk, token) {
57
57
  scopes,
58
58
  authorizeUrl,
59
59
  userinfoUrl,
60
- issuer
60
+ issuer,
61
+ dpopPairId,
62
+ extraParams
61
63
  } = token;
62
64
  return (0, _getWithoutPrompt.getWithoutPrompt)(sdk, {
63
65
  responseType,
64
66
  scopes,
65
67
  authorizeUrl,
66
68
  userinfoUrl,
67
- issuer
69
+ issuer,
70
+ dpopPairId,
71
+ extraParams
68
72
  }).then(function (res) {
69
73
  return getSingleToken(token, res.tokens);
70
74
  });
package/cjs/oidc/renewToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n"],"mappings":";;;AAYA;AACA;AACA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA,SAASA,sBAAsB,GAAG;EAChC,MAAM,IAAIC,oBAAY,CACpB,oFAAoF,CACrF;AACH;;AAEA;AACA,SAASC,cAAc,CAACC,aAAoB,EAAEC,MAAc,EAAE;EAC5D,IAAI,IAAAC,gBAAS,EAACF,aAAa,CAAC,EAAE;IAC5B,OAAOC,MAAM,CAACE,OAAO;EACvB;EACA,IAAI,IAAAC,oBAAa,EAACJ,aAAa,CAAC,EAAE;IAChC,OAAOC,MAAM,CAACI,WAAW;EAC3B;EACAR,sBAAsB,EAAE;AAC1B;;AAEA;AACO,eAAeS,UAAU,CAACC,GAA2B,EAAEC,KAAY,EAA8B;EACtG,IAAI,CAAC,IAAAN,gBAAS,EAACM,KAAK,CAAC,IAAI,CAAC,IAAAJ,oBAAa,EAACI,KAAK,CAAC,EAAE;IAC9CX,sBAAsB,EAAE;EAC1B;EAEA,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAY,CAACC,aAAa,EAAE;EAC7C,IAAIT,MAAM,CAACU,YAAY,EAAE;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAsB,EAACL,GAAG,EAAE;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAChB,CAAC,EAAEZ,MAAM,CAACU,YAAY,CAAC;IACvB,OAAOZ,cAAc,CAACS,KAAK,EAAEP,MAAM,CAAC;EACtC;EAEA,IAAIa,YAAY;EAChB,IAAIP,GAAG,CAACQ,OAAO,CAACC,IAAI,EAAE;IACpBF,YAAY,GAAG,MAAM;EACvB,CAAC,MAAM,IAAI,IAAAV,oBAAa,EAACI,KAAK,CAAC,EAAE;IAC/BM,YAAY,GAAG,OAAO;EACxB,CAAC,MAAM;IACLA,YAAY,GAAG,UAAU;EAC3B;EAEA,MAAM;IAAED,MAAM;IAAEI,YAAY;IAAEC,WAAW;IAAEC;EAAO,CAAC,GAAGX,KAAgC;EACtF,OAAO,IAAAY,kCAAgB,EAACb,GAAG,EAAE;IAC3BO,YAAY;IACZD,MAAM;IACNI,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,CAAC,CACCE,IAAI,CAAC,UAAUC,GAAG,EAAE;IACnB,OAAOvB,cAAc,CAACS,KAAK,EAAEc,GAAG,CAACrB,MAAM,CAAC;EAC1C,CAAC,CAAC;AACN"}
1
+ {"version":3,"file":"renewToken.js","names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","isIDToken","idToken","isAccessToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","dpopPairId","extraParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewToken.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer, dpopPairId, extraParams } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer,\n dpopPairId,\n extraParams\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n"],"mappings":";;;AAYA;AACA;AACA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA,SAASA,sBAAsB,GAAG;EAChC,MAAM,IAAIC,oBAAY,CACpB,oFAAoF,CACrF;AACH;;AAEA;AACA,SAASC,cAAc,CAACC,aAAoB,EAAEC,MAAc,EAAE;EAC5D,IAAI,IAAAC,gBAAS,EAACF,aAAa,CAAC,EAAE;IAC5B,OAAOC,MAAM,CAACE,OAAO;EACvB;EACA,IAAI,IAAAC,oBAAa,EAACJ,aAAa,CAAC,EAAE;IAChC,OAAOC,MAAM,CAACI,WAAW;EAC3B;EACAR,sBAAsB,EAAE;AAC1B;;AAEA;AACO,eAAeS,UAAU,CAACC,GAA2B,EAAEC,KAAY,EAA8B;EACtG,IAAI,CAAC,IAAAN,gBAAS,EAACM,KAAK,CAAC,IAAI,CAAC,IAAAJ,oBAAa,EAACI,KAAK,CAAC,EAAE;IAC9CX,sBAAsB,EAAE;EAC1B;EAEA,IAAII,MAAM,GAAGM,GAAG,CAACE,YAAY,CAACC,aAAa,EAAE;EAC7C,IAAIT,MAAM,CAACU,YAAY,EAAE;IACvBV,MAAM,GAAG,MAAM,IAAAW,8CAAsB,EAACL,GAAG,EAAE;MACzCM,MAAM,EAAEL,KAAK,CAACK;IAChB,CAAC,EAAEZ,MAAM,CAACU,YAAY,CAAC;IACvB,OAAOZ,cAAc,CAACS,KAAK,EAAEP,MAAM,CAAC;EACtC;EAEA,IAAIa,YAAY;EAChB,IAAIP,GAAG,CAACQ,OAAO,CAACC,IAAI,EAAE;IACpBF,YAAY,GAAG,MAAM;EACvB,CAAC,MAAM,IAAI,IAAAV,oBAAa,EAACI,KAAK,CAAC,EAAE;IAC/BM,YAAY,GAAG,OAAO;EACxB,CAAC,MAAM;IACLA,YAAY,GAAG,UAAU;EAC3B;EAEA,MAAM;IAAED,MAAM;IAAEI,YAAY;IAAEC,WAAW;IAAEC,MAAM;IAAEC,UAAU;IAAEC;EAAY,CAAC,GAAGb,KAAgC;EAC/G,OAAO,IAAAc,kCAAgB,EAACf,GAAG,EAAE;IAC3BO,YAAY;IACZD,MAAM;IACNI,YAAY;IACZC,WAAW;IACXC,MAAM;IACNC,UAAU;IACVC;EACF,CAAC,CAAC,CACCE,IAAI,CAAC,UAAUC,GAAG,EAAE;IACnB,OAAOzB,cAAc,CAACS,KAAK,EAAEgB,GAAG,CAACvB,MAAM,CAAC;EAC1C,CAAC,CAAC;AACN"}
package/cjs/oidc/renewTokens.js CHANGED
@@ -40,13 +40,17 @@ async function renewTokens(sdk, options) {
40
40
  }
41
41
  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
42
42
  const issuer = idToken.issuer || sdk.options.issuer;
43
+ const dpopPairId = accessToken?.dpopPairId;
44
+ const extraParams = accessToken?.extraParams || idToken?.extraParams;
43
45
 
44
46
  // Get tokens using the SSO cookie
45
47
  options = Object.assign({
46
48
  scopes,
47
49
  authorizeUrl,
48
50
  userinfoUrl,
49
- issuer
51
+ issuer,
52
+ dpopPairId,
53
+ extraParams
50
54
  }, options);
51
55
  if (sdk.options.pkce) {
52
56
  options.responseType = 'code';
package/cjs/oidc/renewTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EACnF,MAAMC,MAAM,GAAGD,OAAO,EAAEC,MAAM,IAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;;EAEnD;EACAZ,OAAO,GAAGa,MAAM,CAACC,MAAM,CAAC;IACtBL,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC;EACF,CAAC,EAAEZ,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACe,IAAI,EAAE;IACpBf,OAAO,CAACgB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAAClB,GAAG,CAAC;IACnDC,OAAO,CAACgB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACnB,GAAG,EAAEC,OAAO,CAAC,CAClCmB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACnB,MAAM,CAAC;AAE5B"}
1
+ {"version":3,"file":"renewTokens.js","names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","renewTokensWithRefresh","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","dpopPairId","extraParams","Object","assign","pkce","responseType","getDefaultTokenParams","getWithoutPrompt","then","res"],"sources":["../../../lib/oidc/renewTokens.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n const dpopPairId = accessToken?.dpopPairId;\n const extraParams = accessToken?.extraParams || idToken?.extraParams;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer,\n dpopPairId,\n extraParams\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"mappings":";;;AAYA;AAEA;AACA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACO,eAAeA,WAAW,CAACC,GAAG,EAAEC,OAA2B,EAAmB;EACnF,MAAMC,MAAM,GAAGD,OAAO,EAAEC,MAAM,IAAIF,GAAG,CAACG,YAAY,CAACC,aAAa,EAAE;EAClE,IAAIF,MAAM,CAACG,YAAY,EAAE;IACvB,OAAO,IAAAC,8CAAsB,EAACN,GAAG,EAAEC,OAAO,IAAI,CAAC,CAAC,EAAEC,MAAM,CAACG,YAAY,CAAC;EACxE;EAEA,IAAI,CAACH,MAAM,CAACK,WAAW,IAAI,CAACL,MAAM,CAACM,OAAO,EAAE;IAC1C,MAAM,IAAIC,oBAAY,CAAC,yDAAyD,CAAC;EACnF;EAEA,MAAMF,WAAW,GAAGL,MAAM,CAACK,WAAW,IAAI,CAAC,CAAC;EAC5C,MAAMC,OAAO,GAAGN,MAAM,CAACM,OAAO,IAAI,CAAC,CAAC;EACpC,MAAME,MAAM,GAAGH,WAAW,CAACG,MAAM,IAAIF,OAAO,CAACE,MAAM;EACnD,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAID,oBAAY,CAAC,oDAAoD,CAAC;EAC9E;EACA,MAAME,YAAY,GAAGJ,WAAW,CAACI,YAAY,IAAIH,OAAO,CAACG,YAAY;EACrE,IAAI,CAACA,YAAY,EAAE;IACjB,MAAM,IAAIF,oBAAY,CAAC,0DAA0D,CAAC;EACpF;EACA,MAAMG,WAAW,GAAGL,WAAW,CAACK,WAAW,IAAIZ,GAAG,CAACC,OAAO,CAACW,WAAW;EACtE,MAAMC,MAAM,GAAGL,OAAO,CAACK,MAAM,IAAIb,GAAG,CAACC,OAAO,CAACY,MAAM;EACnD,MAAMC,UAAU,GAAGP,WAAW,EAAEO,UAAU;EAC1C,MAAMC,WAAW,GAAGR,WAAW,EAAEQ,WAAW,IAAIP,OAAO,EAAEO,WAAW;;EAEpE;EACAd,OAAO,GAAGe,MAAM,CAACC,MAAM,CAAC;IACtBP,MAAM;IACNC,YAAY;IACZC,WAAW;IACXC,MAAM;IACNC,UAAU;IACVC;EACF,CAAC,EAAEd,OAAO,CAAC;EAEX,IAAID,GAAG,CAACC,OAAO,CAACiB,IAAI,EAAE;IACpBjB,OAAO,CAACkB,YAAY,GAAG,MAAM;EAC/B,CAAC,MAAM;IACL,MAAM;MAAEA;IAAa,CAAC,GAAG,IAAAC,2BAAqB,EAACpB,GAAG,CAAC;IACnDC,OAAO,CAACkB,YAAY,GAAGA,YAAY;EACrC;EAEA,OAAO,IAAAE,kCAAgB,EAACrB,GAAG,EAAEC,OAAO,CAAC,CAClCqB,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACrB,MAAM,CAAC;AAE5B"}
package/cjs/oidc/renewTokensWithRefresh.js CHANGED
@@ -6,6 +6,7 @@ var _oauth = require("./util/oauth");
6
6
  var _refreshToken = require("./util/refreshToken");
7
7
  var _handleOAuthResponse = require("./handleOAuthResponse");
8
8
  var _token = require("./endpoints/token");
9
+ var _dpop = require("./dpop");
9
10
  var _errors2 = require("./util/errors");
10
11
  /*!
11
12
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -20,9 +21,11 @@ var _errors2 = require("./util/errors");
20
21
  *
21
22
  */
22
23
 
24
+ /* eslint complexity:[0,8] */
23
25
  async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
24
26
  const {
25
- clientId
27
+ clientId,
28
+ dpop
26
29
  } = sdk.options;
27
30
  if (!clientId) {
28
31
  throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
@@ -31,7 +34,19 @@ async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
31
34
  const renewTokenParams = Object.assign({}, tokenParams, {
32
35
  clientId
33
36
  });
34
- const tokenResponse = await (0, _token.postRefreshToken)(sdk, renewTokenParams, refreshTokenObject);
37
+ if (refreshTokenObject.extraParams) {
38
+ renewTokenParams.extraParams = refreshTokenObject.extraParams;
39
+ }
40
+ const endpointParams = {
41
+ ...renewTokenParams
42
+ };
43
+ if (dpop) {
44
+ const keyPair = await (0, _dpop.findKeyPair)(refreshTokenObject?.dpopPairId); // will throw if KP cannot be found
45
+ endpointParams.dpopKeyPair = keyPair;
46
+ renewTokenParams.dpop = dpop;
47
+ renewTokenParams.dpopPairId = refreshTokenObject.dpopPairId;
48
+ }
49
+ const tokenResponse = await (0, _token.postRefreshToken)(sdk, endpointParams, refreshTokenObject);
35
50
  const urls = (0, _oauth.getOAuthUrls)(sdk, tokenParams);
36
51
  const {
37
52
  tokens
package/cjs/oidc/renewTokensWithRefresh.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","Object","assign","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n try {\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n clientId,\n });\n const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n }\n catch (err) {\n if (isRefreshTokenInvalidError(err)) {\n // if the refresh token is invalid, remove it from storage\n sdk.tokenManager.removeRefreshToken();\n }\n throw err;\n }\n}\n"],"mappings":";;;AAYA;AACA;AACA;AAEA;AACA;AACA;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASO,eAAeA,sBAAsB,CAC1CC,GAA2B,EAC3BC,WAAwB,EACxBC,kBAAgC,EACf;EACjB,MAAM;IAAEC;EAAS,CAAC,GAAGH,GAAG,CAACI,OAAO;EAChC,IAAI,CAACD,QAAQ,EAAE;IACb,MAAM,IAAIE,oBAAY,CAAC,0EAA0E,CAAC;EACpG;EAEA,IAAI;IACF,MAAMC,gBAA6B,GAAGC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEP,WAAW,EAAE;MACnEE;IACF,CAAC,CAAC;IACF,MAAMM,aAAa,GAAG,MAAM,IAAAC,uBAAgB,EAACV,GAAG,EAAEM,gBAAgB,EAAEJ,kBAAkB,CAAC;IACvF,MAAMS,IAAI,GAAG,IAAAC,mBAAY,EAACZ,GAAG,EAAEC,WAAW,CAAC;IAC3C,MAAM;MAAEY;IAAO,CAAC,GAAG,MAAM,IAAAC,wCAAmB,EAACd,GAAG,EAAEM,gBAAgB,EAAEG,aAAa,EAAEE,IAAI,CAAC;;IAExF;IACA,MAAM;MAAEI;IAAa,CAAC,GAAGF,MAAM;IAC/B,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAkB,EAACD,YAAY,EAAEb,kBAAkB,CAAC,EAAE;MACzEF,GAAG,CAACiB,YAAY,CAACC,kBAAkB,CAACH,YAAY,CAAC;IACnD;IAEA,OAAOF,MAAM;EACf,CAAC,CACD,OAAOM,GAAG,EAAE;IACV,IAAI,IAAAC,mCAA0B,EAACD,GAAG,CAAC,EAAE;MACnC;MACAnB,GAAG,CAACiB,YAAY,CAACI,kBAAkB,EAAE;IACvC;IACA,MAAMF,GAAG;EACX;AACF"}
1
+ {"version":3,"file":"renewTokensWithRefresh.js","names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","dpop","options","AuthSdkError","renewTokenParams","Object","assign","extraParams","endpointParams","keyPair","findKeyPair","dpopPairId","dpopKeyPair","tokenResponse","postRefreshToken","urls","getOAuthUrls","tokens","handleOAuthResponse","refreshToken","isSameRefreshToken","tokenManager","updateRefreshToken","err","isRefreshTokenInvalidError","removeRefreshToken"],"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { TokenEndpointParams, postRefreshToken } from './endpoints/token';\nimport { findKeyPair } from './dpop';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\n/* eslint complexity:[0,8] */\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId, dpop } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n try {\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, { clientId });\n\n if (refreshTokenObject.extraParams) {\n renewTokenParams.extraParams = refreshTokenObject.extraParams;\n }\n\n const endpointParams: TokenEndpointParams = {...renewTokenParams};\n\n if (dpop) {\n const keyPair = await findKeyPair(refreshTokenObject?.dpopPairId); // will throw if KP cannot be found\n endpointParams.dpopKeyPair = keyPair;\n renewTokenParams.dpop = dpop;\n renewTokenParams.dpopPairId = refreshTokenObject.dpopPairId;\n }\n\n const tokenResponse = await postRefreshToken(sdk, endpointParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n }\n catch (err) {\n if (isRefreshTokenInvalidError(err)) {\n // if the refresh token is invalid, remove it from storage\n sdk.tokenManager.removeRefreshToken();\n }\n throw err;\n }\n}\n"],"mappings":";;;AAYA;AACA;AACA;AAEA;AACA;AACA;AACA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAUA;AACO,eAAeA,sBAAsB,CAC1CC,GAA2B,EAC3BC,WAAwB,EACxBC,kBAAgC,EACf;EACjB,MAAM;IAAEC,QAAQ;IAAEC;EAAK,CAAC,GAAGJ,GAAG,CAACK,OAAO;EACtC,IAAI,CAACF,QAAQ,EAAE;IACb,MAAM,IAAIG,oBAAY,CAAC,0EAA0E,CAAC;EACpG;EAEA,IAAI;IACF,MAAMC,gBAA6B,GAAGC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAER,WAAW,EAAE;MAAEE;IAAS,CAAC,CAAC;IAElF,IAAID,kBAAkB,CAACQ,WAAW,EAAE;MAClCH,gBAAgB,CAACG,WAAW,GAAGR,kBAAkB,CAACQ,WAAW;IAC/D;IAEA,MAAMC,cAAmC,GAAG;MAAC,GAAGJ;IAAgB,CAAC;IAEjE,IAAIH,IAAI,EAAE;MACR,MAAMQ,OAAO,GAAG,MAAM,IAAAC,iBAAW,EAACX,kBAAkB,EAAEY,UAAU,CAAC,CAAC,CAAI;MACtEH,cAAc,CAACI,WAAW,GAAGH,OAAO;MACpCL,gBAAgB,CAACH,IAAI,GAAGA,IAAI;MAC5BG,gBAAgB,CAACO,UAAU,GAAGZ,kBAAkB,CAACY,UAAU;IAC7D;IAEA,MAAME,aAAa,GAAG,MAAM,IAAAC,uBAAgB,EAACjB,GAAG,EAAEW,cAAc,EAAET,kBAAkB,CAAC;IACrF,MAAMgB,IAAI,GAAG,IAAAC,mBAAY,EAACnB,GAAG,EAAEC,WAAW,CAAC;IAC3C,MAAM;MAAEmB;IAAO,CAAC,GAAG,MAAM,IAAAC,wCAAmB,EAACrB,GAAG,EAAEO,gBAAgB,EAAES,aAAa,EAAEE,IAAI,CAAC;;IAExF;IACA,MAAM;MAAEI;IAAa,CAAC,GAAGF,MAAM;IAC/B,IAAIE,YAAY,IAAI,CAAC,IAAAC,gCAAkB,EAACD,YAAY,EAAEpB,kBAAkB,CAAC,EAAE;MACzEF,GAAG,CAACwB,YAAY,CAACC,kBAAkB,CAACH,YAAY,CAAC;IACnD;IAEA,OAAOF,MAAM;EACf,CAAC,CACD,OAAOM,GAAG,EAAE;IACV,IAAI,IAAAC,mCAA0B,EAACD,GAAG,CAAC,EAAE;MACnC;MACA1B,GAAG,CAACwB,YAAY,CAACI,kBAAkB,EAAE;IACvC;IACA,MAAMF,GAAG;EACX;AACF"}
package/cjs/oidc/types/Token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Token.js","names":["TokenKind","isToken","obj","accessToken","idToken","refreshToken","Array","isArray","scopes","isAccessToken","isIDToken","isRefreshToken"],"sources":["../../../../lib/oidc/types/Token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n expiresAt: number;\n authorizeUrl: string;\n scopes: string[];\n pendingRemove?: boolean;\n}\n\nexport interface AccessToken extends AbstractToken {\n accessToken: string;\n claims: UserClaims;\n tokenType: string;\n userinfoUrl: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n refreshToken: string;\n tokenUrl: string;\n issuer: string;\n}\n\nexport interface IDToken extends AbstractToken {\n idToken: string;\n claims: UserClaims;\n issuer: string;\n clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\nexport enum TokenKind {\n ACCESS = 'accessToken',\n ID = 'idToken',\n REFRESH = 'refreshToken',\n}\n\nexport function isToken(obj: any): obj is Token {\n if (obj &&\n (obj.accessToken || obj.idToken || obj.refreshToken) &&\n Array.isArray(obj.scopes)) {\n return true;\n }\n return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n accessToken?: AccessToken;\n idToken?: IDToken;\n refreshToken?: RefreshToken;\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IA6CYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAMd,SAASC,OAAO,CAACC,GAAQ,EAAgB;EAC9C,IAAIA,GAAG,KACFA,GAAG,CAACC,WAAW,IAAID,GAAG,CAACE,OAAO,IAAIF,GAAG,CAACG,YAAY,CAAC,IACpDC,KAAK,CAACC,OAAO,CAACL,GAAG,CAACM,MAAM,CAAC,EAAE;IAC7B,OAAO,IAAI;EACb;EACA,OAAO,KAAK;AACd;AAEO,SAASC,aAAa,CAACP,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAIA,GAAG,CAACC,WAAW;AAC/B;AAEO,SAASO,SAAS,CAACR,GAAQ,EAAkB;EAClD,OAAOA,GAAG,IAAIA,GAAG,CAACE,OAAO;AAC3B;AAEO,SAASO,cAAc,CAACT,GAAQ,EAAuB;EAC5D,OAAOA,GAAG,IAAIA,GAAG,CAACG,YAAY;AAChC"}
1
+ {"version":3,"file":"Token.js","names":["TokenKind","isToken","obj","accessToken","idToken","refreshToken","Array","isArray","scopes","isAccessToken","isIDToken","isRefreshToken"],"sources":["../../../../lib/oidc/types/Token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n expiresAt: number;\n authorizeUrl: string;\n scopes: string[];\n pendingRemove?: boolean;\n extraParams?: Record<string, string>;\n}\n\nexport interface AccessToken extends AbstractToken {\n accessToken: string;\n claims: UserClaims;\n tokenType: string;\n userinfoUrl: string;\n dpopPairId?: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n refreshToken: string;\n tokenUrl: string;\n issuer: string;\n dpopPairId?: string;\n}\n\nexport interface IDToken extends AbstractToken {\n idToken: string;\n claims: UserClaims;\n issuer: string;\n clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\nexport enum TokenKind {\n ACCESS = 'accessToken',\n ID = 'idToken',\n REFRESH = 'refreshToken',\n}\n\nexport function isToken(obj: any): obj is Token {\n if (obj &&\n (obj.accessToken || obj.idToken || obj.refreshToken) &&\n Array.isArray(obj.scopes)) {\n return true;\n }\n return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n accessToken?: AccessToken;\n idToken?: IDToken;\n refreshToken?: RefreshToken;\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IAgDYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAMd,SAASC,OAAO,CAACC,GAAQ,EAAgB;EAC9C,IAAIA,GAAG,KACFA,GAAG,CAACC,WAAW,IAAID,GAAG,CAACE,OAAO,IAAIF,GAAG,CAACG,YAAY,CAAC,IACpDC,KAAK,CAACC,OAAO,CAACL,GAAG,CAACM,MAAM,CAAC,EAAE;IAC7B,OAAO,IAAI;EACb;EACA,OAAO,KAAK;AACd;AAEO,SAASC,aAAa,CAACP,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAIA,GAAG,CAACC,WAAW;AAC/B;AAEO,SAASO,SAAS,CAACR,GAAQ,EAAkB;EAClD,OAAOA,GAAG,IAAIA,GAAG,CAACE,OAAO;AAC3B;AAEO,SAASO,cAAc,CAACT,GAAQ,EAAuB;EAC5D,OAAOA,GAAG,IAAIA,GAAG,CAACG,YAAY;AAChC"}
package/cjs/oidc/types/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface MinimalOktaOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>\n{\n token: BaseTokenAPI;\n transactionManager: TM;\n\n isPKCE(): boolean;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n getOrRenewAccessToken(): Promise<string | null>;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n}\n"],"mappings":""}
1
+ {"version":3,"file":"api.js","names":[],"sources":["../../../../lib/oidc/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { JWTObject } from './JWT';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { CustomUrls, OktaAuthOAuthOptions, SigninWithRedirectOptions, TokenParams, RenewTokensParams } from './options';\nimport { OAuthResponseType } from './proto';\nimport { OAuthStorageManagerInterface } from './storage';\nimport { AccessToken, IDToken, RefreshToken, RevocableToken, Token, Tokens, TokenKind } from './Token';\nimport { TokenManagerInterface } from './TokenManager';\nimport { CustomUserClaims, UserClaims } from './UserClaims';\nimport { TransactionManagerInterface } from './TransactionManager';\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { Endpoints } from './endpoints';\n\nexport interface PopupParams {\n popupTitle?: string;\n popupWindow?: Window;\n}\n\nexport interface TokenResponse {\n tokens: Tokens;\n state: string;\n code?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n}\n\nexport interface ParseFromUrlOptions {\n url?: string;\n responseMode?: string;\n}\n\nexport type ParseFromUrlFunction = (options?: string | ParseFromUrlOptions) => Promise<TokenResponse>;\n\nexport interface ParseFromUrlInterface extends ParseFromUrlFunction {\n _getDocument: () => Document;\n _getLocation: () => Location;\n _getHistory: () => History;\n}\n\nexport type GetWithRedirectFunction = (params?: TokenParams) => Promise<void>;\n\nexport type SetLocationFunction = (loc: string) => void;\n\nexport interface BaseTokenAPI {\n decode(token: string): JWTObject;\n prepareTokenParams(params?: TokenParams): Promise<TokenParams>;\n exchangeCodeForTokens(params: TokenParams, urls?: CustomUrls): Promise<TokenResponse>;\n}\n\nexport interface TokenAPI extends BaseTokenAPI {\n getUserInfo<S extends CustomUserClaims = CustomUserClaims>(\n accessToken?: AccessToken,\n idToken?: IDToken\n ): Promise<UserClaims<S>>;\n getWithRedirect: GetWithRedirectFunction;\n parseFromUrl: ParseFromUrlInterface;\n getWithoutPrompt(params?: TokenParams): Promise<TokenResponse>;\n getWithPopup(params?: TokenParams): Promise<TokenResponse>;\n revoke(token: RevocableToken): Promise<object>;\n renew(token: Token): Promise<Token | undefined>;\n renewTokens(options?: RenewTokensParams): Promise<Tokens>;\n renewTokensWithRefresh(tokenParams: TokenParams, refreshTokenObject: RefreshToken): Promise<Tokens>;\n verify(token: IDToken, params?: object): Promise<IDToken>;\n isLoginRedirect(): boolean;\n introspect(kind: TokenKind, token?: Token): any; // TODO: make real return type\n}\n\nexport interface TokenVerifyParams {\n clientId: string;\n issuer: string;\n ignoreSignature?: boolean;\n nonce?: string;\n accessToken?: string; // raw access token string\n acrValues?: string;\n}\n\nexport interface IDTokenAPI {\n authorize: {\n _getLocationHref: () => string;\n };\n}\n\nexport interface PkceAPI {\n DEFAULT_CODE_CHALLENGE_METHOD: string;\n generateVerifier(prefix: string): string;\n computeChallenge(str: string): PromiseLike<any>;\n}\n\nexport interface IsAuthenticatedOptions {\n onExpiredToken?: 'renew' | 'remove' | 'none';\n}\n\nexport interface SignoutRedirectUrlOptions {\n postLogoutRedirectUri?: string | null;\n idToken?: IDToken;\n state?: string;\n}\n\nexport interface SignoutOptions extends SignoutRedirectUrlOptions {\n revokeAccessToken?: boolean;\n revokeRefreshToken?: boolean;\n accessToken?: AccessToken;\n refreshToken?: RefreshToken;\n clearTokensBeforeRedirect?: boolean;\n}\n\nexport interface OriginalUriApi {\n getOriginalUri(state?: string): string | undefined;\n setOriginalUri(originalUri: string, state?: string): void;\n removeOriginalUri(state?: string): void;\n}\n\nexport interface DPoPRequest {\n url: string;\n method: string;\n nonce?: string;\n accessToken?: AccessToken;\n}\n\nexport interface DPoPHeaders {\n Authorization: string;\n Dpop: string;\n}\n\nexport interface MinimalOktaOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>\n{\n token: BaseTokenAPI;\n transactionManager: TM;\n\n isPKCE(): boolean;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n}\n\nexport interface OktaAuthOAuthInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n> \n extends OktaAuthSessionInterface<S, O>,\n OriginalUriApi\n{\n token: TokenAPI;\n tokenManager: TokenManagerInterface;\n pkce: PkceAPI;\n transactionManager: TM;\n endpoints: Endpoints;\n \n isPKCE(): boolean;\n getIdToken(): string | undefined;\n getAccessToken(): string | undefined;\n getRefreshToken(): string | undefined;\n getOrRenewAccessToken(): Promise<string | null>;\n\n isAuthenticated(options?: IsAuthenticatedOptions): Promise<boolean>;\n signOut(opts?: SignoutOptions): Promise<boolean>;\n isLoginRedirect(): boolean;\n isAuthorizationCodeFlow(): boolean;\n storeTokensFromRedirect(): Promise<void>;\n getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>>;\n signInWithRedirect(opts?: SigninWithRedirectOptions): Promise<void>;\n \n revokeAccessToken(accessToken?: AccessToken): Promise<unknown>;\n revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown>;\n\n getDPoPAuthorizationHeaders(params: DPoPRequest): Promise<DPoPHeaders>;\n clearDPoPStorage(clearAll: boolean): Promise<void>;\n parseUseDPoPNonceError(headers: HeadersInit): string | null;\n}\n"],"mappings":""}
package/cjs/oidc/types/meta.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"meta.js","names":[],"sources":["../../../../lib/oidc/types/meta.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { CustomUrls, TokenParams } from './options';\n\n// formerly known as \"Redirect OAuth Params\"\nexport interface OAuthTransactionMeta extends\n Pick<TokenParams,\n 'issuer' |\n 'clientId' |\n 'redirectUri' |\n 'responseType' |\n 'responseMode' |\n 'scopes' |\n 'state' |\n 'pkce' |\n 'ignoreSignature' |\n 'nonce' |\n 'acrValues' |\n 'enrollAmrValues'\n >\n{\n urls: CustomUrls;\n originalUri?: string;\n}\n\nexport interface PKCETransactionMeta extends\n OAuthTransactionMeta,\n Pick<TokenParams,\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'codeVerifier'\n >\n{}\n\nexport interface TransactionMetaOptions extends\n Pick<PKCETransactionMeta,\n 'state' |\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'codeVerifier'\n >\n{\n muteWarning?: boolean;\n}\n"],"mappings":""}
1
+ {"version":3,"file":"meta.js","names":[],"sources":["../../../../lib/oidc/types/meta.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { CustomUrls, TokenParams } from './options';\n\n// formerly known as \"Redirect OAuth Params\"\nexport interface OAuthTransactionMeta extends\n Pick<TokenParams,\n 'issuer' |\n 'clientId' |\n 'redirectUri' |\n 'responseType' |\n 'responseMode' |\n 'scopes' |\n 'state' |\n 'pkce' |\n 'ignoreSignature' |\n 'nonce' |\n 'acrValues' |\n 'enrollAmrValues' |\n 'extraParams'\n >\n{\n urls: CustomUrls;\n originalUri?: string;\n}\n\nexport interface PKCETransactionMeta extends\n OAuthTransactionMeta,\n Pick<TokenParams,\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'codeVerifier'\n >\n{}\n\nexport interface TransactionMetaOptions extends\n Pick<PKCETransactionMeta,\n 'state' |\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'codeVerifier'\n >\n{\n muteWarning?: boolean;\n}\n"],"mappings":""}
package/cjs/oidc/types/options.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"options.js","names":[],"sources":["../../../../lib/oidc/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { OktaAuthHttpOptions } from '../../http/types';\nimport { SimpleStorage } from '../../storage/types';\nimport { OktaAuthOAuthInterface, SetLocationFunction } from './api';\nimport { OAuthResponseMode, OAuthResponseType } from './proto';\nimport { Tokens } from './Token';\nimport { TransactionManagerOptions } from './Transaction';\n\nexport interface CustomUrls {\n issuer?: string;\n authorizeUrl?: string;\n userinfoUrl?: string;\n tokenUrl?: string;\n revokeUrl?: string;\n logoutUrl?: string;\n}\n\nexport interface TokenParams extends CustomUrls {\n pkce?: boolean;\n clientId?: string;\n redirectUri?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n responseMode?: OAuthResponseMode;\n state?: string;\n nonce?: string;\n scopes?: string[];\n enrollAmrValues?: string | string[];\n display?: string;\n ignoreSignature?: boolean;\n codeVerifier?: string;\n authorizationCode?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n interactionCode?: string;\n idp?: string;\n idpScope?: string | string[];\n loginHint?: string;\n maxAge?: string | number;\n acrValues?: string;\n prompt?: string;\n sessionToken?: string;\n timeout?: number;\n extraParams?: { [propName: string]: string }; // custom authorize query params\n // TODO: remove in the next major version\n popupTitle?: string;\n}\n\nexport interface TokenManagerOptions {\n autoRenew?: boolean;\n autoRemove?: boolean;\n clearPendingRemoveTokens?: boolean;\n secure?: boolean;\n storage?: string | SimpleStorage;\n storageKey?: string;\n expireEarlySeconds?: number;\n syncStorage?: boolean;\n}\n\nexport interface EnrollAuthenticatorOptions extends TokenParams {\n enrollAmrValues: string | string[];\n acrValues: string;\n}\n\nexport interface SigninWithRedirectOptions extends TokenParams {\n originalUri?: string;\n}\n\nexport interface RenewTokensParams extends TokenParams {\n tokens?: Tokens\n}\n\nexport interface OktaAuthOAuthOptions extends\n OktaAuthHttpOptions,\n CustomUrls,\n Pick<TokenParams,\n 'issuer' |\n 'clientId' |\n 'redirectUri' |\n 'responseType' |\n 'responseMode' |\n 'scopes' |\n 'state' |\n 'pkce' |\n 'ignoreSignature' |\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'maxAge' |\n 'acrValues'\n >\n{\n ignoreLifetime?: boolean;\n tokenManager?: TokenManagerOptions;\n postLogoutRedirectUri?: string;\n maxClockSkew?: number;\n restoreOriginalUri?: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n\n transactionManager?: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret?: string;\n setLocation?: SetLocationFunction;\n}\n\nexport type OktaAuthOauthOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthOAuthOptions>;\n"],"mappings":""}
1
+ {"version":3,"file":"options.js","names":[],"sources":["../../../../lib/oidc/types/options.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { OktaAuthHttpOptions } from '../../http/types';\nimport { SimpleStorage } from '../../storage/types';\nimport { OktaAuthOAuthInterface, SetLocationFunction } from './api';\nimport { OAuthResponseMode, OAuthResponseType } from './proto';\nimport { Tokens } from './Token';\nimport { TransactionManagerOptions } from './Transaction';\n\nexport interface CustomUrls {\n issuer?: string;\n authorizeUrl?: string;\n userinfoUrl?: string;\n tokenUrl?: string;\n revokeUrl?: string;\n logoutUrl?: string;\n}\n\nexport interface TokenParams extends CustomUrls {\n pkce?: boolean;\n clientId?: string;\n redirectUri?: string;\n responseType?: OAuthResponseType | OAuthResponseType[] | 'none';\n responseMode?: OAuthResponseMode;\n state?: string;\n nonce?: string;\n scopes?: string[];\n enrollAmrValues?: string | string[];\n display?: string;\n ignoreSignature?: boolean;\n codeVerifier?: string;\n authorizationCode?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n interactionCode?: string;\n idp?: string;\n idpScope?: string | string[];\n loginHint?: string;\n maxAge?: string | number;\n acrValues?: string;\n prompt?: string;\n sessionToken?: string;\n timeout?: number;\n extraParams?: { [propName: string]: string }; // custom authorize query params\n // TODO: remove in the next major version\n popupTitle?: string;\n dpop?: boolean;\n dpopPairId?: string;\n}\n\nexport interface TokenManagerOptions {\n autoRenew?: boolean;\n autoRemove?: boolean;\n clearPendingRemoveTokens?: boolean;\n secure?: boolean;\n storage?: string | SimpleStorage;\n storageKey?: string;\n expireEarlySeconds?: number;\n syncStorage?: boolean;\n}\n\nexport interface EnrollAuthenticatorOptions extends TokenParams {\n enrollAmrValues: string | string[];\n acrValues: string;\n}\n\nexport interface SigninWithRedirectOptions extends TokenParams {\n originalUri?: string;\n}\n\nexport interface RenewTokensParams extends TokenParams {\n tokens?: Tokens\n}\n\nexport interface OktaAuthOAuthOptions extends\n OktaAuthHttpOptions,\n CustomUrls,\n Pick<TokenParams,\n 'issuer' |\n 'clientId' |\n 'redirectUri' |\n 'responseType' |\n 'responseMode' |\n 'scopes' |\n 'state' |\n 'pkce' |\n 'ignoreSignature' |\n 'codeChallenge' |\n 'codeChallengeMethod' |\n 'maxAge' |\n 'acrValues'\n >\n{\n ignoreLifetime?: boolean;\n tokenManager?: TokenManagerOptions;\n postLogoutRedirectUri?: string;\n maxClockSkew?: number;\n restoreOriginalUri?: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n dpop?: boolean;\n\n transactionManager?: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret?: string;\n setLocation?: SetLocationFunction;\n}\n\nexport type OktaAuthOauthOptionsConstructor = OktaAuthOptionsConstructor<OktaAuthOAuthOptions>;\n"],"mappings":""}
package/cjs/oidc/util/defaultTokenParams.js CHANGED
@@ -29,7 +29,8 @@ function getDefaultTokenParams(sdk) {
29
29
  acrValues,
30
30
  maxAge,
31
31
  state,
32
- ignoreSignature
32
+ ignoreSignature,
33
+ dpop
33
34
  } = sdk.options;
34
35
  const defaultRedirectUri = (0, _features.isBrowser)() ? window.location.href : undefined;
35
36
  return (0, _util.removeNils)({
@@ -43,7 +44,8 @@ function getDefaultTokenParams(sdk) {
43
44
  scopes: scopes || ['openid', 'email'],
44
45
  acrValues,
45
46
  maxAge,
46
- ignoreSignature
47
+ ignoreSignature,
48
+ dpop
47
49
  });
48
50
  }
49
51
  //# sourceMappingURL=defaultTokenParams.js.map
package/cjs/oidc/util/defaultTokenParams.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","acrValues","maxAge","state","ignoreSignature","options","defaultRedirectUri","isBrowser","window","location","href","undefined","removeNils","generateState","nonce","generateNonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n acrValues,\n maxAge,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n acrValues,\n maxAge,\n ignoreSignature\n });\n}"],"mappings":";;;AAcA;AAEA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,qBAAqB,CAACC,GAA2B,EAAe;EAC9E,MAAM;IACJC,IAAI;IACJC,QAAQ;IACRC,WAAW;IACXC,YAAY;IACZC,YAAY;IACZC,MAAM;IACNC,SAAS;IACTC,MAAM;IACNC,KAAK;IACLC;EACF,CAAC,GAAGV,GAAG,CAACW,OAAO;EACf,MAAMC,kBAAkB,GAAG,IAAAC,mBAAS,GAAE,GAAGC,MAAM,CAACC,QAAQ,CAACC,IAAI,GAAGC,SAAS;EACzE,OAAO,IAAAC,gBAAU,EAAC;IAChBjB,IAAI;IACJC,QAAQ;IACRC,WAAW,EAAEA,WAAW,IAAIS,kBAAkB;IAC9CR,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC;IACnDC,YAAY;IACZI,KAAK,EAAEA,KAAK,IAAI,IAAAU,oBAAa,GAAE;IAC/BC,KAAK,EAAE,IAAAC,oBAAa,GAAE;IACtBf,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC;IACrCC,SAAS;IACTC,MAAM;IACNE;EACF,CAAC,CAAC;AACJ"}
1
+ {"version":3,"file":"defaultTokenParams.js","names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","acrValues","maxAge","state","ignoreSignature","dpop","options","defaultRedirectUri","isBrowser","window","location","href","undefined","removeNils","generateState","nonce","generateNonce"],"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n acrValues,\n maxAge,\n state,\n ignoreSignature,\n dpop\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n acrValues,\n maxAge,\n ignoreSignature,\n dpop,\n });\n}"],"mappings":";;;AAcA;AAEA;AACA;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMO,SAASA,qBAAqB,CAACC,GAA2B,EAAe;EAC9E,MAAM;IACJC,IAAI;IACJC,QAAQ;IACRC,WAAW;IACXC,YAAY;IACZC,YAAY;IACZC,MAAM;IACNC,SAAS;IACTC,MAAM;IACNC,KAAK;IACLC,eAAe;IACfC;EACF,CAAC,GAAGX,GAAG,CAACY,OAAO;EACf,MAAMC,kBAAkB,GAAG,IAAAC,mBAAS,GAAE,GAAGC,MAAM,CAACC,QAAQ,CAACC,IAAI,GAAGC,SAAS;EACzE,OAAO,IAAAC,gBAAU,EAAC;IAChBlB,IAAI;IACJC,QAAQ;IACRC,WAAW,EAAEA,WAAW,IAAIU,kBAAkB;IAC9CT,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC;IACnDC,YAAY;IACZI,KAAK,EAAEA,KAAK,IAAI,IAAAW,oBAAa,GAAE;IAC/BC,KAAK,EAAE,IAAAC,oBAAa,GAAE;IACtBhB,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC;IACrCC,SAAS;IACTC,MAAM;IACNE,eAAe;IACfC;EACF,CAAC,CAAC;AACJ"}
package/cjs/oidc/util/oauthMeta.js CHANGED
@@ -18,7 +18,8 @@ function createOAuthMeta(sdk, tokenParams) {
18
18
  state: tokenParams.state,
19
19
  nonce: tokenParams.nonce,
20
20
  ignoreSignature: tokenParams.ignoreSignature,
21
- acrValues: tokenParams.acrValues
21
+ acrValues: tokenParams.acrValues,
22
+ extraParams: tokenParams.extraParams
22
23
  };
23
24
  if (tokenParams.pkce === false) {
24
25
  // Implicit flow or authorization_code without PKCE