Version not found. Please check the version and try again.

@okta/okta-auth-js 7.7.0 → 7.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/CHANGELOG.md +21 -2
  2. package/cjs/authn/mixin.js.map +1 -1
  3. package/cjs/authn/types.js.map +1 -1
  4. package/cjs/base/types.js.map +1 -1
  5. package/cjs/browser/fingerprint.js +18 -12
  6. package/cjs/browser/fingerprint.js.map +1 -1
  7. package/cjs/http/OktaUserAgent.js +2 -2
  8. package/cjs/idx/mixin.js +2 -0
  9. package/cjs/idx/mixin.js.map +1 -1
  10. package/cjs/idx/mixinMinimal.js +2 -0
  11. package/cjs/idx/mixinMinimal.js.map +1 -1
  12. package/cjs/idx/types/api.js.map +1 -1
  13. package/cjs/oidc/endpoints/token.js +5 -1
  14. package/cjs/oidc/endpoints/token.js.map +1 -1
  15. package/cjs/oidc/exchangeCodeForTokens.js +4 -2
  16. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  17. package/cjs/oidc/handleOAuthResponse.js +9 -0
  18. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  19. package/cjs/oidc/renewToken.js +4 -2
  20. package/cjs/oidc/renewToken.js.map +1 -1
  21. package/cjs/oidc/renewTokens.js +3 -1
  22. package/cjs/oidc/renewTokens.js.map +1 -1
  23. package/cjs/oidc/renewTokensWithRefresh.js +4 -0
  24. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  25. package/cjs/oidc/types/Token.js.map +1 -1
  26. package/cjs/oidc/types/meta.js.map +1 -1
  27. package/cjs/oidc/util/oauthMeta.js +2 -1
  28. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  29. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  30. package/dist/okta-auth-js.authn.min.js +1 -1
  31. package/dist/okta-auth-js.authn.min.js.map +1 -1
  32. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  33. package/dist/okta-auth-js.core.min.js +1 -1
  34. package/dist/okta-auth-js.core.min.js.map +1 -1
  35. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  36. package/dist/okta-auth-js.idx.min.js +1 -1
  37. package/dist/okta-auth-js.idx.min.js.map +1 -1
  38. package/dist/okta-auth-js.min.analyzer.html +2 -2
  39. package/dist/okta-auth-js.min.js +1 -1
  40. package/dist/okta-auth-js.min.js.map +1 -1
  41. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  42. package/dist/okta-auth-js.myaccount.min.js +1 -1
  43. package/dist/okta-auth-js.myaccount.min.js.map +1 -1
  44. package/esm/browser/authn/mixin.js.map +1 -1
  45. package/esm/browser/browser/fingerprint.js +22 -11
  46. package/esm/browser/browser/fingerprint.js.map +1 -1
  47. package/esm/browser/http/OktaUserAgent.js +2 -2
  48. package/esm/browser/idx/mixin.js +2 -0
  49. package/esm/browser/idx/mixin.js.map +1 -1
  50. package/esm/browser/idx/mixinMinimal.js +2 -0
  51. package/esm/browser/idx/mixinMinimal.js.map +1 -1
  52. package/esm/browser/idx/types/api.js.map +1 -1
  53. package/esm/browser/oidc/endpoints/token.js +5 -1
  54. package/esm/browser/oidc/endpoints/token.js.map +1 -1
  55. package/esm/browser/oidc/exchangeCodeForTokens.js +2 -1
  56. package/esm/browser/oidc/exchangeCodeForTokens.js.map +1 -1
  57. package/esm/browser/oidc/handleOAuthResponse.js +9 -0
  58. package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
  59. package/esm/browser/oidc/renewToken.js +3 -2
  60. package/esm/browser/oidc/renewToken.js.map +1 -1
  61. package/esm/browser/oidc/renewTokens.js +3 -1
  62. package/esm/browser/oidc/renewTokens.js.map +1 -1
  63. package/esm/browser/oidc/renewTokensWithRefresh.js +3 -0
  64. package/esm/browser/oidc/renewTokensWithRefresh.js.map +1 -1
  65. package/esm/browser/oidc/types/Token.js.map +1 -1
  66. package/esm/browser/oidc/util/oauthMeta.js +1 -0
  67. package/esm/browser/oidc/util/oauthMeta.js.map +1 -1
  68. package/esm/browser/package.json +1 -1
  69. package/esm/node/authn/mixin.js.map +1 -1
  70. package/esm/node/browser/fingerprint.js +22 -11
  71. package/esm/node/browser/fingerprint.js.map +1 -1
  72. package/esm/node/http/OktaUserAgent.js +2 -2
  73. package/esm/node/idx/mixin.js +2 -0
  74. package/esm/node/idx/mixin.js.map +1 -1
  75. package/esm/node/idx/mixinMinimal.js +2 -0
  76. package/esm/node/idx/mixinMinimal.js.map +1 -1
  77. package/esm/node/idx/types/api.js.map +1 -1
  78. package/esm/node/oidc/endpoints/token.js +5 -1
  79. package/esm/node/oidc/endpoints/token.js.map +1 -1
  80. package/esm/node/oidc/exchangeCodeForTokens.js +2 -1
  81. package/esm/node/oidc/exchangeCodeForTokens.js.map +1 -1
  82. package/esm/node/oidc/handleOAuthResponse.js +9 -0
  83. package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
  84. package/esm/node/oidc/renewToken.js +3 -2
  85. package/esm/node/oidc/renewToken.js.map +1 -1
  86. package/esm/node/oidc/renewTokens.js +3 -1
  87. package/esm/node/oidc/renewTokens.js.map +1 -1
  88. package/esm/node/oidc/renewTokensWithRefresh.js +3 -0
  89. package/esm/node/oidc/renewTokensWithRefresh.js.map +1 -1
  90. package/esm/node/oidc/types/Token.js.map +1 -1
  91. package/esm/node/oidc/util/oauthMeta.js +1 -0
  92. package/esm/node/oidc/util/oauthMeta.js.map +1 -1
  93. package/esm/node/package.json +1 -1
  94. package/package.json +3 -3
  95. package/types/lib/authn/types.d.ts +1 -4
  96. package/types/lib/base/types.d.ts +5 -0
  97. package/types/lib/browser/fingerprint.d.ts +1 -1
  98. package/types/lib/idx/types/api.d.ts +3 -1
  99. package/types/lib/oidc/types/Token.d.ts +1 -0
  100. package/types/lib/oidc/types/meta.d.ts +1 -1
  101. package/umd/authn.js +1 -1
  102. package/umd/authn.js.map +1 -1
  103. package/umd/core.js +1 -1
  104. package/umd/core.js.map +1 -1
  105. package/umd/default.js +1 -1
  106. package/umd/default.js.map +1 -1
  107. package/umd/idx.js +1 -1
  108. package/umd/idx.js.map +1 -1
  109. package/umd/myaccount.js +1 -1
  110. package/umd/myaccount.js.map +1 -1
package/CHANGELOG.md CHANGED
@@ -1,13 +1,32 @@
1
1
  # Changelog
2
2
 
3
- ## 7.6.0
3
+ # 7.8.0
4
+
5
+ ### Features
6
+
7
+ - [#1530](https://github.com/okta/okta-auth-js/pull/1530) add: fingerprint API to IDX bundle
8
+
9
+ # 7.7.1
10
+
11
+ - [#1529](https://github.com/okta/okta-auth-js/pull/1529) fix: persist `extraParams` passed to `/authorize` and include them during token refresh
12
+
13
+ ## 7.7.0
4
14
 
5
15
  ### Features
6
16
 
7
17
  - [#1495](https://github.com/okta/okta-auth-js/pull/1495) add: DPoP support
18
+
19
+ ### Fixes
20
+
21
+ - [#1508](https://github.com/okta/okta-auth-js/pull/1508) IDX: add condition to compare stateHandles when loading saved idxResponse only when useGenericRemediator option is false or undefined
22
+
23
+
24
+ ## 7.6.0
25
+
26
+ ### Features
27
+
8
28
  - [#1507](https://github.com/okta/okta-auth-js/pull/1507) add: new method `getOrRenewAccessToken`
9
29
  - [#1505](https://github.com/okta/okta-auth-js/pull/1505) add: support of `revokeSessions` param for `OktaPassword` authenticator (can be used in `reset-authenticator` remediation)
10
- - [#1508](https://github.com/okta/okta-auth-js/pull/1508) IDX: add condition to compare stateHandles when loading saved idxResponse only when useGenericRemediator option is false or undefined
11
30
  - [#1512](https://github.com/okta/okta-auth-js/pull/1512) add: new service `RenewOnTabActivation`
12
31
 
13
32
  ### Bug Fix
package/cjs/authn/mixin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mixin.js","names":["mixinAuthn","Base","OktaAuthTx","constructor","args","authn","tx","createAuthnTransactionAPI","fingerprint","bind","signIn","opts","clone","_postToTransaction","options","sendFingerprint","postToTransaction","then","headers","signInWithCredentials","forgotPassword","unlockAccount","verifyRecoveryToken"],"sources":["../../../lib/authn/mixin.ts"],"sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { \n clone,\n} from '../util';\nimport fingerprint from '../browser/fingerprint';\nimport {\n FingerprintAPI,\n SigninWithCredentialsOptions,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n SigninOptions,\n OktaAuthTxInterface,\n AuthnTransaction,\n AuthnTransactionAPI\n} from './types';\nimport {\n createAuthnTransactionAPI,\n} from './factory';\nimport { StorageManagerInterface } from '../storage/types';\nimport { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { OktaAuthConstructor } from '../base/types';\n\nexport function mixinAuthn\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthTxInterface<S, O>>\n{\n return class OktaAuthTx extends Base implements OktaAuthTxInterface<S, O> {\n tx: AuthnTransactionAPI; // legacy, may be removed in future version\n authn: AuthnTransactionAPI;\n fingerprint: FingerprintAPI;\n\n constructor(...args: any[]) {\n super(...args);\n\n this.authn = this.tx = createAuthnTransactionAPI(this);\n \n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n }\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthnTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return this.tx.postToTransaction('/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction> {\n return this.signIn(opts);\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/token', opts);\n }\n\n };\n}\n"],"mappings":";;;;AAcA;AAGA;AAWA;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBO,SAASA,UAAU,CAOzBC,IAAW,EACZ;EACE,OAAO,MAAMC,UAAU,SAASD,IAAI,CAAsC;IAC/C;;IAIzBE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,KAAK,GAAG,IAAI,CAACC,EAAE,GAAG,IAAAC,kCAAyB,EAAC,IAAI,CAAC;;MAEtD;MACA,IAAI,CAACC,WAAW,GAAGA,oBAAW,CAACC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;IACjD;;IAEA;IACA,MAAMC,MAAM,CAACC,IAAmB,EAA6B;MAC3DA,IAAI,GAAG,IAAAC,WAAK,EAACD,IAAI,IAAI,CAAC,CAAC,CAAC;MACxB,MAAME,kBAAkB,GAAIC,OAAQ,IAAK;QACvC,OAAOH,IAAI,CAACI,eAAe;QAC3B,OAAO,IAAI,CAACT,EAAE,CAACU,iBAAiB,CAAC,eAAe,EAAEL,IAAI,EAAEG,OAAO,CAAC;MAClE,CAAC;MACD,IAAI,CAACH,IAAI,CAACI,eAAe,EAAE;QACzB,OAAOF,kBAAkB,EAAE;MAC7B;MACA,OAAO,IAAI,CAACL,WAAW,EAAE,CACxBS,IAAI,CAAC,UAAST,WAAW,EAAE;QAC1B,OAAOK,kBAAkB,CAAC;UACxBK,OAAO,EAAE;YACP,sBAAsB,EAAEV;UAC1B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMW,qBAAqB,CAACR,IAAkC,EAA6B;MACzF,OAAO,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC;IAC1B;;IAEA;IACAS,cAAc,CAACT,IAAI,EAA6B;MAC9C,OAAO,IAAI,CAACL,EAAE,CAACU,iBAAiB,CAAC,iCAAiC,EAAEL,IAAI,CAAC;IAC3E;;IAEA;IACAU,aAAa,CAACV,IAA2B,EAA6B;MACpE,OAAO,IAAI,CAACL,EAAE,CAACU,iBAAiB,CAAC,+BAA+B,EAAEL,IAAI,CAAC;IACzE;;IAEA;IACAW,mBAAmB,CAACX,IAAgC,EAA6B;MAC/E,OAAO,IAAI,CAACL,EAAE,CAACU,iBAAiB,CAAC,8BAA8B,EAAEL,IAAI,CAAC;IACxE;EAEF,CAAC;AACH"}
1
+ {"version":3,"file":"mixin.js","names":["mixinAuthn","Base","OktaAuthTx","constructor","args","authn","tx","createAuthnTransactionAPI","fingerprint","bind","signIn","opts","clone","_postToTransaction","options","sendFingerprint","postToTransaction","then","headers","signInWithCredentials","forgotPassword","unlockAccount","verifyRecoveryToken"],"sources":["../../../lib/authn/mixin.ts"],"sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { \n clone,\n} from '../util';\nimport fingerprint from '../browser/fingerprint';\nimport {\n SigninWithCredentialsOptions,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n SigninOptions,\n OktaAuthTxInterface,\n AuthnTransaction,\n AuthnTransactionAPI\n} from './types';\nimport {\n createAuthnTransactionAPI,\n} from './factory';\nimport { StorageManagerInterface } from '../storage/types';\nimport { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { FingerprintAPI, OktaAuthConstructor } from '../base/types';\n\nexport function mixinAuthn\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthTxInterface<S, O>>\n{\n return class OktaAuthTx extends Base implements OktaAuthTxInterface<S, O> {\n tx: AuthnTransactionAPI; // legacy, may be removed in future version\n authn: AuthnTransactionAPI;\n fingerprint: FingerprintAPI;\n\n constructor(...args: any[]) {\n super(...args);\n\n this.authn = this.tx = createAuthnTransactionAPI(this);\n \n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n }\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthnTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return this.tx.postToTransaction('/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction> {\n return this.signIn(opts);\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/token', opts);\n }\n\n };\n}\n"],"mappings":";;;;AAcA;AAGA;AAUA;AA3BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAsBO,SAASA,UAAU,CAOzBC,IAAW,EACZ;EACE,OAAO,MAAMC,UAAU,SAASD,IAAI,CAAsC;IAC/C;;IAIzBE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MAEd,IAAI,CAACC,KAAK,GAAG,IAAI,CAACC,EAAE,GAAG,IAAAC,kCAAyB,EAAC,IAAI,CAAC;;MAEtD;MACA,IAAI,CAACC,WAAW,GAAGA,oBAAW,CAACC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;IACjD;;IAEA;IACA,MAAMC,MAAM,CAACC,IAAmB,EAA6B;MAC3DA,IAAI,GAAG,IAAAC,WAAK,EAACD,IAAI,IAAI,CAAC,CAAC,CAAC;MACxB,MAAME,kBAAkB,GAAIC,OAAQ,IAAK;QACvC,OAAOH,IAAI,CAACI,eAAe;QAC3B,OAAO,IAAI,CAACT,EAAE,CAACU,iBAAiB,CAAC,eAAe,EAAEL,IAAI,EAAEG,OAAO,CAAC;MAClE,CAAC;MACD,IAAI,CAACH,IAAI,CAACI,eAAe,EAAE;QACzB,OAAOF,kBAAkB,EAAE;MAC7B;MACA,OAAO,IAAI,CAACL,WAAW,EAAE,CACxBS,IAAI,CAAC,UAAST,WAAW,EAAE;QAC1B,OAAOK,kBAAkB,CAAC;UACxBK,OAAO,EAAE;YACP,sBAAsB,EAAEV;UAC1B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMW,qBAAqB,CAACR,IAAkC,EAA6B;MACzF,OAAO,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC;IAC1B;;IAEA;IACAS,cAAc,CAACT,IAAI,EAA6B;MAC9C,OAAO,IAAI,CAACL,EAAE,CAACU,iBAAiB,CAAC,iCAAiC,EAAEL,IAAI,CAAC;IAC3E;;IAEA;IACAU,aAAa,CAACV,IAA2B,EAA6B;MACpE,OAAO,IAAI,CAACL,EAAE,CAACU,iBAAiB,CAAC,+BAA+B,EAAEL,IAAI,CAAC;IACzE;;IAEA;IACAW,mBAAmB,CAACX,IAAgC,EAA6B;MAC/E,OAAO,IAAI,CAACL,EAAE,CAACU,iBAAiB,CAAC,8BAA8B,EAAEL,IAAI,CAAC;IACxE;EAEF,CAAC;AACH"}
package/cjs/authn/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.js","names":[],"sources":["../../../lib/authn/types.ts"],"sourcesContent":["import { StorageManagerInterface } from '../storage/types';\nimport { RequestData, RequestOptions, OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\n\nexport interface AuthnTransactionLink {\n name?: string;\n type: string;\n href: string;\n hints?: {\n allow?: string[];\n };\n}\n\n// Authn V1 transaction\nexport interface AuthnTransactionState {\n status: string;\n stateToken?: string;\n type?: string;\n expiresAt?: string;\n relayState?: string;\n factorResult?: string;\n factorType?: string;\n recoveryToken?: string;\n recoveryType?: string;\n autoPush?: boolean | (() => boolean);\n rememberDevice?: boolean | (() => boolean);\n profile?: {\n updatePhone?: boolean;\n };\n _links?: Record<string, AuthnTransactionLink>;\n}\n\n// eslint-disable-next-line no-use-before-define\nexport type AuthnTransactionFunction = (obj?: any) => Promise<AuthnTransaction>;\n\nexport interface AuthnTransactionFunctions {\n // common\n next?: AuthnTransactionFunction;\n cancel?: AuthnTransactionFunction;\n skip?: AuthnTransactionFunction;\n // locked_out\n unlock?: AuthnTransactionFunction;\n // password\n changePassword?: AuthnTransactionFunction;\n resetPassword?: AuthnTransactionFunction;\n // recovery\n answer?: AuthnTransactionFunction;\n recovery?: AuthnTransactionFunction;\n // recovery_challenge\n verify?: AuthnTransactionFunction;\n resend?: AuthnTransactionFunction;\n // mfa_enroll_activate\n activate?: AuthnTransactionFunction;\n poll?: AuthnTransactionFunction;\n prev?: AuthnTransactionFunction;\n}\n\nexport interface AuthnTransaction extends AuthnTransactionState, AuthnTransactionFunctions {\n sessionToken?: string;\n user?: Record<string, any>;\n factor?: Record<string, any>;\n factors?: Array<Record<string, any> >;\n policy?: Record<string, any>;\n scopes?: Array<Record<string, any> >;\n target?: Record<string, any>;\n authentication?: Record<string, any>;\n}\n\n// Authn (classic) api\nexport interface AuthnTransactionAPI {\n exists: () => boolean;\n status: (args?: object) => Promise<object>;\n resume: (args?: object) => Promise<AuthnTransaction>;\n introspect: (args?: object) => Promise<AuthnTransaction>;\n createTransaction: (res?: AuthnTransactionState) => AuthnTransaction;\n postToTransaction: (url: string, args?: RequestData, options?: RequestOptions) => Promise<AuthnTransaction>;\n}\n\nexport interface SigninOptions {\n // Only used in Authn V1\n relayState?: string;\n context?: {\n deviceToken?: string;\n };\n sendFingerprint?: boolean;\n stateToken?: string;\n \n // Optional credentials\n username?: string;\n password?: string;\n}\n\nexport interface SigninWithCredentialsOptions extends SigninOptions {\n // Required credentials\n username: string;\n password: string;\n}\n\nexport interface SigninAPI {\n signIn(opts: SigninOptions): Promise<AuthnTransaction>;\n signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction>;\n}\n\nexport interface ForgotPasswordOptions {\n username: string;\n factorType: 'SMS' | 'EMAIL' | 'CALL';\n relayState?: string;\n}\n\nexport interface VerifyRecoveryTokenOptions {\n recoveryToken: string;\n}\n\nexport interface AuthnAPI extends SigninAPI {\n forgotPassword(opts): Promise<AuthnTransaction>;\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction>;\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction>;\n}\n\n// Fingerprint\nexport interface FingerprintOptions {\n timeout?: number;\n}\n\nexport type FingerprintAPI = (options?: FingerprintOptions) => Promise<string>;\n\n\nexport interface OktaAuthTxInterface\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n> \n extends OktaAuthHttpInterface<S, O>, AuthnAPI\n{\n tx: AuthnTransactionAPI; // legacy name\n authn: AuthnTransactionAPI; // new name\n fingerprint: FingerprintAPI;\n\n}\n"],"mappings":""}
1
+ {"version":3,"file":"types.js","names":[],"sources":["../../../lib/authn/types.ts"],"sourcesContent":["\nimport { FingerprintAPI } from '../base/types';\nimport { StorageManagerInterface } from '../storage/types';\nimport { RequestData, RequestOptions, OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\n\nexport interface AuthnTransactionLink {\n name?: string;\n type: string;\n href: string;\n hints?: {\n allow?: string[];\n };\n}\n\n// Authn V1 transaction\nexport interface AuthnTransactionState {\n status: string;\n stateToken?: string;\n type?: string;\n expiresAt?: string;\n relayState?: string;\n factorResult?: string;\n factorType?: string;\n recoveryToken?: string;\n recoveryType?: string;\n autoPush?: boolean | (() => boolean);\n rememberDevice?: boolean | (() => boolean);\n profile?: {\n updatePhone?: boolean;\n };\n _links?: Record<string, AuthnTransactionLink>;\n}\n\n// eslint-disable-next-line no-use-before-define\nexport type AuthnTransactionFunction = (obj?: any) => Promise<AuthnTransaction>;\n\nexport interface AuthnTransactionFunctions {\n // common\n next?: AuthnTransactionFunction;\n cancel?: AuthnTransactionFunction;\n skip?: AuthnTransactionFunction;\n // locked_out\n unlock?: AuthnTransactionFunction;\n // password\n changePassword?: AuthnTransactionFunction;\n resetPassword?: AuthnTransactionFunction;\n // recovery\n answer?: AuthnTransactionFunction;\n recovery?: AuthnTransactionFunction;\n // recovery_challenge\n verify?: AuthnTransactionFunction;\n resend?: AuthnTransactionFunction;\n // mfa_enroll_activate\n activate?: AuthnTransactionFunction;\n poll?: AuthnTransactionFunction;\n prev?: AuthnTransactionFunction;\n}\n\nexport interface AuthnTransaction extends AuthnTransactionState, AuthnTransactionFunctions {\n sessionToken?: string;\n user?: Record<string, any>;\n factor?: Record<string, any>;\n factors?: Array<Record<string, any> >;\n policy?: Record<string, any>;\n scopes?: Array<Record<string, any> >;\n target?: Record<string, any>;\n authentication?: Record<string, any>;\n}\n\n// Authn (classic) api\nexport interface AuthnTransactionAPI {\n exists: () => boolean;\n status: (args?: object) => Promise<object>;\n resume: (args?: object) => Promise<AuthnTransaction>;\n introspect: (args?: object) => Promise<AuthnTransaction>;\n createTransaction: (res?: AuthnTransactionState) => AuthnTransaction;\n postToTransaction: (url: string, args?: RequestData, options?: RequestOptions) => Promise<AuthnTransaction>;\n}\n\nexport interface SigninOptions {\n // Only used in Authn V1\n relayState?: string;\n context?: {\n deviceToken?: string;\n };\n sendFingerprint?: boolean;\n stateToken?: string;\n \n // Optional credentials\n username?: string;\n password?: string;\n}\n\nexport interface SigninWithCredentialsOptions extends SigninOptions {\n // Required credentials\n username: string;\n password: string;\n}\n\nexport interface SigninAPI {\n signIn(opts: SigninOptions): Promise<AuthnTransaction>;\n signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction>;\n}\n\nexport interface ForgotPasswordOptions {\n username: string;\n factorType: 'SMS' | 'EMAIL' | 'CALL';\n relayState?: string;\n}\n\nexport interface VerifyRecoveryTokenOptions {\n recoveryToken: string;\n}\n\nexport interface AuthnAPI extends SigninAPI {\n forgotPassword(opts): Promise<AuthnTransaction>;\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction>;\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction>;\n}\n\nexport interface OktaAuthTxInterface\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n> \n extends OktaAuthHttpInterface<S, O>, AuthnAPI\n{\n tx: AuthnTransactionAPI; // legacy name\n authn: AuthnTransactionAPI; // new name\n fingerprint: FingerprintAPI;\n}\n"],"mappings":""}
package/cjs/base/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.js","names":[],"sources":["../../../lib/base/types.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport * as constants from '../constants';\n\nexport declare class EventEmitter {\n on (event: string, callback: (...args: any[]) => any, ctx?: any): EventEmitter;\n once (event: string, callback: (...args: any[]) => any, ctx?: any): EventEmitter;\n emit (event: string, ...args: any[]): EventEmitter;\n off (event: string, callback?: (...args: any[]) => any): EventEmitter;\n}\n\nexport interface FeaturesAPI {\n isLocalhost(): boolean;\n isHTTPS(): boolean;\n isPopupPostMessageSupported(): boolean;\n hasTextEncoder(): boolean;\n isTokenVerifySupported(): boolean;\n isPKCESupported(): boolean;\n isIE11OrLess(): boolean;\n isDPoPSupported(): boolean;\n}\n\n\n// options that can be passed to AuthJS\nexport interface OktaAuthBaseOptions {\n devMode?: boolean;\n}\n\n// a class that constructs options\nexport interface OktaAuthOptionsConstructor<O extends OktaAuthBaseOptions = OktaAuthBaseOptions> {\n new(args: any): O;\n}\n\n// a \"base\" instance of AuthJS\nexport interface OktaAuthBaseInterface<O extends OktaAuthBaseOptions = OktaAuthBaseOptions> {\n options: O;\n emitter: EventEmitter;\n features: FeaturesAPI;\n}\n\n// a constructor that returns an instance of AuthJS\nexport interface OktaAuthConstructor\n<\n I extends OktaAuthBaseInterface = OktaAuthBaseInterface\n> \n{\n new(...args: any[]): I;\n features: FeaturesAPI; // static class member\n constants: typeof constants;\n}\n"],"mappings":""}
1
+ {"version":3,"file":"types.js","names":[],"sources":["../../../lib/base/types.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport * as constants from '../constants';\n\nexport declare class EventEmitter {\n on (event: string, callback: (...args: any[]) => any, ctx?: any): EventEmitter;\n once (event: string, callback: (...args: any[]) => any, ctx?: any): EventEmitter;\n emit (event: string, ...args: any[]): EventEmitter;\n off (event: string, callback?: (...args: any[]) => any): EventEmitter;\n}\n\nexport interface FeaturesAPI {\n isLocalhost(): boolean;\n isHTTPS(): boolean;\n isPopupPostMessageSupported(): boolean;\n hasTextEncoder(): boolean;\n isTokenVerifySupported(): boolean;\n isPKCESupported(): boolean;\n isIE11OrLess(): boolean;\n isDPoPSupported(): boolean;\n}\n\n\nexport interface FingerprintOptions {\n timeout?: number;\n container?: Element | null;\n}\nexport type FingerprintAPI = (options?: FingerprintOptions) => Promise<string>;\n\n// options that can be passed to AuthJS\nexport interface OktaAuthBaseOptions {\n devMode?: boolean;\n}\n\n// a class that constructs options\nexport interface OktaAuthOptionsConstructor<O extends OktaAuthBaseOptions = OktaAuthBaseOptions> {\n new(args: any): O;\n}\n\n// a \"base\" instance of AuthJS\nexport interface OktaAuthBaseInterface<O extends OktaAuthBaseOptions = OktaAuthBaseOptions> {\n options: O;\n emitter: EventEmitter;\n features: FeaturesAPI;\n}\n\n// a constructor that returns an instance of AuthJS\nexport interface OktaAuthConstructor\n<\n I extends OktaAuthBaseInterface = OktaAuthBaseInterface\n> \n{\n new(...args: any[]): I;\n features: FeaturesAPI; // static class member\n constants: typeof constants;\n}\n"],"mappings":""}
package/cjs/browser/fingerprint.js CHANGED
@@ -16,25 +16,30 @@ var _oidc = require("../oidc");
16
16
  * See the License for the specific language governing permissions and limitations under the License.
17
17
  */
18
18
 
19
+ const isMessageFromCorrectSource = (iframe, event) => event.source === iframe.contentWindow;
19
20
  function fingerprint(sdk, options) {
20
- options = options || {};
21
21
  if (!(0, _features.isFingerprintSupported)()) {
22
22
  return Promise.reject(new _errors.AuthSdkError('Fingerprinting is not supported on this device'));
23
23
  }
24
- var timeout;
25
- var iframe;
26
- var listener;
27
- var promise = new Promise(function (resolve, reject) {
24
+ const container = options?.container ?? document.body;
25
+ let timeout;
26
+ let iframe;
27
+ let listener;
28
+ const promise = new Promise(function (resolve, reject) {
28
29
  iframe = document.createElement('iframe');
29
30
  iframe.style.display = 'none';
30
31
 
31
32
  // eslint-disable-next-line complexity
32
33
  listener = function listener(e) {
34
+ if (!isMessageFromCorrectSource(iframe, e)) {
35
+ return;
36
+ }
33
37
  if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {
34
38
  return;
35
39
  }
40
+ let msg;
36
41
  try {
37
- var msg = JSON.parse(e.data);
42
+ msg = JSON.parse(e.data);
38
43
  } catch (err) {
39
44
  // iframe messages should all be parsable
40
45
  // skip not parsable messages come from other sources in same origin (browser extensions)
@@ -46,16 +51,17 @@ function fingerprint(sdk, options) {
46
51
  }
47
52
  if (msg.type === 'FingerprintAvailable') {
48
53
  return resolve(msg.fingerprint);
49
- }
50
- if (msg.type === 'FingerprintServiceReady') {
51
- e.source.postMessage(JSON.stringify({
54
+ } else if (msg.type === 'FingerprintServiceReady') {
55
+ iframe?.contentWindow?.postMessage(JSON.stringify({
52
56
  type: 'GetFingerprint'
53
57
  }), e.origin);
58
+ } else {
59
+ return reject(new _errors.AuthSdkError('No data'));
54
60
  }
55
61
  };
56
62
  (0, _oidc.addListener)(window, 'message', listener);
57
63
  iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';
58
- document.body.appendChild(iframe);
64
+ container.appendChild(iframe);
59
65
  timeout = setTimeout(function () {
60
66
  reject(new _errors.AuthSdkError('Fingerprinting timed out'));
61
67
  }, options?.timeout || 15000);
@@ -63,8 +69,8 @@ function fingerprint(sdk, options) {
63
69
  return promise.finally(function () {
64
70
  clearTimeout(timeout);
65
71
  (0, _oidc.removeListener)(window, 'message', listener);
66
- if (document.body.contains(iframe)) {
67
- iframe.parentElement.removeChild(iframe);
72
+ if (container.contains(iframe)) {
73
+ iframe.parentElement?.removeChild(iframe);
68
74
  }
69
75
  });
70
76
  }
package/cjs/browser/fingerprint.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fingerprint.js","names":["fingerprint","sdk","options","isFingerprintSupported","Promise","reject","AuthSdkError","timeout","iframe","listener","promise","resolve","document","createElement","style","display","e","data","origin","getIssuerOrigin","msg","JSON","parse","err","type","source","postMessage","stringify","addListener","window","src","body","appendChild","setTimeout","finally","clearTimeout","removeListener","contains","parentElement","removeChild"],"sources":["../../../lib/browser/fingerprint.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { isFingerprintSupported } from '../features';\nimport {\n addListener,\n removeListener\n} from '../oidc';\nimport { FingerprintOptions } from '../authn/types';\nimport { OktaAuthHttpInterface } from '../http/types';\n\nexport default function fingerprint(sdk: OktaAuthHttpInterface, options?: FingerprintOptions): Promise<string> {\n options = options || {};\n\n if (!isFingerprintSupported()) {\n return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n }\n\n var timeout;\n var iframe;\n var listener;\n var promise = new Promise(function (resolve, reject) {\n iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n\n // eslint-disable-next-line complexity\n listener = function listener(e) {\n if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n return;\n }\n\n try {\n var msg = JSON.parse(e.data);\n } catch (err) {\n // iframe messages should all be parsable\n // skip not parsable messages come from other sources in same origin (browser extensions)\n // TODO: add namespace flag in okta-core to distinguish messages that come from other sources\n return;\n }\n\n if (!msg) { return; }\n if (msg.type === 'FingerprintAvailable') {\n return resolve(msg.fingerprint as string);\n }\n if (msg.type === 'FingerprintServiceReady') {\n e.source.postMessage(JSON.stringify({\n type: 'GetFingerprint'\n }), e.origin);\n }\n };\n addListener(window, 'message', listener);\n\n iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n document.body.appendChild(iframe);\n\n timeout = setTimeout(function() {\n reject(new AuthSdkError('Fingerprinting timed out'));\n }, options?.timeout || 15000);\n });\n\n return promise.finally(function() {\n clearTimeout(timeout);\n removeListener(window, 'message', listener);\n if (document.body.contains(iframe)) {\n iframe.parentElement.removeChild(iframe);\n }\n }) as Promise<string>;\n}\n"],"mappings":";;;AAaA;AACA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAYe,SAASA,WAAW,CAACC,GAA0B,EAAEC,OAA4B,EAAmB;EAC7GA,OAAO,GAAGA,OAAO,IAAI,CAAC,CAAC;EAEvB,IAAI,CAAC,IAAAC,gCAAsB,GAAE,EAAE;IAC7B,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,gDAAgD,CAAC,CAAC;EAC3F;EAEA,IAAIC,OAAO;EACX,IAAIC,MAAM;EACV,IAAIC,QAAQ;EACZ,IAAIC,OAAO,GAAG,IAAIN,OAAO,CAAC,UAAUO,OAAO,EAAEN,MAAM,EAAE;IACnDG,MAAM,GAAGI,QAAQ,CAACC,aAAa,CAAC,QAAQ,CAAC;IACzCL,MAAM,CAACM,KAAK,CAACC,OAAO,GAAG,MAAM;;IAE7B;IACAN,QAAQ,GAAG,SAASA,QAAQ,CAACO,CAAC,EAAE;MAC9B,IAAI,CAACA,CAAC,IAAI,CAACA,CAAC,CAACC,IAAI,IAAID,CAAC,CAACE,MAAM,KAAKjB,GAAG,CAACkB,eAAe,EAAE,EAAE;QACvD;MACF;MAEA,IAAI;QACF,IAAIC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACN,CAAC,CAACC,IAAI,CAAC;MAC9B,CAAC,CAAC,OAAOM,GAAG,EAAE;QACZ;QACA;QACA;QACA;MACF;MAEA,IAAI,CAACH,GAAG,EAAE;QAAE;MAAQ;MACpB,IAAIA,GAAG,CAACI,IAAI,KAAK,sBAAsB,EAAE;QACvC,OAAOb,OAAO,CAACS,GAAG,CAACpB,WAAW,CAAW;MAC3C;MACA,IAAIoB,GAAG,CAACI,IAAI,KAAK,yBAAyB,EAAE;QAC1CR,CAAC,CAACS,MAAM,CAACC,WAAW,CAACL,IAAI,CAACM,SAAS,CAAC;UAClCH,IAAI,EAAE;QACR,CAAC,CAAC,EAAER,CAAC,CAACE,MAAM,CAAC;MACf;IACF,CAAC;IACD,IAAAU,iBAAW,EAACC,MAAM,EAAE,SAAS,EAAEpB,QAAQ,CAAC;IAExCD,MAAM,CAACsB,GAAG,GAAG7B,GAAG,CAACkB,eAAe,EAAE,GAAG,kCAAkC;IACvEP,QAAQ,CAACmB,IAAI,CAACC,WAAW,CAACxB,MAAM,CAAC;IAEjCD,OAAO,GAAG0B,UAAU,CAAC,YAAW;MAC9B5B,MAAM,CAAC,IAAIC,oBAAY,CAAC,0BAA0B,CAAC,CAAC;IACtD,CAAC,EAAEJ,OAAO,EAAEK,OAAO,IAAI,KAAK,CAAC;EAC/B,CAAC,CAAC;EAEF,OAAOG,OAAO,CAACwB,OAAO,CAAC,YAAW;IAChCC,YAAY,CAAC5B,OAAO,CAAC;IACrB,IAAA6B,oBAAc,EAACP,MAAM,EAAE,SAAS,EAAEpB,QAAQ,CAAC;IAC3C,IAAIG,QAAQ,CAACmB,IAAI,CAACM,QAAQ,CAAC7B,MAAM,CAAC,EAAE;MAClCA,MAAM,CAAC8B,aAAa,CAACC,WAAW,CAAC/B,MAAM,CAAC;IAC1C;EACF,CAAC,CAAC;AACJ;AAAC"}
1
+ {"version":3,"file":"fingerprint.js","names":["isMessageFromCorrectSource","iframe","event","source","contentWindow","fingerprint","sdk","options","isFingerprintSupported","Promise","reject","AuthSdkError","container","document","body","timeout","listener","promise","resolve","createElement","style","display","e","data","origin","getIssuerOrigin","msg","JSON","parse","err","type","postMessage","stringify","addListener","window","src","appendChild","setTimeout","finally","clearTimeout","removeListener","contains","parentElement","removeChild"],"sources":["../../../lib/browser/fingerprint.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { isFingerprintSupported } from '../features';\nimport {\n addListener,\n removeListener\n} from '../oidc';\nimport { FingerprintOptions } from '../base/types';\nimport { OktaAuthHttpInterface } from '../http/types';\n\nconst isMessageFromCorrectSource = (iframe: HTMLIFrameElement, event: MessageEvent)\n: boolean => event.source === iframe.contentWindow;\n\nexport default function fingerprint(sdk: OktaAuthHttpInterface, options?: FingerprintOptions): Promise<string> {\n if (!isFingerprintSupported()) {\n return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n }\n\n const container = options?.container ?? document.body;\n let timeout: NodeJS.Timeout;\n let iframe: HTMLIFrameElement;\n let listener: (this: Window, ev: MessageEvent) => void;\n const promise = new Promise(function (resolve, reject) {\n iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n\n // eslint-disable-next-line complexity\n listener = function listener(e: MessageEvent) {\n if (!isMessageFromCorrectSource(iframe, e)) {\n return;\n }\n\n if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n return;\n }\n\n let msg;\n try {\n msg = JSON.parse(e.data);\n } catch (err) {\n // iframe messages should all be parsable\n // skip not parsable messages come from other sources in same origin (browser extensions)\n // TODO: add namespace flag in okta-core to distinguish messages that come from other sources\n return;\n }\n\n if (!msg) { return; }\n if (msg.type === 'FingerprintAvailable') {\n return resolve(msg.fingerprint as string);\n } else if (msg.type === 'FingerprintServiceReady') {\n iframe?.contentWindow?.postMessage(JSON.stringify({\n type: 'GetFingerprint'\n }), e.origin);\n } else {\n return reject(new AuthSdkError('No data'));\n }\n };\n addListener(window, 'message', listener);\n\n iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n container.appendChild(iframe);\n\n timeout = setTimeout(function() {\n reject(new AuthSdkError('Fingerprinting timed out'));\n }, options?.timeout || 15000);\n });\n\n return promise.finally(function() {\n clearTimeout(timeout);\n removeListener(window, 'message', listener);\n if (container.contains(iframe)) {\n iframe.parentElement?.removeChild(iframe);\n }\n }) as Promise<string>;\n}\n"],"mappings":";;;AAaA;AACA;AACA;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAYA,MAAMA,0BAA0B,GAAG,CAACC,MAAyB,EAAEC,KAAmB,KACrEA,KAAK,CAACC,MAAM,KAAKF,MAAM,CAACG,aAAa;AAEnC,SAASC,WAAW,CAACC,GAA0B,EAAEC,OAA4B,EAAmB;EAC7G,IAAI,CAAC,IAAAC,gCAAsB,GAAE,EAAE;IAC7B,OAAOC,OAAO,CAACC,MAAM,CAAC,IAAIC,oBAAY,CAAC,gDAAgD,CAAC,CAAC;EAC3F;EAEA,MAAMC,SAAS,GAAGL,OAAO,EAAEK,SAAS,IAAIC,QAAQ,CAACC,IAAI;EACrD,IAAIC,OAAuB;EAC3B,IAAId,MAAyB;EAC7B,IAAIe,QAAkD;EACtD,MAAMC,OAAO,GAAG,IAAIR,OAAO,CAAC,UAAUS,OAAO,EAAER,MAAM,EAAE;IACrDT,MAAM,GAAGY,QAAQ,CAACM,aAAa,CAAC,QAAQ,CAAC;IACzClB,MAAM,CAACmB,KAAK,CAACC,OAAO,GAAG,MAAM;;IAE7B;IACAL,QAAQ,GAAG,SAASA,QAAQ,CAACM,CAAe,EAAE;MAC5C,IAAI,CAACtB,0BAA0B,CAACC,MAAM,EAAEqB,CAAC,CAAC,EAAE;QAC1C;MACF;MAEA,IAAI,CAACA,CAAC,IAAI,CAACA,CAAC,CAACC,IAAI,IAAID,CAAC,CAACE,MAAM,KAAKlB,GAAG,CAACmB,eAAe,EAAE,EAAE;QACvD;MACF;MAEA,IAAIC,GAAG;MACP,IAAI;QACFA,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACN,CAAC,CAACC,IAAI,CAAC;MAC1B,CAAC,CAAC,OAAOM,GAAG,EAAE;QACZ;QACA;QACA;QACA;MACF;MAEA,IAAI,CAACH,GAAG,EAAE;QAAE;MAAQ;MACpB,IAAIA,GAAG,CAACI,IAAI,KAAK,sBAAsB,EAAE;QACvC,OAAOZ,OAAO,CAACQ,GAAG,CAACrB,WAAW,CAAW;MAC3C,CAAC,MAAM,IAAIqB,GAAG,CAACI,IAAI,KAAK,yBAAyB,EAAE;QACjD7B,MAAM,EAAEG,aAAa,EAAE2B,WAAW,CAACJ,IAAI,CAACK,SAAS,CAAC;UAChDF,IAAI,EAAE;QACR,CAAC,CAAC,EAAER,CAAC,CAACE,MAAM,CAAC;MACf,CAAC,MAAM;QACL,OAAOd,MAAM,CAAC,IAAIC,oBAAY,CAAC,SAAS,CAAC,CAAC;MAC5C;IACF,CAAC;IACD,IAAAsB,iBAAW,EAACC,MAAM,EAAE,SAAS,EAAElB,QAAQ,CAAC;IAExCf,MAAM,CAACkC,GAAG,GAAG7B,GAAG,CAACmB,eAAe,EAAE,GAAG,kCAAkC;IACvEb,SAAS,CAACwB,WAAW,CAACnC,MAAM,CAAC;IAE7Bc,OAAO,GAAGsB,UAAU,CAAC,YAAW;MAC9B3B,MAAM,CAAC,IAAIC,oBAAY,CAAC,0BAA0B,CAAC,CAAC;IACtD,CAAC,EAAEJ,OAAO,EAAEQ,OAAO,IAAI,KAAK,CAAC;EAC/B,CAAC,CAAC;EAEF,OAAOE,OAAO,CAACqB,OAAO,CAAC,YAAW;IAChCC,YAAY,CAACxB,OAAO,CAAC;IACrB,IAAAyB,oBAAc,EAACN,MAAM,EAAE,SAAS,EAAElB,QAAQ,CAAC;IAC3C,IAAIJ,SAAS,CAAC6B,QAAQ,CAACxC,MAAM,CAAC,EAAE;MAC9BA,MAAM,CAACyC,aAAa,EAAEC,WAAW,CAAC1C,MAAM,CAAC;IAC3C;EACF,CAAC,CAAC;AACJ;AAAC"}
package/cjs/http/OktaUserAgent.js CHANGED
@@ -20,7 +20,7 @@ var _features = require("../features");
20
20
  class OktaUserAgent {
21
21
  constructor() {
22
22
  // add base sdk env
23
- this.environments = [`okta-auth-js/${"7.7.0"}`];
23
+ this.environments = [`okta-auth-js/${"7.8.0"}`];
24
24
  this.maybeAddNodeEnvironment();
25
25
  }
26
26
  addEnvironment(env) {
@@ -32,7 +32,7 @@ class OktaUserAgent {
32
32
  };
33
33
  }
34
34
  getVersion() {
35
- return "7.7.0";
35
+ return "7.8.0";
36
36
  }
37
37
  maybeAddNodeEnvironment() {
38
38
  if ((0, _features.isBrowser)() || !process || !process.versions) {
package/cjs/idx/mixin.js CHANGED
@@ -4,6 +4,7 @@ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefau
4
4
  exports.mixinIdx = mixinIdx;
5
5
  var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
6
6
  var _api = require("./factory/api");
7
+ var _fingerprint = _interopRequireDefault(require("../browser/fingerprint"));
7
8
  var webauthn = _interopRequireWildcard(require("./webauthn"));
8
9
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
9
10
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -13,6 +14,7 @@ function mixinIdx(Base) {
13
14
  constructor(...args) {
14
15
  super(...args);
15
16
  this.idx = (0, _api.createIdxAPI)(this);
17
+ this.fingerprint = _fingerprint.default.bind(null, this);
16
18
  }
17
19
  }, (0, _defineProperty2.default)(_class, "webauthn", webauthn), _class;
18
20
  }
package/cjs/idx/mixin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mixin.js","names":["mixinIdx","Base","OktaAuthIdx","constructor","args","idx","createIdxAPI","webauthn"],"sources":["../../../lib/idx/mixin.ts"],"sourcesContent":["import { OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport {\n IdxAPI, \n IdxTransactionManagerInterface, \n OktaAuthIdxInterface, \n OktaAuthIdxConstructor, \n OktaAuthIdxOptions, \n WebauthnAPI\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n {\n idx: IdxAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createIdxAPI(this);\n }\n };\n}\n"],"mappings":";;;;;AAYA;AACA;AAAuC;AAAA;AAEhC,SAASA,QAAQ,CASvBC,IAAW,EACZ;EAAA;EACE,gBAAO,MAAMC,WAAW,SAASD,IAAI,CACrC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MACd,IAAI,CAACC,GAAG,GAAG,IAAAC,iBAAY,EAAC,IAAI,CAAC;IAC/B;EACF,CAAC,oDANgCC,QAAQ;AAO3C"}
1
+ {"version":3,"file":"mixin.js","names":["mixinIdx","Base","OktaAuthIdx","constructor","args","idx","createIdxAPI","fingerprint","bind","webauthn"],"sources":["../../../lib/idx/mixin.ts"],"sourcesContent":["import { FingerprintAPI, OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport {\n IdxAPI, \n IdxTransactionManagerInterface, \n OktaAuthIdxInterface, \n OktaAuthIdxConstructor, \n OktaAuthIdxOptions, \n WebauthnAPI\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport fingerprint from '../browser/fingerprint';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n {\n idx: IdxAPI;\n fingerprint: FingerprintAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createIdxAPI(this);\n this.fingerprint = fingerprint.bind(null, this);\n }\n };\n}\n"],"mappings":";;;;;AAYA;AACA;AACA;AAAuC;AAAA;AAEhC,SAASA,QAAQ,CASvBC,IAAW,EACZ;EAAA;EACE,gBAAO,MAAMC,WAAW,SAASD,IAAI,CACrC;IAKEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MACd,IAAI,CAACC,GAAG,GAAG,IAAAC,iBAAY,EAAC,IAAI,CAAC;MAC7B,IAAI,CAACC,WAAW,GAAGA,oBAAW,CAACC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;IACjD;EACF,CAAC,oDAPgCC,QAAQ;AAQ3C"}
package/cjs/idx/mixinMinimal.js CHANGED
@@ -4,6 +4,7 @@ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefau
4
4
  exports.mixinMinimalIdx = mixinMinimalIdx;
5
5
  var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
6
6
  var _minimalApi = require("../idx/factory/minimalApi");
7
+ var _fingerprint = _interopRequireDefault(require("../browser/fingerprint"));
7
8
  var webauthn = _interopRequireWildcard(require("./webauthn"));
8
9
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
9
10
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -13,6 +14,7 @@ function mixinMinimalIdx(Base) {
13
14
  constructor(...args) {
14
15
  super(...args);
15
16
  this.idx = (0, _minimalApi.createMinimalIdxAPI)(this);
17
+ this.fingerprint = _fingerprint.default.bind(null, this);
16
18
  }
17
19
  }, (0, _defineProperty2.default)(_class, "webauthn", webauthn), _class;
18
20
  }
package/cjs/idx/mixinMinimal.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mixinMinimal.js","names":["mixinMinimalIdx","Base","OktaAuthIdx","constructor","args","idx","createMinimalIdxAPI","webauthn"],"sources":["../../../lib/idx/mixinMinimal.ts"],"sourcesContent":["import { OktaAuthConstructor } from '../base/types';\nimport { MinimalOktaOAuthInterface } from '../oidc/types';\nimport {\n IdxTransactionManagerInterface,\n OktaAuthIdxConstructor,\n OktaAuthIdxOptions,\n MinimalIdxAPI,\n WebauthnAPI,\n MinimalOktaAuthIdxInterface\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createMinimalIdxAPI } from '../idx/factory/minimalApi';\nimport * as webauthn from './webauthn';\n\nexport function mixinMinimalIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n>\n(\n Base: TBase\n): TBase & OktaAuthIdxConstructor<MinimalOktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements MinimalOktaAuthIdxInterface<M, S, O, TM>\n {\n idx: MinimalIdxAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createMinimalIdxAPI(this);\n }\n };\n}\n"],"mappings":";;;;;AAYA;AACA;AAAuC;AAAA;AAEhC,SAASA,eAAe,CAU7BC,IAAW,EAEb;EAAA;EACE,gBAAO,MAAMC,WAAW,SAASD,IAAI,CACrC;IAIEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MACd,IAAI,CAACC,GAAG,GAAG,IAAAC,+BAAmB,EAAC,IAAI,CAAC;IACtC;EACF,CAAC,oDANgCC,QAAQ;AAO3C"}
1
+ {"version":3,"file":"mixinMinimal.js","names":["mixinMinimalIdx","Base","OktaAuthIdx","constructor","args","idx","createMinimalIdxAPI","fingerprint","bind","webauthn"],"sources":["../../../lib/idx/mixinMinimal.ts"],"sourcesContent":["import { FingerprintAPI, OktaAuthConstructor } from '../base/types';\nimport { MinimalOktaOAuthInterface } from '../oidc/types';\nimport {\n IdxTransactionManagerInterface,\n OktaAuthIdxConstructor,\n OktaAuthIdxOptions,\n MinimalIdxAPI,\n WebauthnAPI,\n MinimalOktaAuthIdxInterface\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createMinimalIdxAPI } from '../idx/factory/minimalApi';\nimport fingerprint from '../browser/fingerprint';\nimport * as webauthn from './webauthn';\n\nexport function mixinMinimalIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n>\n(\n Base: TBase\n): TBase & OktaAuthIdxConstructor<MinimalOktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements MinimalOktaAuthIdxInterface<M, S, O, TM>\n {\n idx: MinimalIdxAPI;\n fingerprint: FingerprintAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createMinimalIdxAPI(this);\n this.fingerprint = fingerprint.bind(null, this);\n }\n };\n}\n"],"mappings":";;;;;AAYA;AACA;AACA;AAAuC;AAAA;AAEhC,SAASA,eAAe,CAU7BC,IAAW,EAEb;EAAA;EACE,gBAAO,MAAMC,WAAW,SAASD,IAAI,CACrC;IAKEE,WAAW,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAGA,IAAI,CAAC;MACd,IAAI,CAACC,GAAG,GAAG,IAAAC,+BAAmB,EAAC,IAAI,CAAC;MACpC,IAAI,CAACC,WAAW,GAAGA,oBAAW,CAACC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;IACjD;EACF,CAAC,oDAPgCC,QAAQ;AAQ3C"}
package/cjs/idx/types/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"sources":["../../../../lib/idx/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n OktaAuthOAuthInterface,\n MinimalOktaOAuthInterface,\n Tokens,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n IdxActions,\n IdxAuthenticator,\n IdxContext,\n IdxForm,\n IdxMessage,\n IdxOption,\n IdxRemediation,\n IdxResponse,\n RawIdxResponse,\n IdxActionParams,\n IdpConfig,\n IdxToPersist,\n ChallengeData,\n ActivationData,\n} from './idx-js';\nimport {\n AccountUnlockOptions,\n AuthenticationOptions,\n CancelOptions,\n InteractOptions,\n IntrospectOptions,\n OktaAuthIdxOptions,\n PasswordRecoveryOptions,\n ProceedOptions,\n RegistrationOptions,\n StartOptions,\n IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n WebauthnEnrollValues,\n WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor } from '../../base/types';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n SECURITY_QUESTION = 'security_question',\n OKTA_VERIFY = 'okta_verify',\n WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n name: string;\n key?: string;\n type?: string;\n label?: string;\n value?: string | {form: IdxForm} | Input[];\n minLength?: number;\n maxLength?: number;\n secret?: boolean;\n required?: boolean;\n options?: IdxOption[];\n mutable?: boolean;\n visible?: boolean;\n customLabel?: boolean\n}\n\n\nexport interface IdxPollOptions {\n required?: boolean;\n refresh?: number;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n poll?: IdxPollOptions;\n authenticatorEnrollments?: IdxAuthenticator[];\n // eslint-disable-next-line no-use-before-define\n action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n idp?: IdpConfig;\n href?: string;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n refresh?: number;\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY = 'recover-password',\n REGISTRATION = 'enroll-profile',\n SOCIAL_IDP = 'redirect-idp',\n ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError | IdxResponse;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n \n // from idx-js, used by signin widget\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n context: IdxContext;\n}\n\n\nexport type Authenticator = {\n id?: string;\n key?: string;\n methodType?: string;\n phoneNumber?: string;\n channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n idxResponse: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\n\nexport interface InteractResponse {\n state?: string;\n interactionHandle: string;\n meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n state: string;\n otp: string;\n}\n\nexport interface MinimalIdxAPI {\n // lowest level api\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxAPI {\n // lowest level api\n interact: (options?: InteractOptions) => Promise<InteractResponse>;\n introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow entrypoints\n authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n getFlow(): FlowIdentifier | undefined;\n setFlow(flow: FlowIdentifier): void;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // redirect callbacks\n isInteractionRequired: (hashOrSearch?: string) => boolean;\n isInteractionRequiredError: (error: Error) => boolean; \n handleInteractionCodeRedirect: (url: string) => Promise<void>;\n isEmailVerifyCallback: (search: string) => boolean;\n parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n isEmailVerifyCallbackError: (error: Error) => boolean;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n saveIdxResponse(data: SavedIdxResponse): void;\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n buildCredentialRequestOptions(\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialRequestOptions;\n buildCredentialCreationOptions(\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialCreationOptions;\n}\n\nexport interface OktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n idx: IdxAPI;\n}\n\nexport interface MinimalOktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends MinimalOktaOAuthInterface<M, S, O, TM>\n{\n idx: MinimalIdxAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n I extends MinimalOktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n new(...args: any[]): I;\n webauthn: WebauthnAPI;\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IA0DYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAQTC,gBAAgB;AAAA;AAAA,WAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;AAAA,GAAhBA,gBAAgB,gCAAhBA,gBAAgB;AAAA,IAmDhBC,UAAU;AAAA;AAAA,WAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;AAAA,GAAVA,UAAU,0BAAVA,UAAU;AAsCf,SAASC,eAAe,CAACC,GAAQ,EAAwB;EAC9D,OAAOA,GAAG,KAAKA,GAAG,CAACC,GAAG,IAAID,GAAG,CAACE,EAAE,CAAC;AACnC"}
1
+ {"version":3,"file":"api.js","names":["IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","obj","key","id"],"sources":["../../../../lib/idx/types/api.ts"],"sourcesContent":["/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n OktaAuthOAuthInterface,\n MinimalOktaOAuthInterface,\n Tokens,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n IdxActions,\n IdxAuthenticator,\n IdxContext,\n IdxForm,\n IdxMessage,\n IdxOption,\n IdxRemediation,\n IdxResponse,\n RawIdxResponse,\n IdxActionParams,\n IdpConfig,\n IdxToPersist,\n ChallengeData,\n ActivationData,\n} from './idx-js';\nimport {\n AccountUnlockOptions,\n AuthenticationOptions,\n CancelOptions,\n InteractOptions,\n IntrospectOptions,\n OktaAuthIdxOptions,\n PasswordRecoveryOptions,\n ProceedOptions,\n RegistrationOptions,\n StartOptions,\n IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n WebauthnEnrollValues,\n WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor, FingerprintAPI } from '../../base/types';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n SECURITY_QUESTION = 'security_question',\n OKTA_VERIFY = 'okta_verify',\n WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n name: string;\n key?: string;\n type?: string;\n label?: string;\n value?: string | {form: IdxForm} | Input[];\n minLength?: number;\n maxLength?: number;\n secret?: boolean;\n required?: boolean;\n options?: IdxOption[];\n mutable?: boolean;\n visible?: boolean;\n customLabel?: boolean\n}\n\n\nexport interface IdxPollOptions {\n required?: boolean;\n refresh?: number;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n poll?: IdxPollOptions;\n authenticatorEnrollments?: IdxAuthenticator[];\n // eslint-disable-next-line no-use-before-define\n action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n idp?: IdpConfig;\n href?: string;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n refresh?: number;\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY = 'recover-password',\n REGISTRATION = 'enroll-profile',\n SOCIAL_IDP = 'redirect-idp',\n ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError | IdxResponse;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n \n // from idx-js, used by signin widget\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n context: IdxContext;\n}\n\n\nexport type Authenticator = {\n id?: string;\n key?: string;\n methodType?: string;\n phoneNumber?: string;\n channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n idxResponse: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\n\nexport interface InteractResponse {\n state?: string;\n interactionHandle: string;\n meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n state: string;\n otp: string;\n}\n\nexport interface MinimalIdxAPI {\n // lowest level api\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxAPI {\n // lowest level api\n interact: (options?: InteractOptions) => Promise<InteractResponse>;\n introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow entrypoints\n authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n getFlow(): FlowIdentifier | undefined;\n setFlow(flow: FlowIdentifier): void;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // redirect callbacks\n isInteractionRequired: (hashOrSearch?: string) => boolean;\n isInteractionRequiredError: (error: Error) => boolean; \n handleInteractionCodeRedirect: (url: string) => Promise<void>;\n isEmailVerifyCallback: (search: string) => boolean;\n parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n isEmailVerifyCallbackError: (error: Error) => boolean;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n saveIdxResponse(data: SavedIdxResponse): void;\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n buildCredentialRequestOptions(\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialRequestOptions;\n buildCredentialCreationOptions(\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialCreationOptions;\n}\n\n\nexport interface OktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n idx: IdxAPI;\n fingerprint: FingerprintAPI;\n}\n\nexport interface MinimalOktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends MinimalOktaOAuthInterface<M, S, O, TM>\n{\n idx: MinimalIdxAPI;\n fingerprint: FingerprintAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n I extends MinimalOktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n new(...args: any[]): I;\n webauthn: WebauthnAPI;\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAVA,IA0DYA,SAAS;AAAA;AAAA,WAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;EAATA,SAAS;AAAA,GAATA,SAAS,yBAATA,SAAS;AAAA,IAQTC,gBAAgB;AAAA;AAAA,WAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;EAAhBA,gBAAgB;AAAA,GAAhBA,gBAAgB,gCAAhBA,gBAAgB;AAAA,IAmDhBC,UAAU;AAAA;AAAA,WAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;AAAA,GAAVA,UAAU,0BAAVA,UAAU;AAsCf,SAASC,eAAe,CAACC,GAAQ,EAAwB;EAC9D,OAAOA,GAAG,KAAKA,GAAG,CAACC,GAAG,IAAID,GAAG,CAACE,EAAE,CAAC;AACnC"}
package/cjs/oidc/endpoints/token.js CHANGED
@@ -133,8 +133,12 @@ async function postRefreshToken(sdk, options, refreshToken) {
133
133
  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
134
134
  return name + '=' + encodeURIComponent(value);
135
135
  }).join('&');
136
+ let url = refreshToken.tokenUrl;
137
+ if (options.extraParams && Object.keys(options.extraParams).length >= 1) {
138
+ url += (0, _util.toQueryString)(options.extraParams);
139
+ }
136
140
  const params = {
137
- url: refreshToken.tokenUrl,
141
+ url,
138
142
  data,
139
143
  dpopKeyPair: options?.dpopKeyPair
140
144
  };
package/cjs/oidc/endpoints/token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"token.js","names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","removeNils","code","clientSecret","toQueryString","slice","makeTokenRequest","url","data","nonce","dpopKeyPair","method","headers","dpop","proof","generateDPoPForTokenRequest","keyPair","DPoP","resp","httpRequest","args","err","isDPoPNonceError","dpopNonce","AuthApiError","errorSummary","undefined","postToTokenEndpoint","urls","tokenUrl","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"sources":["../../../../lib/oidc/endpoints/token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, AuthApiError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\nimport { generateDPoPForTokenRequest, isDPoPNonceError } from '../dpop';\n\nexport interface TokenEndpointParams extends TokenParams {\n dpopKeyPair?: CryptoKeyPair;\n}\n\ninterface TokenRequestParams {\n url: string;\n data: any;\n dpopKeyPair?: CryptoKeyPair;\n nonce?: string;\n}\n\nfunction validateOptions(options: TokenEndpointParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n/* eslint complexity: [2, 10] */\nasync function makeTokenRequest (sdk, { url, data, nonce, dpopKeyPair }: TokenRequestParams): Promise<OAuthResponse> {\n const method = 'POST';\n const headers: any = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n if (sdk.options.dpop) {\n if (!dpopKeyPair) {\n throw new AuthSdkError('DPoP is configured but no key pair was provided');\n }\n\n const proof = await generateDPoPForTokenRequest({ url, method, nonce, keyPair: dpopKeyPair });\n headers.DPoP = proof;\n }\n\n try {\n const resp = await httpRequest(sdk, {\n url,\n method,\n args: data,\n headers\n });\n return resp;\n }\n catch (err) {\n if (isDPoPNonceError(err) && !nonce) {\n const dpopNonce = err.resp?.headers['dpop-nonce'];\n if (!dpopNonce) {\n // throws error is dpop-nonce header cannot be found, prevents infinite loop\n throw new AuthApiError(\n {errorSummary: 'No `dpop-nonce` header found when required'},\n err.resp ?? undefined // yay ts\n );\n }\n return makeTokenRequest(sdk, { url, data, dpopKeyPair, nonce: dpopNonce });\n }\n throw err;\n }\n}\n\n// exchange authorization code for an access token\nexport async function postToTokenEndpoint(sdk, options: TokenEndpointParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const params: TokenRequestParams = {\n url: urls.tokenUrl!,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n\nexport async function postRefreshToken(\n sdk: OktaAuthHttpInterface,\n options: TokenEndpointParams,\n refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n const data = Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&');\n\n const params: TokenRequestParams = {\n url: refreshToken.tokenUrl,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n"],"mappings":";;;;AAaA;AAEA;AACA;AACA;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoBA,SAASA,eAAe,CAACC,OAA4B,EAAE;EACrD;EACA,IAAI,CAACA,OAAO,CAACC,QAAQ,EAAE;IACrB,MAAM,IAAIC,oBAAY,CAAC,yEAAyE,CAAC;EACnG;EAEA,IAAI,CAACF,OAAO,CAACG,WAAW,EAAE;IACxB,MAAM,IAAID,oBAAY,CAAC,oEAAoE,CAAC;EAC9F;EAEA,IAAI,CAACF,OAAO,CAACI,iBAAiB,IAAI,CAACJ,OAAO,CAACK,eAAe,EAAE;IAC1D,MAAM,IAAIH,oBAAY,CAAC,2EAA2E,CAAC;EACrG;EAEA,IAAI,CAACF,OAAO,CAACM,YAAY,EAAE;IACzB,MAAM,IAAIJ,oBAAY,CAAC,+EAA+E,CAAC;EACzG;AACF;AAEA,SAASK,WAAW,CAACC,GAAG,EAAER,OAAoB,EAAU;EACtD;EACA,IAAIS,MAAmB,GAAG,IAAAC,gBAAU,EAAC;IACnC,WAAW,EAAEV,OAAO,CAACC,QAAQ;IAC7B,cAAc,EAAED,OAAO,CAACG,WAAW;IACnC,YAAY,EAAEH,OAAO,CAACK,eAAe,GAAG,kBAAkB,GAAG,oBAAoB;IACjF,eAAe,EAAEL,OAAO,CAACM;EAC3B,CAAC,CAAC;EAEF,IAAIN,OAAO,CAACK,eAAe,EAAE;IAC3BI,MAAM,CAAC,kBAAkB,CAAC,GAAGT,OAAO,CAACK,eAAe;EACtD,CAAC,MAAM,IAAIL,OAAO,CAACI,iBAAiB,EAAE;IACpCK,MAAM,CAACE,IAAI,GAAGX,OAAO,CAACI,iBAAiB;EACzC;EAEA,MAAM;IAAEQ;EAAa,CAAC,GAAGJ,GAAG,CAACR,OAAO;EACpC,IAAIY,YAAY,EAAE;IAChBH,MAAM,CAAC,eAAe,CAAC,GAAGG,YAAY;EACxC;;EAEA;EACA,OAAO,IAAAC,mBAAa,EAACJ,MAAM,CAAC,CAACK,KAAK,CAAC,CAAC,CAAC;AACvC;;AAEA;AACA,eAAeC,gBAAgB,CAAEP,GAAG,EAAE;EAAEQ,GAAG;EAAEC,IAAI;EAAEC,KAAK;EAAEC;AAAgC,CAAC,EAA0B;EACnH,MAAMC,MAAM,GAAG,MAAM;EACrB,MAAMC,OAAY,GAAG;IACnB,cAAc,EAAE;EAClB,CAAC;EAED,IAAIb,GAAG,CAACR,OAAO,CAACsB,IAAI,EAAE;IACpB,IAAI,CAACH,WAAW,EAAE;MAChB,MAAM,IAAIjB,oBAAY,CAAC,iDAAiD,CAAC;IAC3E;IAEA,MAAMqB,KAAK,GAAG,MAAM,IAAAC,iCAA2B,EAAC;MAAER,GAAG;MAAEI,MAAM;MAAEF,KAAK;MAAEO,OAAO,EAAEN;IAAY,CAAC,CAAC;IAC7FE,OAAO,CAACK,IAAI,GAAGH,KAAK;EACtB;EAEA,IAAI;IACF,MAAMI,IAAI,GAAG,MAAM,IAAAC,iBAAW,EAACpB,GAAG,EAAE;MAClCQ,GAAG;MACHI,MAAM;MACNS,IAAI,EAAEZ,IAAI;MACVI;IACF,CAAC,CAAC;IACF,OAAOM,IAAI;EACb,CAAC,CACD,OAAOG,GAAG,EAAE;IACV,IAAI,IAAAC,sBAAgB,EAACD,GAAG,CAAC,IAAI,CAACZ,KAAK,EAAE;MACnC,MAAMc,SAAS,GAAGF,GAAG,CAACH,IAAI,EAAEN,OAAO,CAAC,YAAY,CAAC;MACjD,IAAI,CAACW,SAAS,EAAE;QACd;QACA,MAAM,IAAIC,oBAAY,CACpB;UAACC,YAAY,EAAE;QAA4C,CAAC,EAC5DJ,GAAG,CAACH,IAAI,IAAIQ,SAAS,CAAI;QAAA,CAC1B;MACH;;MACA,OAAOpB,gBAAgB,CAACP,GAAG,EAAE;QAAEQ,GAAG;QAAEC,IAAI;QAAEE,WAAW;QAAED,KAAK,EAAEc;MAAU,CAAC,CAAC;IAC5E;IACA,MAAMF,GAAG;EACX;AACF;;AAEA;AACO,eAAeM,mBAAmB,CAAC5B,GAAG,EAAER,OAA4B,EAAEqC,IAAgB,EAA0B;EACrHtC,eAAe,CAACC,OAAO,CAAC;EACxB,IAAIiB,IAAI,GAAGV,WAAW,CAACC,GAAG,EAAER,OAAO,CAAC;EAEpC,MAAMS,MAA0B,GAAG;IACjCO,GAAG,EAAEqB,IAAI,CAACC,QAAS;IACnBrB,IAAI;IACJE,WAAW,EAAEnB,OAAO,EAAEmB;EACxB,CAAC;EAED,OAAOJ,gBAAgB,CAACP,GAAG,EAAEC,MAAM,CAAC;AACtC;AAEO,eAAe8B,gBAAgB,CACpC/B,GAA0B,EAC1BR,OAA4B,EAC5BwC,YAA0B,EACF;EACxB,MAAMvB,IAAI,GAAGwB,MAAM,CAACC,OAAO,CAAC;IAC1BC,SAAS,EAAE3C,OAAO,CAACC,QAAQ;IAAE;IAC7B2C,UAAU,EAAE,eAAe;IAAE;IAC7BC,KAAK,EAAEL,YAAY,CAACM,MAAM,CAACC,IAAI,CAAC,GAAG,CAAC;IACpCC,aAAa,EAAER,YAAY,CAACA,YAAY,CAAE;EAC5C,CAAC,CAAC,CAACS,GAAG,CAAC,UAAU,CAACC,IAAI,EAAEC,KAAK,CAAC,EAAE;IAC9B;IACA,OAAOD,IAAI,GAAG,GAAG,GAAGE,kBAAkB,CAACD,KAAK,CAAE;EAChD,CAAC,CAAC,CAACJ,IAAI,CAAC,GAAG,CAAC;EAEZ,MAAMtC,MAA0B,GAAG;IACjCO,GAAG,EAAEwB,YAAY,CAACF,QAAQ;IAC1BrB,IAAI;IACJE,WAAW,EAAEnB,OAAO,EAAEmB;EACxB,CAAC;EAED,OAAOJ,gBAAgB,CAACP,GAAG,EAAEC,MAAM,CAAC;AACtC"}
1
+ {"version":3,"file":"token.js","names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","removeNils","code","clientSecret","toQueryString","slice","makeTokenRequest","url","data","nonce","dpopKeyPair","method","headers","dpop","proof","generateDPoPForTokenRequest","keyPair","DPoP","resp","httpRequest","args","err","isDPoPNonceError","dpopNonce","AuthApiError","errorSummary","undefined","postToTokenEndpoint","urls","tokenUrl","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent","extraParams","keys","length"],"sources":["../../../../lib/oidc/endpoints/token.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, AuthApiError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\nimport { generateDPoPForTokenRequest, isDPoPNonceError } from '../dpop';\n\nexport interface TokenEndpointParams extends TokenParams {\n dpopKeyPair?: CryptoKeyPair;\n}\n\ninterface TokenRequestParams {\n url: string;\n data: any;\n dpopKeyPair?: CryptoKeyPair;\n nonce?: string;\n}\n\nfunction validateOptions(options: TokenEndpointParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n/* eslint complexity: [2, 10] */\nasync function makeTokenRequest (sdk, { url, data, nonce, dpopKeyPair }: TokenRequestParams): Promise<OAuthResponse> {\n const method = 'POST';\n const headers: any = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n if (sdk.options.dpop) {\n if (!dpopKeyPair) {\n throw new AuthSdkError('DPoP is configured but no key pair was provided');\n }\n\n const proof = await generateDPoPForTokenRequest({ url, method, nonce, keyPair: dpopKeyPair });\n headers.DPoP = proof;\n }\n\n try {\n const resp = await httpRequest(sdk, {\n url,\n method,\n args: data,\n headers\n });\n return resp;\n }\n catch (err) {\n if (isDPoPNonceError(err) && !nonce) {\n const dpopNonce = err.resp?.headers['dpop-nonce'];\n if (!dpopNonce) {\n // throws error is dpop-nonce header cannot be found, prevents infinite loop\n throw new AuthApiError(\n {errorSummary: 'No `dpop-nonce` header found when required'},\n err.resp ?? undefined // yay ts\n );\n }\n return makeTokenRequest(sdk, { url, data, dpopKeyPair, nonce: dpopNonce });\n }\n throw err;\n }\n}\n\n// exchange authorization code for an access token\nexport async function postToTokenEndpoint(sdk, options: TokenEndpointParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const params: TokenRequestParams = {\n url: urls.tokenUrl!,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n\nexport async function postRefreshToken(\n sdk: OktaAuthHttpInterface,\n options: TokenEndpointParams,\n refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n const data = Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&');\n\n let url = refreshToken.tokenUrl;\n if (options.extraParams && Object.keys(options.extraParams).length >= 1) {\n url += toQueryString(options.extraParams);\n }\n\n const params: TokenRequestParams = {\n url,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n"],"mappings":";;;;AAaA;AAEA;AACA;AACA;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoBA,SAASA,eAAe,CAACC,OAA4B,EAAE;EACrD;EACA,IAAI,CAACA,OAAO,CAACC,QAAQ,EAAE;IACrB,MAAM,IAAIC,oBAAY,CAAC,yEAAyE,CAAC;EACnG;EAEA,IAAI,CAACF,OAAO,CAACG,WAAW,EAAE;IACxB,MAAM,IAAID,oBAAY,CAAC,oEAAoE,CAAC;EAC9F;EAEA,IAAI,CAACF,OAAO,CAACI,iBAAiB,IAAI,CAACJ,OAAO,CAACK,eAAe,EAAE;IAC1D,MAAM,IAAIH,oBAAY,CAAC,2EAA2E,CAAC;EACrG;EAEA,IAAI,CAACF,OAAO,CAACM,YAAY,EAAE;IACzB,MAAM,IAAIJ,oBAAY,CAAC,+EAA+E,CAAC;EACzG;AACF;AAEA,SAASK,WAAW,CAACC,GAAG,EAAER,OAAoB,EAAU;EACtD;EACA,IAAIS,MAAmB,GAAG,IAAAC,gBAAU,EAAC;IACnC,WAAW,EAAEV,OAAO,CAACC,QAAQ;IAC7B,cAAc,EAAED,OAAO,CAACG,WAAW;IACnC,YAAY,EAAEH,OAAO,CAACK,eAAe,GAAG,kBAAkB,GAAG,oBAAoB;IACjF,eAAe,EAAEL,OAAO,CAACM;EAC3B,CAAC,CAAC;EAEF,IAAIN,OAAO,CAACK,eAAe,EAAE;IAC3BI,MAAM,CAAC,kBAAkB,CAAC,GAAGT,OAAO,CAACK,eAAe;EACtD,CAAC,MAAM,IAAIL,OAAO,CAACI,iBAAiB,EAAE;IACpCK,MAAM,CAACE,IAAI,GAAGX,OAAO,CAACI,iBAAiB;EACzC;EAEA,MAAM;IAAEQ;EAAa,CAAC,GAAGJ,GAAG,CAACR,OAAO;EACpC,IAAIY,YAAY,EAAE;IAChBH,MAAM,CAAC,eAAe,CAAC,GAAGG,YAAY;EACxC;;EAEA;EACA,OAAO,IAAAC,mBAAa,EAACJ,MAAM,CAAC,CAACK,KAAK,CAAC,CAAC,CAAC;AACvC;;AAEA;AACA,eAAeC,gBAAgB,CAAEP,GAAG,EAAE;EAAEQ,GAAG;EAAEC,IAAI;EAAEC,KAAK;EAAEC;AAAgC,CAAC,EAA0B;EACnH,MAAMC,MAAM,GAAG,MAAM;EACrB,MAAMC,OAAY,GAAG;IACnB,cAAc,EAAE;EAClB,CAAC;EAED,IAAIb,GAAG,CAACR,OAAO,CAACsB,IAAI,EAAE;IACpB,IAAI,CAACH,WAAW,EAAE;MAChB,MAAM,IAAIjB,oBAAY,CAAC,iDAAiD,CAAC;IAC3E;IAEA,MAAMqB,KAAK,GAAG,MAAM,IAAAC,iCAA2B,EAAC;MAAER,GAAG;MAAEI,MAAM;MAAEF,KAAK;MAAEO,OAAO,EAAEN;IAAY,CAAC,CAAC;IAC7FE,OAAO,CAACK,IAAI,GAAGH,KAAK;EACtB;EAEA,IAAI;IACF,MAAMI,IAAI,GAAG,MAAM,IAAAC,iBAAW,EAACpB,GAAG,EAAE;MAClCQ,GAAG;MACHI,MAAM;MACNS,IAAI,EAAEZ,IAAI;MACVI;IACF,CAAC,CAAC;IACF,OAAOM,IAAI;EACb,CAAC,CACD,OAAOG,GAAG,EAAE;IACV,IAAI,IAAAC,sBAAgB,EAACD,GAAG,CAAC,IAAI,CAACZ,KAAK,EAAE;MACnC,MAAMc,SAAS,GAAGF,GAAG,CAACH,IAAI,EAAEN,OAAO,CAAC,YAAY,CAAC;MACjD,IAAI,CAACW,SAAS,EAAE;QACd;QACA,MAAM,IAAIC,oBAAY,CACpB;UAACC,YAAY,EAAE;QAA4C,CAAC,EAC5DJ,GAAG,CAACH,IAAI,IAAIQ,SAAS,CAAI;QAAA,CAC1B;MACH;;MACA,OAAOpB,gBAAgB,CAACP,GAAG,EAAE;QAAEQ,GAAG;QAAEC,IAAI;QAAEE,WAAW;QAAED,KAAK,EAAEc;MAAU,CAAC,CAAC;IAC5E;IACA,MAAMF,GAAG;EACX;AACF;;AAEA;AACO,eAAeM,mBAAmB,CAAC5B,GAAG,EAAER,OAA4B,EAAEqC,IAAgB,EAA0B;EACrHtC,eAAe,CAACC,OAAO,CAAC;EACxB,IAAIiB,IAAI,GAAGV,WAAW,CAACC,GAAG,EAAER,OAAO,CAAC;EAEpC,MAAMS,MAA0B,GAAG;IACjCO,GAAG,EAAEqB,IAAI,CAACC,QAAS;IACnBrB,IAAI;IACJE,WAAW,EAAEnB,OAAO,EAAEmB;EACxB,CAAC;EAED,OAAOJ,gBAAgB,CAACP,GAAG,EAAEC,MAAM,CAAC;AACtC;AAEO,eAAe8B,gBAAgB,CACpC/B,GAA0B,EAC1BR,OAA4B,EAC5BwC,YAA0B,EACF;EACxB,MAAMvB,IAAI,GAAGwB,MAAM,CAACC,OAAO,CAAC;IAC1BC,SAAS,EAAE3C,OAAO,CAACC,QAAQ;IAAE;IAC7B2C,UAAU,EAAE,eAAe;IAAE;IAC7BC,KAAK,EAAEL,YAAY,CAACM,MAAM,CAACC,IAAI,CAAC,GAAG,CAAC;IACpCC,aAAa,EAAER,YAAY,CAACA,YAAY,CAAE;EAC5C,CAAC,CAAC,CAACS,GAAG,CAAC,UAAU,CAACC,IAAI,EAAEC,KAAK,CAAC,EAAE;IAC9B;IACA,OAAOD,IAAI,GAAG,GAAG,GAAGE,kBAAkB,CAACD,KAAK,CAAE;EAChD,CAAC,CAAC,CAACJ,IAAI,CAAC,GAAG,CAAC;EAEZ,IAAI/B,GAAG,GAAGwB,YAAY,CAACF,QAAQ;EAC/B,IAAItC,OAAO,CAACqD,WAAW,IAAIZ,MAAM,CAACa,IAAI,CAACtD,OAAO,CAACqD,WAAW,CAAC,CAACE,MAAM,IAAI,CAAC,EAAE;IACvEvC,GAAG,IAAI,IAAAH,mBAAa,EAACb,OAAO,CAACqD,WAAW,CAAC;EAC3C;EAEA,MAAM5C,MAA0B,GAAG;IACjCO,GAAG;IACHC,IAAI;IACJE,WAAW,EAAEnB,OAAO,EAAEmB;EACxB,CAAC;EAED,OAAOJ,gBAAgB,CAACP,GAAG,EAAEC,MAAM,CAAC;AACtC"}
package/cjs/oidc/exchangeCodeForTokens.js CHANGED
@@ -37,7 +37,8 @@ async function exchangeCodeForTokens(sdk, tokenParams, urls) {
37
37
  state,
38
38
  acrValues,
39
39
  dpop,
40
- dpopPairId
40
+ dpopPairId,
41
+ extraParams
41
42
  } = tokenParams;
42
43
 
43
44
  // postToTokenEndpoint() params
@@ -64,7 +65,8 @@ async function exchangeCodeForTokens(sdk, tokenParams, urls) {
64
65
  scopes,
65
66
  responseType,
66
67
  ignoreSignature,
67
- acrValues
68
+ acrValues,
69
+ extraParams
68
70
  };
69
71
  try {
70
72
  if (dpop) {
package/cjs/oidc/exchangeCodeForTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"exchangeCodeForTokens.js","names":["exchangeCodeForTokens","sdk","tokenParams","urls","getOAuthUrls","Object","assign","getDefaultTokenParams","clone","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","acrValues","dpop","dpopPairId","getTokenOptions","responseType","indexOf","push","handleResponseOptions","keyPair","findKeyPair","dpopKeyPair","keyPairId","createDPoPKeyPair","oauthResponse","postToTokenEndpoint","tokenResponse","handleOAuthResponse","code","transactionManager","clear"],"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint, TokenEndpointParams } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { createDPoPKeyPair, findKeyPair } from './dpop';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport async function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state,\n acrValues,\n dpop,\n dpopPairId,\n } = tokenParams;\n\n // postToTokenEndpoint() params\n const getTokenOptions: TokenEndpointParams = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n dpop,\n };\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n // handleOAuthResponse() params\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n acrValues,\n };\n\n try {\n if (dpop) {\n // token refresh, KP should already exist\n if (dpopPairId) {\n const keyPair = await findKeyPair(dpopPairId);\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = dpopPairId;\n }\n else {\n const { keyPair, keyPairId } = await createDPoPKeyPair();\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = keyPairId;\n }\n }\n\n const oauthResponse: OAuthResponse = await postToTokenEndpoint(sdk, getTokenOptions, urls);\n\n const tokenResponse: TokenResponse = await handleOAuthResponse(sdk, handleResponseOptions, oauthResponse, urls!);\n tokenResponse.code = authorizationCode;\n tokenResponse.state = state!;\n return tokenResponse;\n }\n finally {\n sdk.transactionManager.clear();\n }\n}\n"],"mappings":";;;AAeA;AACA;AACA;AACA;AACA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACO,eAAeA,qBAAqB,CAACC,GAA2B,EAAEC,WAAwB,EAAEC,IAAiB,EAA0B;EAC5IA,IAAI,GAAGA,IAAI,IAAI,IAAAC,kBAAY,EAACH,GAAG,EAAEC,WAAW,CAAC;EAC7C;EACAA,WAAW,GAAGG,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAAC,2BAAqB,EAACN,GAAG,CAAC,EAAE,IAAAO,YAAK,EAACN,WAAW,CAAC,CAAC;EAE/E,MAAM;IACJO,iBAAiB;IACjBC,eAAe;IACfC,YAAY;IACZC,QAAQ;IACRC,WAAW;IACXC,MAAM;IACNC,eAAe;IACfC,KAAK;IACLC,SAAS;IACTC,IAAI;IACJC;EACF,CAAC,GAAGjB,WAAW;;EAEf;EACA,MAAMkB,eAAoC,GAAG;IAC3CR,QAAQ;IACRC,WAAW;IACXJ,iBAAiB;IACjBC,eAAe;IACfC,YAAY;IACZO;EACF,CAAC;;EAED;EACA;EACA;EACA,MAAMG,YAAiC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;EACrD,IAAIP,MAAM,CAAEQ,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE;IACpCD,YAAY,CAACE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;EACjC;EACA;EACA,MAAMC,qBAAkC,GAAG;IACzCZ,QAAQ;IACRC,WAAW;IACXC,MAAM;IACNO,YAAY;IACZN,eAAe;IACfE;EACF,CAAC;EAED,IAAI;IACF,IAAIC,IAAI,EAAE;MACR;MACA,IAAIC,UAAU,EAAE;QACd,MAAMM,OAAO,GAAG,MAAM,IAAAC,iBAAW,EAACP,UAAU,CAAC;QAC7CC,eAAe,CAACO,WAAW,GAAGF,OAAO;QACrCD,qBAAqB,CAACN,IAAI,GAAGA,IAAI;QACjCM,qBAAqB,CAACL,UAAU,GAAGA,UAAU;MAC/C,CAAC,MACI;QACH,MAAM;UAAEM,OAAO;UAAEG;QAAU,CAAC,GAAG,MAAM,IAAAC,uBAAiB,GAAE;QACxDT,eAAe,CAACO,WAAW,GAAGF,OAAO;QACrCD,qBAAqB,CAACN,IAAI,GAAGA,IAAI;QACjCM,qBAAqB,CAACL,UAAU,GAAGS,SAAS;MAC9C;IACF;IAEA,MAAME,aAA4B,GAAG,MAAM,IAAAC,0BAAmB,EAAC9B,GAAG,EAAEmB,eAAe,EAAEjB,IAAI,CAAC;IAE1F,MAAM6B,aAA4B,GAAG,MAAM,IAAAC,wCAAmB,EAAChC,GAAG,EAAEuB,qBAAqB,EAAEM,aAAa,EAAE3B,IAAI,CAAE;IAChH6B,aAAa,CAACE,IAAI,GAAGzB,iBAAiB;IACtCuB,aAAa,CAAChB,KAAK,GAAGA,KAAM;IAC5B,OAAOgB,aAAa;EACtB,CAAC,SACO;IACN/B,GAAG,CAACkC,kBAAkB,CAACC,KAAK,EAAE;EAChC;AACF"}
1
+ {"version":3,"file":"exchangeCodeForTokens.js","names":["exchangeCodeForTokens","sdk","tokenParams","urls","getOAuthUrls","Object","assign","getDefaultTokenParams","clone","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","acrValues","dpop","dpopPairId","extraParams","getTokenOptions","responseType","indexOf","push","handleResponseOptions","keyPair","findKeyPair","dpopKeyPair","keyPairId","createDPoPKeyPair","oauthResponse","postToTokenEndpoint","tokenResponse","handleOAuthResponse","code","transactionManager","clear"],"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint, TokenEndpointParams } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { createDPoPKeyPair, findKeyPair } from './dpop';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport async function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state,\n acrValues,\n dpop,\n dpopPairId,\n extraParams\n } = tokenParams;\n\n // postToTokenEndpoint() params\n const getTokenOptions: TokenEndpointParams = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n dpop,\n };\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n // handleOAuthResponse() params\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n acrValues,\n extraParams\n };\n\n try {\n if (dpop) {\n // token refresh, KP should already exist\n if (dpopPairId) {\n const keyPair = await findKeyPair(dpopPairId);\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = dpopPairId;\n }\n else {\n const { keyPair, keyPairId } = await createDPoPKeyPair();\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = keyPairId;\n }\n }\n\n const oauthResponse: OAuthResponse = await postToTokenEndpoint(sdk, getTokenOptions, urls);\n\n const tokenResponse: TokenResponse = await handleOAuthResponse(sdk, handleResponseOptions, oauthResponse, urls!);\n tokenResponse.code = authorizationCode;\n tokenResponse.state = state!;\n return tokenResponse;\n }\n finally {\n sdk.transactionManager.clear();\n }\n}\n"],"mappings":";;;AAeA;AACA;AACA;AACA;AACA;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACO,eAAeA,qBAAqB,CAACC,GAA2B,EAAEC,WAAwB,EAAEC,IAAiB,EAA0B;EAC5IA,IAAI,GAAGA,IAAI,IAAI,IAAAC,kBAAY,EAACH,GAAG,EAAEC,WAAW,CAAC;EAC7C;EACAA,WAAW,GAAGG,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAAC,2BAAqB,EAACN,GAAG,CAAC,EAAE,IAAAO,YAAK,EAACN,WAAW,CAAC,CAAC;EAE/E,MAAM;IACJO,iBAAiB;IACjBC,eAAe;IACfC,YAAY;IACZC,QAAQ;IACRC,WAAW;IACXC,MAAM;IACNC,eAAe;IACfC,KAAK;IACLC,SAAS;IACTC,IAAI;IACJC,UAAU;IACVC;EACF,CAAC,GAAGlB,WAAW;;EAEf;EACA,MAAMmB,eAAoC,GAAG;IAC3CT,QAAQ;IACRC,WAAW;IACXJ,iBAAiB;IACjBC,eAAe;IACfC,YAAY;IACZO;EACF,CAAC;;EAED;EACA;EACA;EACA,MAAMI,YAAiC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;EACrD,IAAIR,MAAM,CAAES,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE;IACpCD,YAAY,CAACE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;EACjC;EACA;EACA,MAAMC,qBAAkC,GAAG;IACzCb,QAAQ;IACRC,WAAW;IACXC,MAAM;IACNQ,YAAY;IACZP,eAAe;IACfE,SAAS;IACTG;EACF,CAAC;EAED,IAAI;IACF,IAAIF,IAAI,EAAE;MACR;MACA,IAAIC,UAAU,EAAE;QACd,MAAMO,OAAO,GAAG,MAAM,IAAAC,iBAAW,EAACR,UAAU,CAAC;QAC7CE,eAAe,CAACO,WAAW,GAAGF,OAAO;QACrCD,qBAAqB,CAACP,IAAI,GAAGA,IAAI;QACjCO,qBAAqB,CAACN,UAAU,GAAGA,UAAU;MAC/C,CAAC,MACI;QACH,MAAM;UAAEO,OAAO;UAAEG;QAAU,CAAC,GAAG,MAAM,IAAAC,uBAAiB,GAAE;QACxDT,eAAe,CAACO,WAAW,GAAGF,OAAO;QACrCD,qBAAqB,CAACP,IAAI,GAAGA,IAAI;QACjCO,qBAAqB,CAACN,UAAU,GAAGU,SAAS;MAC9C;IACF;IAEA,MAAME,aAA4B,GAAG,MAAM,IAAAC,0BAAmB,EAAC/B,GAAG,EAAEoB,eAAe,EAAElB,IAAI,CAAC;IAE1F,MAAM8B,aAA4B,GAAG,MAAM,IAAAC,wCAAmB,EAACjC,GAAG,EAAEwB,qBAAqB,EAAEM,aAAa,EAAE5B,IAAI,CAAE;IAChH8B,aAAa,CAACE,IAAI,GAAG1B,iBAAiB;IACtCwB,aAAa,CAACjB,KAAK,GAAGA,KAAM;IAC5B,OAAOiB,aAAa;EACtB,CAAC,SACO;IACNhC,GAAG,CAACmC,kBAAkB,CAACC,KAAK,EAAE;EAChC;AACF"}
package/cjs/oidc/handleOAuthResponse.js CHANGED
@@ -84,6 +84,9 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
84
84
  if (tokenParams.dpopPairId) {
85
85
  tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;
86
86
  }
87
+ if (tokenParams.extraParams) {
88
+ tokenDict.accessToken.extraParams = tokenParams.extraParams;
89
+ }
87
90
  }
88
91
  if (refreshToken) {
89
92
  tokenDict.refreshToken = {
@@ -99,6 +102,9 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
99
102
  if (tokenParams.dpopPairId) {
100
103
  tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;
101
104
  }
105
+ if (tokenParams.extraParams) {
106
+ tokenDict.refreshToken.extraParams = tokenParams.extraParams;
107
+ }
102
108
  }
103
109
  if (idToken) {
104
110
  const idJwt = sdk.token.decode(idToken);
@@ -112,6 +118,9 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
112
118
  issuer: urls.issuer,
113
119
  clientId: clientId
114
120
  };
121
+ if (tokenParams.extraParams) {
122
+ idTokenObj.extraParams = tokenParams.extraParams;
123
+ }
115
124
  const validationParams = {
116
125
  clientId: clientId,
117
126
  issuer: urls.issuer,
package/cjs/oidc/handleOAuthResponse.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","dpop","token_type","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","Object","assign","authorizationCode","interactionCode","getDefaultTokenParams","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","tokenDict","expiresIn","expires_in","tokenType","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","dpopPairId","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","acrValues","ignoreSignature","undefined","verifyToken","indexOf","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n\n // https://datatracker.ietf.org/doc/html/rfc9449#token-response\n // \"A token_type of DPoP MUST be included in the access token response to signal to the client\"\n if (oauthParams.dpop && res.token_type !== 'DPoP') {\n throw new AuthSdkError('Unable to parse OAuth flow response: DPoP was configured but \"token_type\" was not DPoP');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n const pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n let responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType) && responseType !== 'none') {\n responseType = [responseType];\n }\n\n let scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n const clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n const tokenDict = {} as Tokens;\n const expiresIn = res.expires_in;\n const tokenType = res.token_type;\n const accessToken = res.access_token;\n const idToken = res.id_token;\n const refreshToken = res.refresh_token;\n const now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n const accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;\n }\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;\n }\n }\n\n if (idToken) {\n const idJwt = sdk.token.decode(idToken);\n const idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n const validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken,\n acrValues: tokenParams.acrValues\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code,\n responseType\n };\n \n}"],"mappings":";;;AAeA;AACA;AAGA;AAWA;AACA;AA/BA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA,SAASA,gBAAgB,CAACC,GAAkB,EAAEC,WAAwB,EAAE;EACtE,IAAID,GAAG,CAAC,OAAO,CAAC,IAAIA,GAAG,CAAC,mBAAmB,CAAC,EAAE;IAC5C,MAAM,IAAIE,kBAAU,CAACF,GAAG,CAAC,OAAO,CAAC,EAAEA,GAAG,CAAC,mBAAmB,CAAC,CAAC;EAC9D;EAEA,IAAIA,GAAG,CAACG,KAAK,KAAKF,WAAW,CAACE,KAAK,EAAE;IACnC,MAAM,IAAIC,oBAAY,CAAC,wDAAwD,CAAC;EAClF;;EAEA;EACA;EACA,IAAIH,WAAW,CAACI,IAAI,IAAIL,GAAG,CAACM,UAAU,KAAK,MAAM,EAAE;IACjD,MAAM,IAAIF,oBAAY,CAAC,wFAAwF,CAAC;EAClH;AACF;AAEO,eAAeG,mBAAmB,CACvCC,GAA2B,EAC3BC,WAAwB,EACxBT,GAAkB,EAClBU,IAAiB,EACO;EACxB,MAAMC,IAAI,GAAGH,GAAG,CAACI,OAAO,CAACD,IAAI,KAAK,KAAK;;EAEvC;EACA;EACA,IAAIA,IAAI,KAAKX,GAAG,CAACa,IAAI,IAAIb,GAAG,CAACc,gBAAgB,CAAC,EAAE;IAC9C,OAAON,GAAG,CAACO,KAAK,CAACC,qBAAqB,CAACC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAET,WAAW,EAAE;MACpEU,iBAAiB,EAAEnB,GAAG,CAACa,IAAI;MAC3BO,eAAe,EAAEpB,GAAG,CAACc;IACvB,CAAC,CAAC,EAAEJ,IAAI,CAAC;EACX;EAEAD,WAAW,GAAGA,WAAW,IAAI,IAAAY,4BAAqB,EAACb,GAAG,CAAC;EACvDE,IAAI,GAAGA,IAAI,IAAI,IAAAY,mBAAY,EAACd,GAAG,EAAEC,WAAW,CAAC;EAE7C,IAAIc,YAAY,GAAGd,WAAW,CAACc,YAAY,IAAI,EAAE;EACjD,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,YAAY,CAAC,IAAIA,YAAY,KAAK,MAAM,EAAE;IAC3DA,YAAY,GAAG,CAACA,YAAY,CAAC;EAC/B;EAEA,IAAIG,MAAM;EACV,IAAI1B,GAAG,CAAC2B,KAAK,EAAE;IACbD,MAAM,GAAG1B,GAAG,CAAC2B,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC;EAC/B,CAAC,MAAM;IACLF,MAAM,GAAG,IAAAG,WAAK,EAACpB,WAAW,CAACiB,MAAM,CAAC;EACpC;EACA,MAAMI,QAAQ,GAAGrB,WAAW,CAACqB,QAAQ,IAAItB,GAAG,CAACI,OAAO,CAACkB,QAAQ;;EAE7D;EACA/B,gBAAgB,CAACC,GAAG,EAAES,WAAW,CAAC;EAElC,MAAMsB,SAAS,GAAG,CAAC,CAAW;EAC9B,MAAMC,SAAS,GAAGhC,GAAG,CAACiC,UAAU;EAChC,MAAMC,SAAS,GAAGlC,GAAG,CAACM,UAAU;EAChC,MAAM6B,WAAW,GAAGnC,GAAG,CAACoC,YAAY;EACpC,MAAMC,OAAO,GAAGrC,GAAG,CAACsC,QAAQ;EAC5B,MAAMC,YAAY,GAAGvC,GAAG,CAACwC,aAAa;EACtC,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,EAAE,GAAC,IAAI,CAAC;EAEvC,IAAIN,WAAW,EAAE;IACf,MAAMU,SAAS,GAAGrC,GAAG,CAACO,KAAK,CAAC+B,MAAM,CAACX,WAAW,CAAC;IAC/CJ,SAAS,CAACI,WAAW,GAAG;MACtBA,WAAW,EAAEA,WAAW;MACxBY,MAAM,EAAEF,SAAS,CAACG,OAAO;MACzBC,SAAS,EAAEC,MAAM,CAAClB,SAAS,CAAC,GAAGS,GAAG;MAClCP,SAAS,EAAEA,SAAU;MACrBR,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCC,WAAW,EAAE1C,IAAI,CAAC0C;IACpB,CAAC;IAED,IAAI3C,WAAW,CAAC4C,UAAU,EAAE;MAC1BtB,SAAS,CAACI,WAAW,CAACkB,UAAU,GAAG5C,WAAW,CAAC4C,UAAU;IAC3D;EACF;EAEA,IAAId,YAAY,EAAE;IAChBR,SAAS,CAACQ,YAAY,GAAG;MACvBA,YAAY,EAAEA,YAAY;MAC1B;MACA;MACAU,SAAS,EAAEC,MAAM,CAAClB,SAAS,CAAC,GAAGS,GAAG;MAClCf,MAAM,EAAEA,MAAM;MACd4B,QAAQ,EAAE5C,IAAI,CAAC4C,QAAS;MACxBH,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCI,MAAM,EAAE7C,IAAI,CAAC6C;IACf,CAAC;IAED,IAAI9C,WAAW,CAAC4C,UAAU,EAAE;MAC1BtB,SAAS,CAACQ,YAAY,CAACc,UAAU,GAAG5C,WAAW,CAAC4C,UAAU;IAC5D;EACF;EAEA,IAAIhB,OAAO,EAAE;IACX,MAAMmB,KAAK,GAAGhD,GAAG,CAACO,KAAK,CAAC+B,MAAM,CAACT,OAAO,CAAC;IACvC,MAAMoB,UAAmB,GAAG;MAC1BpB,OAAO,EAAEA,OAAO;MAChBU,MAAM,EAAES,KAAK,CAACR,OAAO;MACrBC,SAAS,EAAEO,KAAK,CAACR,OAAO,CAACU,GAAG,GAAIF,KAAK,CAACR,OAAO,CAACW,GAAI,GAAGlB,GAAG;MAAE;MAC1Df,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCI,MAAM,EAAE7C,IAAI,CAAC6C,MAAO;MACpBzB,QAAQ,EAAEA;IACZ,CAAC;IAED,MAAM8B,gBAAmC,GAAG;MAC1C9B,QAAQ,EAAEA,QAAS;MACnByB,MAAM,EAAE7C,IAAI,CAAC6C,MAAO;MACpBM,KAAK,EAAEpD,WAAW,CAACoD,KAAK;MACxB1B,WAAW,EAAEA,WAAW;MACxB2B,SAAS,EAAErD,WAAW,CAACqD;IACzB,CAAC;IAED,IAAIrD,WAAW,CAACsD,eAAe,KAAKC,SAAS,EAAE;MAC7CJ,gBAAgB,CAACG,eAAe,GAAGtD,WAAW,CAACsD,eAAe;IAChE;IAEA,MAAM,IAAAE,wBAAW,EAACzD,GAAG,EAAEiD,UAAU,EAAEG,gBAAgB,CAAC;IACpD7B,SAAS,CAACM,OAAO,GAAGoB,UAAU;EAChC;;EAEA;EACA,IAAIlC,YAAY,CAAC2C,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAACnC,SAAS,CAACI,WAAW,EAAE;IAClE;IACA,MAAM,IAAI/B,oBAAY,CAAC,+GAA+G,CAAC;EACzI;EACA,IAAImB,YAAY,CAAC2C,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAACnC,SAAS,CAACM,OAAO,EAAE;IACjE;IACA,MAAM,IAAIjC,oBAAY,CAAC,8GAA8G,CAAC;EACxI;EAEA,OAAO;IACL+D,MAAM,EAAEpC,SAAS;IACjB5B,KAAK,EAAEH,GAAG,CAACG,KAAM;IACjBU,IAAI,EAAEb,GAAG,CAACa,IAAI;IACdU;EACF,CAAC;AAEH"}
1
+ {"version":3,"file":"handleOAuthResponse.js","names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","dpop","token_type","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","Object","assign","authorizationCode","interactionCode","getDefaultTokenParams","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","tokenDict","expiresIn","expires_in","tokenType","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","dpopPairId","extraParams","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","acrValues","ignoreSignature","undefined","verifyToken","indexOf","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n\n // https://datatracker.ietf.org/doc/html/rfc9449#token-response\n // \"A token_type of DPoP MUST be included in the access token response to signal to the client\"\n if (oauthParams.dpop && res.token_type !== 'DPoP') {\n throw new AuthSdkError('Unable to parse OAuth flow response: DPoP was configured but \"token_type\" was not DPoP');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n const pkce = sdk.options.pkce !== false;\n\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n let responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType) && responseType !== 'none') {\n responseType = [responseType];\n }\n\n let scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n const clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n const tokenDict = {} as Tokens;\n const expiresIn = res.expires_in;\n const tokenType = res.token_type;\n const accessToken = res.access_token;\n const idToken = res.id_token;\n const refreshToken = res.refresh_token;\n const now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n const accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.accessToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.refreshToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (idToken) {\n const idJwt = sdk.token.decode(idToken);\n const idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n if (tokenParams.extraParams) {\n idTokenObj.extraParams = tokenParams.extraParams;\n }\n\n const validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken,\n acrValues: tokenParams.acrValues\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code,\n responseType\n };\n \n}"],"mappings":";;;AAeA;AACA;AAGA;AAWA;AACA;AA/BA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA,SAASA,gBAAgB,CAACC,GAAkB,EAAEC,WAAwB,EAAE;EACtE,IAAID,GAAG,CAAC,OAAO,CAAC,IAAIA,GAAG,CAAC,mBAAmB,CAAC,EAAE;IAC5C,MAAM,IAAIE,kBAAU,CAACF,GAAG,CAAC,OAAO,CAAC,EAAEA,GAAG,CAAC,mBAAmB,CAAC,CAAC;EAC9D;EAEA,IAAIA,GAAG,CAACG,KAAK,KAAKF,WAAW,CAACE,KAAK,EAAE;IACnC,MAAM,IAAIC,oBAAY,CAAC,wDAAwD,CAAC;EAClF;;EAEA;EACA;EACA,IAAIH,WAAW,CAACI,IAAI,IAAIL,GAAG,CAACM,UAAU,KAAK,MAAM,EAAE;IACjD,MAAM,IAAIF,oBAAY,CAAC,wFAAwF,CAAC;EAClH;AACF;AAEO,eAAeG,mBAAmB,CACvCC,GAA2B,EAC3BC,WAAwB,EACxBT,GAAkB,EAClBU,IAAiB,EACO;EACxB,MAAMC,IAAI,GAAGH,GAAG,CAACI,OAAO,CAACD,IAAI,KAAK,KAAK;;EAGvC;EACA;EACA,IAAIA,IAAI,KAAKX,GAAG,CAACa,IAAI,IAAIb,GAAG,CAACc,gBAAgB,CAAC,EAAE;IAC9C,OAAON,GAAG,CAACO,KAAK,CAACC,qBAAqB,CAACC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAET,WAAW,EAAE;MACpEU,iBAAiB,EAAEnB,GAAG,CAACa,IAAI;MAC3BO,eAAe,EAAEpB,GAAG,CAACc;IACvB,CAAC,CAAC,EAAEJ,IAAI,CAAC;EACX;EAEAD,WAAW,GAAGA,WAAW,IAAI,IAAAY,4BAAqB,EAACb,GAAG,CAAC;EACvDE,IAAI,GAAGA,IAAI,IAAI,IAAAY,mBAAY,EAACd,GAAG,EAAEC,WAAW,CAAC;EAE7C,IAAIc,YAAY,GAAGd,WAAW,CAACc,YAAY,IAAI,EAAE;EACjD,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,YAAY,CAAC,IAAIA,YAAY,KAAK,MAAM,EAAE;IAC3DA,YAAY,GAAG,CAACA,YAAY,CAAC;EAC/B;EAEA,IAAIG,MAAM;EACV,IAAI1B,GAAG,CAAC2B,KAAK,EAAE;IACbD,MAAM,GAAG1B,GAAG,CAAC2B,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC;EAC/B,CAAC,MAAM;IACLF,MAAM,GAAG,IAAAG,WAAK,EAACpB,WAAW,CAACiB,MAAM,CAAC;EACpC;EACA,MAAMI,QAAQ,GAAGrB,WAAW,CAACqB,QAAQ,IAAItB,GAAG,CAACI,OAAO,CAACkB,QAAQ;;EAE7D;EACA/B,gBAAgB,CAACC,GAAG,EAAES,WAAW,CAAC;EAElC,MAAMsB,SAAS,GAAG,CAAC,CAAW;EAC9B,MAAMC,SAAS,GAAGhC,GAAG,CAACiC,UAAU;EAChC,MAAMC,SAAS,GAAGlC,GAAG,CAACM,UAAU;EAChC,MAAM6B,WAAW,GAAGnC,GAAG,CAACoC,YAAY;EACpC,MAAMC,OAAO,GAAGrC,GAAG,CAACsC,QAAQ;EAC5B,MAAMC,YAAY,GAAGvC,GAAG,CAACwC,aAAa;EACtC,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,EAAE,GAAC,IAAI,CAAC;EAEvC,IAAIN,WAAW,EAAE;IACf,MAAMU,SAAS,GAAGrC,GAAG,CAACO,KAAK,CAAC+B,MAAM,CAACX,WAAW,CAAC;IAC/CJ,SAAS,CAACI,WAAW,GAAG;MACtBA,WAAW,EAAEA,WAAW;MACxBY,MAAM,EAAEF,SAAS,CAACG,OAAO;MACzBC,SAAS,EAAEC,MAAM,CAAClB,SAAS,CAAC,GAAGS,GAAG;MAClCP,SAAS,EAAEA,SAAU;MACrBR,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCC,WAAW,EAAE1C,IAAI,CAAC0C;IACpB,CAAC;IAED,IAAI3C,WAAW,CAAC4C,UAAU,EAAE;MAC1BtB,SAAS,CAACI,WAAW,CAACkB,UAAU,GAAG5C,WAAW,CAAC4C,UAAU;IAC3D;IAEA,IAAI5C,WAAW,CAAC6C,WAAW,EAAE;MAC3BvB,SAAS,CAACI,WAAW,CAACmB,WAAW,GAAG7C,WAAW,CAAC6C,WAAW;IAC7D;EACF;EAEA,IAAIf,YAAY,EAAE;IAChBR,SAAS,CAACQ,YAAY,GAAG;MACvBA,YAAY,EAAEA,YAAY;MAC1B;MACA;MACAU,SAAS,EAAEC,MAAM,CAAClB,SAAS,CAAC,GAAGS,GAAG;MAClCf,MAAM,EAAEA,MAAM;MACd6B,QAAQ,EAAE7C,IAAI,CAAC6C,QAAS;MACxBJ,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCK,MAAM,EAAE9C,IAAI,CAAC8C;IACf,CAAC;IAED,IAAI/C,WAAW,CAAC4C,UAAU,EAAE;MAC1BtB,SAAS,CAACQ,YAAY,CAACc,UAAU,GAAG5C,WAAW,CAAC4C,UAAU;IAC5D;IAEA,IAAI5C,WAAW,CAAC6C,WAAW,EAAE;MAC3BvB,SAAS,CAACQ,YAAY,CAACe,WAAW,GAAG7C,WAAW,CAAC6C,WAAW;IAC9D;EACF;EAEA,IAAIjB,OAAO,EAAE;IACX,MAAMoB,KAAK,GAAGjD,GAAG,CAACO,KAAK,CAAC+B,MAAM,CAACT,OAAO,CAAC;IACvC,MAAMqB,UAAmB,GAAG;MAC1BrB,OAAO,EAAEA,OAAO;MAChBU,MAAM,EAAEU,KAAK,CAACT,OAAO;MACrBC,SAAS,EAAEQ,KAAK,CAACT,OAAO,CAACW,GAAG,GAAIF,KAAK,CAACT,OAAO,CAACY,GAAI,GAAGnB,GAAG;MAAE;MAC1Df,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCK,MAAM,EAAE9C,IAAI,CAAC8C,MAAO;MACpB1B,QAAQ,EAAEA;IACZ,CAAC;IAED,IAAIrB,WAAW,CAAC6C,WAAW,EAAE;MAC3BI,UAAU,CAACJ,WAAW,GAAG7C,WAAW,CAAC6C,WAAW;IAClD;IAEA,MAAMO,gBAAmC,GAAG;MAC1C/B,QAAQ,EAAEA,QAAS;MACnB0B,MAAM,EAAE9C,IAAI,CAAC8C,MAAO;MACpBM,KAAK,EAAErD,WAAW,CAACqD,KAAK;MACxB3B,WAAW,EAAEA,WAAW;MACxB4B,SAAS,EAAEtD,WAAW,CAACsD;IACzB,CAAC;IAED,IAAItD,WAAW,CAACuD,eAAe,KAAKC,SAAS,EAAE;MAC7CJ,gBAAgB,CAACG,eAAe,GAAGvD,WAAW,CAACuD,eAAe;IAChE;IAEA,MAAM,IAAAE,wBAAW,EAAC1D,GAAG,EAAEkD,UAAU,EAAEG,gBAAgB,CAAC;IACpD9B,SAAS,CAACM,OAAO,GAAGqB,UAAU;EAChC;;EAEA;EACA,IAAInC,YAAY,CAAC4C,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAACpC,SAAS,CAACI,WAAW,EAAE;IAClE;IACA,MAAM,IAAI/B,oBAAY,CAAC,+GAA+G,CAAC;EACzI;EACA,IAAImB,YAAY,CAAC4C,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAACpC,SAAS,CAACM,OAAO,EAAE;IACjE;IACA,MAAM,IAAIjC,oBAAY,CAAC,8GAA8G,CAAC;EACxI;EAEA,OAAO;IACLgE,MAAM,EAAErC,SAAS;IACjB5B,KAAK,EAAEH,GAAG,CAACG,KAAM;IACjBU,IAAI,EAAEb,GAAG,CAACa,IAAI;IACdU;EACF,CAAC;AAEH"}
package/cjs/oidc/renewToken.js CHANGED
@@ -58,7 +58,8 @@ async function renewToken(sdk, token) {
58
58
  authorizeUrl,
59
59
  userinfoUrl,
60
60
  issuer,
61
- dpopPairId
61
+ dpopPairId,
62
+ extraParams
62
63
  } = token;
63
64
  return (0, _getWithoutPrompt.getWithoutPrompt)(sdk, {
64
65
  responseType,
@@ -66,7 +67,8 @@ async function renewToken(sdk, token) {
66
67
  authorizeUrl,
67
68
  userinfoUrl,
68
69
  issuer,
69
- dpopPairId
70
+ dpopPairId,
71
+ extraParams
70
72
  }).then(function (res) {
71
73
  return getSingleToken(token, res.tokens);
72
74
  });