@okta/okta-auth-js 8.0.0 → 8.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/cjs/core/AuthStateManager.js +18 -12
- package/cjs/core/AuthStateManager.js.map +1 -1
- package/cjs/http/OktaUserAgent.js +2 -2
- package/cjs/idx/authenticator/WebauthnEnrollment.js +6 -2
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/webauthn.js +22 -4
- package/cjs/idx/webauthn.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +2 -4
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
- package/dist/okta-auth-js.authn.min.js +1 -1
- package/dist/okta-auth-js.authn.min.js.map +1 -1
- package/dist/okta-auth-js.core.min.analyzer.html +2 -2
- package/dist/okta-auth-js.core.min.js +1 -1
- package/dist/okta-auth-js.core.min.js.map +1 -1
- package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
- package/dist/okta-auth-js.idx.min.js +1 -1
- package/dist/okta-auth-js.idx.min.js.map +1 -1
- package/dist/okta-auth-js.min.analyzer.html +2 -2
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
- package/dist/okta-auth-js.myaccount.min.js +1 -1
- package/dist/okta-auth-js.myaccount.min.js.map +1 -1
- package/esm/browser/core/AuthStateManager.js +20 -16
- package/esm/browser/core/AuthStateManager.js.map +1 -1
- package/esm/browser/http/OktaUserAgent.js +2 -2
- package/esm/browser/idx/authenticator/WebauthnEnrollment.js +3 -5
- package/esm/browser/idx/authenticator/WebauthnEnrollment.js.map +1 -1
- package/esm/browser/idx/authenticator/WebauthnVerification.js.map +1 -1
- package/esm/browser/idx/types/idx-js.js.map +1 -1
- package/esm/browser/idx/webauthn.js +18 -15
- package/esm/browser/idx/webauthn.js.map +1 -1
- package/esm/browser/oidc/handleOAuthResponse.js +2 -2
- package/esm/browser/oidc/handleOAuthResponse.js.map +1 -1
- package/esm/browser/package.json +1 -1
- package/esm/node/core/AuthStateManager.js +20 -16
- package/esm/node/core/AuthStateManager.js.map +1 -1
- package/esm/node/http/OktaUserAgent.js +2 -2
- package/esm/node/idx/authenticator/WebauthnEnrollment.js +3 -5
- package/esm/node/idx/authenticator/WebauthnEnrollment.js.map +1 -1
- package/esm/node/idx/authenticator/WebauthnVerification.js.map +1 -1
- package/esm/node/idx/types/idx-js.js.map +1 -1
- package/esm/node/idx/webauthn.js +18 -15
- package/esm/node/idx/webauthn.js.map +1 -1
- package/esm/node/oidc/handleOAuthResponse.js +2 -2
- package/esm/node/oidc/handleOAuthResponse.js.map +1 -1
- package/esm/node/package.json +1 -1
- package/package.json +6 -4
- package/types/lib/idx/authenticator/WebauthnEnrollment.d.ts +2 -0
- package/types/lib/idx/authenticator/WebauthnVerification.d.ts +1 -0
- package/types/lib/idx/types/idx-js.d.ts +3 -0
- package/types/lib/idx/webauthn.d.ts +3 -12
- package/umd/authn.js +1 -1
- package/umd/authn.js.map +1 -1
- package/umd/core.js +1 -1
- package/umd/core.js.map +1 -1
- package/umd/default.js +1 -1
- package/umd/default.js.map +1 -1
- package/umd/idx.js +1 -1
- package/umd/idx.js.map +1 -1
- package/umd/myaccount.js +1 -1
- package/umd/myaccount.js.map +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
# 8.0.1
|
|
4
|
+
|
|
5
|
+
### Fixes
|
|
6
|
+
|
|
7
|
+
- [#1633](https://github.com/okta/okta-auth-js/pull/1633) fix: `CancelablePromise` no longer deadlocks when promise is canceled
|
|
8
|
+
|
|
9
|
+
### Backported from `7.14.2`
|
|
10
|
+
|
|
11
|
+
- [#1629](https://github.com/okta/okta-auth-js/pull/1629) fix: properly handles WebAuthn hints and transports
|
|
12
|
+
|
|
3
13
|
# 8.0.0
|
|
4
14
|
|
|
5
15
|
### Breaking Changes
|
|
@@ -19,6 +29,14 @@
|
|
|
19
29
|
- [#1623](https://github.com/okta/okta-auth-js/pull/1623) chore: bumps `tiny-emitter` dependency to leverage ESM export
|
|
20
30
|
- [#1624](https://github.com/okta/okta-auth-js/pull/1624) chore: upgrades `broadcast-channel` and `@babel/runtime`
|
|
21
31
|
|
|
32
|
+
# 7.14.3
|
|
33
|
+
|
|
34
|
+
- [#1635](https://github.com/okta/okta-auth-js/pull/1635) fix: guarantees `state` parameter is validated before token exchange is performed
|
|
35
|
+
|
|
36
|
+
# 7.14.2
|
|
37
|
+
|
|
38
|
+
- [#1629](https://github.com/okta/okta-auth-js/pull/1629) fix: properly handles WebAuthn hints and transports
|
|
39
|
+
|
|
22
40
|
# 7.14.1
|
|
23
41
|
|
|
24
42
|
### Fixes
|
|
@@ -32,7 +32,6 @@ const isSameAuthState = (prevState, state) => {
|
|
|
32
32
|
}
|
|
33
33
|
return prevState.isAuthenticated === state.isAuthenticated && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken) && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken) && prevState.error === state.error;
|
|
34
34
|
};
|
|
35
|
-
|
|
36
35
|
/**
|
|
37
36
|
* Based on https://www.npmjs.com/package/p-cancelable, which was used in previous versions of authjs
|
|
38
37
|
* `p-cancelable` has been deprecated in favor of `AbortController` and is sometimes flagged on dependency scans
|
|
@@ -41,7 +40,7 @@ const isSameAuthState = (prevState, state) => {
|
|
|
41
40
|
* tldr; This class aims to replace `p-cancelable` to maintain IE11 support
|
|
42
41
|
*/
|
|
43
42
|
class CancelablePromise {
|
|
44
|
-
#
|
|
43
|
+
#_state = 'PENDING';
|
|
45
44
|
#promise;
|
|
46
45
|
// eslint-disable-next-line no-use-before-define
|
|
47
46
|
#cancelHandlers = [];
|
|
@@ -52,16 +51,12 @@ class CancelablePromise {
|
|
|
52
51
|
this.#promise = new Promise((resolve, reject) => {
|
|
53
52
|
this.#rejector = reject;
|
|
54
53
|
const onResolve = result => {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
this.#state = 'SETTLED';
|
|
58
|
-
}
|
|
54
|
+
resolve(result);
|
|
55
|
+
this.#state = 'SETTLED';
|
|
59
56
|
};
|
|
60
57
|
const onReject = error => {
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
this.#state = 'SETTLED';
|
|
64
|
-
}
|
|
58
|
+
reject(error);
|
|
59
|
+
this.#state = 'SETTLED';
|
|
65
60
|
};
|
|
66
61
|
const onCancel = handler => {
|
|
67
62
|
this.#cancelHandlers.push(handler);
|
|
@@ -69,6 +64,14 @@ class CancelablePromise {
|
|
|
69
64
|
executor(onResolve, onReject, onCancel);
|
|
70
65
|
});
|
|
71
66
|
}
|
|
67
|
+
get #state() {
|
|
68
|
+
return this.#_state;
|
|
69
|
+
}
|
|
70
|
+
set #state(state) {
|
|
71
|
+
if (this.#state === 'PENDING') {
|
|
72
|
+
this.#_state = state;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
72
75
|
|
|
73
76
|
// @ts-expect-error - the type for `Promise.then` is unnecessarily complex
|
|
74
77
|
then(...args) {
|
|
@@ -100,6 +103,9 @@ class CancelablePromise {
|
|
|
100
103
|
return this.#state === 'CANCELED';
|
|
101
104
|
}
|
|
102
105
|
}
|
|
106
|
+
|
|
107
|
+
// Used for `instanceof` checks
|
|
108
|
+
Object.setPrototypeOf(CancelablePromise.prototype, Promise.prototype);
|
|
103
109
|
class AuthStateManager {
|
|
104
110
|
constructor(sdk) {
|
|
105
111
|
if (!sdk.emitter) {
|
|
@@ -218,7 +224,7 @@ class AuthStateManager {
|
|
|
218
224
|
...DEFAULT_PENDING
|
|
219
225
|
};
|
|
220
226
|
};
|
|
221
|
-
this._sdk.isAuthenticated().then(
|
|
227
|
+
this._sdk.isAuthenticated().then(isAuthenticated => {
|
|
222
228
|
if (cancelablePromise.isCanceled) {
|
|
223
229
|
resolve(undefined);
|
|
224
230
|
return;
|
|
@@ -232,7 +238,7 @@ class AuthStateManager {
|
|
|
232
238
|
accessToken,
|
|
233
239
|
idToken,
|
|
234
240
|
refreshToken,
|
|
235
|
-
isAuthenticated
|
|
241
|
+
isAuthenticated
|
|
236
242
|
};
|
|
237
243
|
|
|
238
244
|
// Enqueue transformAuthState so that it does not run concurrently
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthStateManager.js","names":["_errors","require","_oidc","_util","INITIAL_AUTH_STATE","exports","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","CancelablePromise","promise","cancelHandlers","rejector","#rejector","constructor","executor","Promise","resolve","reject","onResolve","result","onReject","onCancel","handler","push","then","args","catch","finally","cancel","length","isCanceled","AuthStateManager","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","_prevAuthState","_transformQueue","PromiseQueue","quiet","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","transformAuthState","devMode","log","status","getConsole","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","curPromise","cancelablePromise","_","emitAndResolve","undefined","refreshToken","getTokensSync","subscribe","unsubscribe","off"],"sources":["../../../lib/core/AuthStateManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n \n\nimport { AuthSdkError } from '../errors';\nimport {\n EVENT_ADDED,\n EVENT_REMOVED,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface\n} from '../oidc';\nimport {\n AuthState,\n AuthStateLogOptions,\n OktaAuthCoreOptions,\n} from './types';\nimport { PromiseQueue, getConsole } from '../util';\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\n/**\n * Based on https://www.npmjs.com/package/p-cancelable, which was used in previous versions of authjs\n * `p-cancelable` has been deprecated in favor of `AbortController` and is sometimes flagged on dependency scans\n * as not being supported. Unfortunately, `AbortController` is not supported in IE11\n *\n * tldr; This class aims to replace `p-cancelable` to maintain IE11 support\n */\nclass CancelablePromise<T = any> implements PromiseLike<T> {\n #state: 'PENDING' | 'CANCELED' | 'SETTLED' = 'PENDING';\n #promise: Promise<T>;\n // eslint-disable-next-line no-use-before-define\n #cancelHandlers: Parameters<Parameters<ConstructorParameters<typeof CancelablePromise>[0]>[2]>[0][] = [];\n\n // defaults to no-op to satisfy TS, will be re-set in `executor` when construct is invoked\n #rejector: Parameters<ConstructorParameters<typeof Promise<T>>[0]>[1] = () => {};\n\n constructor (\n executor: (\n ...args: [\n ...Parameters<ConstructorParameters<typeof Promise<T>>[0]>,\n (callback: () => void) => void\n ]\n ) => void\n ) {\n\n this.#promise = new Promise((resolve, reject) => {\n this.#rejector = reject;\n\n const onResolve = (result) => {\n if (this.#state !== 'CANCELED') {\n resolve(result);\n this.#state = 'SETTLED';\n }\n };\n\n const onReject = (error) => {\n if (this.#state !== 'CANCELED') {\n reject(error);\n this.#state = 'SETTLED';\n }\n };\n\n const onCancel = handler => {\n this.#cancelHandlers.push(handler);\n };\n\n executor(onResolve, onReject, onCancel);\n });\n }\n\n // @ts-expect-error - the type for `Promise.then` is unnecessarily complex\n then (...args: Parameters<Promise<T>['then']>): ReturnType<Promise<T>['then']> {\n return this.#promise.then(...args);\n }\n\n catch (...args: Parameters<Promise<T>['catch']>): ReturnType<Promise<T>['catch']> {\n return this.#promise.catch(...args);\n }\n\n finally (...args: Parameters<Promise<T>['finally']>): ReturnType<Promise<T>['finally']> {\n return this.#promise.finally(...args);\n }\n\n cancel () {\n if (this.#state !== 'PENDING') {\n return;\n }\n\n this.#state = 'CANCELED';\n\n if (this.#cancelHandlers.length > 0) {\n try {\n\t\t\t\tfor (const handler of this.#cancelHandlers) {\n\t\t\t\t\thandler();\n\t\t\t\t}\n\t\t\t}\n catch (error) {\n\t\t\t\tthis.#rejector(error);\n\t\t\t\treturn;\n\t\t\t}\n }\n }\n\n get isCanceled (): boolean {\n return this.#state === 'CANCELED';\n }\n}\n\nexport class AuthStateManager\n<\n M extends OAuthTransactionMeta,\n S extends OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions\n>\n{\n _sdk: OktaAuthOAuthInterface<M, S, O>;\n _pending: { \n updateAuthStatePromise: any;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n _transformQueue: PromiseQueue;\n\n constructor(sdk: OktaAuthOAuthInterface<M, S, O>) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n this._prevAuthState = null;\n this._transformQueue = new PromiseQueue({\n quiet: true\n });\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new CancelablePromise((resolve, _, onCancel) => {\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve(undefined);\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve(undefined);\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve(undefined);\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n\n // Enqueue transformAuthState so that it does not run concurrently\n const promise: Promise<AuthState> = transformAuthState\n ? this._transformQueue.push(transformAuthState, null, this._sdk, authState) as Promise<AuthState>\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"mappings":";;;AAaA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAYA,IAAAE,KAAA,GAAAF,OAAA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBO,MAAMG,kBAAkB,GAAAC,OAAA,CAAAD,kBAAA,GAAG,IAAI;AACtC,MAAME,eAAe,GAAG;EACtBC,sBAAsB,EAAE,IAAI;EAC5BC,aAAa,EAAE;AACjB,CAAC;AACD,MAAMC,uBAAuB,GAAG,iBAAiB;AACjD,MAAMC,wBAAwB,GAAG,EAAE;;AAEnC;AACA,MAAMC,eAAe,GAAGA,CAACC,SAA2B,EAAEC,KAAgB,KAAK;EACzE;EACA,IAAI,CAACD,SAAS,EAAE;IACd,OAAO,KAAK;EACd;EAEA,OAAOA,SAAS,CAACE,eAAe,KAAKD,KAAK,CAACC,eAAe,IACrDC,IAAI,CAACC,SAAS,CAACJ,SAAS,CAACK,OAAO,CAAC,KAAKF,IAAI,CAACC,SAAS,CAACH,KAAK,CAACI,OAAO,CAAC,IACnEF,IAAI,CAACC,SAAS,CAACJ,SAAS,CAACM,WAAW,CAAC,KAAKH,IAAI,CAACC,SAAS,CAACH,KAAK,CAACK,WAAW,CAAC,IAC3EN,SAAS,CAACO,KAAK,KAAKN,KAAK,CAACM,KAAK;AACtC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,iBAAiB,CAAoC;EACzD,CAACP,KAAK,GAAuC,SAAS;EACtD,CAACQ,OAAO;EACR;EACA,CAACC,cAAc,GAAuF,EAAE;;EAExG;EACA,CAACC,QAAQ,GAA+DC,CAAA,KAAM,CAAC,CAAC;EAEhFC,WAAWA,CACTC,QAKS,EACT;IAEA,IAAI,CAAC,CAACL,OAAO,GAAG,IAAIM,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;MAC/C,IAAI,CAAC,CAACN,QAAQ,GAAGM,MAAM;MAEvB,MAAMC,SAAS,GAAIC,MAAM,IAAK;QAC5B,IAAI,IAAI,CAAC,CAAClB,KAAK,KAAK,UAAU,EAAE;UAC9Be,OAAO,CAACG,MAAM,CAAC;UACf,IAAI,CAAC,CAAClB,KAAK,GAAG,SAAS;QACzB;MACF,CAAC;MAED,MAAMmB,QAAQ,GAAIb,KAAK,IAAK;QAC1B,IAAI,IAAI,CAAC,CAACN,KAAK,KAAK,UAAU,EAAE;UAC9BgB,MAAM,CAACV,KAAK,CAAC;UACb,IAAI,CAAC,CAACN,KAAK,GAAG,SAAS;QACzB;MACF,CAAC;MAED,MAAMoB,QAAQ,GAAGC,OAAO,IAAI;QAC1B,IAAI,CAAC,CAACZ,cAAc,CAACa,IAAI,CAACD,OAAO,CAAC;MACpC,CAAC;MAEDR,QAAQ,CAACI,SAAS,EAAEE,QAAQ,EAAEC,QAAQ,CAAC;IACzC,CAAC,CAAC;EACJ;;EAEA;EACAG,IAAIA,CAAE,GAAGC,IAAoC,EAAkC;IAC7E,OAAO,IAAI,CAAC,CAAChB,OAAO,CAACe,IAAI,CAAC,GAAGC,IAAI,CAAC;EACpC;EAEAC,KAAKA,CAAE,GAAGD,IAAqC,EAAmC;IAChF,OAAO,IAAI,CAAC,CAAChB,OAAO,CAACiB,KAAK,CAAC,GAAGD,IAAI,CAAC;EACrC;EAEAE,OAAOA,CAAE,GAAGF,IAAuC,EAAqC;IACtF,OAAO,IAAI,CAAC,CAAChB,OAAO,CAACkB,OAAO,CAAC,GAAGF,IAAI,CAAC;EACvC;EAEAG,MAAMA,CAAA,EAAI;IACR,IAAI,IAAI,CAAC,CAAC3B,KAAK,KAAK,SAAS,EAAE;MAC7B;IACF;IAEA,IAAI,CAAC,CAACA,KAAK,GAAG,UAAU;IAExB,IAAI,IAAI,CAAC,CAACS,cAAc,CAACmB,MAAM,GAAG,CAAC,EAAE;MACnC,IAAI;QACN,KAAK,MAAMP,OAAO,IAAI,IAAI,CAAC,CAACZ,cAAc,EAAE;UAC3CY,OAAO,CAAC,CAAC;QACV;MACD,CAAC,CACE,OAAOf,KAAK,EAAE;QAChB,IAAI,CAAC,CAACI,QAAQ,CAACJ,KAAK,CAAC;QACrB;MACD;IACC;EACF;EAEA,IAAIuB,UAAUA,CAAA,EAAa;IACzB,OAAO,IAAI,CAAC,CAAC7B,KAAK,KAAK,UAAU;EACnC;AACF;AAEO,MAAM8B,gBAAgB,CAM7B;EAWElB,WAAWA,CAACmB,GAAoC,EAAE;IAChD,IAAI,CAACA,GAAG,CAACC,OAAO,EAAE;MAChB,MAAM,IAAIC,oBAAY,CAAC,uDAAuD,CAAC;IACjF;IAEA,IAAI,CAACC,IAAI,GAAGH,GAAG;IACf,IAAI,CAACI,QAAQ,GAAG;MAAE,GAAG1C;IAAgB,CAAC;IACtC,IAAI,CAAC2C,UAAU,GAAG7C,kBAAkB;IACpC,IAAI,CAAC8C,WAAW,GAAG,CAAC,CAAC;IACrB,IAAI,CAACC,cAAc,GAAG,IAAI;IAC1B,IAAI,CAACC,eAAe,GAAG,IAAIC,kBAAY,CAAC;MACtCC,KAAK,EAAE;IACT,CAAC,CAAC;;IAEF;IACA;IACA;IACAV,GAAG,CAACW,YAAY,CAACC,EAAE,CAACC,iBAAW,EAAE,CAACC,GAAG,EAAEC,KAAK,KAAK;MAC/C,IAAI,CAACC,cAAc,CAAC;QAAEC,KAAK,EAAEJ,iBAAW;QAAEC,GAAG;QAAEC;MAAM,CAAC,CAAC;MACvD,IAAI,CAACG,eAAe,CAAC,CAAC;IACxB,CAAC,CAAC;IACFlB,GAAG,CAACW,YAAY,CAACC,EAAE,CAACO,mBAAa,EAAE,CAACL,GAAG,EAAEC,KAAK,KAAK;MACjD,IAAI,CAACC,cAAc,CAAC;QAAEC,KAAK,EAAEE,mBAAa;QAAEL,GAAG;QAAEC;MAAM,CAAC,CAAC;MACzD,IAAI,CAACG,eAAe,CAAC,CAAC;IACxB,CAAC,CAAC;EACJ;EAEAF,cAAcA,CAACI,OAAO,EAAE;IACtB,IAAI,CAACd,WAAW,GAAGc,OAAO;EAC5B;EAEAC,YAAYA,CAAA,EAAqB;IAC/B,OAAO,IAAI,CAAChB,UAAU;EACxB;EAEAiB,oBAAoBA,CAAA,EAAqB;IACvC,OAAO,IAAI,CAACf,cAAc;EAC5B;EAEA,MAAMW,eAAeA,CAAA,EAAuB;IAC1C,MAAM;MAAEK,kBAAkB;MAAEC;IAAQ,CAAC,GAAG,IAAI,CAACrB,IAAI,CAACiB,OAAO;IAEzD,MAAMK,GAAG,GAAIC,MAAM,IAAK;MACtB,MAAM;QAAET,KAAK;QAAEH,GAAG;QAAEC;MAAM,CAAC,GAAG,IAAI,CAACT,WAAW;MAC9C,IAAAqB,gBAAU,EAAC,CAAC,CAACC,KAAK,CAAC,uCAAuCX,KAAK,WAAWS,MAAM,EAAE,CAAC;MACnF,IAAAC,gBAAU,EAAC,CAAC,CAACF,GAAG,CAACX,GAAG,EAAEC,KAAK,CAAC;MAC5B,IAAAY,gBAAU,EAAC,CAAC,CAACF,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAACpB,UAAU,CAAC;MACtD,IAAAsB,gBAAU,EAAC,CAAC,CAACE,QAAQ,CAAC,CAAC;;MAEvB;MACA,IAAI,CAACvB,WAAW,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,MAAMwB,mBAAmB,GAAIC,SAAS,IAAK;MACzC,IAAIhE,eAAe,CAAC,IAAI,CAACsC,UAAU,EAAE0B,SAAS,CAAC,EAAE;QAC/CP,OAAO,IAAIC,GAAG,CAAC,WAAW,CAAC;QAC3B;MACF;MACA,IAAI,CAAClB,cAAc,GAAG,IAAI,CAACF,UAAU;MACrC,IAAI,CAACA,UAAU,GAAG0B,SAAS;MAC3B;MACA,IAAI,CAAC5B,IAAI,CAACF,OAAO,CAAC+B,IAAI,CAACnE,uBAAuB,EAAE;QAAE,GAAGkE;MAAU,CAAC,CAAC;MACjEP,OAAO,IAAIC,GAAG,CAAC,SAAS,CAAC;IAC3B,CAAC;IAED,MAAMQ,YAAY,GAAIC,WAAW,IAAK;MACpC,OAAO,IAAI,CAAC9B,QAAQ,CAACzC,sBAAsB,CAAC6B,IAAI,CAAC,MAAM;QACrD,MAAM2C,UAAU,GAAG,IAAI,CAAC/B,QAAQ,CAACzC,sBAAsB;QACvD,IAAIwE,UAAU,IAAIA,UAAU,KAAKD,WAAW,EAAE;UAC5C,OAAOD,YAAY,CAACE,UAAU,CAAC;QACjC;QACA,OAAO,IAAI,CAACd,YAAY,CAAC,CAAC;MAC5B,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAACjB,QAAQ,CAACzC,sBAAsB,EAAE;MACxC,IAAI,IAAI,CAACyC,QAAQ,CAACxC,aAAa,IAAIE,wBAAwB,EAAE;QAC3D;QACA;QACA0D,OAAO,IAAIC,GAAG,CAAC,YAAY,CAAC;QAC5B,OAAOQ,YAAY,CAAC,IAAI,CAAC7B,QAAQ,CAACzC,sBAAsB,CAAC;MAC3D,CAAC,MAAM;QACL,IAAI,CAACyC,QAAQ,CAACzC,sBAAsB,CAACiC,MAAM,CAAC,CAAC;MAC/C;IACF;;IAEA;IACA,MAAMwC,iBAAiB,GAAG,IAAI5D,iBAAiB,CAAC,CAACQ,OAAO,EAAEqD,CAAC,EAAEhD,QAAQ,KAAK;MACxEA,QAAQ,CAAC,MAAM;QACb,IAAI,CAACe,QAAQ,CAACzC,sBAAsB,GAAG,IAAI;QAC3C,IAAI,CAACyC,QAAQ,CAACxC,aAAa,GAAG,IAAI,CAACwC,QAAQ,CAACxC,aAAa,GAAG,CAAC;QAC7D4D,OAAO,IAAIC,GAAG,CAAC,UAAU,CAAC;MAC5B,CAAC,CAAC;MAEF,MAAMa,cAAc,GAAIP,SAAS,IAAK;QACpC,IAAIK,iBAAiB,CAACtC,UAAU,EAAE;UAChCd,OAAO,CAACuD,SAAS,CAAC;UAClB;QACF;QACA;QACAT,mBAAmB,CAACC,SAAS,CAAC;QAC9B/C,OAAO,CAACuD,SAAS,CAAC;;QAElB;QACA,IAAI,CAACnC,QAAQ,GAAG;UAAE,GAAG1C;QAAgB,CAAC;MACxC,CAAC;MAED,IAAI,CAACyC,IAAI,CAACjC,eAAe,CAAC,CAAC,CACxBsB,IAAI,CAAC,MAAM;QACV,IAAI4C,iBAAiB,CAACtC,UAAU,EAAE;UAChCd,OAAO,CAACuD,SAAS,CAAC;UAClB;QACF;QAEA,MAAM;UAAEjE,WAAW;UAAED,OAAO;UAAEmE;QAAa,CAAC,GAAG,IAAI,CAACrC,IAAI,CAACQ,YAAY,CAAC8B,aAAa,CAAC,CAAC;QACrF,MAAMV,SAAS,GAAG;UAChBzD,WAAW;UACXD,OAAO;UACPmE,YAAY;UACZtE,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAO;QAC5C,CAAC;;QAED;QACA,MAAMI,OAA2B,GAAG8C,kBAAkB,GAClD,IAAI,CAACf,eAAe,CAACjB,IAAI,CAACgC,kBAAkB,EAAE,IAAI,EAAE,IAAI,CAACpB,IAAI,EAAE4B,SAAS,CAAC,GACzEhD,OAAO,CAACC,OAAO,CAAC+C,SAAS,CAAC;QAE9BtD,OAAO,CACJe,IAAI,CAACuC,SAAS,IAAIO,cAAc,CAACP,SAAS,CAAC,CAAC,CAC5CrC,KAAK,CAACnB,KAAK,IAAI+D,cAAc,CAAC;UAC7BhE,WAAW;UACXD,OAAO;UACPmE,YAAY;UACZtE,eAAe,EAAE,KAAK;UACtBK;QACF,CAAC,CAAC,CAAC;MACP,CAAC,CAAC;IACN,CAAC,CAAC;IACF;IACA,IAAI,CAAC6B,QAAQ,CAACzC,sBAAsB,GAAGyE,iBAAiB;IAExD,OAAOH,YAAY,CAACG,iBAAiB,CAAC;EACxC;EAEAM,SAASA,CAACpD,OAAO,EAAQ;IACvB,IAAI,CAACa,IAAI,CAACF,OAAO,CAACW,EAAE,CAAC/C,uBAAuB,EAAEyB,OAAO,CAAC;EACxD;EAEAqD,WAAWA,CAACrD,OAAQ,EAAQ;IAC1B,IAAI,CAACa,IAAI,CAACF,OAAO,CAAC2C,GAAG,CAAC/E,uBAAuB,EAAEyB,OAAO,CAAC;EACzD;AACF;AAAC7B,OAAA,CAAAsC,gBAAA,GAAAA,gBAAA","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"AuthStateManager.js","names":["_errors","require","_oidc","_util","INITIAL_AUTH_STATE","exports","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","CancelablePromise","_state","promise","cancelHandlers","rejector","#rejector","constructor","executor","Promise","resolve","reject","onResolve","result","onReject","onCancel","handler","push","#state","then","args","catch","finally","cancel","length","isCanceled","Object","setPrototypeOf","prototype","AuthStateManager","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","_prevAuthState","_transformQueue","PromiseQueue","quiet","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","transformAuthState","devMode","log","status","getConsole","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","curPromise","cancelablePromise","_","emitAndResolve","undefined","refreshToken","getTokensSync","subscribe","unsubscribe","off"],"sources":["../../../lib/core/AuthStateManager.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n \n\nimport { AuthSdkError } from '../errors';\nimport {\n EVENT_ADDED,\n EVENT_REMOVED,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface\n} from '../oidc';\nimport {\n AuthState,\n AuthStateLogOptions,\n OktaAuthCoreOptions,\n} from './types';\nimport { PromiseQueue, getConsole } from '../util';\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\ntype CancelablePromiseState = 'PENDING' | 'CANCELED' | 'SETTLED';\n\n/**\n * Based on https://www.npmjs.com/package/p-cancelable, which was used in previous versions of authjs\n * `p-cancelable` has been deprecated in favor of `AbortController` and is sometimes flagged on dependency scans\n * as not being supported. Unfortunately, `AbortController` is not supported in IE11\n *\n * tldr; This class aims to replace `p-cancelable` to maintain IE11 support\n */\nclass CancelablePromise<T = any> implements PromiseLike<T> {\n #_state: CancelablePromiseState = 'PENDING';\n #promise: Promise<T>;\n // eslint-disable-next-line no-use-before-define\n #cancelHandlers: Parameters<Parameters<ConstructorParameters<typeof CancelablePromise>[0]>[2]>[0][] = [];\n\n // defaults to no-op to satisfy TS, will be re-set in `executor` when construct is invoked\n #rejector: Parameters<ConstructorParameters<typeof Promise<T>>[0]>[1] = () => {};\n\n constructor (\n executor: (\n ...args: [\n resolve: Parameters<ConstructorParameters<typeof Promise<T>>[0]>[0],\n reject: Parameters<ConstructorParameters<typeof Promise<T>>[0]>[1],\n onCancel: (callback: () => void) => void\n ]\n ) => void\n ) {\n\n this.#promise = new Promise((resolve, reject) => {\n this.#rejector = reject;\n\n const onResolve = (result) => {\n resolve(result);\n this.#state = 'SETTLED';\n };\n\n const onReject = (error) => {\n reject(error);\n this.#state = 'SETTLED';\n };\n\n const onCancel = handler => {\n this.#cancelHandlers.push(handler);\n };\n\n executor(onResolve, onReject, onCancel);\n });\n }\n\n get #state (): CancelablePromiseState {\n return this.#_state;\n }\n\n set #state (state: CancelablePromiseState) {\n if (this.#state === 'PENDING') {\n this.#_state = state;\n }\n }\n\n // @ts-expect-error - the type for `Promise.then` is unnecessarily complex\n then (...args: Parameters<Promise<T>['then']>): ReturnType<Promise<T>['then']> {\n return this.#promise.then(...args);\n }\n\n catch (...args: Parameters<Promise<T>['catch']>): ReturnType<Promise<T>['catch']> {\n return this.#promise.catch(...args);\n }\n\n finally (...args: Parameters<Promise<T>['finally']>): ReturnType<Promise<T>['finally']> {\n return this.#promise.finally(...args);\n }\n\n cancel () {\n if (this.#state !== 'PENDING') {\n return;\n }\n\n this.#state = 'CANCELED';\n\n if (this.#cancelHandlers.length > 0) {\n try {\n\t\t\t\tfor (const handler of this.#cancelHandlers) {\n\t\t\t\t\thandler();\n\t\t\t\t}\n\t\t\t}\n catch (error) {\n\t\t\t\tthis.#rejector(error);\n\t\t\t\treturn;\n\t\t\t}\n }\n }\n\n get isCanceled (): boolean {\n return this.#state === 'CANCELED';\n }\n}\n\n// Used for `instanceof` checks\nObject.setPrototypeOf(CancelablePromise.prototype, Promise.prototype);\n\nexport class AuthStateManager\n<\n M extends OAuthTransactionMeta,\n S extends OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions\n>\n{\n _sdk: OktaAuthOAuthInterface<M, S, O>;\n _pending: { \n updateAuthStatePromise: any;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n _transformQueue: PromiseQueue;\n\n constructor(sdk: OktaAuthOAuthInterface<M, S, O>) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n this._prevAuthState = null;\n this._transformQueue = new PromiseQueue({\n quiet: true\n });\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new CancelablePromise((resolve, _, onCancel) => {\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve(undefined);\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve(undefined);\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then((isAuthenticated) => {\n if (cancelablePromise.isCanceled) {\n resolve(undefined);\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated\n };\n\n // Enqueue transformAuthState so that it does not run concurrently\n const promise: Promise<AuthState> = transformAuthState\n ? this._transformQueue.push(transformAuthState, null, this._sdk, authState) as Promise<AuthState>\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"mappings":";;;AAaA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAYA,IAAAE,KAAA,GAAAF,OAAA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBO,MAAMG,kBAAkB,GAAAC,OAAA,CAAAD,kBAAA,GAAG,IAAI;AACtC,MAAME,eAAe,GAAG;EACtBC,sBAAsB,EAAE,IAAI;EAC5BC,aAAa,EAAE;AACjB,CAAC;AACD,MAAMC,uBAAuB,GAAG,iBAAiB;AACjD,MAAMC,wBAAwB,GAAG,EAAE;;AAEnC;AACA,MAAMC,eAAe,GAAGA,CAACC,SAA2B,EAAEC,KAAgB,KAAK;EACzE;EACA,IAAI,CAACD,SAAS,EAAE;IACd,OAAO,KAAK;EACd;EAEA,OAAOA,SAAS,CAACE,eAAe,KAAKD,KAAK,CAACC,eAAe,IACrDC,IAAI,CAACC,SAAS,CAACJ,SAAS,CAACK,OAAO,CAAC,KAAKF,IAAI,CAACC,SAAS,CAACH,KAAK,CAACI,OAAO,CAAC,IACnEF,IAAI,CAACC,SAAS,CAACJ,SAAS,CAACM,WAAW,CAAC,KAAKH,IAAI,CAACC,SAAS,CAACH,KAAK,CAACK,WAAW,CAAC,IAC3EN,SAAS,CAACO,KAAK,KAAKN,KAAK,CAACM,KAAK;AACtC,CAAC;AAID;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,iBAAiB,CAAoC;EACzD,CAACC,MAAM,GAA2B,SAAS;EAC3C,CAACC,OAAO;EACR;EACA,CAACC,cAAc,GAAuF,EAAE;;EAExG;EACA,CAACC,QAAQ,GAA+DC,CAAA,KAAM,CAAC,CAAC;EAEhFC,WAAWA,CACTC,QAMS,EACT;IAEA,IAAI,CAAC,CAACL,OAAO,GAAG,IAAIM,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;MAC/C,IAAI,CAAC,CAACN,QAAQ,GAAGM,MAAM;MAEvB,MAAMC,SAAS,GAAIC,MAAM,IAAK;QAC5BH,OAAO,CAACG,MAAM,CAAC;QACf,IAAI,CAAC,CAACnB,KAAK,GAAG,SAAS;MACzB,CAAC;MAED,MAAMoB,QAAQ,GAAId,KAAK,IAAK;QAC1BW,MAAM,CAACX,KAAK,CAAC;QACb,IAAI,CAAC,CAACN,KAAK,GAAG,SAAS;MACzB,CAAC;MAED,MAAMqB,QAAQ,GAAGC,OAAO,IAAI;QAC1B,IAAI,CAAC,CAACZ,cAAc,CAACa,IAAI,CAACD,OAAO,CAAC;MACpC,CAAC;MAEDR,QAAQ,CAACI,SAAS,EAAEE,QAAQ,EAAEC,QAAQ,CAAC;IACzC,CAAC,CAAC;EACJ;EAEA,IAAI,CAACrB,KAAKwB,CAAA,EAA4B;IACpC,OAAO,IAAI,CAAC,CAAChB,MAAM;EACrB;EAEA,IAAI,CAACR,KAAKwB,CAAExB,KAA6B,EAAE;IACzC,IAAI,IAAI,CAAC,CAACA,KAAK,KAAK,SAAS,EAAE;MAC7B,IAAI,CAAC,CAACQ,MAAM,GAAGR,KAAK;IACtB;EACF;;EAEA;EACAyB,IAAIA,CAAE,GAAGC,IAAoC,EAAkC;IAC7E,OAAO,IAAI,CAAC,CAACjB,OAAO,CAACgB,IAAI,CAAC,GAAGC,IAAI,CAAC;EACpC;EAEAC,KAAKA,CAAE,GAAGD,IAAqC,EAAmC;IAChF,OAAO,IAAI,CAAC,CAACjB,OAAO,CAACkB,KAAK,CAAC,GAAGD,IAAI,CAAC;EACrC;EAEAE,OAAOA,CAAE,GAAGF,IAAuC,EAAqC;IACtF,OAAO,IAAI,CAAC,CAACjB,OAAO,CAACmB,OAAO,CAAC,GAAGF,IAAI,CAAC;EACvC;EAEAG,MAAMA,CAAA,EAAI;IACR,IAAI,IAAI,CAAC,CAAC7B,KAAK,KAAK,SAAS,EAAE;MAC7B;IACF;IAEA,IAAI,CAAC,CAACA,KAAK,GAAG,UAAU;IAExB,IAAI,IAAI,CAAC,CAACU,cAAc,CAACoB,MAAM,GAAG,CAAC,EAAE;MACnC,IAAI;QACN,KAAK,MAAMR,OAAO,IAAI,IAAI,CAAC,CAACZ,cAAc,EAAE;UAC3CY,OAAO,CAAC,CAAC;QACV;MACD,CAAC,CACE,OAAOhB,KAAK,EAAE;QAChB,IAAI,CAAC,CAACK,QAAQ,CAACL,KAAK,CAAC;QACrB;MACD;IACC;EACF;EAEA,IAAIyB,UAAUA,CAAA,EAAa;IACzB,OAAO,IAAI,CAAC,CAAC/B,KAAK,KAAK,UAAU;EACnC;AACF;;AAEA;AACAgC,MAAM,CAACC,cAAc,CAAC1B,iBAAiB,CAAC2B,SAAS,EAAEnB,OAAO,CAACmB,SAAS,CAAC;AAE9D,MAAMC,gBAAgB,CAM7B;EAWEtB,WAAWA,CAACuB,GAAoC,EAAE;IAChD,IAAI,CAACA,GAAG,CAACC,OAAO,EAAE;MAChB,MAAM,IAAIC,oBAAY,CAAC,uDAAuD,CAAC;IACjF;IAEA,IAAI,CAACC,IAAI,GAAGH,GAAG;IACf,IAAI,CAACI,QAAQ,GAAG;MAAE,GAAG/C;IAAgB,CAAC;IACtC,IAAI,CAACgD,UAAU,GAAGlD,kBAAkB;IACpC,IAAI,CAACmD,WAAW,GAAG,CAAC,CAAC;IACrB,IAAI,CAACC,cAAc,GAAG,IAAI;IAC1B,IAAI,CAACC,eAAe,GAAG,IAAIC,kBAAY,CAAC;MACtCC,KAAK,EAAE;IACT,CAAC,CAAC;;IAEF;IACA;IACA;IACAV,GAAG,CAACW,YAAY,CAACC,EAAE,CAACC,iBAAW,EAAE,CAACC,GAAG,EAAEC,KAAK,KAAK;MAC/C,IAAI,CAACC,cAAc,CAAC;QAAEC,KAAK,EAAEJ,iBAAW;QAAEC,GAAG;QAAEC;MAAM,CAAC,CAAC;MACvD,IAAI,CAACG,eAAe,CAAC,CAAC;IACxB,CAAC,CAAC;IACFlB,GAAG,CAACW,YAAY,CAACC,EAAE,CAACO,mBAAa,EAAE,CAACL,GAAG,EAAEC,KAAK,KAAK;MACjD,IAAI,CAACC,cAAc,CAAC;QAAEC,KAAK,EAAEE,mBAAa;QAAEL,GAAG;QAAEC;MAAM,CAAC,CAAC;MACzD,IAAI,CAACG,eAAe,CAAC,CAAC;IACxB,CAAC,CAAC;EACJ;EAEAF,cAAcA,CAACI,OAAO,EAAE;IACtB,IAAI,CAACd,WAAW,GAAGc,OAAO;EAC5B;EAEAC,YAAYA,CAAA,EAAqB;IAC/B,OAAO,IAAI,CAAChB,UAAU;EACxB;EAEAiB,oBAAoBA,CAAA,EAAqB;IACvC,OAAO,IAAI,CAACf,cAAc;EAC5B;EAEA,MAAMW,eAAeA,CAAA,EAAuB;IAC1C,MAAM;MAAEK,kBAAkB;MAAEC;IAAQ,CAAC,GAAG,IAAI,CAACrB,IAAI,CAACiB,OAAO;IAEzD,MAAMK,GAAG,GAAIC,MAAM,IAAK;MACtB,MAAM;QAAET,KAAK;QAAEH,GAAG;QAAEC;MAAM,CAAC,GAAG,IAAI,CAACT,WAAW;MAC9C,IAAAqB,gBAAU,EAAC,CAAC,CAACC,KAAK,CAAC,uCAAuCX,KAAK,WAAWS,MAAM,EAAE,CAAC;MACnF,IAAAC,gBAAU,EAAC,CAAC,CAACF,GAAG,CAACX,GAAG,EAAEC,KAAK,CAAC;MAC5B,IAAAY,gBAAU,EAAC,CAAC,CAACF,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAACpB,UAAU,CAAC;MACtD,IAAAsB,gBAAU,EAAC,CAAC,CAACE,QAAQ,CAAC,CAAC;;MAEvB;MACA,IAAI,CAACvB,WAAW,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,MAAMwB,mBAAmB,GAAIC,SAAS,IAAK;MACzC,IAAIrE,eAAe,CAAC,IAAI,CAAC2C,UAAU,EAAE0B,SAAS,CAAC,EAAE;QAC/CP,OAAO,IAAIC,GAAG,CAAC,WAAW,CAAC;QAC3B;MACF;MACA,IAAI,CAAClB,cAAc,GAAG,IAAI,CAACF,UAAU;MACrC,IAAI,CAACA,UAAU,GAAG0B,SAAS;MAC3B;MACA,IAAI,CAAC5B,IAAI,CAACF,OAAO,CAAC+B,IAAI,CAACxE,uBAAuB,EAAE;QAAE,GAAGuE;MAAU,CAAC,CAAC;MACjEP,OAAO,IAAIC,GAAG,CAAC,SAAS,CAAC;IAC3B,CAAC;IAED,MAAMQ,YAAY,GAAIC,WAAW,IAAK;MACpC,OAAO,IAAI,CAAC9B,QAAQ,CAAC9C,sBAAsB,CAAC+B,IAAI,CAAC,MAAM;QACrD,MAAM8C,UAAU,GAAG,IAAI,CAAC/B,QAAQ,CAAC9C,sBAAsB;QACvD,IAAI6E,UAAU,IAAIA,UAAU,KAAKD,WAAW,EAAE;UAC5C,OAAOD,YAAY,CAACE,UAAU,CAAC;QACjC;QACA,OAAO,IAAI,CAACd,YAAY,CAAC,CAAC;MAC5B,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAACjB,QAAQ,CAAC9C,sBAAsB,EAAE;MACxC,IAAI,IAAI,CAAC8C,QAAQ,CAAC7C,aAAa,IAAIE,wBAAwB,EAAE;QAC3D;QACA;QACA+D,OAAO,IAAIC,GAAG,CAAC,YAAY,CAAC;QAC5B,OAAOQ,YAAY,CAAC,IAAI,CAAC7B,QAAQ,CAAC9C,sBAAsB,CAAC;MAC3D,CAAC,MAAM;QACL,IAAI,CAAC8C,QAAQ,CAAC9C,sBAAsB,CAACmC,MAAM,CAAC,CAAC;MAC/C;IACF;;IAEA;IACA,MAAM2C,iBAAiB,GAAG,IAAIjE,iBAAiB,CAAC,CAACS,OAAO,EAAEyD,CAAC,EAAEpD,QAAQ,KAAK;MACxEA,QAAQ,CAAC,MAAM;QACb,IAAI,CAACmB,QAAQ,CAAC9C,sBAAsB,GAAG,IAAI;QAC3C,IAAI,CAAC8C,QAAQ,CAAC7C,aAAa,GAAG,IAAI,CAAC6C,QAAQ,CAAC7C,aAAa,GAAG,CAAC;QAC7DiE,OAAO,IAAIC,GAAG,CAAC,UAAU,CAAC;MAC5B,CAAC,CAAC;MAEF,MAAMa,cAAc,GAAIP,SAAS,IAAK;QACpC,IAAIK,iBAAiB,CAACzC,UAAU,EAAE;UAChCf,OAAO,CAAC2D,SAAS,CAAC;UAClB;QACF;QACA;QACAT,mBAAmB,CAACC,SAAS,CAAC;QAC9BnD,OAAO,CAAC2D,SAAS,CAAC;;QAElB;QACA,IAAI,CAACnC,QAAQ,GAAG;UAAE,GAAG/C;QAAgB,CAAC;MACxC,CAAC;MAED,IAAI,CAAC8C,IAAI,CAACtC,eAAe,CAAC,CAAC,CACxBwB,IAAI,CAAExB,eAAe,IAAK;QACzB,IAAIuE,iBAAiB,CAACzC,UAAU,EAAE;UAChCf,OAAO,CAAC2D,SAAS,CAAC;UAClB;QACF;QAEA,MAAM;UAAEtE,WAAW;UAAED,OAAO;UAAEwE;QAAa,CAAC,GAAG,IAAI,CAACrC,IAAI,CAACQ,YAAY,CAAC8B,aAAa,CAAC,CAAC;QACrF,MAAMV,SAAS,GAAG;UAChB9D,WAAW;UACXD,OAAO;UACPwE,YAAY;UACZ3E;QACF,CAAC;;QAED;QACA,MAAMQ,OAA2B,GAAGkD,kBAAkB,GAClD,IAAI,CAACf,eAAe,CAACrB,IAAI,CAACoC,kBAAkB,EAAE,IAAI,EAAE,IAAI,CAACpB,IAAI,EAAE4B,SAAS,CAAC,GACzEpD,OAAO,CAACC,OAAO,CAACmD,SAAS,CAAC;QAE9B1D,OAAO,CACJgB,IAAI,CAAC0C,SAAS,IAAIO,cAAc,CAACP,SAAS,CAAC,CAAC,CAC5CxC,KAAK,CAACrB,KAAK,IAAIoE,cAAc,CAAC;UAC7BrE,WAAW;UACXD,OAAO;UACPwE,YAAY;UACZ3E,eAAe,EAAE,KAAK;UACtBK;QACF,CAAC,CAAC,CAAC;MACP,CAAC,CAAC;IACN,CAAC,CAAC;IACF;IACA,IAAI,CAACkC,QAAQ,CAAC9C,sBAAsB,GAAG8E,iBAAiB;IAExD,OAAOH,YAAY,CAACG,iBAAiB,CAAC;EACxC;EAEAM,SAASA,CAACxD,OAAO,EAAQ;IACvB,IAAI,CAACiB,IAAI,CAACF,OAAO,CAACW,EAAE,CAACpD,uBAAuB,EAAE0B,OAAO,CAAC;EACxD;EAEAyD,WAAWA,CAACzD,OAAQ,EAAQ;IAC1B,IAAI,CAACiB,IAAI,CAACF,OAAO,CAAC2C,GAAG,CAACpF,uBAAuB,EAAE0B,OAAO,CAAC;EACzD;AACF;AAAC9B,OAAA,CAAA2C,gBAAA,GAAAA,gBAAA","ignoreList":[]}
|
|
@@ -20,7 +20,7 @@ var _features = require("../features");
|
|
|
20
20
|
class OktaUserAgent {
|
|
21
21
|
constructor() {
|
|
22
22
|
// add base sdk env
|
|
23
|
-
this.environments = [`okta-auth-js/${"8.0.
|
|
23
|
+
this.environments = [`okta-auth-js/${"8.0.1"}`];
|
|
24
24
|
this.maybeAddNodeEnvironment();
|
|
25
25
|
}
|
|
26
26
|
addEnvironment(env) {
|
|
@@ -32,7 +32,7 @@ class OktaUserAgent {
|
|
|
32
32
|
};
|
|
33
33
|
}
|
|
34
34
|
getVersion() {
|
|
35
|
-
return "8.0.
|
|
35
|
+
return "8.0.1";
|
|
36
36
|
}
|
|
37
37
|
maybeAddNodeEnvironment() {
|
|
38
38
|
if ((0, _features.isBrowser)() || !process || !process.versions) {
|
|
@@ -18,14 +18,18 @@ class WebauthnEnrollment extends _Authenticator.Authenticator {
|
|
|
18
18
|
const {
|
|
19
19
|
credentials,
|
|
20
20
|
clientData,
|
|
21
|
-
attestation
|
|
21
|
+
attestation,
|
|
22
|
+
transports
|
|
22
23
|
} = values;
|
|
23
24
|
if (!credentials && !clientData && !attestation) {
|
|
24
25
|
return;
|
|
25
26
|
}
|
|
26
27
|
return credentials || {
|
|
27
28
|
clientData,
|
|
28
|
-
attestation
|
|
29
|
+
attestation,
|
|
30
|
+
...(transports && {
|
|
31
|
+
transports
|
|
32
|
+
})
|
|
29
33
|
};
|
|
30
34
|
}
|
|
31
35
|
getInputs() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WebauthnEnrollment.js","names":["_Authenticator","require","WebauthnEnrollment","Authenticator","canVerify","values","credentials","obj","clientData","attestation","mapCredentials","getInputs","name","type","required","visible","label","exports"],"sources":["../../../../lib/idx/authenticator/WebauthnEnrollment.ts"],"sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnEnrollValues {\n clientData?: string;\n attestation?: string;\n credentials?: Credentials;\n}\n\nexport class WebauthnEnrollment extends Authenticator<WebauthnEnrollValues> {\n canVerify(values: WebauthnEnrollValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, attestation } = obj;\n return !!(clientData && attestation);\n }\n\n mapCredentials(values: WebauthnEnrollValues): Credentials | undefined {\n const { credentials, clientData, attestation } = values;\n if (!credentials && !clientData && !attestation) {\n return;\n }\n return credentials || ({\n clientData,\n attestation
|
|
1
|
+
{"version":3,"file":"WebauthnEnrollment.js","names":["_Authenticator","require","WebauthnEnrollment","Authenticator","canVerify","values","credentials","obj","clientData","attestation","mapCredentials","transports","getInputs","name","type","required","visible","label","exports"],"sources":["../../../../lib/idx/authenticator/WebauthnEnrollment.ts"],"sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnEnrollValues {\n id?: string;\n clientData?: string;\n attestation?: string;\n credentials?: Credentials;\n transports?: string;\n}\n\nexport class WebauthnEnrollment extends Authenticator<WebauthnEnrollValues> {\n canVerify(values: WebauthnEnrollValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, attestation } = obj;\n return !!(clientData && attestation);\n }\n\n mapCredentials(values: WebauthnEnrollValues): Credentials | undefined {\n const { credentials, clientData, attestation, transports } = values;\n if (!credentials && !clientData && !attestation) {\n return;\n }\n return credentials || ({\n clientData,\n attestation,\n ...(transports && { transports }),\n });\n }\n\n getInputs() {\n return [\n { name: 'clientData', type: 'string', required: true, visible: false, label: 'Client Data' },\n { name: 'attestation', type: 'string', required: true, visible: false, label: 'Attestation' },\n ];\n }\n}\n"],"mappings":";;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAUO,MAAMC,kBAAkB,SAASC,4BAAa,CAAuB;EAC1EC,SAASA,CAACC,MAA4B,EAAE;IACtC,MAAM;MAAEC;IAAY,CAAC,GAAGD,MAAM;IAC9B,MAAME,GAAG,GAAGD,WAAW,IAAID,MAAM;IACjC,MAAM;MAAEG,UAAU;MAAEC;IAAY,CAAC,GAAGF,GAAG;IACvC,OAAO,CAAC,EAAEC,UAAU,IAAIC,WAAW,CAAC;EACtC;EAEAC,cAAcA,CAACL,MAA4B,EAA2B;IACpE,MAAM;MAAEC,WAAW;MAAEE,UAAU;MAAEC,WAAW;MAAEE;IAAW,CAAC,GAAGN,MAAM;IACnE,IAAI,CAACC,WAAW,IAAI,CAACE,UAAU,IAAI,CAACC,WAAW,EAAE;MAC/C;IACF;IACA,OAAOH,WAAW,IAAK;MACrBE,UAAU;MACVC,WAAW;MACX,IAAIE,UAAU,IAAI;QAAEA;MAAW,CAAC;IAClC,CAAE;EACJ;EAEAC,SAASA,CAAA,EAAG;IACV,OAAO,CACL;MAAEC,IAAI,EAAE,YAAY;MAAEC,IAAI,EAAE,QAAQ;MAAEC,QAAQ,EAAE,IAAI;MAAEC,OAAO,EAAE,KAAK;MAAEC,KAAK,EAAE;IAAc,CAAC,EAC5F;MAAEJ,IAAI,EAAE,aAAa;MAAEC,IAAI,EAAE,QAAQ;MAAEC,QAAQ,EAAE,IAAI;MAAEC,OAAO,EAAE,KAAK;MAAEC,KAAK,EAAE;IAAc,CAAC,CAC9F;EACH;AACF;AAACC,OAAA,CAAAhB,kBAAA,GAAAA,kBAAA","ignoreList":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WebauthnVerification.js","names":["_Authenticator","require","WebauthnVerification","Authenticator","canVerify","values","credentials","obj","clientData","authenticatorData","signatureData","mapCredentials","getInputs","name","type","label","required","visible","exports"],"sources":["../../../../lib/idx/authenticator/WebauthnVerification.ts"],"sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnVerificationValues {\n clientData?: string;\n authenticatorData?: string;\n signatureData?: string;\n credentials?: Credentials;\n}\n\nexport class WebauthnVerification extends Authenticator<WebauthnVerificationValues> {\n canVerify(values: WebauthnVerificationValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, authenticatorData, signatureData } = obj;\n return !!(clientData && authenticatorData && signatureData);\n }\n\n mapCredentials(values: WebauthnVerificationValues): Credentials | undefined {\n const { credentials, authenticatorData, clientData, signatureData } = values;\n if (!credentials && !authenticatorData && !clientData && !signatureData) {\n return;\n }\n return credentials || ({\n authenticatorData,\n clientData,\n signatureData\n });\n }\n\n getInputs() {\n return [\n { name: 'authenticatorData', type: 'string', label: 'Authenticator Data', required: true, visible: false },\n { name: 'clientData', type: 'string', label: 'Client Data', required: true, visible: false },\n { name: 'signatureData', type: 'string', label: 'Signature Data', required: true, visible: false },\n ];\n }\n}\n"],"mappings":";;;AAAA,IAAAA,cAAA,GAAAC,OAAA;
|
|
1
|
+
{"version":3,"file":"WebauthnVerification.js","names":["_Authenticator","require","WebauthnVerification","Authenticator","canVerify","values","credentials","obj","clientData","authenticatorData","signatureData","mapCredentials","getInputs","name","type","label","required","visible","exports"],"sources":["../../../../lib/idx/authenticator/WebauthnVerification.ts"],"sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnVerificationValues {\n id?: string;\n clientData?: string;\n authenticatorData?: string;\n signatureData?: string;\n credentials?: Credentials;\n}\n\nexport class WebauthnVerification extends Authenticator<WebauthnVerificationValues> {\n canVerify(values: WebauthnVerificationValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, authenticatorData, signatureData } = obj;\n return !!(clientData && authenticatorData && signatureData);\n }\n\n mapCredentials(values: WebauthnVerificationValues): Credentials | undefined {\n const { credentials, authenticatorData, clientData, signatureData } = values;\n if (!credentials && !authenticatorData && !clientData && !signatureData) {\n return;\n }\n return credentials || ({\n authenticatorData,\n clientData,\n signatureData\n });\n }\n\n getInputs() {\n return [\n { name: 'authenticatorData', type: 'string', label: 'Authenticator Data', required: true, visible: false },\n { name: 'clientData', type: 'string', label: 'Client Data', required: true, visible: false },\n { name: 'signatureData', type: 'string', label: 'Signature Data', required: true, visible: false },\n ];\n }\n}\n"],"mappings":";;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAUO,MAAMC,oBAAoB,SAASC,4BAAa,CAA6B;EAClFC,SAASA,CAACC,MAAkC,EAAE;IAC5C,MAAM;MAAEC;IAAY,CAAC,GAAGD,MAAM;IAC9B,MAAME,GAAG,GAAGD,WAAW,IAAID,MAAM;IACjC,MAAM;MAAEG,UAAU;MAAEC,iBAAiB;MAAEC;IAAc,CAAC,GAAGH,GAAG;IAC5D,OAAO,CAAC,EAAEC,UAAU,IAAIC,iBAAiB,IAAIC,aAAa,CAAC;EAC7D;EAEAC,cAAcA,CAACN,MAAkC,EAA2B;IAC1E,MAAM;MAAEC,WAAW;MAAEG,iBAAiB;MAAED,UAAU;MAAEE;IAAc,CAAC,GAAGL,MAAM;IAC5E,IAAI,CAACC,WAAW,IAAI,CAACG,iBAAiB,IAAI,CAACD,UAAU,IAAI,CAACE,aAAa,EAAE;MACvE;IACF;IACA,OAAOJ,WAAW,IAAK;MACrBG,iBAAiB;MACjBD,UAAU;MACVE;IACF,CAAE;EACJ;EAEAE,SAASA,CAAA,EAAG;IACV,OAAO,CACL;MAAEC,IAAI,EAAE,mBAAmB;MAAEC,IAAI,EAAE,QAAQ;MAAEC,KAAK,EAAE,oBAAoB;MAAEC,QAAQ,EAAE,IAAI;MAAEC,OAAO,EAAE;IAAM,CAAC,EAC1G;MAAEJ,IAAI,EAAE,YAAY;MAAEC,IAAI,EAAE,QAAQ;MAAEC,KAAK,EAAE,aAAa;MAAEC,QAAQ,EAAE,IAAI;MAAEC,OAAO,EAAE;IAAM,CAAC,EAC5F;MAAEJ,IAAI,EAAE,eAAe;MAAEC,IAAI,EAAE,QAAQ;MAAEC,KAAK,EAAE,gBAAgB;MAAEC,QAAQ,EAAE,IAAI;MAAEC,OAAO,EAAE;IAAM,CAAC,CACnG;EACH;AACF;AAACC,OAAA,CAAAhB,oBAAA,GAAAA,oBAAA","ignoreList":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"idx-js.js","names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"sources":["../../../../lib/idx/types/idx-js.ts"],"sourcesContent":["/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n challenge: string; \n userVerification: string; \n extensions?: {\n appid: string;\n };\n rpId?: string;\n}\nexport interface ActivationData {\n challenge: string;\n rp: {\n name: string;\n id?: string;\n };\n user: {\n id: string;\n name: string;\n displayName: string;\n };\n pubKeyCredParams: {\n type: string;\n alg: number;\n }[];\n attestation?: string;\n authenticatorSelection?: {\n userVerification?: string;\n authenticatorAttachment?: string;\n requireResidentKey?: boolean;\n residentKey?: string;\n };\n excludeCredentials?: {\n id: string;\n type: string;\n }[];\n}\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: {\n enrolledQuestion?: {\n question: string;\n questionKey: string;\n };\n qrcode?: { \n href: string; \n method: string; \n type: string; \n };\n sharedSecret?: string;\n questions?: {\n questionKey: string;\n question: string;\n }[];\n questionKeys?: string[];\n selectedChannel?: string;\n activationData?: ActivationData;\n challengeData?: ChallengeData;\n };\n credentialId?: string;\n enrollmentId?: string;\n profile?: Record<string, unknown>;\n resend?: Record<string, unknown>;\n poll?: Record<string, unknown>;\n recover?: Record<string, unknown>;\n deviceKnown?: boolean;\n nickname?: string;\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | {form: IdxForm} | Input[];\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValueForm {\n form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n visible?: boolean;\n mutable?: boolean;\n value?: string | IdxRemediationValueForm;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n accepts?: string;\n produces?: string;\n refresh?: number;\n rel?: string[];\n action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n version: string;\n stateHandle: string;\n expiresAt: string;\n intent: string;\n currentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment: {\n type: string;\n value: IdxAuthenticator;\n };\n authenticators: {\n type: string;\n value: IdxAuthenticator[];\n };\n authenticatorEnrollments: {\n type: string;\n value: IdxAuthenticator[];\n };\n enrollmentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n user?: {\n type: string;\n value: Record<string, unknown>;\n };\n uiDisplay?: IdxContextUIDisplay\n app: {\n type: string;\n value: Record<string, unknown>;\n };\n messages?: IdxMessages;\n success?: IdxRemediation;\n failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n type: string;\n value: {\n label?: string;\n buttonLabel?: string;\n }\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n success?: boolean;\n successWithInteractionCode?: IdxRemediation;\n currentAuthenticator?: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment?: {\n type: string;\n value: IdxAuthenticator;\n };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n interactionHandle?: string;\n withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n (params: IdxActionParams): Promise<IdxResponse>;\n neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: IdxToPersist;\n context?: IdxContext;\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;;
|
|
1
|
+
{"version":3,"file":"idx-js.js","names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"sources":["../../../../lib/idx/types/idx-js.ts"],"sourcesContent":["/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n challenge: string; \n userVerification: string; \n extensions?: {\n appid: string;\n };\n rpId?: string;\n hints?: string[];\n}\nexport interface ActivationData {\n challenge: string;\n rp: {\n name: string;\n id?: string;\n };\n user: {\n id: string;\n name: string;\n displayName: string;\n };\n pubKeyCredParams: {\n type: string;\n alg: number;\n }[];\n attestation?: string;\n authenticatorSelection?: {\n userVerification?: string;\n authenticatorAttachment?: string;\n requireResidentKey?: boolean;\n residentKey?: string;\n };\n excludeCredentials?: {\n id: string;\n type: string;\n }[];\n hints?: string[];\n}\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: {\n enrolledQuestion?: {\n question: string;\n questionKey: string;\n };\n qrcode?: { \n href: string; \n method: string; \n type: string; \n };\n sharedSecret?: string;\n questions?: {\n questionKey: string;\n question: string;\n }[];\n questionKeys?: string[];\n selectedChannel?: string;\n activationData?: ActivationData;\n challengeData?: ChallengeData;\n };\n credentialId?: string;\n transports?: string[];\n enrollmentId?: string;\n profile?: Record<string, unknown>;\n resend?: Record<string, unknown>;\n poll?: Record<string, unknown>;\n recover?: Record<string, unknown>;\n deviceKnown?: boolean;\n nickname?: string;\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | {form: IdxForm} | Input[];\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValueForm {\n form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n visible?: boolean;\n mutable?: boolean;\n value?: string | IdxRemediationValueForm;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n accepts?: string;\n produces?: string;\n refresh?: number;\n rel?: string[];\n action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n version: string;\n stateHandle: string;\n expiresAt: string;\n intent: string;\n currentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment: {\n type: string;\n value: IdxAuthenticator;\n };\n authenticators: {\n type: string;\n value: IdxAuthenticator[];\n };\n authenticatorEnrollments: {\n type: string;\n value: IdxAuthenticator[];\n };\n enrollmentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n user?: {\n type: string;\n value: Record<string, unknown>;\n };\n uiDisplay?: IdxContextUIDisplay\n app: {\n type: string;\n value: Record<string, unknown>;\n };\n messages?: IdxMessages;\n success?: IdxRemediation;\n failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n type: string;\n value: {\n label?: string;\n buttonLabel?: string;\n }\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n success?: boolean;\n successWithInteractionCode?: IdxRemediation;\n currentAuthenticator?: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment?: {\n type: string;\n value: IdxAuthenticator;\n };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n interactionHandle?: string;\n withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n (params: IdxActionParams): Promise<IdxResponse>;\n neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: IdxToPersist;\n context?: IdxContext;\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;;AA0MA;;AAuBO,SAASA,gBAAgBA,CAACC,GAAQ,EAAyB;EAChE,OAAOA,GAAG,IAAIA,GAAG,CAACC,OAAO;AAC3B;AAgCO,SAASC,aAAaA,CAACF,GAAQ,EAAsB;EAC1D,OAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAW,CAAC;AACjD","ignoreList":[]}
|
package/cjs/idx/webauthn.js
CHANGED
|
@@ -19,10 +19,16 @@ const getEnrolledCredentials = (authenticatorEnrollments = []) => {
|
|
|
19
19
|
const credentials = [];
|
|
20
20
|
authenticatorEnrollments.forEach(enrollement => {
|
|
21
21
|
if (enrollement.key === 'webauthn') {
|
|
22
|
-
|
|
22
|
+
const credential = {
|
|
23
23
|
type: 'public-key',
|
|
24
24
|
id: (0, _base.base64UrlToBuffer)(enrollement.credentialId)
|
|
25
|
-
}
|
|
25
|
+
};
|
|
26
|
+
// transports may be at top-level or nested under profile
|
|
27
|
+
const transports = enrollement.transports ?? enrollement.profile?.transports;
|
|
28
|
+
if (Array.isArray(transports)) {
|
|
29
|
+
credential.transports = transports;
|
|
30
|
+
}
|
|
31
|
+
credentials.push(credential);
|
|
26
32
|
}
|
|
27
33
|
});
|
|
28
34
|
return credentials;
|
|
@@ -43,7 +49,10 @@ const buildCredentialCreationOptions = (activationData, authenticatorEnrollments
|
|
|
43
49
|
pubKeyCredParams: activationData.pubKeyCredParams,
|
|
44
50
|
attestation: activationData.attestation,
|
|
45
51
|
authenticatorSelection: activationData.authenticatorSelection,
|
|
46
|
-
excludeCredentials: getEnrolledCredentials(authenticatorEnrollments)
|
|
52
|
+
excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),
|
|
53
|
+
...(activationData.hints && {
|
|
54
|
+
hints: activationData.hints
|
|
55
|
+
})
|
|
47
56
|
}
|
|
48
57
|
};
|
|
49
58
|
};
|
|
@@ -59,6 +68,9 @@ const buildCredentialRequestOptions = (challengeData, authenticatorEnrollments)
|
|
|
59
68
|
allowCredentials: getEnrolledCredentials(authenticatorEnrollments),
|
|
60
69
|
...(challengeData.rpId && {
|
|
61
70
|
rpId: challengeData.rpId
|
|
71
|
+
}),
|
|
72
|
+
...(challengeData.hints && {
|
|
73
|
+
hints: challengeData.hints
|
|
62
74
|
})
|
|
63
75
|
}
|
|
64
76
|
};
|
|
@@ -72,11 +84,17 @@ const getAttestation = credential => {
|
|
|
72
84
|
const id = credential.id;
|
|
73
85
|
const clientData = (0, _base.bufferToBase64Url)(response.clientDataJSON);
|
|
74
86
|
const attestation = (0, _base.bufferToBase64Url)(response.attestationObject);
|
|
75
|
-
|
|
87
|
+
// getTransports() is a newer WebAuthn API not yet in all TS type definitions
|
|
88
|
+
const getTransportsFn = response.getTransports;
|
|
89
|
+
const result = {
|
|
76
90
|
id,
|
|
77
91
|
clientData,
|
|
78
92
|
attestation
|
|
79
93
|
};
|
|
94
|
+
if (typeof getTransportsFn === 'function') {
|
|
95
|
+
result.transports = JSON.stringify(getTransportsFn.call(response));
|
|
96
|
+
}
|
|
97
|
+
return result;
|
|
80
98
|
};
|
|
81
99
|
|
|
82
100
|
// Build assertion for webauthn verification
|
package/cjs/idx/webauthn.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webauthn.js","names":["_base","require","getEnrolledCredentials","authenticatorEnrollments","credentials","forEach","enrollement","key","
|
|
1
|
+
{"version":3,"file":"webauthn.js","names":["_base","require","getEnrolledCredentials","authenticatorEnrollments","credentials","forEach","enrollement","key","credential","type","id","base64UrlToBuffer","credentialId","transports","profile","Array","isArray","push","buildCredentialCreationOptions","activationData","publicKey","rp","user","name","displayName","challenge","pubKeyCredParams","attestation","authenticatorSelection","excludeCredentials","hints","exports","buildCredentialRequestOptions","challengeData","userVerification","allowCredentials","rpId","getAttestation","response","clientData","bufferToBase64Url","clientDataJSON","attestationObject","getTransportsFn","getTransports","result","JSON","stringify","call","getAssertion","authenticatorData","signatureData","signature"],"sources":["../../../lib/idx/webauthn.ts"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { base64UrlToBuffer, bufferToBase64Url } from '../crypto/base64';\nimport {\n ActivationData,\n ChallengeData,\n IdxAuthenticator,\n WebauthnEnrollValues,\n WebauthnVerificationValues,\n} from './types';\n\n\n// Get known credentials from list of enrolled authenticators\nconst getEnrolledCredentials = (authenticatorEnrollments: IdxAuthenticator[] = []) => {\n const credentials: PublicKeyCredentialDescriptor[] = [];\n authenticatorEnrollments.forEach((enrollement) => {\n if (enrollement.key === 'webauthn') {\n const credential: PublicKeyCredentialDescriptor = {\n type: 'public-key',\n id: base64UrlToBuffer(enrollement.credentialId),\n };\n // transports may be at top-level or nested under profile\n const transports = enrollement.transports\n ?? (enrollement.profile as Record<string, unknown> | undefined)?.transports;\n if (Array.isArray(transports)) {\n credential.transports = transports as AuthenticatorTransport[];\n }\n credentials.push(credential);\n }\n });\n return credentials;\n};\n\n// Build options for navigator.credentials.create\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create\nexport const buildCredentialCreationOptions = (\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n return {\n publicKey: {\n rp: activationData.rp,\n user: {\n id: base64UrlToBuffer(activationData.user.id),\n name: activationData.user.name,\n displayName: activationData.user.displayName\n },\n challenge: base64UrlToBuffer(activationData.challenge),\n pubKeyCredParams: activationData.pubKeyCredParams,\n attestation: activationData.attestation,\n authenticatorSelection: activationData.authenticatorSelection,\n excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),\n ...(activationData.hints && { hints: activationData.hints }),\n }\n } as CredentialCreationOptions;\n};\n\n\n// Build options for navigator.credentials.get\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get\nexport const buildCredentialRequestOptions = (\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n return {\n publicKey: {\n challenge: base64UrlToBuffer(challengeData.challenge),\n userVerification: challengeData.userVerification,\n allowCredentials: getEnrolledCredentials(authenticatorEnrollments),\n ...(challengeData.rpId && { rpId: challengeData.rpId }),\n ...(challengeData.hints && { hints: challengeData.hints }),\n }\n } as CredentialRequestOptions;\n};\n\n// Build attestation for webauthn enroll\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse\nexport const getAttestation = (credential: PublicKeyCredential): WebauthnEnrollValues => {\n const response = credential.response as AuthenticatorAttestationResponse;\n const id = credential.id;\n const clientData = bufferToBase64Url(response.clientDataJSON);\n const attestation = bufferToBase64Url(response.attestationObject);\n // getTransports() is a newer WebAuthn API not yet in all TS type definitions\n const getTransportsFn = (response as any).getTransports;\n const result: WebauthnEnrollValues = {\n id,\n clientData,\n attestation,\n };\n if (typeof getTransportsFn === 'function') {\n result.transports = JSON.stringify(getTransportsFn.call(response));\n }\n return result;\n};\n\n// Build assertion for webauthn verification\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse\nexport const getAssertion = (credential: PublicKeyCredential): WebauthnVerificationValues => {\n const response = credential.response as AuthenticatorAssertionResponse;\n const id = credential.id;\n const clientData = bufferToBase64Url(response.clientDataJSON);\n const authenticatorData = bufferToBase64Url(response.authenticatorData);\n const signatureData = bufferToBase64Url(response.signature);\n return {\n id,\n clientData,\n authenticatorData,\n signatureData\n };\n};\n"],"mappings":";;;AAYA,IAAAA,KAAA,GAAAC,OAAA;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAYA;AACA,MAAMC,sBAAsB,GAAGA,CAACC,wBAA4C,GAAG,EAAE,KAAK;EACpF,MAAMC,WAA4C,GAAG,EAAE;EACvDD,wBAAwB,CAACE,OAAO,CAAEC,WAAW,IAAK;IAChD,IAAIA,WAAW,CAACC,GAAG,KAAK,UAAU,EAAE;MAClC,MAAMC,UAAyC,GAAG;QAChDC,IAAI,EAAE,YAAY;QAClBC,EAAE,EAAE,IAAAC,uBAAiB,EAACL,WAAW,CAACM,YAAY;MAChD,CAAC;MACD;MACA,MAAMC,UAAU,GAAGP,WAAW,CAACO,UAAU,IACnCP,WAAW,CAACQ,OAAO,EAA0CD,UAAU;MAC7E,IAAIE,KAAK,CAACC,OAAO,CAACH,UAAU,CAAC,EAAE;QAC7BL,UAAU,CAACK,UAAU,GAAGA,UAAsC;MAChE;MACAT,WAAW,CAACa,IAAI,CAACT,UAAU,CAAC;IAC9B;EACF,CAAC,CAAC;EACF,OAAOJ,WAAW;AACpB,CAAC;;AAED;AACA;AACO,MAAMc,8BAA8B,GAAGA,CAC5CC,cAA8B,EAAEhB,wBAA4C,KACzE;EACH,OAAO;IACLiB,SAAS,EAAE;MACTC,EAAE,EAAEF,cAAc,CAACE,EAAE;MACrBC,IAAI,EAAE;QACJZ,EAAE,EAAE,IAAAC,uBAAiB,EAACQ,cAAc,CAACG,IAAI,CAACZ,EAAE,CAAC;QAC7Ca,IAAI,EAAEJ,cAAc,CAACG,IAAI,CAACC,IAAI;QAC9BC,WAAW,EAAEL,cAAc,CAACG,IAAI,CAACE;MACnC,CAAC;MACDC,SAAS,EAAE,IAAAd,uBAAiB,EAACQ,cAAc,CAACM,SAAS,CAAC;MACtDC,gBAAgB,EAAEP,cAAc,CAACO,gBAAgB;MACjDC,WAAW,EAAER,cAAc,CAACQ,WAAW;MACvCC,sBAAsB,EAAET,cAAc,CAACS,sBAAsB;MAC7DC,kBAAkB,EAAE3B,sBAAsB,CAACC,wBAAwB,CAAC;MACpE,IAAIgB,cAAc,CAACW,KAAK,IAAI;QAAEA,KAAK,EAAEX,cAAc,CAACW;MAAM,CAAC;IAC7D;EACF,CAAC;AACH,CAAC;;AAGD;AACA;AAAAC,OAAA,CAAAb,8BAAA,GAAAA,8BAAA;AACO,MAAMc,6BAA6B,GAAGA,CAC3CC,aAA4B,EAAE9B,wBAA4C,KACvE;EACH,OAAO;IACLiB,SAAS,EAAE;MACTK,SAAS,EAAE,IAAAd,uBAAiB,EAACsB,aAAa,CAACR,SAAS,CAAC;MACrDS,gBAAgB,EAAED,aAAa,CAACC,gBAAgB;MAChDC,gBAAgB,EAAEjC,sBAAsB,CAACC,wBAAwB,CAAC;MAClE,IAAI8B,aAAa,CAACG,IAAI,IAAI;QAAEA,IAAI,EAAEH,aAAa,CAACG;MAAK,CAAC,CAAC;MACvD,IAAIH,aAAa,CAACH,KAAK,IAAI;QAAEA,KAAK,EAAEG,aAAa,CAACH;MAAM,CAAC;IAC3D;EACF,CAAC;AACH,CAAC;;AAED;AACA;AAAAC,OAAA,CAAAC,6BAAA,GAAAA,6BAAA;AACO,MAAMK,cAAc,GAAI7B,UAA+B,IAA2B;EACvF,MAAM8B,QAAQ,GAAG9B,UAAU,CAAC8B,QAA4C;EACxE,MAAM5B,EAAE,GAAGF,UAAU,CAACE,EAAE;EACxB,MAAM6B,UAAU,GAAG,IAAAC,uBAAiB,EAACF,QAAQ,CAACG,cAAc,CAAC;EAC7D,MAAMd,WAAW,GAAG,IAAAa,uBAAiB,EAACF,QAAQ,CAACI,iBAAiB,CAAC;EACjE;EACA,MAAMC,eAAe,GAAIL,QAAQ,CAASM,aAAa;EACvD,MAAMC,MAA4B,GAAG;IACnCnC,EAAE;IACF6B,UAAU;IACVZ;EACF,CAAC;EACD,IAAI,OAAOgB,eAAe,KAAK,UAAU,EAAE;IACzCE,MAAM,CAAChC,UAAU,GAAGiC,IAAI,CAACC,SAAS,CAACJ,eAAe,CAACK,IAAI,CAACV,QAAQ,CAAC,CAAC;EACpE;EACA,OAAOO,MAAM;AACf,CAAC;;AAED;AACA;AAAAd,OAAA,CAAAM,cAAA,GAAAA,cAAA;AACO,MAAMY,YAAY,GAAIzC,UAA+B,IAAiC;EAC3F,MAAM8B,QAAQ,GAAG9B,UAAU,CAAC8B,QAA0C;EACtE,MAAM5B,EAAE,GAAGF,UAAU,CAACE,EAAE;EACxB,MAAM6B,UAAU,GAAG,IAAAC,uBAAiB,EAACF,QAAQ,CAACG,cAAc,CAAC;EAC7D,MAAMS,iBAAiB,GAAG,IAAAV,uBAAiB,EAACF,QAAQ,CAACY,iBAAiB,CAAC;EACvE,MAAMC,aAAa,GAAG,IAAAX,uBAAiB,EAACF,QAAQ,CAACc,SAAS,CAAC;EAC3D,OAAO;IACL1C,EAAE;IACF6B,UAAU;IACVW,iBAAiB;IACjBC;EACF,CAAC;AACH,CAAC;AAACpB,OAAA,CAAAkB,YAAA,GAAAA,YAAA","ignoreList":[]}
|
|
@@ -32,6 +32,8 @@ function validateResponse(res, oauthParams) {
|
|
|
32
32
|
}
|
|
33
33
|
async function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
34
34
|
const pkce = sdk.options.pkce !== false;
|
|
35
|
+
tokenParams = tokenParams || (0, _util2.getDefaultTokenParams)(sdk);
|
|
36
|
+
validateResponse(res, tokenParams);
|
|
35
37
|
|
|
36
38
|
// The result contains an authorization_code and PKCE is enabled
|
|
37
39
|
// `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result
|
|
@@ -41,7 +43,6 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
|
41
43
|
interactionCode: res.interaction_code
|
|
42
44
|
}), urls);
|
|
43
45
|
}
|
|
44
|
-
tokenParams = tokenParams || (0, _util2.getDefaultTokenParams)(sdk);
|
|
45
46
|
urls = urls || (0, _oauth.getOAuthUrls)(sdk, tokenParams);
|
|
46
47
|
let responseType = tokenParams.responseType || [];
|
|
47
48
|
if (!Array.isArray(responseType) && responseType !== 'none') {
|
|
@@ -54,9 +55,6 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
|
54
55
|
scopes = (0, _util.clone)(tokenParams.scopes);
|
|
55
56
|
}
|
|
56
57
|
const clientId = tokenParams.clientId || sdk.options.clientId;
|
|
57
|
-
|
|
58
|
-
// Handling the result from implicit flow or PKCE token exchange
|
|
59
|
-
validateResponse(res, tokenParams);
|
|
60
58
|
if (tokenParams.dpop) {
|
|
61
59
|
const {
|
|
62
60
|
allowBearerTokens
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleOAuthResponse.js","names":["_util","require","_oauth","_errors","_verifyToken","_util2","validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","token","exchangeCodeForTokens","Object","assign","authorizationCode","interactionCode","getDefaultTokenParams","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","dpop","allowBearerTokens","dpopOptions","token_type","tokenDict","expiresIn","expires_in","tokenType","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","expiresAt","Number","authorizeUrl","userinfoUrl","decodeAccessTokens","accessJwt","decode","claims","payload","dpopPairId","extraParams","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","acrValues","ignoreSignature","undefined","verifyToken","indexOf","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n const pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n let responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType) && responseType !== 'none') {\n responseType = [responseType];\n }\n\n let scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n const clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n if (tokenParams.dpop) {\n const { allowBearerTokens } = sdk.options?.dpopOptions ?? { allowBearerTokens: false };\n\n // https://datatracker.ietf.org/doc/html/rfc9449#token-response\n // \"A token_type of DPoP MUST be included in the access token response to signal to the client\"\n if (!allowBearerTokens && res.token_type !== 'DPoP') {\n throw new AuthSdkError('Unable to parse OAuth flow response: DPoP was configured but \"token_type\" was not DPoP');\n }\n }\n\n const tokenDict = {} as Tokens;\n const expiresIn = res.expires_in;\n const tokenType = res.token_type;\n const accessToken = res.access_token;\n const idToken = res.id_token;\n const refreshToken = res.refresh_token;\n const now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n tokenDict.accessToken = {\n accessToken: accessToken,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n\n // backwards compat for < authjs@8.x\n if (sdk.options.decodeAccessTokens) {\n const accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken.claims = accessJwt.payload;\n }\n\n if (tokenParams.dpopPairId) {\n tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.accessToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.refreshToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (idToken) {\n const idJwt = sdk.token.decode(idToken);\n const idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n if (tokenParams.extraParams) {\n idTokenObj.extraParams = tokenParams.extraParams;\n }\n\n const validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken,\n acrValues: tokenParams.acrValues\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code,\n responseType\n };\n \n}"],"mappings":";;;AAeA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAGA,IAAAE,OAAA,GAAAF,OAAA;AAWA,IAAAG,YAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AA/BA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA,SAASK,gBAAgBA,CAACC,GAAkB,EAAEC,WAAwB,EAAE;EACtE,IAAID,GAAG,CAAC,OAAO,CAAC,IAAIA,GAAG,CAAC,mBAAmB,CAAC,EAAE;IAC5C,MAAM,IAAIE,kBAAU,CAACF,GAAG,CAAC,OAAO,CAAC,EAAEA,GAAG,CAAC,mBAAmB,CAAC,CAAC;EAC9D;EAEA,IAAIA,GAAG,CAACG,KAAK,KAAKF,WAAW,CAACE,KAAK,EAAE;IACnC,MAAM,IAAIC,oBAAY,CAAC,wDAAwD,CAAC;EAClF;AACF;AAEO,eAAeC,mBAAmBA,CACvCC,GAA2B,EAC3BC,WAAwB,EACxBP,GAAkB,EAClBQ,IAAiB,EACO;EACxB,MAAMC,IAAI,GAAGH,GAAG,CAACI,OAAO,CAACD,IAAI,KAAK,KAAK;;EAEvC;EACA;EACA,IAAIA,IAAI,KAAKT,GAAG,CAACW,IAAI,IAAIX,GAAG,CAACY,gBAAgB,CAAC,EAAE;IAC9C,OAAON,GAAG,CAACO,KAAK,CAACC,qBAAqB,CAACC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAET,WAAW,EAAE;MACpEU,iBAAiB,EAAEjB,GAAG,CAACW,IAAI;MAC3BO,eAAe,EAAElB,GAAG,CAACY;IACvB,CAAC,CAAC,EAAEJ,IAAI,CAAC;EACX;EAEAD,WAAW,GAAGA,WAAW,IAAI,IAAAY,4BAAqB,EAACb,GAAG,CAAC;EACvDE,IAAI,GAAGA,IAAI,IAAI,IAAAY,mBAAY,EAACd,GAAG,EAAEC,WAAW,CAAC;EAE7C,IAAIc,YAAY,GAAGd,WAAW,CAACc,YAAY,IAAI,EAAE;EACjD,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,YAAY,CAAC,IAAIA,YAAY,KAAK,MAAM,EAAE;IAC3DA,YAAY,GAAG,CAACA,YAAY,CAAC;EAC/B;EAEA,IAAIG,MAAM;EACV,IAAIxB,GAAG,CAACyB,KAAK,EAAE;IACbD,MAAM,GAAGxB,GAAG,CAACyB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC;EAC/B,CAAC,MAAM;IACLF,MAAM,GAAG,IAAAG,WAAK,EAACpB,WAAW,CAACiB,MAAM,CAAC;EACpC;EACA,MAAMI,QAAQ,GAAGrB,WAAW,CAACqB,QAAQ,IAAItB,GAAG,CAACI,OAAO,CAACkB,QAAQ;;EAE7D;EACA7B,gBAAgB,CAACC,GAAG,EAAEO,WAAW,CAAC;EAElC,IAAIA,WAAW,CAACsB,IAAI,EAAE;IACpB,MAAM;MAAEC;IAAkB,CAAC,GAAGxB,GAAG,CAACI,OAAO,EAAEqB,WAAW,IAAI;MAAED,iBAAiB,EAAE;IAAM,CAAC;;IAEtF;IACA;IACA,IAAI,CAACA,iBAAiB,IAAI9B,GAAG,CAACgC,UAAU,KAAK,MAAM,EAAE;MACnD,MAAM,IAAI5B,oBAAY,CAAC,wFAAwF,CAAC;IAClH;EACF;EAEA,MAAM6B,SAAS,GAAG,CAAC,CAAW;EAC9B,MAAMC,SAAS,GAAGlC,GAAG,CAACmC,UAAU;EAChC,MAAMC,SAAS,GAAGpC,GAAG,CAACgC,UAAU;EAChC,MAAMK,WAAW,GAAGrC,GAAG,CAACsC,YAAY;EACpC,MAAMC,OAAO,GAAGvC,GAAG,CAACwC,QAAQ;EAC5B,MAAMC,YAAY,GAAGzC,GAAG,CAAC0C,aAAa;EACtC,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAC,IAAI,CAAC;EAEvC,IAAIN,WAAW,EAAE;IACfJ,SAAS,CAACI,WAAW,GAAG;MACtBA,WAAW,EAAEA,WAAW;MACxBU,SAAS,EAAEC,MAAM,CAACd,SAAS,CAAC,GAAGS,GAAG;MAClCP,SAAS,EAAEA,SAAU;MACrBZ,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCC,WAAW,EAAE1C,IAAI,CAAC0C;IACpB,CAAC;;IAED;IACA,IAAI5C,GAAG,CAACI,OAAO,CAACyC,kBAAkB,EAAE;MAClC,MAAMC,SAAS,GAAG9C,GAAG,CAACO,KAAK,CAACwC,MAAM,CAAChB,WAAW,CAAC;MAC/CJ,SAAS,CAACI,WAAW,CAACiB,MAAM,GAAIF,SAAS,CAACG,OAAO;IACnD;IAEA,IAAIhD,WAAW,CAACiD,UAAU,EAAE;MAC1BvB,SAAS,CAACI,WAAW,CAACmB,UAAU,GAAGjD,WAAW,CAACiD,UAAU;IAC3D;IAEA,IAAIjD,WAAW,CAACkD,WAAW,EAAE;MAC3BxB,SAAS,CAACI,WAAW,CAACoB,WAAW,GAAGlD,WAAW,CAACkD,WAAW;IAC7D;EACF;EAEA,IAAIhB,YAAY,EAAE;IAChBR,SAAS,CAACQ,YAAY,GAAG;MACvBA,YAAY,EAAEA,YAAY;MAC1B;MACA;MACAM,SAAS,EAAEC,MAAM,CAACd,SAAS,CAAC,GAAGS,GAAG;MAClCnB,MAAM,EAAEA,MAAM;MACdkC,QAAQ,EAAElD,IAAI,CAACkD,QAAS;MACxBT,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCU,MAAM,EAAEnD,IAAI,CAACmD;IACf,CAAC;IAED,IAAIpD,WAAW,CAACiD,UAAU,EAAE;MAC1BvB,SAAS,CAACQ,YAAY,CAACe,UAAU,GAAGjD,WAAW,CAACiD,UAAU;IAC5D;IAEA,IAAIjD,WAAW,CAACkD,WAAW,EAAE;MAC3BxB,SAAS,CAACQ,YAAY,CAACgB,WAAW,GAAGlD,WAAW,CAACkD,WAAW;IAC9D;EACF;EAEA,IAAIlB,OAAO,EAAE;IACX,MAAMqB,KAAK,GAAGtD,GAAG,CAACO,KAAK,CAACwC,MAAM,CAACd,OAAO,CAAC;IACvC,MAAMsB,UAAmB,GAAG;MAC1BtB,OAAO,EAAEA,OAAO;MAChBe,MAAM,EAAEM,KAAK,CAACL,OAAO;MACrBR,SAAS,EAAEa,KAAK,CAACL,OAAO,CAACO,GAAG,GAAIF,KAAK,CAACL,OAAO,CAACQ,GAAI,GAAGpB,GAAG;MAAE;MAC1DnB,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCU,MAAM,EAAEnD,IAAI,CAACmD,MAAO;MACpB/B,QAAQ,EAAEA;IACZ,CAAC;IAED,IAAIrB,WAAW,CAACkD,WAAW,EAAE;MAC3BI,UAAU,CAACJ,WAAW,GAAGlD,WAAW,CAACkD,WAAW;IAClD;IAEA,MAAMO,gBAAmC,GAAG;MAC1CpC,QAAQ,EAAEA,QAAS;MACnB+B,MAAM,EAAEnD,IAAI,CAACmD,MAAO;MACpBM,KAAK,EAAE1D,WAAW,CAAC0D,KAAK;MACxB5B,WAAW,EAAEA,WAAW;MACxB6B,SAAS,EAAE3D,WAAW,CAAC2D;IACzB,CAAC;IAED,IAAI3D,WAAW,CAAC4D,eAAe,KAAKC,SAAS,EAAE;MAC7CJ,gBAAgB,CAACG,eAAe,GAAG5D,WAAW,CAAC4D,eAAe;IAChE;IAEA,MAAM,IAAAE,wBAAW,EAAC/D,GAAG,EAAEuD,UAAU,EAAEG,gBAAgB,CAAC;IACpD/B,SAAS,CAACM,OAAO,GAAGsB,UAAU;EAChC;;EAEA;EACA,IAAIxC,YAAY,CAACiD,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAACrC,SAAS,CAACI,WAAW,EAAE;IAClE;IACA,MAAM,IAAIjC,oBAAY,CAAC,+GAA+G,CAAC;EACzI;EACA,IAAIiB,YAAY,CAACiD,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAACrC,SAAS,CAACM,OAAO,EAAE;IACjE;IACA,MAAM,IAAInC,oBAAY,CAAC,8GAA8G,CAAC;EACxI;EAEA,OAAO;IACLmE,MAAM,EAAEtC,SAAS;IACjB9B,KAAK,EAAEH,GAAG,CAACG,KAAM;IACjBQ,IAAI,EAAEX,GAAG,CAACW,IAAI;IACdU;EACF,CAAC;AAEH","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"handleOAuthResponse.js","names":["_util","require","_oauth","_errors","_verifyToken","_util2","validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","getDefaultTokenParams","code","interaction_code","token","exchangeCodeForTokens","Object","assign","authorizationCode","interactionCode","getOAuthUrls","responseType","Array","isArray","scopes","scope","split","clone","clientId","dpop","allowBearerTokens","dpopOptions","token_type","tokenDict","expiresIn","expires_in","tokenType","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","expiresAt","Number","authorizeUrl","userinfoUrl","decodeAccessTokens","accessJwt","decode","claims","payload","dpopPairId","extraParams","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","acrValues","ignoreSignature","undefined","verifyToken","indexOf","tokens"],"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n const pkce = sdk.options.pkce !== false;\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n validateResponse(res, tokenParams);\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n let responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType) && responseType !== 'none') {\n responseType = [responseType];\n }\n\n let scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n const clientId = tokenParams.clientId || sdk.options.clientId;\n\n if (tokenParams.dpop) {\n const { allowBearerTokens } = sdk.options?.dpopOptions ?? { allowBearerTokens: false };\n\n // https://datatracker.ietf.org/doc/html/rfc9449#token-response\n // \"A token_type of DPoP MUST be included in the access token response to signal to the client\"\n if (!allowBearerTokens && res.token_type !== 'DPoP') {\n throw new AuthSdkError('Unable to parse OAuth flow response: DPoP was configured but \"token_type\" was not DPoP');\n }\n }\n\n const tokenDict = {} as Tokens;\n const expiresIn = res.expires_in;\n const tokenType = res.token_type;\n const accessToken = res.access_token;\n const idToken = res.id_token;\n const refreshToken = res.refresh_token;\n const now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n tokenDict.accessToken = {\n accessToken: accessToken,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n\n // backwards compat for < authjs@8.x\n if (sdk.options.decodeAccessTokens) {\n const accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken.claims = accessJwt.payload;\n }\n\n if (tokenParams.dpopPairId) {\n tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.accessToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.refreshToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (idToken) {\n const idJwt = sdk.token.decode(idToken);\n const idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n if (tokenParams.extraParams) {\n idTokenObj.extraParams = tokenParams.extraParams;\n }\n\n const validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken,\n acrValues: tokenParams.acrValues\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code,\n responseType\n };\n \n}"],"mappings":";;;AAeA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAGA,IAAAE,OAAA,GAAAF,OAAA;AAWA,IAAAG,YAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AA/BA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA,SAASK,gBAAgBA,CAACC,GAAkB,EAAEC,WAAwB,EAAE;EACtE,IAAID,GAAG,CAAC,OAAO,CAAC,IAAIA,GAAG,CAAC,mBAAmB,CAAC,EAAE;IAC5C,MAAM,IAAIE,kBAAU,CAACF,GAAG,CAAC,OAAO,CAAC,EAAEA,GAAG,CAAC,mBAAmB,CAAC,CAAC;EAC9D;EAEA,IAAIA,GAAG,CAACG,KAAK,KAAKF,WAAW,CAACE,KAAK,EAAE;IACnC,MAAM,IAAIC,oBAAY,CAAC,wDAAwD,CAAC;EAClF;AACF;AAEO,eAAeC,mBAAmBA,CACvCC,GAA2B,EAC3BC,WAAwB,EACxBP,GAAkB,EAClBQ,IAAiB,EACO;EACxB,MAAMC,IAAI,GAAGH,GAAG,CAACI,OAAO,CAACD,IAAI,KAAK,KAAK;EAEvCF,WAAW,GAAGA,WAAW,IAAI,IAAAI,4BAAqB,EAACL,GAAG,CAAC;EACvDP,gBAAgB,CAACC,GAAG,EAAEO,WAAW,CAAC;;EAElC;EACA;EACA,IAAIE,IAAI,KAAKT,GAAG,CAACY,IAAI,IAAIZ,GAAG,CAACa,gBAAgB,CAAC,EAAE;IAC9C,OAAOP,GAAG,CAACQ,KAAK,CAACC,qBAAqB,CAACC,MAAM,CAACC,MAAM,CAAC,CAAC,CAAC,EAAEV,WAAW,EAAE;MACpEW,iBAAiB,EAAElB,GAAG,CAACY,IAAI;MAC3BO,eAAe,EAAEnB,GAAG,CAACa;IACvB,CAAC,CAAC,EAAEL,IAAI,CAAC;EACX;EAEAA,IAAI,GAAGA,IAAI,IAAI,IAAAY,mBAAY,EAACd,GAAG,EAAEC,WAAW,CAAC;EAE7C,IAAIc,YAAY,GAAGd,WAAW,CAACc,YAAY,IAAI,EAAE;EACjD,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,YAAY,CAAC,IAAIA,YAAY,KAAK,MAAM,EAAE;IAC3DA,YAAY,GAAG,CAACA,YAAY,CAAC;EAC/B;EAEA,IAAIG,MAAM;EACV,IAAIxB,GAAG,CAACyB,KAAK,EAAE;IACbD,MAAM,GAAGxB,GAAG,CAACyB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC;EAC/B,CAAC,MAAM;IACLF,MAAM,GAAG,IAAAG,WAAK,EAACpB,WAAW,CAACiB,MAAM,CAAC;EACpC;EACA,MAAMI,QAAQ,GAAGrB,WAAW,CAACqB,QAAQ,IAAItB,GAAG,CAACI,OAAO,CAACkB,QAAQ;EAE7D,IAAIrB,WAAW,CAACsB,IAAI,EAAE;IACpB,MAAM;MAAEC;IAAkB,CAAC,GAAGxB,GAAG,CAACI,OAAO,EAAEqB,WAAW,IAAI;MAAED,iBAAiB,EAAE;IAAM,CAAC;;IAEtF;IACA;IACA,IAAI,CAACA,iBAAiB,IAAI9B,GAAG,CAACgC,UAAU,KAAK,MAAM,EAAE;MACnD,MAAM,IAAI5B,oBAAY,CAAC,wFAAwF,CAAC;IAClH;EACF;EAEA,MAAM6B,SAAS,GAAG,CAAC,CAAW;EAC9B,MAAMC,SAAS,GAAGlC,GAAG,CAACmC,UAAU;EAChC,MAAMC,SAAS,GAAGpC,GAAG,CAACgC,UAAU;EAChC,MAAMK,WAAW,GAAGrC,GAAG,CAACsC,YAAY;EACpC,MAAMC,OAAO,GAAGvC,GAAG,CAACwC,QAAQ;EAC5B,MAAMC,YAAY,GAAGzC,GAAG,CAAC0C,aAAa;EACtC,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAC,IAAI,CAAC;EAEvC,IAAIN,WAAW,EAAE;IACfJ,SAAS,CAACI,WAAW,GAAG;MACtBA,WAAW,EAAEA,WAAW;MACxBU,SAAS,EAAEC,MAAM,CAACd,SAAS,CAAC,GAAGS,GAAG;MAClCP,SAAS,EAAEA,SAAU;MACrBZ,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCC,WAAW,EAAE1C,IAAI,CAAC0C;IACpB,CAAC;;IAED;IACA,IAAI5C,GAAG,CAACI,OAAO,CAACyC,kBAAkB,EAAE;MAClC,MAAMC,SAAS,GAAG9C,GAAG,CAACQ,KAAK,CAACuC,MAAM,CAAChB,WAAW,CAAC;MAC/CJ,SAAS,CAACI,WAAW,CAACiB,MAAM,GAAIF,SAAS,CAACG,OAAO;IACnD;IAEA,IAAIhD,WAAW,CAACiD,UAAU,EAAE;MAC1BvB,SAAS,CAACI,WAAW,CAACmB,UAAU,GAAGjD,WAAW,CAACiD,UAAU;IAC3D;IAEA,IAAIjD,WAAW,CAACkD,WAAW,EAAE;MAC3BxB,SAAS,CAACI,WAAW,CAACoB,WAAW,GAAGlD,WAAW,CAACkD,WAAW;IAC7D;EACF;EAEA,IAAIhB,YAAY,EAAE;IAChBR,SAAS,CAACQ,YAAY,GAAG;MACvBA,YAAY,EAAEA,YAAY;MAC1B;MACA;MACAM,SAAS,EAAEC,MAAM,CAACd,SAAS,CAAC,GAAGS,GAAG;MAClCnB,MAAM,EAAEA,MAAM;MACdkC,QAAQ,EAAElD,IAAI,CAACkD,QAAS;MACxBT,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCU,MAAM,EAAEnD,IAAI,CAACmD;IACf,CAAC;IAED,IAAIpD,WAAW,CAACiD,UAAU,EAAE;MAC1BvB,SAAS,CAACQ,YAAY,CAACe,UAAU,GAAGjD,WAAW,CAACiD,UAAU;IAC5D;IAEA,IAAIjD,WAAW,CAACkD,WAAW,EAAE;MAC3BxB,SAAS,CAACQ,YAAY,CAACgB,WAAW,GAAGlD,WAAW,CAACkD,WAAW;IAC9D;EACF;EAEA,IAAIlB,OAAO,EAAE;IACX,MAAMqB,KAAK,GAAGtD,GAAG,CAACQ,KAAK,CAACuC,MAAM,CAACd,OAAO,CAAC;IACvC,MAAMsB,UAAmB,GAAG;MAC1BtB,OAAO,EAAEA,OAAO;MAChBe,MAAM,EAAEM,KAAK,CAACL,OAAO;MACrBR,SAAS,EAAEa,KAAK,CAACL,OAAO,CAACO,GAAG,GAAIF,KAAK,CAACL,OAAO,CAACQ,GAAI,GAAGpB,GAAG;MAAE;MAC1DnB,MAAM,EAAEA,MAAM;MACdyB,YAAY,EAAEzC,IAAI,CAACyC,YAAa;MAChCU,MAAM,EAAEnD,IAAI,CAACmD,MAAO;MACpB/B,QAAQ,EAAEA;IACZ,CAAC;IAED,IAAIrB,WAAW,CAACkD,WAAW,EAAE;MAC3BI,UAAU,CAACJ,WAAW,GAAGlD,WAAW,CAACkD,WAAW;IAClD;IAEA,MAAMO,gBAAmC,GAAG;MAC1CpC,QAAQ,EAAEA,QAAS;MACnB+B,MAAM,EAAEnD,IAAI,CAACmD,MAAO;MACpBM,KAAK,EAAE1D,WAAW,CAAC0D,KAAK;MACxB5B,WAAW,EAAEA,WAAW;MACxB6B,SAAS,EAAE3D,WAAW,CAAC2D;IACzB,CAAC;IAED,IAAI3D,WAAW,CAAC4D,eAAe,KAAKC,SAAS,EAAE;MAC7CJ,gBAAgB,CAACG,eAAe,GAAG5D,WAAW,CAAC4D,eAAe;IAChE;IAEA,MAAM,IAAAE,wBAAW,EAAC/D,GAAG,EAAEuD,UAAU,EAAEG,gBAAgB,CAAC;IACpD/B,SAAS,CAACM,OAAO,GAAGsB,UAAU;EAChC;;EAEA;EACA,IAAIxC,YAAY,CAACiD,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAACrC,SAAS,CAACI,WAAW,EAAE;IAClE;IACA,MAAM,IAAIjC,oBAAY,CAAC,+GAA+G,CAAC;EACzI;EACA,IAAIiB,YAAY,CAACiD,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAACrC,SAAS,CAACM,OAAO,EAAE;IACjE;IACA,MAAM,IAAInC,oBAAY,CAAC,8GAA8G,CAAC;EACxI;EAEA,OAAO;IACLmE,MAAM,EAAEtC,SAAS;IACjB9B,KAAK,EAAEH,GAAG,CAACG,KAAM;IACjBS,IAAI,EAAEZ,GAAG,CAACY,IAAI;IACdS;EACF,CAAC;AAEH","ignoreList":[]}
|