@pega/react-sdk-components 8.8.21 → 8.23.11-debug

package/lib/components/helpers/auth.js

@@ -3,64 +3,225 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
-    if (kind === "m") throw new TypeError("Private method is not writable");
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
-    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
-};
-var _PegaAuth_instances, _PegaAuth_config, _PegaAuth_dynState, _PegaAuth_reloadSS, _PegaAuth_reloadConfig, _PegaAuth_updateConfig, _PegaAuth_importSingleLib, _PegaAuth_importNodeLibs, _PegaAuth_buildAuthorizeUrl, _PegaAuth_authCodeStart, _PegaAuth_updateSessionIndex, _PegaAuth_sha256Hash, _PegaAuth_encode64, _PegaAuth_base64UrlSafeEncode, _PegaAuth_getRandomString, _PegaAuth_getCodeChallenge, _PegaAuth_getAgent;
+var _PegaAuth_instances, _PegaAuth_updateConfig, _PegaAuth_buildAuthorizeUrl, _PegaAuth_sha256Hash, _PegaAuth_encode64, _PegaAuth_base64UrlSafeEncode, _PegaAuth_getCodeChallenge;
 class PegaAuth {
-    // Current properties within dynState structure:
-    //  codeVerifier, state, sessionIndex, sessionIndexAttempts, acRedirectUri
-    constructor(ssKeyConfig, ssKeyDynState) {
+    constructor(ssKeyConfig) {
         _PegaAuth_instances.add(this);
-        // The properties within config structure are expected to be more static config values that are then
-        //  used to properly make various OAuth endpoint calls.
-        _PegaAuth_config.set(this, null);
-        // Any dynamic state is stored separately in its own structure.  If a sessionStorage key is passed in
-        //  without a Dynamic State key.
-        _PegaAuth_dynState.set(this, {});
-        if (typeof ssKeyConfig === 'string') {
-            this.ssKeyConfig = ssKeyConfig;
-            this.ssKeyDynState = ssKeyDynState || `${ssKeyConfig}_DS`;
-            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_reloadConfig).call(this);
-        }
-        else {
-            // object with config structure is passed in
-            __classPrivateFieldSet(this, _PegaAuth_config, ssKeyConfig, "f");
-            __classPrivateFieldSet(this, _PegaAuth_dynState, ssKeyDynState, "f");
-        }
-        this.urlencoded = 'application/x-www-form-urlencoded';
-        this.isNode = typeof window === 'undefined';
-        // For isNode path the below attributes are initialized on first method invocation
-        if (!this.isNode) {
-            this.crypto = window.crypto;
-            this.subtle = window.crypto.subtle;
-        }
-        if (Object.keys(__classPrivateFieldGet(this, _PegaAuth_config, "f")).length > 0) {
-            if (!__classPrivateFieldGet(this, _PegaAuth_config, "f").serverType) {
-                __classPrivateFieldGet(this, _PegaAuth_config, "f").serverType = 'infinity';
+        this.ssKeyConfig = ssKeyConfig;
+        this.bEncodeSI = false;
+        this.reloadConfig();
+    }
+    reloadConfig() {
+        const peConfig = window.sessionStorage.getItem(this.ssKeyConfig);
+        let obj = {};
+        if (peConfig) {
+            try {
+                obj = JSON.parse(peConfig);
+            }
+            catch (e) {
+                try {
+                    obj = JSON.parse(window.atob(peConfig));
+                }
+                catch (e2) {
+                    obj = {};
+                }
             }
         }
-        else {
-            throw new Error('invalid config settings');
-        }
+        this.config = peConfig ? obj : null;
     }
     async login() {
-        if (this.isNode && !this.crypto) {
-            // Deferring dynamic loading of node libraries til this first method to avoid doing this in constructor
-            await __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importNodeLibs).call(this);
-        }
-        const { grantType, noPKCE } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-        if (grantType && grantType !== 'authCode') {
-            return this.getToken();
-        }
-        // Make sure browser in a secure context, else PKCE will fail
-        if (!this.isNode && !noPKCE && !window.isSecureContext) {
-            throw new Error(`Authorization code grant flow failed due to insecure browser context at ${window.location.origin}.  Use localhost or https.`);
-        }
-        return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_authCodeStart).call(this);
+        const fnGetRedirectUriOrigin = () => {
+            const redirectUri = this.config.redirectUri;
+            const nRootOffset = redirectUri.indexOf("//");
+            const nFirstPathOffset = nRootOffset !== -1 ? redirectUri.indexOf("/", nRootOffset + 2) : -1;
+            return nFirstPathOffset !== -1 ? redirectUri.substring(0, nFirstPathOffset) : redirectUri;
+        };
+        const redirectOrigin = fnGetRedirectUriOrigin();
+        // eslint-disable-next-line no-restricted-globals
+        const state = window.btoa(location.origin);
+        return new Promise((resolve, reject) => {
+            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_buildAuthorizeUrl).call(this, state).then((url) => {
+                let myWindow = null; // popup or iframe
+                let elIframe = null;
+                let elCloseBtn = null;
+                const iframeTimeout = this.config.silentTimeout !== undefined ? this.config.silentTimeout : 5000;
+                let bWinIframe = iframeTimeout > 0 && ((!!this.config.userIdentifier && !!this.config.password) || this.config.iframeLoginUI || this.config.authService !== "pega");
+                let tmrAuthComplete = null;
+                let checkWindowClosed = null;
+                const myWinOnLoad = () => {
+                    try {
+                        if (bWinIframe) {
+                            elIframe.contentWindow.postMessage({ type: "PegaAuth" }, redirectOrigin);
+                            // eslint-disable-next-line no-console
+                            console.log("authjs(login): loaded a page in iFrame");
+                        }
+                        else {
+                            myWindow.postMessage({ type: "PegaAuth" }, redirectOrigin);
+                        }
+                    }
+                    catch (e) {
+                        // eslint-disable-next-line no-console
+                        console.log("authjs(login): Exception trying to postMessage on load");
+                    }
+                };
+                const fnOpenPopup = () => {
+                    myWindow = window.open(url, '_blank', 'width=700,height=500,left=200,top=100');
+                    if (!myWindow) {
+                        // Blocked by popup-blocker
+                        // eslint-disable-next-line prefer-promise-reject-errors
+                        return reject("blocked");
+                    }
+                    checkWindowClosed = setInterval(() => {
+                        if (myWindow.closed) {
+                            clearInterval(checkWindowClosed);
+                            // eslint-disable-next-line prefer-promise-reject-errors
+                            reject("closed");
+                        }
+                    }, 500);
+                    try {
+                        myWindow.addEventListener("load", myWinOnLoad, true);
+                    }
+                    catch (e) {
+                        // eslint-disable-next-line no-console
+                        console.log("authjs(login): Exception trying to add onload handler to opened window;");
+                    }
+                };
+                const fnCloseIframe = () => {
+                    elIframe.parentNode.removeChild(elIframe);
+                    elCloseBtn.parentNode.removeChild(elCloseBtn);
+                    // eslint-disable-next-line no-multi-assign
+                    elIframe = elCloseBtn = null;
+                    bWinIframe = false;
+                };
+                const fnCloseAndReject = () => {
+                    fnCloseIframe();
+                    // eslint-disable-next-line prefer-promise-reject-errors
+                    reject("closed");
+                };
+                // If there is a userIdentifier and password specified or an external SSO auth service,
+                //  we can try to use this silently in an iFrame first
+                if (bWinIframe) {
+                    const nFrameZLevel = 99999;
+                    elIframe = document.createElement('iframe');
+                    // eslint-disable-next-line prefer-template
+                    elIframe.id = 'pe' + this.config.clientId;
+                    const loginBoxWidth = 500;
+                    const loginBoxHeight = 700;
+                    const oStyle = elIframe.style;
+                    oStyle.position = 'absolute';
+                    oStyle.display = 'none';
+                    oStyle.zIndex = nFrameZLevel;
+                    oStyle.top = `${Math.round(Math.max(window.innerHeight - loginBoxHeight, 0) / 2)}px`;
+                    oStyle.left = `${Math.round(Math.max(window.innerWidth - loginBoxWidth, 0) / 2)}px`;
+                    oStyle.width = '500px';
+                    oStyle.height = '700px';
+                    // Add Iframe to top of document DOM to have it load
+                    document.body.insertBefore(elIframe, document.body.firstChild);
+                    // Add Iframe to DOM to have it load
+                    document.getElementsByTagName('body')[0].appendChild(elIframe);
+                    elIframe.addEventListener("load", myWinOnLoad, true);
+                    // Disallow iframe content attempts to navigate main window
+                    elIframe.setAttribute("sandbox", "allow-scripts allow-forms allow-same-origin");
+                    elIframe.setAttribute('src', url);
+                    const svgCloseBtn = `<?xml version="1.0" encoding="UTF-8"?>
+                  <svg width="34px" height="34px" viewBox="0 0 34 34" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+                    <title>Dismiss - Black</title>
+                    <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                      <g transform="translate(1.000000, 1.000000)">
+                        <circle fill="#252C32" cx="16" cy="16" r="16"></circle>
+                        <g transform="translate(9.109375, 9.214844)" fill="#FFFFFF" fill-rule="nonzero">
+                          <path d="M12.7265625,0 L0,12.6210938 L1.0546875,13.5703125 L13.78125,1.0546875 L12.7265625,0 Z M13.7460938,12.5507812 L1.01953125,0 L0,1.01953125 L12.7617188,13.6054688 L13.7460938,12.5507812 Z"></path>
+                        </g>
+                      </g>
+                    </g>
+                  </svg>`;
+                    const bCloseWithinFrame = false;
+                    elCloseBtn = document.createElement('img');
+                    elCloseBtn.onclick = fnCloseAndReject;
+                    // eslint-disable-next-line prefer-template
+                    elCloseBtn.src = 'data:image/svg+xml;base64,' + window.btoa(svgCloseBtn);
+                    const oBtnStyle = elCloseBtn.style;
+                    oBtnStyle.cursor = 'pointer';
+                    // If svg doesn't set width and height might want to set oBtStyle width and height to something like '2em'
+                    oBtnStyle.position = 'absolute';
+                    oBtnStyle.display = 'none';
+                    oBtnStyle.zIndex = nFrameZLevel + 1;
+                    const nTopOffset = bCloseWithinFrame ? 5 : -10;
+                    const nRightOffset = bCloseWithinFrame ? -34 : -20;
+                    oBtnStyle.top = `${Math.round(Math.max(window.innerHeight - loginBoxHeight, 0) / 2) + nTopOffset}px`;
+                    oBtnStyle.left = `${Math.round(Math.max(window.innerWidth - loginBoxWidth, 0) / 2) + loginBoxWidth + nRightOffset}px`;
+                    document.body.insertBefore(elCloseBtn, document.body.firstChild);
+                    // If the password was wrong, then the login screen will be in the iframe
+                    // ..and with Pega without realization of US-372314 it may replace the top (main portal) window
+                    // For now set a timer and if the timer expires, remove the iFrame and use same url within
+                    // visible window
+                    tmrAuthComplete = setTimeout(() => {
+                        clearTimeout(tmrAuthComplete);
+                        // remove password from config
+                        if (this.config.password) {
+                            delete this.config.password;
+                            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
+                        }
+                        if (this.config.iframeLoginUI) {
+                            elIframe.style.display = "block";
+                            elCloseBtn.style.display = "block";
+                        }
+                        else {
+                            fnCloseIframe();
+                            fnOpenPopup();
+                        }
+                    }, iframeTimeout);
+                }
+                else {
+                    fnOpenPopup();
+                }
+                let authMessageReceiver = null;
+                /* Retrieve token(s) and close login window */
+                const fnGetTokenAndFinish = (code) => {
+                    window.removeEventListener("message", authMessageReceiver, false);
+                    this.getToken(code).then(token => {
+                        if (bWinIframe) {
+                            clearTimeout(tmrAuthComplete);
+                            fnCloseIframe();
+                        }
+                        else {
+                            clearInterval(checkWindowClosed);
+                            try {
+                                myWindow.close();
+                            }
+                            catch (e) {
+                                // eslint-disable-next-line no-console
+                                console.warn(`attempt to close opened window failed`);
+                            }
+                        }
+                        resolve(token);
+                    })
+                        .catch(e => {
+                        reject(e);
+                    });
+                };
+                /* Handler to receive the auth code */
+                authMessageReceiver = (event) => {
+                    // Check origin to make sure it is the redirect origin
+                    if (event.origin !== redirectOrigin) {
+                        // eslint-disable-next-line no-console
+                        console.info(`Received event from unexpected origin: ${event.origin} (was expecting: ${redirectOrigin})`);
+                    }
+                    if (!event.data || !event.data.type || event.data.type !== "PegaAuth")
+                        return;
+                    // eslint-disable-next-line no-console
+                    console.log("authjs(login): postMessage received with code");
+                    const code = event.data.code.toString();
+                    fnGetTokenAndFinish(code);
+                };
+                window.addEventListener("message", authMessageReceiver, false);
+                window.authCodeCallback = (code) => {
+                    // eslint-disable-next-line no-console
+                    console.log("authjs(login): authCodeCallback used with code");
+                    fnGetTokenAndFinish(code);
+                };
+            });
+        });
     }
     // Login redirect
     loginRedirect() {
@@ -71,131 +232,71 @@ class PegaAuth {
             location.href = url;
         });
     }
-    // check state
-    checkStateMatch(state) {
-        return state === __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state;
-    }
     // For PKCE token endpoint includes code_verifier
     getToken(authCode) {
         // Reload config to pick up the previously stored codeVerifier
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_reloadConfig).call(this);
-        const { serverType, isolationId, clientId, clientSecret, tokenUri, grantType, customTokenParams, userIdentifier, password, noPKCE } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-        const { sessionIndex, acRedirectUri, codeVerifier } = __classPrivateFieldGet(this, _PegaAuth_dynState, "f");
-        const bAuthCode = !grantType || grantType === 'authCode';
-        if (bAuthCode && !authCode && !this.isNode) {
-            const queryString = window.location.search;
-            const urlParams = new URLSearchParams(queryString);
-            authCode = urlParams.get('code');
-        }
+        this.reloadConfig();
+        const { clientId, clientSecret, redirectUri, tokenUri, codeVerifier } = this.config;
+        // eslint-disable-next-line no-restricted-globals
+        const queryString = location.search;
+        const urlParams = new URLSearchParams(queryString);
+        const code = authCode || urlParams.get("code");
         const formData = new URLSearchParams();
-        formData.append('client_id', clientId);
+        formData.append("client_id", clientId);
         if (clientSecret) {
-            formData.append('client_secret', clientSecret);
-        }
-        /* eslint-disable camelcase */
-        const fullGTName = {
-            authCode: 'authorization_code',
-            clientCreds: 'client_credentials',
-            customBearer: 'custom-bearer',
-            passwordCreds: 'password'
-        }[grantType];
-        const grant_type = fullGTName || grantType || 'authorization_code';
-        formData.append('grant_type', grant_type);
-        if (serverType === 'launchpad' && grantType !== 'authCode') {
-            formData.append('isolation_ids', isolationId);
-        }
-        if (bAuthCode) {
-            formData.append('code', authCode);
-            formData.append('redirect_uri', acRedirectUri);
-            if (!noPKCE) {
-                formData.append('code_verifier', codeVerifier);
-            }
-        }
-        else if (sessionIndex) {
-            formData.append('session_index', sessionIndex);
-        }
-        /* eslint-enable camelcase */
-        if (grantType === 'customBearer' && customTokenParams) {
-            Object.keys(customTokenParams).forEach((param) => {
-                formData.append(param, customTokenParams[param]);
-            });
-        }
-        if (grantType !== 'authCode') {
-            formData.append('enable_psyncId', 'true');
-        }
-        if (grantType === 'passwordCreds') {
-            formData.append('username', userIdentifier);
-            formData.append('password', atob(password));
+            formData.append("client_secret", clientSecret);
         }
+        formData.append("grant_type", "authorization_code");
+        formData.append("code", code);
+        formData.append("redirect_uri", redirectUri);
+        formData.append("code_verifier", codeVerifier);
         return fetch(tokenUri, {
-            agent: __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_getAgent).call(this),
-            method: 'POST',
+            method: "POST",
             headers: new Headers({
-                'content-type': this.urlencoded
+                "content-type": "application/x-www-form-urlencoded",
             }),
-            body: formData.toString()
+            body: formData.toString(),
         })
             .then((response) => response.json())
-            .then((token) => {
-            if (token.errors || token.error) {
-                // eslint-disable-next-line no-console
-                console.error(`Token endpoint error: ${JSON.stringify(token.errors || token.error)}`);
+            .then(token => {
+            // .expires_in contains the # of seconds before access token expires
+            // add property to keep track of current time when the token expires
+            token.eA = Date.now() + (token.expires_in * 1000);
+            if (this.config.codeVerifier) {
+                delete this.config.codeVerifier;
             }
-            else {
-                // .expires_in contains the # of seconds before access token expires
-                // add property to keep track of current time when the token expires
-                token.eA = Date.now() + token.expires_in * 1000;
-                // Clear authCode related config state: state, codeVerifier, acRedirectUri
-                if (__classPrivateFieldGet(this, _PegaAuth_dynState, "f").state) {
-                    delete __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state;
-                }
-                if (__classPrivateFieldGet(this, _PegaAuth_dynState, "f").codeVerifier) {
-                    delete __classPrivateFieldGet(this, _PegaAuth_dynState, "f").codeVerifier;
-                }
-                if (__classPrivateFieldGet(this, _PegaAuth_dynState, "f").acRedirectUri) {
-                    delete __classPrivateFieldGet(this, _PegaAuth_dynState, "f").acRedirectUri;
-                }
-                // If there is a session_index then move this to the peConfig structure (as used on authorize)
-                if (token.session_index) {
-                    __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndex = token.session_index;
-                }
-                // If we got a token and have a session index, then reset the sessionIndexAttempts
-                if (__classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndex) {
-                    __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndexAttempts = 0;
-                }
-                __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
+            // If there is a session_index then move this to the peConfig structure (as used on authorize)
+            if (token.session_index) {
+                this.config.sessionIndex = token.session_index;
             }
+            // If we got a token and have a session index, then reset the sessionIndexAttempts
+            if (this.config.sessionIndex) {
+                this.config.sessionIndexAttempts = 0;
+            }
+            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
             return token;
         })
-            .catch((e) => {
+            .catch(e => {
             // eslint-disable-next-line no-console
-            console.error(`Token endpoint error: ${e}`);
+            console.log(e);
         });
     }
     /* eslint-disable camelcase */
     async refreshToken(refresh_token) {
-        const { clientId, clientSecret, tokenUri } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-        if (this.isNode && !this.crypto) {
-            // Deferring dynamic loading of node libraries til this first method to avoid doing this in constructor
-            await __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importNodeLibs).call(this);
-        }
-        if (!refresh_token) {
-            return null;
-        }
+        const { clientId, clientSecret, tokenUri } = this.config;
         const formData = new URLSearchParams();
-        formData.append('client_id', clientId);
+        formData.append("client_id", clientId);
         if (clientSecret) {
-            formData.append('client_secret', clientSecret);
+            formData.append("client_secret", clientSecret);
         }
-        formData.append('grant_type', 'refresh_token');
-        formData.append('refresh_token', refresh_token);
+        formData.append("grant_type", "refresh_token");
+        formData.append("refresh_token", refresh_token);
         return fetch(tokenUri, {
-            agent: __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_getAgent).call(this),
-            method: 'POST',
+            method: "POST",
             headers: new Headers({
-                'content-type': this.urlencoded
+                "content-type": "application/x-www-form-urlencoded",
             }),
-            body: formData.toString()
+            body: formData.toString(),
         })
             .then((response) => {
             if (!response.ok && response.status === 401) {
@@ -203,550 +304,142 @@ class PegaAuth {
             }
             return response.json();
         })
-            .then((token) => {
+            .then(token => {
             if (token) {
                 // .expires_in contains the # of seconds before access token expires
                 // add property to keep track of current time when the token expires
-                token.eA = Date.now() + token.expires_in * 1000;
+                token.eA = Date.now() + (token.expires_in * 1000);
             }
             return token;
         })
-            .catch((e) => {
+            .catch(e => {
             // eslint-disable-next-line no-console
-            console.warn(`Refresh token failed: ${e}`);
-            return null;
+            console.log(e);
         });
     }
     async revokeTokens(access_token, refresh_token = null) {
-        if (Object.keys(__classPrivateFieldGet(this, _PegaAuth_config, "f")).length === 0) {
-            // Must have a config structure to proceed
+        if (!this.config || !this.config.revokeUri) {
+            // Must have a config structure and revokeUri to proceed
             return;
         }
-        const { clientId, clientSecret, revokeUri } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-        if (this.isNode && !this.crypto) {
-            // Deferring dynamic loading of node libraries til this first method to avoid doing this in constructor
-            await __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importNodeLibs).call(this);
-        }
-        const hdrs = { 'content-type': this.urlencoded };
+        const { clientId, clientSecret, revokeUri } = this.config;
+        const hdrs = { "content-type": "application/x-www-form-urlencoded" };
         if (clientSecret) {
-            const basicCreds = btoa(`${clientId}:${clientSecret}`);
-            hdrs.authorization = `Basic ${basicCreds}`;
+            const creds = `${clientId}:${clientSecret}`;
+            hdrs.authorization = `Basic ${window.btoa(creds)}`;
         }
-        const aTknProps = ['access_token'];
+        const aTknProps = ["access_token"];
         if (refresh_token) {
-            aTknProps.push('refresh_token');
+            aTknProps.push("refresh_token");
         }
         aTknProps.forEach((prop) => {
             const formData = new URLSearchParams();
             if (!clientSecret) {
-                formData.append('client_id', clientId);
+                formData.append("client_id", clientId);
             }
-            formData.append('token', prop === 'access_token' ? access_token : refresh_token);
-            formData.append('token_type_hint', prop);
+            formData.append("token", prop === "access_token" ? access_token : refresh_token);
+            formData.append("token_type_hint", prop);
             fetch(revokeUri, {
-                agent: __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_getAgent).call(this),
-                method: 'POST',
+                method: "POST",
                 headers: new Headers(hdrs),
-                body: formData.toString()
+                body: formData.toString(),
             })
                 .then((response) => {
                 if (!response.ok) {
                     // eslint-disable-next-line no-console
-                    console.error(`Error revoking ${prop}:${response.status}`);
+                    console.log(`Error revoking ${prop}:${response.status}`);
                 }
             })
-                .catch((e) => {
+                .catch(e => {
                 // eslint-disable-next-line no-console
-                console.error(`Error revoking ${prop}; ${e}`);
+                console.log(e);
             });
         });
-        __classPrivateFieldGet(this, _PegaAuth_config, "f").silentAuthFailed = false;
         // Also clobber any sessionIndex
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateSessionIndex).call(this, null);
+        if (this.config.sessionIndex) {
+            delete this.config.sessionIndex;
+            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
+        }
     }
-}
-_PegaAuth_config = new WeakMap(), _PegaAuth_dynState = new WeakMap(), _PegaAuth_instances = new WeakSet(), _PegaAuth_reloadSS = function _PegaAuth_reloadSS(ssKey) {
-    const sItem = window.sessionStorage.getItem(ssKey);
-    let obj = {};
-    if (sItem) {
-        try {
-            obj = JSON.parse(sItem);
+    // For userinfo endpoint to return meaningful data, endpoint must include appAlias (if specified) and authorize must
+    //  specify profile and optionally email scope to get such info returned
+    async getUserinfo(access_token) {
+        if (!this.config || !this.config.userinfoUri) {
+            // Must have a config structure and userInfo to proceed
+            return {};
         }
-        catch (e) {
-            try {
-                obj = JSON.parse(atob(sItem));
+        const hdrs = { 'authorization': `bearer ${access_token}`, 'content-type': 'application/json;charset=UTF-8' };
+        return fetch(this.config.userinfoUri, {
+            method: "GET",
+            headers: new Headers(hdrs)
+        })
+            .then(response => {
+            if (response.ok) {
+                return response.json();
             }
-            catch (err) {
-                obj = {};
+            else {
+                // eslint-disable-next-line no-console
+                console.log(`Error invoking userinfo: ${response.status}`);
             }
-        }
-    }
-    if (ssKey === this.ssKeyConfig) {
-        __classPrivateFieldSet(this, _PegaAuth_config, sItem ? obj : {}, "f");
-    }
-    else {
-        __classPrivateFieldSet(this, _PegaAuth_dynState, sItem ? obj : {}, "f");
-    }
-}, _PegaAuth_reloadConfig = function _PegaAuth_reloadConfig() {
-    if (this.ssKeyConfig) {
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_reloadSS).call(this, this.ssKeyConfig);
-    }
-    if (this.ssKeyDynState) {
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_reloadSS).call(this, this.ssKeyDynState);
-    }
-}, _PegaAuth_updateConfig = function _PegaAuth_updateConfig() {
-    // transform must occur unless it is explicitly disabled
-    const transform = __classPrivateFieldGet(this, _PegaAuth_config, "f").transform !== false;
-    // May not need to write out Config info all the time, but there is a scenario where a
-    //  non obfuscated value is passed in and then it needs to be obfuscated
-    if (this.ssKeyConfig) {
-        const sConfig = JSON.stringify(__classPrivateFieldGet(this, _PegaAuth_config, "f"));
-        window.sessionStorage.setItem(this.ssKeyConfig, transform ? btoa(sConfig) : sConfig);
-    }
-    if (this.ssKeyDynState) {
-        const sDynState = JSON.stringify(__classPrivateFieldGet(this, _PegaAuth_dynState, "f"));
-        window.sessionStorage.setItem(this.ssKeyDynState, transform ? btoa(sDynState) : sDynState);
-    }
-    if (__classPrivateFieldGet(this, _PegaAuth_config, "f").fnDynStateChangedCB) {
-        __classPrivateFieldGet(this, _PegaAuth_config, "f").fnDynStateChangedCB();
-    }
-}, _PegaAuth_importSingleLib = async function _PegaAuth_importSingleLib(libName, libProp, bLoadAlways = false) {
-    // eslint-disable-next-line no-undef
-    if (!bLoadAlways && typeof (this.isNode ? global : window)[libProp] !== 'undefined') {
-        // eslint-disable-next-line no-undef
-        this[libProp] = (this.isNode ? global : window)[libProp];
-        return this[libProp];
+        })
+            .then(data => {
+            return data;
+        })
+            .catch(e => {
+            // eslint-disable-next-line no-console
+            console.log(e);
+        });
     }
-    // Needed to explicitly make import argument a string by using template literals to fix a compile
-    // error: Critical dependency: the request of a dependency is an expression
-    return import(`${libName}`)
-        .then((mod) => {
-        this[libProp] = mod.default;
-    })
-        .catch((e) => {
-        // eslint-disable-next-line no-console
-        console.error(`Library ${libName} failed to load. ${e}`);
-        throw e;
-    });
-}, _PegaAuth_importNodeLibs = async function _PegaAuth_importNodeLibs() {
-    // Also current assumption is using Node 18 or better
-    // With 18.3 there is now a native fetch (but may want to force use of node-fetch)
-    const useNodeFetch = !!__classPrivateFieldGet(this, _PegaAuth_config, "f").useNodeFetch;
-    return Promise.all([
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importSingleLib).call(this, 'node-fetch', 'fetch', useNodeFetch),
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importSingleLib).call(this, 'open', 'open'),
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importSingleLib).call(this, 'node:crypto', 'crypto', true),
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importSingleLib).call(this, 'node:https', 'https'),
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importSingleLib).call(this, 'node:http', 'http'),
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_importSingleLib).call(this, 'node:fs', 'fs')
-    ]).then(() => {
-        this.subtle = this.crypto?.subtle || this.crypto.webcrypto.subtle;
-        if ((typeof fetch === 'undefined' || useNodeFetch) && this.fetch) {
-            /* eslint-disable-next-line no-global-assign */
-            fetch = this.fetch;
-        }
-    });
+}
+_PegaAuth_instances = new WeakSet(), _PegaAuth_updateConfig = function _PegaAuth_updateConfig() {
+    const sSI = JSON.stringify(this.config);
+    window.sessionStorage.setItem(this.ssKeyConfig, this.bEncodeSI ? window.btoa(sSI) : sSI);
 }, _PegaAuth_buildAuthorizeUrl = 
 // For PKCE the authorize includes a code_challenge & code_challenge_method as well
 async function _PegaAuth_buildAuthorizeUrl(state) {
-    const { serverType, clientId, redirectUri, authorizeUri, authService, appAlias, userIdentifier, password, noPKCE, isolationId } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-    const { sessionIndex, } = __classPrivateFieldGet(this, _PegaAuth_dynState, "f");
-    const bInfinity = serverType === 'infinity';
-    if (!noPKCE) {
-        // Generate random string of 64 chars for verifier.  RFC 7636 says from 43-128 chars
-        const buf = new Uint8Array(64);
-        this.crypto.getRandomValues(buf);
-        __classPrivateFieldGet(this, _PegaAuth_dynState, "f").codeVerifier = __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_base64UrlSafeEncode).call(this, buf);
-    }
+    const { clientId, redirectUri, authorizeUri, authService, sessionIndex, appAlias, useLocking, userIdentifier, password } = this.config;
+    // Generate random string of 64 chars for verifier.  RFC 7636 says from 43-128 chars
+    let buf = new Uint8Array(64);
+    window.crypto.getRandomValues(buf);
+    this.config.codeVerifier = __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_base64UrlSafeEncode).call(this, buf);
     // If sessionIndex exists then increment attempts count (we will stop sending session_index after two failures)
-    // With Infinity '24 we can now properly detect a invalid_session_index error, but can't for earlier versions
     if (sessionIndex) {
-        __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndexAttempts += 1;
+        this.config.sessionIndexAttempts += 1;
     }
-    // We use state to verify that the received code is for the right authorize transaction
-    // eslint-disable-next-line no-unneeded-ternary
-    __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state = `${state ? state : ''}.${__classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_getRandomString).call(this, 32)}`;
-    // The same redirectUri needs to be provided to token endpoint, so save this away incase redirectUri is
-    //  adjusted for next authorize
-    __classPrivateFieldGet(this, _PegaAuth_dynState, "f").acRedirectUri = redirectUri;
     // Persist codeVerifier in session storage so it survives the redirects that are to follow
     __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
+    if (!state) {
+        // Calc random state variable
+        buf = new Uint8Array(32);
+        window.crypto.getRandomValues(buf);
+        state = __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_base64UrlSafeEncode).call(this, buf);
+    }
     // Trim alias to include just the real alias piece
-    const addtlScope = appAlias ? `+app.alias.${appAlias.replace(/^app\//, '')}` : '';
-    const scope = bInfinity ? `openid${addtlScope}` : 'user_info';
+    const addtlScope = appAlias ? `+app.alias.${appAlias.replace(/^app\//, '')}` : "";
     // Add explicit creds if specified to try to avoid login popup
-    const authServiceArg = authService ? `&authentication_service=${encodeURIComponent(authService)}` : '';
-    const sessionIndexArg = sessionIndex && __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndexAttempts < 3 ? `&session_index=${sessionIndex}` : '';
-    const userIdentifierArg = userIdentifier ? `&UserIdentifier=${encodeURIComponent(userIdentifier)}` : '';
-    const passwordArg = password && userIdentifier ? `&Password=${encodeURIComponent(atob(password))}` : '';
-    const moreAuthArgs = bInfinity
-        ? `&enable_psyncId=true${authServiceArg}${sessionIndexArg}${userIdentifierArg}${passwordArg}`
-        : `&isolationID=${isolationId}`;
-    let pkceArgs = '';
-    if (!noPKCE) {
-        const cc = await __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_getCodeChallenge).call(this, __classPrivateFieldGet(this, _PegaAuth_dynState, "f").codeVerifier);
-        pkceArgs = `&code_challenge=${cc}&code_challenge_method=S256`;
-    }
-    return `${authorizeUri}?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=${scope}&state=${__classPrivateFieldGet(this, _PegaAuth_dynState, "f").state}${pkceArgs}${moreAuthArgs}`;
-}, _PegaAuth_authCodeStart = 
-// authCode login issues the authorize endpoint transaction and deals with redirects
-async function _PegaAuth_authCodeStart() {
-    const fnGetRedirectUriOrigin = () => {
-        const redirectUri = __classPrivateFieldGet(this, _PegaAuth_config, "f").redirectUri;
-        const nRootOffset = redirectUri.indexOf('//');
-        const nFirstPathOffset = nRootOffset !== -1 ? redirectUri.indexOf('/', nRootOffset + 2) : -1;
-        return nFirstPathOffset !== -1 ? redirectUri.substring(0, nFirstPathOffset) : redirectUri;
-    };
-    const redirectOrigin = fnGetRedirectUriOrigin();
-    const state = this.isNode ? '' : btoa(window.location.origin);
-    return new Promise((resolve, reject) => {
-        let theUrl = null; // holds the crafted authorize url
-        let myWindow = null; // popup or iframe
-        let elIframe = null;
-        let elCloseBtn = null;
-        const iframeTimeout = __classPrivateFieldGet(this, _PegaAuth_config, "f").silentTimeout !== undefined ? __classPrivateFieldGet(this, _PegaAuth_config, "f").silentTimeout : 5000;
-        let bWinIframe = true;
-        let tmrAuthComplete = null;
-        let checkWindowClosed = null;
-        let bDisablePromptNone = false;
-        const myWinOnLoad = () => {
-            try {
-                if (bWinIframe) {
-                    elIframe.contentWindow.postMessage({ type: 'PegaAuth' }, redirectOrigin);
-                }
-                else {
-                    myWindow.postMessage({ type: 'PegaAuth' }, redirectOrigin);
-                }
-            }
-            catch (e) {
-                // Exception trying to postMessage on load (perhaps should console.warn)
-            }
-        };
-        const fnSetSilentAuthFailed = (bSet) => {
-            __classPrivateFieldGet(this, _PegaAuth_config, "f").silentAuthFailed = bSet;
-            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
-        };
-        /* eslint-disable prefer-promise-reject-errors */
-        const fnOpenPopup = () => {
-            if (__classPrivateFieldGet(this, _PegaAuth_config, "f").noPopups) {
-                return reject('no-popups');
-            }
-            // Since displaying a visible window, clear the silent auth failed flag
-            fnSetSilentAuthFailed(false);
-            myWindow = (this.isNode ? this.open : window.open)(theUrl, '_blank', 'width=700,height=500,left=200,top=100');
-            if (!myWindow) {
-                // Blocked by popup-blocker
-                return reject('blocked');
-            }
-            checkWindowClosed = setInterval(() => {
-                if (myWindow.closed) {
-                    clearInterval(checkWindowClosed);
-                    reject('closed');
-                }
-            }, 500);
-            if (!this.isNode) {
-                try {
-                    myWindow.addEventListener('load', myWinOnLoad, true);
-                }
-                catch (e) {
-                    // Exception trying to add onload handler to opened window
-                    // eslint-disable-next-line no-console
-                    console.error(`Error adding event listener on popup window: ${e}`);
-                }
-            }
-        };
-        /* eslint-enable prefer-promise-reject-errors */
-        const fnCloseIframe = () => {
-            elIframe.parentNode.removeChild(elIframe);
-            elCloseBtn.parentNode.removeChild(elCloseBtn);
-            elIframe = null;
-            elCloseBtn = null;
-            bWinIframe = false;
-        };
-        const fnCloseAndReject = () => {
-            fnCloseIframe();
-            /* eslint-disable-next-line prefer-promise-reject-errors */
-            reject('closed');
-        };
-        const fnAuthMessageReceiver = (event) => {
-            // Check origin to make sure it is the redirect origin
-            if (event.origin !== redirectOrigin)
-                return;
-            if (!event.data || !event.data.type || event.data.type !== 'PegaAuth')
-                return;
-            const aArgs = ['code', 'state', 'error', 'errorDesc'];
-            const aValues = [];
-            for (let i = 0; i < aArgs.length; i += 1) {
-                const arg = aArgs[i];
-                aValues[arg] = event.data[arg] ? event.data[arg].toString() : null;
-            }
-            if (aValues.error || (aValues.code && aValues.state === __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state)) {
-                // eslint-disable-next-line @typescript-eslint/no-use-before-define
-                fnGetTokenAndFinish(aValues.code, aValues.error, aValues.errorDesc);
-            }
-        };
-        const fnEnableMessageReceiver = (bEnable) => {
-            if (bEnable) {
-                window.addEventListener('message', fnAuthMessageReceiver, false);
-                window.authCodeCallback = (code, state1, error, errorDesc) => {
-                    if (error || (code && state1 === __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state)) {
-                        // eslint-disable-next-line @typescript-eslint/no-use-before-define
-                        fnGetTokenAndFinish(code, error, errorDesc);
-                    }
-                };
-            }
-            else {
-                window.removeEventListener('message', fnAuthMessageReceiver, false);
-                delete window.authCodeCallback;
-            }
-        };
-        const doAuthorize = () => {
-            // If there is a userIdentifier and password specified or an external SSO auth service,
-            //  we can try to use this silently in an iFrame first
-            bWinIframe =
-                !this.isNode &&
-                    !__classPrivateFieldGet(this, _PegaAuth_config, "f").silentAuthFailed &&
-                    iframeTimeout > 0 &&
-                    ((!!__classPrivateFieldGet(this, _PegaAuth_config, "f").userIdentifier && !!__classPrivateFieldGet(this, _PegaAuth_config, "f").password) ||
-                        __classPrivateFieldGet(this, _PegaAuth_config, "f").iframeLoginUI ||
-                        __classPrivateFieldGet(this, _PegaAuth_config, "f").authService !== 'pega');
-            // Enable message receiver
-            if (!this.isNode) {
-                fnEnableMessageReceiver(true);
-            }
-            if (bWinIframe) {
-                const nFrameZLevel = 99999;
-                elIframe = document.createElement('iframe');
-                elIframe.id = `pe${__classPrivateFieldGet(this, _PegaAuth_config, "f").clientId}`;
-                const loginBoxWidth = 500;
-                const loginBoxHeight = 700;
-                const oStyle = elIframe.style;
-                oStyle.position = 'absolute';
-                oStyle.display = 'none';
-                oStyle.zIndex = nFrameZLevel;
-                oStyle.top = `${Math.round(Math.max(window.innerHeight - loginBoxHeight, 0) / 2)}px`;
-                oStyle.left = `${Math.round(Math.max(window.innerWidth - loginBoxWidth, 0) / 2)}px`;
-                oStyle.width = '500px';
-                oStyle.height = '700px';
-                // Add Iframe to top of document DOM to have it load
-                document.body.insertBefore(elIframe, document.body.firstChild);
-                // document.getElementsByTagName('body')[0].appendChild(elIframe);
-                elIframe.addEventListener('load', myWinOnLoad, true);
-                // Disallow iframe content attempts to navigate main window
-                elIframe.setAttribute('sandbox', 'allow-scripts allow-forms allow-same-origin');
-                // Adding prompt=none as this is standard OIDC way to communicate no UI is expected (expecting Pega security to support this one day)
-                elIframe.setAttribute('src', bDisablePromptNone ? theUrl : `${theUrl}&prompt=none`);
-                const svgCloseBtn = `<?xml version="1.0" encoding="UTF-8"?>
-                        <svg width="34px" height="34px" viewBox="0 0 34 34" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-                          <title>Dismiss - Black</title>
-                          <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                            <g transform="translate(1.000000, 1.000000)">
-                              <circle fill="#252C32" cx="16" cy="16" r="16"></circle>
-                              <g transform="translate(9.109375, 9.214844)" fill="#FFFFFF" fill-rule="nonzero">
-                                <path d="M12.7265625,0 L0,12.6210938 L1.0546875,13.5703125 L13.78125,1.0546875 L12.7265625,0 Z M13.7460938,12.5507812 L1.01953125,0 L0,1.01953125 L12.7617188,13.6054688 L13.7460938,12.5507812 Z"></path>
-                              </g>
-                            </g>
-                          </g>
-                        </svg>`;
-                const bCloseWithinFrame = false;
-                elCloseBtn = document.createElement('img');
-                elCloseBtn.onclick = fnCloseAndReject;
-                elCloseBtn.src = `data:image/svg+xml;base64,${btoa(svgCloseBtn)}`;
-                const oBtnStyle = elCloseBtn.style;
-                oBtnStyle.cursor = 'pointer';
-                // If svg doesn't set width and height might want to set oBtStyle width and height to something like '2em'
-                oBtnStyle.position = 'absolute';
-                oBtnStyle.display = 'none';
-                oBtnStyle.zIndex = nFrameZLevel + 1;
-                const nTopOffset = bCloseWithinFrame ? 5 : -10;
-                const nRightOffset = bCloseWithinFrame ? -34 : -20;
-                const nTop = Math.round(Math.max(window.innerHeight - loginBoxHeight, 0) / 2) + nTopOffset;
-                oBtnStyle.top = `${nTop}px`;
-                const nLeft = Math.round(Math.max(window.innerWidth - loginBoxWidth, 0) / 2) + loginBoxWidth + nRightOffset;
-                oBtnStyle.left = `${nLeft}px`;
-                document.body.insertBefore(elCloseBtn, document.body.firstChild);
-                // If the password was wrong, then the login screen will be in the iframe
-                // ..and with Pega without realization of US-372314 it may replace the top (main portal) window
-                // For now set a timer and if the timer expires, remove the iFrame and use same url within
-                // visible window
-                tmrAuthComplete = setTimeout(() => {
-                    clearTimeout(tmrAuthComplete);
-                    /*
-                    // remove password from config
-                    if (this.#config.password) {
-                      delete this.#config.password;
-                      this.#updateConfig();
-                    }
-                    */
-                    // Display the iframe where the redirects did not succeed (or invoke a popup window)
-                    if (__classPrivateFieldGet(this, _PegaAuth_config, "f").iframeLoginUI) {
-                        elIframe.style.display = 'block';
-                        elCloseBtn.style.display = 'block';
-                    }
-                    else {
-                        fnCloseIframe();
-                        fnOpenPopup();
-                    }
-                }, iframeTimeout);
-            }
-            else {
-                if (this.isNode) {
-                    // Determine port to listen to by extracting it from redirect uri
-                    const { redirectUri, cert, key } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-                    const isHttp = redirectUri.startsWith('http:');
-                    const nLocalhost = redirectUri.indexOf('localhost:');
-                    const nSlash = redirectUri.indexOf('/', nLocalhost + 10);
-                    const nPort = parseInt(redirectUri.substring(nLocalhost + 10, nSlash), 10);
-                    if (nLocalhost !== -1) {
-                        const options = key && cert && !isHttp
-                            ? {
-                                key: this.fs.readFileSync(key),
-                                cert: this.fs.readFileSync(cert)
-                            }
-                            : {};
-                        const server = (isHttp ? this.http : this.https).createServer(options, (req, res) => {
-                            const { winTitle, winBodyHtml } = __classPrivateFieldGet(this, _PegaAuth_config, "f");
-                            res.writeHead(200, { 'Content-Type': 'text/html' });
-                            // Auto closing window for now.  Can always leave it up and allow authConfig props to set title and bodyHtml
-                            res.end(`<html><head><title>${winTitle}</title><script>window.close();</script></head><body>${winBodyHtml}</body></html>`);
-                            const queryString = req.url.split('?')[1];
-                            const urlParams = new URLSearchParams(queryString);
-                            const code = urlParams.get('code');
-                            const state1 = urlParams.get('state');
-                            const error = urlParams.get('error');
-                            const errorDesc = urlParams.get('error_description');
-                            if (error || (code && state1 === __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state)) {
-                                // Stop receiving connections and close when all are handled.
-                                server.close();
-                                // eslint-disable-next-line @typescript-eslint/no-use-before-define
-                                fnGetTokenAndFinish(code, error, errorDesc);
-                            }
-                        });
-                        /* eslint-enable no-undef */
-                        server.listen(nPort);
-                    }
-                }
-                fnOpenPopup();
-            }
-        };
-        /* Retrieve token(s) and close login window */
-        const fnGetTokenAndFinish = (code, error, errorDesc) => {
-            // Can clear state in session info at this point
-            delete __classPrivateFieldGet(this, _PegaAuth_dynState, "f").state;
-            __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
-            if (!this.isNode) {
-                fnEnableMessageReceiver(false);
-                if (bWinIframe) {
-                    clearTimeout(tmrAuthComplete);
-                    fnCloseIframe();
-                }
-                else {
-                    clearInterval(checkWindowClosed);
-                    myWindow.close();
-                }
-            }
-            if (code) {
-                this.getToken(code)
-                    .then((token) => {
-                    resolve(token);
-                })
-                    .catch((e) => {
-                    reject(e);
-                });
-            }
-            else if (error) {
-                // Handle some errors in a special manner and pass others back to client
-                if (error === 'login_required') {
-                    // eslint-disable-next-line no-console
-                    console.warn('silent authentication failed...starting full authentication');
-                    const bSpecialDebugPath = false;
-                    if (bSpecialDebugPath) {
-                        fnSetSilentAuthFailed(false);
-                        bDisablePromptNone = true;
-                    }
-                    else {
-                        fnSetSilentAuthFailed(true);
-                        bDisablePromptNone = false;
-                    }
-                    __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_buildAuthorizeUrl).call(this, state).then((url) => {
-                        theUrl = url;
-                        doAuthorize();
-                    });
-                }
-                else if (error === 'invalid_session_index') {
-                    // eslint-disable-next-line no-console
-                    console.warn('auth session no longer valid...starting new session');
-                    // In these scenarios, not much user can do without just starting a new session, so do that
-                    __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateSessionIndex).call(this, null);
-                    fnSetSilentAuthFailed(false);
-                    __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_buildAuthorizeUrl).call(this, state).then((url) => {
-                        theUrl = url;
-                        doAuthorize();
-                    });
-                }
-                else {
-                    // eslint-disable-next-line no-console
-                    console.warn(`Authorize failed: ${error}. ${errorDesc}\nFailing authorize url: ${theUrl}`);
-                    throw new Error(error, { cause: errorDesc });
-                }
-            }
-        };
-        __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_buildAuthorizeUrl).call(this, state).then((url) => {
-            theUrl = url;
-            doAuthorize();
-        });
+    const moreAuthArgs = (authService ? `&authentication_service=${encodeURIComponent(authService)}` : "") +
+        (sessionIndex && this.config.sessionIndexAttempts < 3 ? `&session_index=${sessionIndex}` : "") +
+        (useLocking ? `&enable_psyncId=true` : '') +
+        (userIdentifier ? `&UserIdentifier=${encodeURIComponent(userIdentifier)}` : '') +
+        (userIdentifier && password ? `&Password=${encodeURIComponent(window.atob(password))}` : '');
+    return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_getCodeChallenge).call(this, this.config.codeVerifier).then(cc => {
+        // Now includes new enable_psyncId=true and session_index params
+        return `${authorizeUri}?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=openid+email+profile${addtlScope}&state=${state}&code_challenge=${cc}&code_challenge_method=S256${moreAuthArgs}`;
     });
-}, _PegaAuth_updateSessionIndex = function _PegaAuth_updateSessionIndex(sessionIndex) {
-    if (sessionIndex) {
-        __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndex = sessionIndex;
-        __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndexAttempts = 0;
-    }
-    else if (__classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndex) {
-        delete __classPrivateFieldGet(this, _PegaAuth_dynState, "f").sessionIndex;
-    }
-    __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_updateConfig).call(this);
 }, _PegaAuth_sha256Hash = function _PegaAuth_sha256Hash(str) {
-    // Found that the Node implementation of subtle.digest is yielding incorrect results
-    //  so using a different set of apis to get expected results.
-    if (this.isNode) {
-        return new Promise((resolve) => {
-            resolve(this.crypto.createHash('sha256').update(str).digest());
-        });
-    }
-    return this.subtle.digest('SHA-256', new TextEncoder().encode(str));
+    return window.crypto.subtle.digest("SHA-256", new TextEncoder().encode(str));
 }, _PegaAuth_encode64 = function _PegaAuth_encode64(buff) {
-    return btoa(new Uint8Array(buff).reduce((s, b) => s + String.fromCharCode(b), ''));
+    return window.btoa(new Uint8Array(buff).reduce((s, b) => s + String.fromCharCode(b), ''));
 }, _PegaAuth_base64UrlSafeEncode = function _PegaAuth_base64UrlSafeEncode(buf) {
-    return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_encode64).call(this, buf).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}, _PegaAuth_getRandomString = function _PegaAuth_getRandomString(nSize) {
-    const buf = new Uint8Array(nSize);
-    this.crypto.getRandomValues(buf);
-    return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_base64UrlSafeEncode).call(this, buf);
-}, _PegaAuth_getCodeChallenge = 
-/* Calc code verifier if necessary
- */
-/* eslint-disable camelcase */
-async function _PegaAuth_getCodeChallenge(code_verifier) {
-    return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_sha256Hash).call(this, code_verifier)
-        .then((hashed) => {
+    const s = __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_encode64).call(this, buf).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+    return s;
+}, _PegaAuth_getCodeChallenge = function _PegaAuth_getCodeChallenge(code_verifier) {
+    return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_sha256Hash).call(this, code_verifier).then((hashed) => {
         return __classPrivateFieldGet(this, _PegaAuth_instances, "m", _PegaAuth_base64UrlSafeEncode).call(this, hashed);
-    })
-        .catch((error) => {
+    }).catch((error) => {
         // eslint-disable-next-line no-console
-        console.error(`Error calculation code challenge for PKCE: ${error}`);
-    })
-        .finally(() => {
-        return null;
-    });
-}, _PegaAuth_getAgent = function _PegaAuth_getAgent() {
-    if (this.isNode && __classPrivateFieldGet(this, _PegaAuth_config, "f").ignoreInvalidCerts) {
-        const options = { rejectUnauthorized: false };
-        if (__classPrivateFieldGet(this, _PegaAuth_config, "f").legacyTLS) {
-            options.secureOptions = this.crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT;
-        }
-        return new this.https.Agent(options);
-    }
-    return undefined;
+        console.log(error);
+    }).finally(() => { return null; });
 };
 export default PegaAuth;
 //# sourceMappingURL=auth.js.map