@webex/plugin-authorization-browser-first-party 3.10.0-next.3 → 3.10.0-next.5

package/dist/authorization.js

@@ -45,6 +45,7 @@ var OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';
  * Authorization plugin events
  */
 var Events = exports.Events = {
+  login: 'login',
   /**
    * QR code login events
    */
@@ -79,7 +80,7 @@ var Events = exports.Events = {
  * @name AuthorizationBrowserFirstParty
  * @private
  */
-var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFlight)('isAuthorizing'), _dec2 = (0, _common.whileInFlight)('isAuthorizing'), (_obj = {
+var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFlight)('isAuthorizing'), _dec2 = (0, _common.whileInFlight)('isAuthorizing'), _obj = {
   derived: {
     /**
      * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}
@@ -274,6 +275,13 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
    */
   initiateLogin: function initiateLogin() {
     var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+    this.eventEmitter.emit(Events.login, {
+      eventType: 'initiateLogin',
+      data: {
+        hasEmail: !!options.email,
+        hasState: !!options.state
+      }
+    });
     options = (0, _lodash.cloneDeep)(options);
 
     // Optionally compute heuristic email hash for preauth usage
@@ -313,6 +321,12 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
     var loginUrl = this.webex.credentials.buildLoginUrl((0, _assign.default)({
       response_type: 'code'
     }, options));
+    this.eventEmitter.emit(Events.login, {
+      eventType: 'redirectToLoginUrl',
+      data: {
+        loginUrl: loginUrl
+      }
+    });
     if (options !== null && options !== void 0 && options.separateWindow) {
       // If a separate popup window is requested, combine user supplied window features
       var defaultWindowSettings = {
@@ -383,7 +397,6 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
       code: options.code,
       self_contained_token: true // Request combined access/refresh response
     };
-
     if (options.codeVerifier) {
       form.code_verifier = options.codeVerifier;
     }
@@ -785,7 +798,7 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
       throw new Error("CSRF token ".concat(token, " does not match stored token ").concat(sessionToken));
     }
   },
-  version: "3.10.0-next.3"
-}, ((0, _applyDecoratedDescriptor2.default)(_obj, "initiateAuthorizationCodeGrant", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "initiateAuthorizationCodeGrant"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "requestAuthorizationCodeGrant", [_dec2, _common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "requestAuthorizationCodeGrant"), _obj)), _obj)));
+  version: "3.10.0-next.5"
+}, (0, _applyDecoratedDescriptor2.default)(_obj, "initiateAuthorizationCodeGrant", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "initiateAuthorizationCodeGrant"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "requestAuthorizationCodeGrant", [_dec2, _common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "requestAuthorizationCodeGrant"), _obj), _obj));
 var _default = exports.default = Authorization;
 //# sourceMappingURL=authorization.js.map

package/dist/authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_events","_common","_webexCore","_lodash","_uuid","_encBase64url","_cryptoJs","_dec","_dec2","_obj","lodash","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Events","exports","qRCodeLogin","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","eventEmitter","EventEmitter","pollingTimer","pollingExpirationTimer","pollingId","currentPollingId","initialize","_this","_len","arguments","length","attrs","Array","_key","ret","_apply","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","preauthCatalogParams","orgId","_extractOrgIdFromCode","process","nextTick","internal","services","collectPreauthCatalog","catch","_promise","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","undefined","cloneDeep","email","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","loginUrl","credentials","buildLoginUrl","_assign","response_type","separateWindow","defaultWindowSettings","width","height","windowSettings","_typeof2","windowFeatures","_entries","map","_ref","_ref2","_slicedToArray2","key","value","concat","join","open","logout","noRedirect","buildLogoutUrl","_this2","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","_generateQRCodeVerificationUrl","verificationUrl","baseUrl","urlParams","URLSearchParams","URL","search","userCode","get","oauthHelperUrl","newVerificationUrl","searchParams","initQRCodeLogin","_this3","emit","eventType","data","message","service","resource","scope","_res$body","user_code","verification_uri","verification_uri_complete","verificationUriComplete","userData","verificationUri","_startQRCodePolling","_options$interval","_this4","device_code","deviceCode","_options$expires_in","expires_in","expiresIn","interval","setTimeout","cancelQRCodePolling","polling","schedulePolling","withCancelEvent","clearTimeout","split","history","replaceState","_deleteProperty","isEmpty","omit","encode","_stringify","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","codeChallenge","setItem","token","uuid","v4","sessionToken","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","oneFlight","_default"],"sources":["authorization.js"],"sourcesContent":[" // @ts-nocheck\n/* eslint-disable */\n/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n/**\n * TS checking disabled: file uses legacy decorator syntax inside an object literal\n * transformed by Babel. Safe to ignore for now.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\nimport {EventEmitter} from 'events';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Authorization plugin events\n */\nexport const Events = {\n  /**\n   * QR code login events\n   */\n  qRCodeLogin: 'qRCodeLogin',\n};\n\n/**\n * Browser support for OAuth2 for first-party (Webex Web Client) usage.\n *\n * High-level flow handled by this module:\n * 1. initiateLogin() constructs authorization request (adds CSRF + PKCE).\n * 2. Browser navigates to IdBroker (login).\n * 3. IdBroker redirects back with ?code=... (&state=...).\n * 4. initialize() detects code, validates state/CSRF, cleans URL, optionally\n *    pre-fetches a preauth catalog, then exchanges the code via\n *    requestAuthorizationCodeGrant().\n * 5. Sets resulting supertoken (access/refresh token bundle) on credentials.\n *\n * Additional supported flow:\n * - Device Authorization (QR Code login):\n *   initQRCodeLogin() obtains device + user codes and begins polling\n *   _startQRCodePolling() until tokens are issued or timeout/cancel occurs.\n *\n * Security considerations implemented:\n * - CSRF token (state.csrf_token) generation + verification.\n * - PKCE (S256) code verifier + challenge generation and consumption.\n * - URL cleanup after redirect (removes code & CSRF to prevent leakage).\n *\n * Use of this plugin for anything other than the Webex Web Client is discouraged.\n *\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n  derived: {\n    /**\n     * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n     * @instance\n     * @memberof AuthorizationBrowserFirstParty\n     * @type {boolean}\n     */\n    isAuthenticating: {\n      deps: ['isAuthorizing'],\n      fn() {\n        return this.isAuthorizing;\n      },\n    },\n  },\n\n  session: {\n    /**\n     * Indicates if an Authorization Code exchange is inflight\n     * @instance\n     * @memberof AuthorizationBrowserFirstParty\n     * @type {boolean}\n     */\n    isAuthorizing: {\n      default: false,\n      type: 'boolean',\n    },\n    /**\n     * Indicates that the plugin has finished any automatic startup\n     * processing (e.g., exchanging a returned authorization code)\n     */\n    ready: {\n      default: false,\n      type: 'boolean',\n    },\n  },\n\n  namespace: 'Credentials',\n\n  /**\n   * EventEmitter for authorization events such as QR code login progress\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {EventEmitter}\n   * @public\n   */\n  eventEmitter: new EventEmitter(),\n\n  /**\n   * Stores the timer ID for QR code polling (device authorization)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {?number}\n   * @private\n   */\n  pollingTimer: null,\n  /**\n   * Stores the expiration timer ID for QR code polling (overall timeout)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {?number}\n   * @private\n   */\n  pollingExpirationTimer: null,\n\n  /**\n   * Monotonically increasing id to identify the current polling request.\n   * Used to safely ignore late poll responses after a cancel/reset.\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {number}\n   * @private\n   */\n  pollingId: 0,\n\n  /**\n   * Identifier for the current polling request (snapshot of pollingId)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {?number}\n   * @private\n   */\n  currentPollingId: null,\n\n  /**\n   * Auto executes during Webex.init() – you do NOT call this yourself.\n   *\n   * Purpose: Seamless \"redirect completion\" of the OAuth Authorization Code (+ PKCE) flow.\n   *\n   * Simple summary:\n   * - You call initiateLogin() which redirects user to IdBroker.\n   * - User signs in; IdBroker redirects back to your redirect_uri with ?code=... (&state=...).\n   * - During SDK startup this initialize() runs automatically, sees the code, and\n   *   silently finishes the login (validates state/CSRF + PKCE, scrubs URL, exchanges code).\n   * - When done, webex.credentials.supertoken holds access+refresh and ready=true.\n   *\n   * Step-by-step:\n   * 1. Inspect current window.location for ?code= (& state=).\n   * 2. If no code: set ready=true immediately (nothing to complete).\n   * 3. If code present:\n   *    - Decode base64 state JSON.\n   *    - Verify CSRF token matches sessionStorage value.\n   *    - Retrieve then delete PKCE code_verifier (single use).\n   *    - Optionally derive preauth hint (emailhash in state OR orgId parsed from code).\n   *    - Clean the URL (history.replaceState) to remove code & csrf token data.\n   *    - nextTick:\n   *        a. Best‑effort preauth catalog fetch (non-blocking).\n   *        b. Exchange authorization code (with code_verifier if any) for supertoken\n   *           and store on webex.credentials.\n   * 4. Set ready=true after the async sequence finishes (or immediately if step 2).\n   *\n   * Result: If the redirect included a valid code the token exchange is completed\n   * automatically—no extra API call needed after Webex.init().\n   */\n  // eslint-disable-next-line complexity\n  initialize(...attrs) {\n    const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n    const location = url.parse(this.webex.getWindow().location.href, true);\n\n    // Check if redirect includes error\n    this._checkForErrors(location);\n\n    const {code} = location.query;\n\n    // If no authorization code returned, nothing to do\n    if (!code) {\n      this.ready = true;\n      return ret;\n    }\n\n    // Decode and parse state object (if present)\n    if (location.query.state) {\n      location.query.state = JSON.parse(base64.decode(location.query.state));\n    } else {\n      location.query.state = {};\n    }\n\n    // Retrieve PKCE code verifier (if a PKCE flow was initiated)\n    const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n    // Immediately remove code verifier to minimize exposure\n    this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n    const {emailhash} = location.query.state;\n\n    // Validate CSRF token included in state\n    this._verifySecurityToken(location.query);\n    // Remove code + CSRF token remnants from URL (history replace)\n    this._cleanUrl(location);\n\n    let preauthCatalogParams;\n\n    // Attempt to extract orgId from structured authorization code (if present)\n    const orgId = this._extractOrgIdFromCode(code);\n\n    if (emailhash) {\n      preauthCatalogParams = {emailhash};\n    } else if (orgId) {\n      preauthCatalogParams = {orgId};\n    }\n\n    // Defer token exchange until next tick in case credentials plugin not ready yet\n    process.nextTick(() => {\n      this.webex.internal.services\n        .collectPreauthCatalog(preauthCatalogParams)\n        .catch(() => Promise.resolve()) // Non-fatal if catalog collection fails\n        .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n        .catch((error) => {\n          this.logger.warn('authorization: failed initial authorization code grant request', error);\n        })\n        .then(() => {\n          // Mark plugin ready regardless of success/failure of token exchange\n          this.ready = true;\n        });\n    });\n\n    return ret;\n  },\n\n  /**\n   * Kicks off an OAuth authorization code flow (first party).\n   *\n   * Adds security + PKCE properties:\n   * - SHA256(email) (emailHash & emailhash) for preauth and redirect flows\n   * - state.csrf_token for CSRF protection\n   * - PKCE code_challenge (S256)\n   *\n   * NOTE: This does not itself perform the redirect; it calls\n   * initiateAuthorizationCodeGrant() which changes window location or opens\n   * a separate window as configured.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options\n   * @returns {Promise}\n   */\n  initiateLogin(options = {}) {\n    options = cloneDeep(options);\n\n    // Optionally compute heuristic email hash for preauth usage\n    if (options.email) {\n      options.emailHash = CryptoJS.SHA256(options.email).toString();\n    }\n    delete options.email; // Ensure raw email not propagated further\n\n    options.state = options.state || {};\n    // Embed CSRF token\n    options.state.csrf_token = this._generateSecurityToken();\n    // Provide email hash in lower-case key used by catalog service\n    // (Note: catalog uses emailhash and redirectCI uses emailHash)\n    options.state.emailhash = options.emailHash;\n\n    // PKCE - produce code_challenge (S256) and persist code_verifier\n    options.code_challenge = this._generateCodeChallenge();\n    options.code_challenge_method = 'S256';\n\n    return this.initiateAuthorizationCodeGrant(options);\n  },\n\n  @whileInFlight('isAuthorizing')\n  /**\n   * Performs the navigation step of the Authorization Code flow.\n   * Builds login URL and either:\n   *  - Replaces current window location (default), or\n   *  - Opens a separate window (popup) if options.separateWindow supplied.\n   *\n   * Decorated with whileInFlight('isAuthorizing') to set isAuthorizing=true\n   * during execution to prevent concurrent overlapping attempts.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options - Already augmented with state + PKCE info\n   * @returns {Promise<void>}\n   */\n  initiateAuthorizationCodeGrant(options) {\n    this.logger.info('authorization: initiating authorization code grant flow');\n    const loginUrl = this.webex.credentials.buildLoginUrl(\n      Object.assign({response_type: 'code'}, options)\n    );\n\n    if (options?.separateWindow) {\n      // If a separate popup window is requested, combine user supplied window features\n      const defaultWindowSettings = {\n        width: 600,\n        height: 800,\n      };\n\n      const windowSettings = Object.assign(\n        defaultWindowSettings,\n        typeof options.separateWindow === 'object' ? options.separateWindow : {}\n      );\n\n      const windowFeatures = Object.entries(windowSettings)\n        .map(([key, value]) => `${key}=${value}`)\n        .join(',');\n      this.webex.getWindow().open(loginUrl, '_blank', windowFeatures);\n    } else {\n      // Normal (in-tab) redirect\n      this.webex.getWindow().location = loginUrl;\n    }\n\n    return Promise.resolve();\n  },\n\n  /**\n   * Called by {@link WebexCore#logout()}.\n   * Constructs logout URL and (unless suppressed) navigates away to ensure\n   * server-side session termination.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options\n   * @param {boolean} options.noRedirect if true, does not redirect\n   * @returns {Promise<void>}\n   */\n  logout(options = {}) {\n    if (!options.noRedirect) {\n      this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n    }\n  },\n\n  @whileInFlight('isAuthorizing')\n  @oneFlight\n  /**\n   * Exchanges an authorization code for an access (super) token bundle.\n   *\n   * Decorators:\n   * - @whileInFlight('isAuthorizing'): prevents overlapping exchanges.\n   * - @oneFlight: collapses simultaneous calls into one network request.\n   *\n   * Includes PKCE code_verifier if present from earlier login initiation.\n   *\n   * Error Handling:\n   * - Non-400 responses are propagated.\n   * - 400 responses map to OAuth-specific grantErrors.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options\n   * @param {string} options.code - Authorization code from redirect\n   * @param {string} [options.codeVerifier] - PKCE code verifier if used\n   * @returns {Promise}\n   */\n  requestAuthorizationCodeGrant(options = {}) {\n    this.logger.info('credentials: requesting authorization code grant');\n\n    if (!options.code) {\n      return Promise.reject(new Error('`options.code` is required'));\n    }\n\n    const form = {\n      grant_type: 'authorization_code',\n      redirect_uri: this.config.redirect_uri,\n      code: options.code,\n      self_contained_token: true, // Request combined access/refresh response\n    };\n\n    if (options.codeVerifier) {\n      form.code_verifier = options.codeVerifier;\n    }\n\n    return this.webex\n      .request({\n        method: 'POST',\n        uri: this.config.tokenUrl,\n        form,\n        auth: {\n          user: this.config.client_id,\n          pass: this.config.client_secret,\n          sendImmediately: true,\n        },\n        shouldRefreshAccessToken: false, // This is the token acquisition call itself\n      })\n      .then((res) => {\n        // Store supertoken into credentials (includes refresh token)\n        this.webex.credentials.set({supertoken: res.body});\n      })\n      .catch((res) => {\n        if (res.statusCode !== 400) {\n          return Promise.reject(res);\n        }\n\n        // Map standard OAuth error to strongly typed error class\n        const ErrorConstructor = grantErrors.select(res.body.error);\n\n        return Promise.reject(new ErrorConstructor(res._res || res));\n      });\n  },\n\n  /**\n   * Generate a QR code verification URL for device authorization flow.\n   * When a user scans the QR code with a mobile device, this deep-links into\n   * Webex (web) to continue login, including passing along userCode and the\n   * helper service base URL.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {String} verificationUrl - Original verification URI (complete)\n   * @returns {String} Possibly rewritten verification URL\n   */\n  _generateQRCodeVerificationUrl(verificationUrl) {\n    const baseUrl = 'https://web.webex.com/deviceAuth';\n    const urlParams = new URLSearchParams(new URL(verificationUrl).search);\n    const userCode = urlParams.get('userCode');\n\n    if (userCode) {\n      const {services} = this.webex.internal;\n      const oauthHelperUrl = services.get('oauth-helper');\n      const newVerificationUrl = new URL(baseUrl);\n      newVerificationUrl.searchParams.set('usercode', userCode);\n      newVerificationUrl.searchParams.set('oauthhelper', oauthHelperUrl);\n      return newVerificationUrl.toString();\n    } else {\n      return verificationUrl;\n    }\n  },\n\n  /**\n   * Initiates Device Authorization (QR Code) flow.\n   *\n   * Steps:\n   * 1. Obtain device_code, user_code, verification URLs from oauth-helper.\n   * 2. Emit getUserCodeSuccess (provides data for generating QR code).\n   * 3. Start polling token endpoint with device_code.\n   *\n   * Emits qRCodeLogin events for UI to react (success, failure, pending, etc.).\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @emits #qRCodeLogin\n   */\n  initQRCodeLogin() {\n    if (this.pollingTimer) {\n      // Prevent concurrent device authorization attempts\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'getUserCodeFailure',\n        data: {message: 'There is already a polling request'},\n      });\n      return;\n    }\n\n    this.webex\n      .request({\n        method: 'POST',\n        service: 'oauth-helper',\n        resource: '/actions/device/authorize',\n        form: {\n          client_id: this.config.client_id,\n          scope: this.config.scope,\n        },\n        auth: {\n          user: this.config.client_id,\n          pass: this.config.client_secret,\n          sendImmediately: true,\n        },\n      })\n      .then((res) => {\n        const {user_code, verification_uri, verification_uri_complete} = res.body;\n        const verificationUriComplete = this._generateQRCodeVerificationUrl(verification_uri_complete);\n        this.eventEmitter.emit(Events.qRCodeLogin, {\n          eventType: 'getUserCodeSuccess',\n            userData: {\n            userCode: user_code,\n            verificationUri: verification_uri,\n            verificationUriComplete,\n          },\n        });\n        // Begin polling for authorization completion\n        this._startQRCodePolling(res.body);\n      })\n      .catch((res) => {\n        this.eventEmitter.emit(Events.qRCodeLogin, {\n          eventType: 'getUserCodeFailure',\n          data: res.body,\n        });\n      });\n  },\n\n  /**\n   * Poll the device token endpoint until user authorizes, an error occurs,\n   * or timeout happens.\n   *\n   * Polling behavior:\n   * - Interval provided by server (default 2s). 'slow_down' doubles interval once.\n   * - 428 status => pending (continue).\n   * - Success => set credentials + emit authorizationSuccess + stop polling.\n   * - Any other error => emit authorizationFailure + stop polling.\n   *\n   * Cancellation:\n   * - cancelQRCodePolling() resets timers and polling ids so late responses are ignored.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options - Must include device_code, may include interval/expires_in\n   * @emits #qRCodeLogin\n   */\n  _startQRCodePolling(options = {}) {\n    if (!options.device_code) {\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'authorizationFailure',\n        data: {message: 'A deviceCode is required'},\n      });\n      return;\n    }\n\n    if (this.pollingTimer) {\n      // Already polling; avoid starting a duplicate cycle\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'authorizationFailure',\n        data: {message: 'There is already a polling request'},\n      });\n      return;\n    }\n\n    const {device_code: deviceCode, expires_in: expiresIn = 300} = options;\n    // Server recommended polling interval (seconds)\n    let interval = options.interval ?? 2;\n\n    // Global timeout for entire device authorization attempt\n    this.pollingExpirationTimer = setTimeout(() => {\n      this.cancelQRCodePolling(false);\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'authorizationFailure',\n        data: {message: 'Authorization timed out'},\n      });\n    }, expiresIn * 1000);\n\n    const polling = () => {\n      // Increment id so any previous poll loops can be invalidated\n      this.pollingId += 1;\n      this.currentPollingId = this.pollingId;\n\n      this.webex\n        .request({\n          method: 'POST',\n          service: 'oauth-helper',\n          resource: '/actions/device/token',\n          form: {\n            grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n            device_code: deviceCode,\n            client_id: this.config.client_id,\n          },\n          auth: {\n            user: this.config.client_id,\n            pass: this.config.client_secret,\n            sendImmediately: true,\n          },\n        })\n        .then((res) => {\n          // If polling canceled (id changed), ignore this response\n          if (this.currentPollingId !== this.pollingId) return;\n\n            this.eventEmitter.emit(Events.qRCodeLogin, {\n            eventType: 'authorizationSuccess',\n            data: res.body,\n          });\n          this.webex.credentials.set({supertoken: res.body});\n          this.cancelQRCodePolling();\n        })\n        .catch((res) => {\n          if (this.currentPollingId !== this.pollingId) return;\n\n          // Backoff signal from server; increase interval just once for next cycle\n          if (res.statusCode === 400 && res.body.message === 'slow_down') {\n            schedulePolling(interval * 2);\n            return;\n          }\n\n          // Pending: keep polling\n          if (res.statusCode === 428) {\n            this.eventEmitter.emit(Events.qRCodeLogin, {\n              eventType: 'authorizationPending',\n              data: res.body,\n            });\n            schedulePolling(interval);\n            return;\n          }\n\n          // Terminal error\n          this.cancelQRCodePolling();\n\n          this.eventEmitter.emit(Events.qRCodeLogin, {\n            eventType: 'authorizationFailure',\n            data: res.body,\n          });\n        });\n    };\n\n    // Schedules next poll invocation\n    const schedulePolling = (interval) =>\n      (this.pollingTimer = setTimeout(polling, interval * 1000));\n\n    schedulePolling(interval);\n  },\n\n  /**\n   * Cancel active device authorization polling loop.\n   *\n   * @param {boolean} withCancelEvent emit a pollingCanceled event (default true)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @returns {void}\n   */\n  cancelQRCodePolling(withCancelEvent = true) {\n    if (this.pollingTimer && withCancelEvent) {\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'pollingCanceled',\n      });\n    }\n\n    this.currentPollingId = null;\n\n    clearTimeout(this.pollingExpirationTimer);\n    this.pollingExpirationTimer = null;\n    clearTimeout(this.pollingTimer);\n    this.pollingTimer = null;\n  },\n\n  /**\n   * Extracts the orgId from the returned code from idbroker.\n   *\n   * Certain authorization codes encode organization info in a structured\n   * underscore-delimited format. This method parses out the 3rd segment.\n   *\n   * For undocumented formats or unexpected code shapes, returns undefined.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {String} code\n   * @private\n   * @returns {String|undefined}\n   */\n  _extractOrgIdFromCode(code) {\n    return code?.split('_')[2] || undefined;\n  },\n\n  /**\n   * Checks if the result of the login redirect contains an OAuth error.\n   * Throws a mapped grant error if encountered.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} location\n   * @private\n   * @returns {void}\n   */\n  _checkForErrors(location) {\n    const {query} = location;\n\n    if (query && query.error) {\n      const ErrorConstructor = grantErrors.select(query.error);\n\n      throw new ErrorConstructor(query);\n    }\n  },\n\n  /**\n   * Removes no-longer needed values from the URL (authorization code, CSRF token).\n   * This is important to avoid leaking sensitive parameters via:\n   * - Browser history\n   * - Copy/paste of URL\n   * - HTTP referrer headers to third-party content\n   *\n   * Approach:\n   * - Remove 'code'.\n   * - Remove 'state' entirely if only contained csrf_token.\n   * - Else, re-encode remaining state fields (minus csrf_token).\n   * - Replace current history entry (no page reload).\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} location\n   * @private\n   * @returns {void}\n   */\n  _cleanUrl(location) {\n    location = cloneDeep(location);\n    if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n      Reflect.deleteProperty(location.query, 'code');\n      if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n        Reflect.deleteProperty(location.query, 'state');\n      } else {\n        location.query.state = base64.encode(\n          JSON.stringify(omit(location.query.state, 'csrf_token'))\n        );\n      }\n      location.search = querystring.stringify(location.query);\n      Reflect.deleteProperty(location, 'query');\n      this.webex.getWindow().history.replaceState({}, null, url.format(location));\n    }\n  },\n\n  /**\n   * Generates a PKCE (RFC 7636) code verifier and corresponding S256 code challenge.\n   * Persists the verifier in sessionStorage (single-use) for later retrieval\n   * during authorization code exchange; removes it once consumed.\n   *\n   * Implementation details:\n   * - Creates a 128 character string using base64url safe alphabet.\n   * - Computes SHA256 hash, encodes to base64url (no padding).\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @private\n   * @returns {string} code_challenge\n   */\n  _generateCodeChallenge() {\n    this.logger.info('authorization: generating PKCE code challenge');\n\n    // eslint-disable-next-line no-underscore-dangle\n    const safeCharacterMap = base64url._safe_map;\n\n    const codeVerifier = lodash\n      .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n      .join('');\n\n    const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n    this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n    return codeChallenge;\n  },\n\n  /**\n   * Generates a CSRF token and stores it in sessionStorage.\n   * Token is embedded in 'state' and validated upon redirect return.\n   *\n   * Uses UUID v4 for randomness.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @private\n   * @returns {string} token\n   */\n  _generateSecurityToken() {\n    this.logger.info('authorization: generating csrf token');\n\n    const token = uuid.v4();\n\n    this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n    return token;\n  },\n\n  /**\n   * Verifies that the CSRF token returned in the 'state' matches the one\n   * previously stored in sessionStorage.\n   *\n   * Steps:\n   * - Retrieve and immediately remove stored token (one-time use).\n   * - Ensure state + state.csrf_token exist.\n   * - Compare values; throw descriptive errors on mismatch / absence.\n   *\n   * If no stored token (e.g., user navigated directly), silently returns.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} query - Parsed query (location.query)\n   * @private\n   * @returns {void}\n   */\n  _verifySecurityToken(query) {\n    const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n    this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n    if (!sessionToken) {\n      return;\n    }\n\n    if (!query.state) {\n      throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n    }\n\n    if (!query.state.csrf_token) {\n      throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n    }\n\n    const token = query.state.csrf_token;\n\n    if (token !== sessionToken) {\n      throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n    }\n  },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAYA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,aAAA,GAAAR,sBAAA,CAAAC,OAAA;AACA,IAAAQ,SAAA,GAAAT,sBAAA,CAAAC,OAAA;AAAiC,IAAAS,IAAA,EAAAC,KAAA,EAAAC,IAAA,EArBhC;AACD;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAaA;AACA;AACA,IAAMC,MAAM,GAAGZ,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMa,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACO,IAAMC,MAAM,GAAAC,OAAA,CAAAD,MAAA,GAAG;EACpB;AACF;AACA;EACEE,WAAW,EAAE;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,EAAAX,IAAA,GA0NrC,IAAAY,qBAAa,EAAC,eAAe,CAAC,EAAAX,KAAA,GA8D9B,IAAAW,qBAAa,EAAC,eAAe,CAAC,GAAAV,IAAA,GAxRQ;EACvCW,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,WAAAA,GAAA,EAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAIC,oBAAY,CAAC,CAAC;EAEhC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAI;EAClB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,sBAAsB,EAAE,IAAI;EAE5B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,EAAE,CAAC;EAEZ;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,gBAAgB,EAAE,IAAI;EAEtB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,WAAAA,WAAA,EAAW;IAAA,IAAAC,KAAA;IAAA,SAAAC,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAPC,KAAK,OAAAC,KAAA,CAAAJ,IAAA,GAAAK,IAAA,MAAAA,IAAA,GAAAL,IAAA,EAAAK,IAAA;MAALF,KAAK,CAAAE,IAAA,IAAAJ,SAAA,CAAAI,IAAA;IAAA;IACjB,IAAMC,GAAG,GAAG,IAAAC,MAAA,CAAAnB,OAAA,EAAcT,sBAAW,CAAC6B,SAAS,CAACV,UAAU,EAAE,IAAI,EAAEK,KAAK,CAAC;IACxE,IAAMM,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;;IAEtE;IACA,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;;IAEX;IACA,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAAC1B,KAAK,GAAG,IAAI;MACjB,OAAOgB,GAAG;IACZ;;IAEA;IACA,IAAIG,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;;IAEA;IACA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAAClD,oBAAoB,CAAC;IACxF;IACA,IAAI,CAACsC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACnD,oBAAoB,CAAC;IAEtE,IAAOoD,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;;IAEhB;IACA,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC;IACA,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;IAExB,IAAIoB,oBAAoB;;IAExB;IACA,IAAMC,KAAK,GAAG,IAAI,CAACC,qBAAqB,CAACf,IAAI,CAAC;IAE9C,IAAIU,SAAS,EAAE;MACbG,oBAAoB,GAAG;QAACH,SAAS,EAATA;MAAS,CAAC;IACpC,CAAC,MAAM,IAAII,KAAK,EAAE;MAChBD,oBAAoB,GAAG;QAACC,KAAK,EAALA;MAAK,CAAC;IAChC;;IAEA;IACAE,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrBlC,KAAI,CAACa,KAAK,CAACsB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAACP,oBAAoB,CAAC,CAC3CQ,KAAK,CAAC;QAAA,OAAMC,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;MAAA,EAAC,CAAC;MAAA,CAC/BC,IAAI,CAAC;QAAA,OAAMzC,KAAI,CAAC0C,6BAA6B,CAAC;UAACzB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEe,KAAK,CAAC,UAACK,KAAK,EAAK;QAChB3C,KAAI,CAAC4C,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV;QACAzC,KAAI,CAACT,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOgB,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuC,aAAa,WAAAA,cAAA,EAAe;IAAA,IAAdC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxB6C,OAAO,GAAG,IAAAE,iBAAS,EAACF,OAAO,CAAC;;IAE5B;IACA,IAAIA,OAAO,CAACG,KAAK,EAAE;MACjBH,OAAO,CAACI,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACN,OAAO,CAACG,KAAK,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/D;IACA,OAAOP,OAAO,CAACG,KAAK,CAAC,CAAC;;IAEtBH,OAAO,CAAC5B,KAAK,GAAG4B,OAAO,CAAC5B,KAAK,IAAI,CAAC,CAAC;IACnC;IACA4B,OAAO,CAAC5B,KAAK,CAACoC,UAAU,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACxD;IACA;IACAT,OAAO,CAAC5B,KAAK,CAACQ,SAAS,GAAGoB,OAAO,CAACI,SAAS;;IAE3C;IACAJ,OAAO,CAACU,cAAc,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACtDX,OAAO,CAACY,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAACb,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEa,8BAA8B,WAAAA,+BAACb,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACiB,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAMC,QAAQ,GAAG,IAAI,CAACjD,KAAK,CAACkD,WAAW,CAACC,aAAa,CACnD,IAAAC,OAAA,CAAA5E,OAAA,EAAc;MAAC6E,aAAa,EAAE;IAAM,CAAC,EAAEnB,OAAO,CAChD,CAAC;IAED,IAAIA,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEoB,cAAc,EAAE;MAC3B;MACA,IAAMC,qBAAqB,GAAG;QAC5BC,KAAK,EAAE,GAAG;QACVC,MAAM,EAAE;MACV,CAAC;MAED,IAAMC,cAAc,GAAG,IAAAN,OAAA,CAAA5E,OAAA,EACrB+E,qBAAqB,EACrB,IAAAI,QAAA,CAAAnF,OAAA,EAAO0D,OAAO,CAACoB,cAAc,MAAK,QAAQ,GAAGpB,OAAO,CAACoB,cAAc,GAAG,CAAC,CACzE,CAAC;MAED,IAAMM,cAAc,GAAG,IAAAC,QAAA,CAAArF,OAAA,EAAekF,cAAc,CAAC,CAClDI,GAAG,CAAC,UAAAC,IAAA;QAAA,IAAAC,KAAA,OAAAC,eAAA,CAAAzF,OAAA,EAAAuF,IAAA;UAAEG,GAAG,GAAAF,KAAA;UAAEG,KAAK,GAAAH,KAAA;QAAA,UAAAI,MAAA,CAASF,GAAG,OAAAE,MAAA,CAAID,KAAK;MAAA,CAAE,CAAC,CACxCE,IAAI,CAAC,GAAG,CAAC;MACZ,IAAI,CAACrE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACqE,IAAI,CAACrB,QAAQ,EAAE,QAAQ,EAAEW,cAAc,CAAC;IACjE,CAAC,MAAM;MACL;MACA,IAAI,CAAC5D,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGoD,QAAQ;IAC5C;IAEA,OAAOvB,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE4C,MAAM,WAAAA,OAAA,EAAe;IAAA,IAAdrC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACjB,IAAI,CAAC6C,OAAO,CAACsC,UAAU,EAAE;MACvB,IAAI,CAACxE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACkD,WAAW,CAACuB,cAAc,CAACvC,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,WAAAA,8BAAA,EAAe;IAAA,IAAA6C,MAAA;IAAA,IAAdxC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxC,IAAI,CAAC0C,MAAM,CAACiB,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACd,OAAO,CAAC9B,IAAI,EAAE;MACjB,OAAOsB,QAAA,CAAAlD,OAAA,CAAQmG,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtC3E,IAAI,EAAE8B,OAAO,CAAC9B,IAAI;MAClB6E,oBAAoB,EAAE,IAAI,CAAE;IAC9B,CAAC;;IAED,IAAI/C,OAAO,CAACxB,YAAY,EAAE;MACxBmE,IAAI,CAACK,aAAa,GAAGhD,OAAO,CAACxB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACdmF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE,KAAK,CAAE;IACnC,CAAC,CAAC,CACDjE,IAAI,CAAC,UAACkE,GAAG,EAAK;MACb;MACApB,MAAI,CAAC1E,KAAK,CAACkD,WAAW,CAAC6C,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACDxE,KAAK,CAAC,UAACqE,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAOxE,QAAA,CAAAlD,OAAA,CAAQmG,MAAM,CAACmB,GAAG,CAAC;MAC5B;;MAEA;MACA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAACnE,KAAK,CAAC;MAE3D,OAAOJ,QAAA,CAAAlD,OAAA,CAAQmG,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,8BAA8B,WAAAA,+BAACC,eAAe,EAAE;IAC9C,IAAMC,OAAO,GAAG,kCAAkC;IAClD,IAAMC,SAAS,GAAG,IAAIC,eAAe,CAAC,IAAIC,GAAG,CAACJ,eAAe,CAAC,CAACK,MAAM,CAAC;IACtE,IAAMC,QAAQ,GAAGJ,SAAS,CAACK,GAAG,CAAC,UAAU,CAAC;IAE1C,IAAID,QAAQ,EAAE;MACZ,IAAOvF,QAAQ,GAAI,IAAI,CAACvB,KAAK,CAACsB,QAAQ,CAA/BC,QAAQ;MACf,IAAMyF,cAAc,GAAGzF,QAAQ,CAACwF,GAAG,CAAC,cAAc,CAAC;MACnD,IAAME,kBAAkB,GAAG,IAAIL,GAAG,CAACH,OAAO,CAAC;MAC3CQ,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,UAAU,EAAEe,QAAQ,CAAC;MACzDG,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,aAAa,EAAEiB,cAAc,CAAC;MAClE,OAAOC,kBAAkB,CAACxE,QAAQ,CAAC,CAAC;IACtC,CAAC,MAAM;MACL,OAAO+D,eAAe;IACxB;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,eAAe,WAAAA,gBAAA,EAAG;IAAA,IAAAC,MAAA;IAChB,IAAI,IAAI,CAACtI,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE;UAACC,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAI,CAACxH,KAAK,CACPmF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdqC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,2BAA2B;MACrC7C,IAAI,EAAE;QACJY,SAAS,EAAE,IAAI,CAACT,MAAM,CAACS,SAAS;QAChCkC,KAAK,EAAE,IAAI,CAAC3C,MAAM,CAAC2C;MACrB,CAAC;MACDpC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB;IACF,CAAC,CAAC,CACDhE,IAAI,CAAC,UAACkE,GAAG,EAAK;MACb,IAAA8B,SAAA,GAAiE9B,GAAG,CAACG,IAAI;QAAlE4B,SAAS,GAAAD,SAAA,CAATC,SAAS;QAAEC,gBAAgB,GAAAF,SAAA,CAAhBE,gBAAgB;QAAEC,yBAAyB,GAAAH,SAAA,CAAzBG,yBAAyB;MAC7D,IAAMC,uBAAuB,GAAGZ,MAAI,CAACb,8BAA8B,CAACwB,yBAAyB,CAAC;MAC9FX,MAAI,CAACxI,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,oBAAoB;QAC7BW,QAAQ,EAAE;UACVnB,QAAQ,EAAEe,SAAS;UACnBK,eAAe,EAAEJ,gBAAgB;UACjCE,uBAAuB,EAAvBA;QACF;MACF,CAAC,CAAC;MACF;MACAZ,MAAI,CAACe,mBAAmB,CAACrC,GAAG,CAACG,IAAI,CAAC;IACpC,CAAC,CAAC,CACDxE,KAAK,CAAC,UAACqE,GAAG,EAAK;MACdsB,MAAI,CAACxI,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAEzB,GAAG,CAACG;MACZ,CAAC,CAAC;IACJ,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEkC,mBAAmB,WAAAA,oBAAA,EAAe;IAAA,IAAAC,iBAAA;MAAAC,MAAA;IAAA,IAAdnG,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC9B,IAAI,CAAC6C,OAAO,CAACoG,WAAW,EAAE;MACxB,IAAI,CAAC1J,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACC,OAAO,EAAE;QAA0B;MAC5C,CAAC,CAAC;MACF;IACF;IAEA,IAAI,IAAI,CAAC1I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACC,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAoBe,UAAU,GAAiCrG,OAAO,CAA/DoG,WAAW;MAAAE,mBAAA,GAA6CtG,OAAO,CAAtCuG,UAAU;MAAEC,SAAS,GAAAF,mBAAA,cAAG,GAAG,GAAAA,mBAAA;IAC3D;IACA,IAAIG,QAAQ,IAAAP,iBAAA,GAAGlG,OAAO,CAACyG,QAAQ,cAAAP,iBAAA,cAAAA,iBAAA,GAAI,CAAC;;IAEpC;IACA,IAAI,CAACrJ,sBAAsB,GAAG6J,UAAU,CAAC,YAAM;MAC7CP,MAAI,CAACQ,mBAAmB,CAAC,KAAK,CAAC;MAC/BR,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACC,OAAO,EAAE;QAAyB;MAC3C,CAAC,CAAC;IACJ,CAAC,EAAEkB,SAAS,GAAG,IAAI,CAAC;IAEpB,IAAMI,OAAO,GAAG,SAAVA,OAAOA,CAAA,EAAS;MACpB;MACAT,MAAI,CAACrJ,SAAS,IAAI,CAAC;MACnBqJ,MAAI,CAACpJ,gBAAgB,GAAGoJ,MAAI,CAACrJ,SAAS;MAEtCqJ,MAAI,CAACrI,KAAK,CACPmF,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdqC,OAAO,EAAE,cAAc;QACvBC,QAAQ,EAAE,uBAAuB;QACjC7C,IAAI,EAAE;UACJC,UAAU,EAAE,8CAA8C;UAC1DwD,WAAW,EAAEC,UAAU;UACvB9C,SAAS,EAAE4C,MAAI,CAACrD,MAAM,CAACS;QACzB,CAAC;QACDF,IAAI,EAAE;UACJC,IAAI,EAAE6C,MAAI,CAACrD,MAAM,CAACS,SAAS;UAC3BC,IAAI,EAAE2C,MAAI,CAACrD,MAAM,CAACW,aAAa;UAC/BC,eAAe,EAAE;QACnB;MACF,CAAC,CAAC,CACDhE,IAAI,CAAC,UAACkE,GAAG,EAAK;QACb;QACA,IAAIuC,MAAI,CAACpJ,gBAAgB,KAAKoJ,MAAI,CAACrJ,SAAS,EAAE;QAE5CqJ,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;UAC3CyJ,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAEzB,GAAG,CAACG;QACZ,CAAC,CAAC;QACFoC,MAAI,CAACrI,KAAK,CAACkD,WAAW,CAAC6C,GAAG,CAAC;UAACC,UAAU,EAAEF,GAAG,CAACG;QAAI,CAAC,CAAC;QAClDoC,MAAI,CAACQ,mBAAmB,CAAC,CAAC;MAC5B,CAAC,CAAC,CACDpH,KAAK,CAAC,UAACqE,GAAG,EAAK;QACd,IAAIuC,MAAI,CAACpJ,gBAAgB,KAAKoJ,MAAI,CAACrJ,SAAS,EAAE;;QAE9C;QACA,IAAI8G,GAAG,CAACI,UAAU,KAAK,GAAG,IAAIJ,GAAG,CAACG,IAAI,CAACuB,OAAO,KAAK,WAAW,EAAE;UAC9DuB,eAAe,CAACJ,QAAQ,GAAG,CAAC,CAAC;UAC7B;QACF;;QAEA;QACA,IAAI7C,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;UAC1BmC,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;YACzCyJ,SAAS,EAAE,sBAAsB;YACjCC,IAAI,EAAEzB,GAAG,CAACG;UACZ,CAAC,CAAC;UACF8C,eAAe,CAACJ,QAAQ,CAAC;UACzB;QACF;;QAEA;QACAN,MAAI,CAACQ,mBAAmB,CAAC,CAAC;QAE1BR,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;UACzCyJ,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAEzB,GAAG,CAACG;QACZ,CAAC,CAAC;MACJ,CAAC,CAAC;IACN,CAAC;;IAED;IACA,IAAM8C,eAAe,GAAG,SAAlBA,eAAeA,CAAIJ,QAAQ;MAAA,OAC9BN,MAAI,CAACvJ,YAAY,GAAG8J,UAAU,CAACE,OAAO,EAAEH,QAAQ,GAAG,IAAI,CAAC;IAAA,CAAC;IAE5DI,eAAe,CAACJ,QAAQ,CAAC;EAC3B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBAAmB,WAAAA,oBAAA,EAAyB;IAAA,IAAxBG,eAAe,GAAA3J,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,IAAI;IACxC,IAAI,IAAI,CAACP,YAAY,IAAIkK,eAAe,EAAE;MACxC,IAAI,CAACpK,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE;MACb,CAAC,CAAC;IACJ;IAEA,IAAI,CAACrI,gBAAgB,GAAG,IAAI;IAE5BgK,YAAY,CAAC,IAAI,CAAClK,sBAAsB,CAAC;IACzC,IAAI,CAACA,sBAAsB,GAAG,IAAI;IAClCkK,YAAY,CAAC,IAAI,CAACnK,YAAY,CAAC;IAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqC,qBAAqB,WAAAA,sBAACf,IAAI,EAAE;IAC1B,OAAO,CAAAA,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAE8I,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAI/G,SAAS;EACzC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEhC,eAAe,WAAAA,gBAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACyB,KAAK,EAAE;MACxB,IAAMqE,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAAChG,KAAK,CAACyB,KAAK,CAAC;MAExD,MAAM,IAAIqE,gBAAgB,CAAC9F,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,WAAAA,UAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,IAAAuC,iBAAS,EAACvC,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACkJ,OAAO,IAAI,IAAI,CAACnJ,KAAK,CAACC,SAAS,CAAC,CAAC,CAACkJ,OAAO,CAACC,YAAY,EAAE;MACjF,IAAAC,eAAA,CAAA7K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,IAAAiJ,eAAO,EAAC,IAAAC,YAAI,EAAC1J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,IAAA+I,eAAA,CAAA7K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACgJ,MAAM,CAClC,IAAAC,UAAA,CAAAjL,OAAA,EAAe,IAAA+K,YAAI,EAAC1J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CACzD,CAAC;MACH;MACAT,QAAQ,CAACgH,MAAM,GAAG6C,oBAAW,CAACC,SAAS,CAAC9J,QAAQ,CAACQ,KAAK,CAAC;MACvD,IAAAgJ,eAAA,CAAA7K,OAAA,EAAuBqB,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACkJ,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAEtJ,YAAG,CAAC8J,MAAM,CAAC/J,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEgD,sBAAsB,WAAAA,uBAAA,EAAG;IACvB,IAAI,CAACd,MAAM,CAACiB,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM6G,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAMrJ,YAAY,GAAGlD,MAAM,CACxBwM,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAACrM,MAAM,CAACyM,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACvK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjF+E,IAAI,CAAC,EAAE,CAAC;IAEX,IAAM6F,aAAa,GAAG3H,iBAAQ,CAACC,MAAM,CAAC9B,YAAY,CAAC,CAAC+B,QAAQ,CAACqH,qBAAS,CAAC;IAEvE,IAAI,CAAC9J,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACwJ,OAAO,CAACzM,oBAAoB,EAAEgD,YAAY,CAAC;IAEjF,OAAOwJ,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEvH,sBAAsB,WAAAA,uBAAA,EAAG;IACvB,IAAI,CAACZ,MAAM,CAACiB,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMoH,KAAK,GAAGC,aAAI,CAACC,EAAE,CAAC,CAAC;IAEvB,IAAI,CAACtK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACwJ,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACErJ,oBAAoB,WAAAA,qBAACV,KAAK,EAAE;IAC1B,IAAMkK,YAAY,GAAG,IAAI,CAACvK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACnD,iBAAiB,CAAC;IAErF,IAAI,CAACuC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACpD,iBAAiB,CAAC;IACnE,IAAI,CAAC8M,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAAClK,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAIsE,KAAK,wBAAAR,MAAA,CAAwBmG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAI,CAAClK,KAAK,CAACC,KAAK,CAACoC,UAAU,EAAE;MAC3B,MAAM,IAAIkC,KAAK,wBAAAR,MAAA,CAAwBmG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAMH,KAAK,GAAG/J,KAAK,CAACC,KAAK,CAACoC,UAAU;IAEpC,IAAI0H,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAI3F,KAAK,eAAAR,MAAA,CAAegG,KAAK,mCAAAhG,MAAA,CAAgCmG,YAAY,CAAE,CAAC;IACpF;EACF,CAAC;EAAAC,OAAA;AACH,CAAC,OAAAC,0BAAA,CAAAjM,OAAA,EAAAjB,IAAA,qCAAAF,IAAA,OAAAqN,yBAAA,CAAAlM,OAAA,EAAAjB,IAAA,qCAAAA,IAAA,OAAAkN,0BAAA,CAAAjM,OAAA,EAAAjB,IAAA,oCAAAD,KAAA,EA7cEqN,iBAAS,OAAAD,yBAAA,CAAAlM,OAAA,EAAAjB,IAAA,oCAAAA,IAAA,IAAAA,IAAA,EA6cX,CAAC;AAAC,IAAAqN,QAAA,GAAAhN,OAAA,CAAAY,OAAA,GAEYV,aAAa"}
+{"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_events","_common","_webexCore","_lodash","_uuid","_encBase64url","_cryptoJs","_dec","_dec2","_obj","lodash","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Events","exports","login","qRCodeLogin","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","eventEmitter","EventEmitter","pollingTimer","pollingExpirationTimer","pollingId","currentPollingId","initialize","_this","_len","arguments","length","attrs","Array","_key","ret","_apply","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","preauthCatalogParams","orgId","_extractOrgIdFromCode","process","nextTick","internal","services","collectPreauthCatalog","catch","_promise","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","undefined","emit","eventType","data","hasEmail","email","hasState","cloneDeep","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","loginUrl","credentials","buildLoginUrl","_assign","response_type","separateWindow","defaultWindowSettings","width","height","windowSettings","_typeof2","windowFeatures","_entries","map","_ref","_ref2","_slicedToArray2","key","value","concat","join","open","logout","noRedirect","buildLogoutUrl","_this2","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","_generateQRCodeVerificationUrl","verificationUrl","baseUrl","urlParams","URLSearchParams","URL","search","userCode","get","oauthHelperUrl","newVerificationUrl","searchParams","initQRCodeLogin","_this3","message","service","resource","scope","_res$body","user_code","verification_uri","verification_uri_complete","verificationUriComplete","userData","verificationUri","_startQRCodePolling","_options$interval","_this4","device_code","deviceCode","_options$expires_in","expires_in","expiresIn","interval","setTimeout","cancelQRCodePolling","polling","schedulePolling","withCancelEvent","clearTimeout","split","history","replaceState","_deleteProperty","isEmpty","omit","encode","_stringify","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","codeChallenge","setItem","token","uuid","v4","sessionToken","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","oneFlight","_default"],"sources":["authorization.js"],"sourcesContent":[" // @ts-nocheck\n/* eslint-disable */\n/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n/**\n * TS checking disabled: file uses legacy decorator syntax inside an object literal\n * transformed by Babel. Safe to ignore for now.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\nimport {EventEmitter} from 'events';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Authorization plugin events\n */\nexport const Events = {\n  login: 'login',\n  /**\n   * QR code login events\n   */\n  qRCodeLogin: 'qRCodeLogin',\n};\n\n/**\n * Browser support for OAuth2 for first-party (Webex Web Client) usage.\n *\n * High-level flow handled by this module:\n * 1. initiateLogin() constructs authorization request (adds CSRF + PKCE).\n * 2. Browser navigates to IdBroker (login).\n * 3. IdBroker redirects back with ?code=... (&state=...).\n * 4. initialize() detects code, validates state/CSRF, cleans URL, optionally\n *    pre-fetches a preauth catalog, then exchanges the code via\n *    requestAuthorizationCodeGrant().\n * 5. Sets resulting supertoken (access/refresh token bundle) on credentials.\n *\n * Additional supported flow:\n * - Device Authorization (QR Code login):\n *   initQRCodeLogin() obtains device + user codes and begins polling\n *   _startQRCodePolling() until tokens are issued or timeout/cancel occurs.\n *\n * Security considerations implemented:\n * - CSRF token (state.csrf_token) generation + verification.\n * - PKCE (S256) code verifier + challenge generation and consumption.\n * - URL cleanup after redirect (removes code & CSRF to prevent leakage).\n *\n * Use of this plugin for anything other than the Webex Web Client is discouraged.\n *\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n  derived: {\n    /**\n     * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n     * @instance\n     * @memberof AuthorizationBrowserFirstParty\n     * @type {boolean}\n     */\n    isAuthenticating: {\n      deps: ['isAuthorizing'],\n      fn() {\n        return this.isAuthorizing;\n      },\n    },\n  },\n\n  session: {\n    /**\n     * Indicates if an Authorization Code exchange is inflight\n     * @instance\n     * @memberof AuthorizationBrowserFirstParty\n     * @type {boolean}\n     */\n    isAuthorizing: {\n      default: false,\n      type: 'boolean',\n    },\n    /**\n     * Indicates that the plugin has finished any automatic startup\n     * processing (e.g., exchanging a returned authorization code)\n     */\n    ready: {\n      default: false,\n      type: 'boolean',\n    },\n  },\n\n  namespace: 'Credentials',\n\n  /**\n   * EventEmitter for authorization events such as QR code login progress\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {EventEmitter}\n   * @public\n   */\n  eventEmitter: new EventEmitter(),\n\n  /**\n   * Stores the timer ID for QR code polling (device authorization)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {?number}\n   * @private\n   */\n  pollingTimer: null,\n  /**\n   * Stores the expiration timer ID for QR code polling (overall timeout)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {?number}\n   * @private\n   */\n  pollingExpirationTimer: null,\n\n  /**\n   * Monotonically increasing id to identify the current polling request.\n   * Used to safely ignore late poll responses after a cancel/reset.\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {number}\n   * @private\n   */\n  pollingId: 0,\n\n  /**\n   * Identifier for the current polling request (snapshot of pollingId)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @type {?number}\n   * @private\n   */\n  currentPollingId: null,\n\n  /**\n   * Auto executes during Webex.init() – you do NOT call this yourself.\n   *\n   * Purpose: Seamless \"redirect completion\" of the OAuth Authorization Code (+ PKCE) flow.\n   *\n   * Simple summary:\n   * - You call initiateLogin() which redirects user to IdBroker.\n   * - User signs in; IdBroker redirects back to your redirect_uri with ?code=... (&state=...).\n   * - During SDK startup this initialize() runs automatically, sees the code, and\n   *   silently finishes the login (validates state/CSRF + PKCE, scrubs URL, exchanges code).\n   * - When done, webex.credentials.supertoken holds access+refresh and ready=true.\n   *\n   * Step-by-step:\n   * 1. Inspect current window.location for ?code= (& state=).\n   * 2. If no code: set ready=true immediately (nothing to complete).\n   * 3. If code present:\n   *    - Decode base64 state JSON.\n   *    - Verify CSRF token matches sessionStorage value.\n   *    - Retrieve then delete PKCE code_verifier (single use).\n   *    - Optionally derive preauth hint (emailhash in state OR orgId parsed from code).\n   *    - Clean the URL (history.replaceState) to remove code & csrf token data.\n   *    - nextTick:\n   *        a. Best‑effort preauth catalog fetch (non-blocking).\n   *        b. Exchange authorization code (with code_verifier if any) for supertoken\n   *           and store on webex.credentials.\n   * 4. Set ready=true after the async sequence finishes (or immediately if step 2).\n   *\n   * Result: If the redirect included a valid code the token exchange is completed\n   * automatically—no extra API call needed after Webex.init().\n   */\n  // eslint-disable-next-line complexity\n  initialize(...attrs) {\n    const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n    const location = url.parse(this.webex.getWindow().location.href, true);\n\n    // Check if redirect includes error\n    this._checkForErrors(location);\n\n    const {code} = location.query;\n\n    // If no authorization code returned, nothing to do\n    if (!code) {\n      this.ready = true;\n      return ret;\n    }\n\n    // Decode and parse state object (if present)\n    if (location.query.state) {\n      location.query.state = JSON.parse(base64.decode(location.query.state));\n    } else {\n      location.query.state = {};\n    }\n\n    // Retrieve PKCE code verifier (if a PKCE flow was initiated)\n    const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n    // Immediately remove code verifier to minimize exposure\n    this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n    const {emailhash} = location.query.state;\n\n    // Validate CSRF token included in state\n    this._verifySecurityToken(location.query);\n    // Remove code + CSRF token remnants from URL (history replace)\n    this._cleanUrl(location);\n\n    let preauthCatalogParams;\n\n    // Attempt to extract orgId from structured authorization code (if present)\n    const orgId = this._extractOrgIdFromCode(code);\n\n    if (emailhash) {\n      preauthCatalogParams = {emailhash};\n    } else if (orgId) {\n      preauthCatalogParams = {orgId};\n    }\n\n    // Defer token exchange until next tick in case credentials plugin not ready yet\n    process.nextTick(() => {\n      this.webex.internal.services\n        .collectPreauthCatalog(preauthCatalogParams)\n        .catch(() => Promise.resolve()) // Non-fatal if catalog collection fails\n        .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n        .catch((error) => {\n          this.logger.warn('authorization: failed initial authorization code grant request', error);\n        })\n        .then(() => {\n          // Mark plugin ready regardless of success/failure of token exchange\n          this.ready = true;\n        });\n    });\n\n    return ret;\n  },\n\n  /**\n   * Kicks off an OAuth authorization code flow (first party).\n   *\n   * Adds security + PKCE properties:\n   * - SHA256(email) (emailHash & emailhash) for preauth and redirect flows\n   * - state.csrf_token for CSRF protection\n   * - PKCE code_challenge (S256)\n   *\n   * NOTE: This does not itself perform the redirect; it calls\n   * initiateAuthorizationCodeGrant() which changes window location or opens\n   * a separate window as configured.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options\n   * @returns {Promise}\n   */\n  initiateLogin(options = {}) {\n    this.eventEmitter.emit(Events.login, {\n      eventType: 'initiateLogin',\n      data: {\n        hasEmail: !!options.email,\n        hasState: !!options.state\n      },\n    });\n\n    options = cloneDeep(options);\n\n    // Optionally compute heuristic email hash for preauth usage\n    if (options.email) {\n      options.emailHash = CryptoJS.SHA256(options.email).toString();\n    }\n    delete options.email; // Ensure raw email not propagated further\n\n    options.state = options.state || {};\n    // Embed CSRF token\n    options.state.csrf_token = this._generateSecurityToken();\n    // Provide email hash in lower-case key used by catalog service\n    // (Note: catalog uses emailhash and redirectCI uses emailHash)\n    options.state.emailhash = options.emailHash;\n\n    // PKCE - produce code_challenge (S256) and persist code_verifier\n    options.code_challenge = this._generateCodeChallenge();\n    options.code_challenge_method = 'S256';\n\n    return this.initiateAuthorizationCodeGrant(options);\n  },\n\n  @whileInFlight('isAuthorizing')\n  /**\n   * Performs the navigation step of the Authorization Code flow.\n   * Builds login URL and either:\n   *  - Replaces current window location (default), or\n   *  - Opens a separate window (popup) if options.separateWindow supplied.\n   *\n   * Decorated with whileInFlight('isAuthorizing') to set isAuthorizing=true\n   * during execution to prevent concurrent overlapping attempts.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options - Already augmented with state + PKCE info\n   * @returns {Promise<void>}\n   */\n  initiateAuthorizationCodeGrant(options) {\n    this.logger.info('authorization: initiating authorization code grant flow');\n    const loginUrl = this.webex.credentials.buildLoginUrl(\n      Object.assign({response_type: 'code'}, options)\n    );\n\n    this.eventEmitter.emit(Events.login, {\n      eventType: 'redirectToLoginUrl',\n      data: { loginUrl },\n    });\n\n    if (options?.separateWindow) {\n      // If a separate popup window is requested, combine user supplied window features\n      const defaultWindowSettings = {\n        width: 600,\n        height: 800,\n      };\n\n      const windowSettings = Object.assign(\n        defaultWindowSettings,\n        typeof options.separateWindow === 'object' ? options.separateWindow : {}\n      );\n\n      const windowFeatures = Object.entries(windowSettings)\n        .map(([key, value]) => `${key}=${value}`)\n        .join(',');\n      this.webex.getWindow().open(loginUrl, '_blank', windowFeatures);\n    } else {\n      // Normal (in-tab) redirect\n      this.webex.getWindow().location = loginUrl;\n    }\n\n    return Promise.resolve();\n  },\n\n  /**\n   * Called by {@link WebexCore#logout()}.\n   * Constructs logout URL and (unless suppressed) navigates away to ensure\n   * server-side session termination.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options\n   * @param {boolean} options.noRedirect if true, does not redirect\n   * @returns {Promise<void>}\n   */\n  logout(options = {}) {\n    if (!options.noRedirect) {\n      this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n    }\n  },\n\n  @whileInFlight('isAuthorizing')\n  @oneFlight\n  /**\n   * Exchanges an authorization code for an access (super) token bundle.\n   *\n   * Decorators:\n   * - @whileInFlight('isAuthorizing'): prevents overlapping exchanges.\n   * - @oneFlight: collapses simultaneous calls into one network request.\n   *\n   * Includes PKCE code_verifier if present from earlier login initiation.\n   *\n   * Error Handling:\n   * - Non-400 responses are propagated.\n   * - 400 responses map to OAuth-specific grantErrors.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options\n   * @param {string} options.code - Authorization code from redirect\n   * @param {string} [options.codeVerifier] - PKCE code verifier if used\n   * @returns {Promise}\n   */\n  requestAuthorizationCodeGrant(options = {}) {\n    this.logger.info('credentials: requesting authorization code grant');\n\n    if (!options.code) {\n      return Promise.reject(new Error('`options.code` is required'));\n    }\n\n    const form = {\n      grant_type: 'authorization_code',\n      redirect_uri: this.config.redirect_uri,\n      code: options.code,\n      self_contained_token: true, // Request combined access/refresh response\n    };\n\n    if (options.codeVerifier) {\n      form.code_verifier = options.codeVerifier;\n    }\n\n    return this.webex\n      .request({\n        method: 'POST',\n        uri: this.config.tokenUrl,\n        form,\n        auth: {\n          user: this.config.client_id,\n          pass: this.config.client_secret,\n          sendImmediately: true,\n        },\n        shouldRefreshAccessToken: false, // This is the token acquisition call itself\n      })\n      .then((res) => {\n        // Store supertoken into credentials (includes refresh token)\n        this.webex.credentials.set({supertoken: res.body});\n      })\n      .catch((res) => {\n        if (res.statusCode !== 400) {\n          return Promise.reject(res);\n        }\n\n        // Map standard OAuth error to strongly typed error class\n        const ErrorConstructor = grantErrors.select(res.body.error);\n\n        return Promise.reject(new ErrorConstructor(res._res || res));\n      });\n  },\n\n  /**\n   * Generate a QR code verification URL for device authorization flow.\n   * When a user scans the QR code with a mobile device, this deep-links into\n   * Webex (web) to continue login, including passing along userCode and the\n   * helper service base URL.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {String} verificationUrl - Original verification URI (complete)\n   * @returns {String} Possibly rewritten verification URL\n   */\n  _generateQRCodeVerificationUrl(verificationUrl) {\n    const baseUrl = 'https://web.webex.com/deviceAuth';\n    const urlParams = new URLSearchParams(new URL(verificationUrl).search);\n    const userCode = urlParams.get('userCode');\n\n    if (userCode) {\n      const {services} = this.webex.internal;\n      const oauthHelperUrl = services.get('oauth-helper');\n      const newVerificationUrl = new URL(baseUrl);\n      newVerificationUrl.searchParams.set('usercode', userCode);\n      newVerificationUrl.searchParams.set('oauthhelper', oauthHelperUrl);\n      return newVerificationUrl.toString();\n    } else {\n      return verificationUrl;\n    }\n  },\n\n  /**\n   * Initiates Device Authorization (QR Code) flow.\n   *\n   * Steps:\n   * 1. Obtain device_code, user_code, verification URLs from oauth-helper.\n   * 2. Emit getUserCodeSuccess (provides data for generating QR code).\n   * 3. Start polling token endpoint with device_code.\n   *\n   * Emits qRCodeLogin events for UI to react (success, failure, pending, etc.).\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @emits #qRCodeLogin\n   */\n  initQRCodeLogin() {\n    if (this.pollingTimer) {\n      // Prevent concurrent device authorization attempts\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'getUserCodeFailure',\n        data: {message: 'There is already a polling request'},\n      });\n      return;\n    }\n\n    this.webex\n      .request({\n        method: 'POST',\n        service: 'oauth-helper',\n        resource: '/actions/device/authorize',\n        form: {\n          client_id: this.config.client_id,\n          scope: this.config.scope,\n        },\n        auth: {\n          user: this.config.client_id,\n          pass: this.config.client_secret,\n          sendImmediately: true,\n        },\n      })\n      .then((res) => {\n        const {user_code, verification_uri, verification_uri_complete} = res.body;\n        const verificationUriComplete = this._generateQRCodeVerificationUrl(verification_uri_complete);\n        this.eventEmitter.emit(Events.qRCodeLogin, {\n          eventType: 'getUserCodeSuccess',\n            userData: {\n            userCode: user_code,\n            verificationUri: verification_uri,\n            verificationUriComplete,\n          },\n        });\n        // Begin polling for authorization completion\n        this._startQRCodePolling(res.body);\n      })\n      .catch((res) => {\n        this.eventEmitter.emit(Events.qRCodeLogin, {\n          eventType: 'getUserCodeFailure',\n          data: res.body,\n        });\n      });\n  },\n\n  /**\n   * Poll the device token endpoint until user authorizes, an error occurs,\n   * or timeout happens.\n   *\n   * Polling behavior:\n   * - Interval provided by server (default 2s). 'slow_down' doubles interval once.\n   * - 428 status => pending (continue).\n   * - Success => set credentials + emit authorizationSuccess + stop polling.\n   * - Any other error => emit authorizationFailure + stop polling.\n   *\n   * Cancellation:\n   * - cancelQRCodePolling() resets timers and polling ids so late responses are ignored.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} options - Must include device_code, may include interval/expires_in\n   * @emits #qRCodeLogin\n   */\n  _startQRCodePolling(options = {}) {\n    if (!options.device_code) {\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'authorizationFailure',\n        data: {message: 'A deviceCode is required'},\n      });\n      return;\n    }\n\n    if (this.pollingTimer) {\n      // Already polling; avoid starting a duplicate cycle\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'authorizationFailure',\n        data: {message: 'There is already a polling request'},\n      });\n      return;\n    }\n\n    const {device_code: deviceCode, expires_in: expiresIn = 300} = options;\n    // Server recommended polling interval (seconds)\n    let interval = options.interval ?? 2;\n\n    // Global timeout for entire device authorization attempt\n    this.pollingExpirationTimer = setTimeout(() => {\n      this.cancelQRCodePolling(false);\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'authorizationFailure',\n        data: {message: 'Authorization timed out'},\n      });\n    }, expiresIn * 1000);\n\n    const polling = () => {\n      // Increment id so any previous poll loops can be invalidated\n      this.pollingId += 1;\n      this.currentPollingId = this.pollingId;\n\n      this.webex\n        .request({\n          method: 'POST',\n          service: 'oauth-helper',\n          resource: '/actions/device/token',\n          form: {\n            grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n            device_code: deviceCode,\n            client_id: this.config.client_id,\n          },\n          auth: {\n            user: this.config.client_id,\n            pass: this.config.client_secret,\n            sendImmediately: true,\n          },\n        })\n        .then((res) => {\n          // If polling canceled (id changed), ignore this response\n          if (this.currentPollingId !== this.pollingId) return;\n\n            this.eventEmitter.emit(Events.qRCodeLogin, {\n            eventType: 'authorizationSuccess',\n            data: res.body,\n          });\n          this.webex.credentials.set({supertoken: res.body});\n          this.cancelQRCodePolling();\n        })\n        .catch((res) => {\n          if (this.currentPollingId !== this.pollingId) return;\n\n          // Backoff signal from server; increase interval just once for next cycle\n          if (res.statusCode === 400 && res.body.message === 'slow_down') {\n            schedulePolling(interval * 2);\n            return;\n          }\n\n          // Pending: keep polling\n          if (res.statusCode === 428) {\n            this.eventEmitter.emit(Events.qRCodeLogin, {\n              eventType: 'authorizationPending',\n              data: res.body,\n            });\n            schedulePolling(interval);\n            return;\n          }\n\n          // Terminal error\n          this.cancelQRCodePolling();\n\n          this.eventEmitter.emit(Events.qRCodeLogin, {\n            eventType: 'authorizationFailure',\n            data: res.body,\n          });\n        });\n    };\n\n    // Schedules next poll invocation\n    const schedulePolling = (interval) =>\n      (this.pollingTimer = setTimeout(polling, interval * 1000));\n\n    schedulePolling(interval);\n  },\n\n  /**\n   * Cancel active device authorization polling loop.\n   *\n   * @param {boolean} withCancelEvent emit a pollingCanceled event (default true)\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @returns {void}\n   */\n  cancelQRCodePolling(withCancelEvent = true) {\n    if (this.pollingTimer && withCancelEvent) {\n      this.eventEmitter.emit(Events.qRCodeLogin, {\n        eventType: 'pollingCanceled',\n      });\n    }\n\n    this.currentPollingId = null;\n\n    clearTimeout(this.pollingExpirationTimer);\n    this.pollingExpirationTimer = null;\n    clearTimeout(this.pollingTimer);\n    this.pollingTimer = null;\n  },\n\n  /**\n   * Extracts the orgId from the returned code from idbroker.\n   *\n   * Certain authorization codes encode organization info in a structured\n   * underscore-delimited format. This method parses out the 3rd segment.\n   *\n   * For undocumented formats or unexpected code shapes, returns undefined.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {String} code\n   * @private\n   * @returns {String|undefined}\n   */\n  _extractOrgIdFromCode(code) {\n    return code?.split('_')[2] || undefined;\n  },\n\n  /**\n   * Checks if the result of the login redirect contains an OAuth error.\n   * Throws a mapped grant error if encountered.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} location\n   * @private\n   * @returns {void}\n   */\n  _checkForErrors(location) {\n    const {query} = location;\n\n    if (query && query.error) {\n      const ErrorConstructor = grantErrors.select(query.error);\n\n      throw new ErrorConstructor(query);\n    }\n  },\n\n  /**\n   * Removes no-longer needed values from the URL (authorization code, CSRF token).\n   * This is important to avoid leaking sensitive parameters via:\n   * - Browser history\n   * - Copy/paste of URL\n   * - HTTP referrer headers to third-party content\n   *\n   * Approach:\n   * - Remove 'code'.\n   * - Remove 'state' entirely if only contained csrf_token.\n   * - Else, re-encode remaining state fields (minus csrf_token).\n   * - Replace current history entry (no page reload).\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} location\n   * @private\n   * @returns {void}\n   */\n  _cleanUrl(location) {\n    location = cloneDeep(location);\n    if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n      Reflect.deleteProperty(location.query, 'code');\n      if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n        Reflect.deleteProperty(location.query, 'state');\n      } else {\n        location.query.state = base64.encode(\n          JSON.stringify(omit(location.query.state, 'csrf_token'))\n        );\n      }\n      location.search = querystring.stringify(location.query);\n      Reflect.deleteProperty(location, 'query');\n      this.webex.getWindow().history.replaceState({}, null, url.format(location));\n    }\n  },\n\n  /**\n   * Generates a PKCE (RFC 7636) code verifier and corresponding S256 code challenge.\n   * Persists the verifier in sessionStorage (single-use) for later retrieval\n   * during authorization code exchange; removes it once consumed.\n   *\n   * Implementation details:\n   * - Creates a 128 character string using base64url safe alphabet.\n   * - Computes SHA256 hash, encodes to base64url (no padding).\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @private\n   * @returns {string} code_challenge\n   */\n  _generateCodeChallenge() {\n    this.logger.info('authorization: generating PKCE code challenge');\n\n    // eslint-disable-next-line no-underscore-dangle\n    const safeCharacterMap = base64url._safe_map;\n\n    const codeVerifier = lodash\n      .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n      .join('');\n\n    const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n    this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n    return codeChallenge;\n  },\n\n  /**\n   * Generates a CSRF token and stores it in sessionStorage.\n   * Token is embedded in 'state' and validated upon redirect return.\n   *\n   * Uses UUID v4 for randomness.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @private\n   * @returns {string} token\n   */\n  _generateSecurityToken() {\n    this.logger.info('authorization: generating csrf token');\n\n    const token = uuid.v4();\n\n    this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n    return token;\n  },\n\n  /**\n   * Verifies that the CSRF token returned in the 'state' matches the one\n   * previously stored in sessionStorage.\n   *\n   * Steps:\n   * - Retrieve and immediately remove stored token (one-time use).\n   * - Ensure state + state.csrf_token exist.\n   * - Compare values; throw descriptive errors on mismatch / absence.\n   *\n   * If no stored token (e.g., user navigated directly), silently returns.\n   *\n   * @instance\n   * @memberof AuthorizationBrowserFirstParty\n   * @param {Object} query - Parsed query (location.query)\n   * @private\n   * @returns {void}\n   */\n  _verifySecurityToken(query) {\n    const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n    this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n    if (!sessionToken) {\n      return;\n    }\n\n    if (!query.state) {\n      throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n    }\n\n    if (!query.state.csrf_token) {\n      throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n    }\n\n    const token = query.state.csrf_token;\n\n    if (token !== sessionToken) {\n      throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n    }\n  },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAYA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,aAAA,GAAAR,sBAAA,CAAAC,OAAA;AACA,IAAAQ,SAAA,GAAAT,sBAAA,CAAAC,OAAA;AAAiC,IAAAS,IAAA,EAAAC,KAAA,EAAAC,IAAA,EArBhC;AACD;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAaA;AACA;AACA,IAAMC,MAAM,GAAGZ,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMa,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACO,IAAMC,MAAM,GAAAC,OAAA,CAAAD,MAAA,GAAG;EACpBE,KAAK,EAAE,OAAO;EACd;AACF;AACA;EACEC,WAAW,EAAE;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,EAAAZ,IAAA,GAkOrC,IAAAa,qBAAa,EAAC,eAAe,CAAC,EAAAZ,KAAA,GAmE9B,IAAAY,qBAAa,EAAC,eAAe,CAAC,EAAAX,IAAA,GArSQ;EACvCY,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAIC,oBAAY,CAAC,CAAC;EAEhC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAI;EAClB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,sBAAsB,EAAE,IAAI;EAE5B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,EAAE,CAAC;EAEZ;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,gBAAgB,EAAE,IAAI;EAEtB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,WAAVA,UAAUA,CAAA,EAAW;IAAA,IAAAC,KAAA;IAAA,SAAAC,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAPC,KAAK,OAAAC,KAAA,CAAAJ,IAAA,GAAAK,IAAA,MAAAA,IAAA,GAAAL,IAAA,EAAAK,IAAA;MAALF,KAAK,CAAAE,IAAA,IAAAJ,SAAA,CAAAI,IAAA;IAAA;IACjB,IAAMC,GAAG,GAAG,IAAAC,MAAA,CAAAnB,OAAA,EAAcT,sBAAW,CAAC6B,SAAS,CAACV,UAAU,EAAE,IAAI,EAAEK,KAAK,CAAC;IACxE,IAAMM,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;;IAEtE;IACA,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;;IAEX;IACA,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAAC1B,KAAK,GAAG,IAAI;MACjB,OAAOgB,GAAG;IACZ;;IAEA;IACA,IAAIG,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;;IAEA;IACA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACnD,oBAAoB,CAAC;IACxF;IACA,IAAI,CAACuC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACpD,oBAAoB,CAAC;IAEtE,IAAOqD,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;;IAEhB;IACA,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC;IACA,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;IAExB,IAAIoB,oBAAoB;;IAExB;IACA,IAAMC,KAAK,GAAG,IAAI,CAACC,qBAAqB,CAACf,IAAI,CAAC;IAE9C,IAAIU,SAAS,EAAE;MACbG,oBAAoB,GAAG;QAACH,SAAS,EAATA;MAAS,CAAC;IACpC,CAAC,MAAM,IAAII,KAAK,EAAE;MAChBD,oBAAoB,GAAG;QAACC,KAAK,EAALA;MAAK,CAAC;IAChC;;IAEA;IACAE,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrBlC,KAAI,CAACa,KAAK,CAACsB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAACP,oBAAoB,CAAC,CAC3CQ,KAAK,CAAC;QAAA,OAAMC,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;MAAA,EAAC,CAAC;MAAA,CAC/BC,IAAI,CAAC;QAAA,OAAMzC,KAAI,CAAC0C,6BAA6B,CAAC;UAACzB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEe,KAAK,CAAC,UAACK,KAAK,EAAK;QAChB3C,KAAI,CAAC4C,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV;QACAzC,KAAI,CAACT,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOgB,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuC,aAAa,WAAbA,aAAaA,CAAA,EAAe;IAAA,IAAdC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxB,IAAI,CAACT,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,eAAe;MAC1BC,IAAI,EAAE;QACJC,QAAQ,EAAE,CAAC,CAACL,OAAO,CAACM,KAAK;QACzBC,QAAQ,EAAE,CAAC,CAACP,OAAO,CAAC5B;MACtB;IACF,CAAC,CAAC;IAEF4B,OAAO,GAAG,IAAAQ,iBAAS,EAACR,OAAO,CAAC;;IAE5B;IACA,IAAIA,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACS,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACX,OAAO,CAACM,KAAK,CAAC,CAACM,QAAQ,CAAC,CAAC;IAC/D;IACA,OAAOZ,OAAO,CAACM,KAAK,CAAC,CAAC;;IAEtBN,OAAO,CAAC5B,KAAK,GAAG4B,OAAO,CAAC5B,KAAK,IAAI,CAAC,CAAC;IACnC;IACA4B,OAAO,CAAC5B,KAAK,CAACyC,UAAU,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACxD;IACA;IACAd,OAAO,CAAC5B,KAAK,CAACQ,SAAS,GAAGoB,OAAO,CAACS,SAAS;;IAE3C;IACAT,OAAO,CAACe,cAAc,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACtDhB,OAAO,CAACiB,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAAClB,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEkB,8BAA8B,WAA9BA,8BAA8BA,CAAClB,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACsB,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAMC,QAAQ,GAAG,IAAI,CAACtD,KAAK,CAACuD,WAAW,CAACC,aAAa,CACnD,IAAAC,OAAA,CAAAjF,OAAA,EAAc;MAACkF,aAAa,EAAE;IAAM,CAAC,EAAExB,OAAO,CAChD,CAAC;IAED,IAAI,CAACtD,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,oBAAoB;MAC/BC,IAAI,EAAE;QAAEgB,QAAQ,EAARA;MAAS;IACnB,CAAC,CAAC;IAEF,IAAIpB,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEyB,cAAc,EAAE;MAC3B;MACA,IAAMC,qBAAqB,GAAG;QAC5BC,KAAK,EAAE,GAAG;QACVC,MAAM,EAAE;MACV,CAAC;MAED,IAAMC,cAAc,GAAG,IAAAN,OAAA,CAAAjF,OAAA,EACrBoF,qBAAqB,EACrB,IAAAI,QAAA,CAAAxF,OAAA,EAAO0D,OAAO,CAACyB,cAAc,MAAK,QAAQ,GAAGzB,OAAO,CAACyB,cAAc,GAAG,CAAC,CACzE,CAAC;MAED,IAAMM,cAAc,GAAG,IAAAC,QAAA,CAAA1F,OAAA,EAAeuF,cAAc,CAAC,CAClDI,GAAG,CAAC,UAAAC,IAAA;QAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA9F,OAAA,EAAA4F,IAAA;UAAEG,GAAG,GAAAF,KAAA;UAAEG,KAAK,GAAAH,KAAA;QAAA,UAAAI,MAAA,CAASF,GAAG,OAAAE,MAAA,CAAID,KAAK;MAAA,CAAE,CAAC,CACxCE,IAAI,CAAC,GAAG,CAAC;MACZ,IAAI,CAAC1E,KAAK,CAACC,SAAS,CAAC,CAAC,CAAC0E,IAAI,CAACrB,QAAQ,EAAE,QAAQ,EAAEW,cAAc,CAAC;IACjE,CAAC,MAAM;MACL;MACA,IAAI,CAACjE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGyD,QAAQ;IAC5C;IAEA,OAAO5B,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,MAAM,WAANA,MAAMA,CAAA,EAAe;IAAA,IAAd1C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACjB,IAAI,CAAC6C,OAAO,CAAC2C,UAAU,EAAE;MACvB,IAAI,CAAC7E,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACuD,WAAW,CAACuB,cAAc,CAAC5C,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,WAA7BA,6BAA6BA,CAAA,EAAe;IAAA,IAAAkD,MAAA;IAAA,IAAd7C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxC,IAAI,CAAC0C,MAAM,CAACsB,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACnB,OAAO,CAAC9B,IAAI,EAAE;MACjB,OAAOsB,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtChF,IAAI,EAAE8B,OAAO,CAAC9B,IAAI;MAClBkF,oBAAoB,EAAE,IAAI,CAAE;IAC9B,CAAC;IAED,IAAIpD,OAAO,CAACxB,YAAY,EAAE;MACxBwE,IAAI,CAACK,aAAa,GAAGrD,OAAO,CAACxB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACdwF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE,KAAK,CAAE;IACnC,CAAC,CAAC,CACDtE,IAAI,CAAC,UAACuE,GAAG,EAAK;MACb;MACApB,MAAI,CAAC/E,KAAK,CAACuD,WAAW,CAAC6C,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACD7E,KAAK,CAAC,UAAC0E,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO7E,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAACmB,GAAG,CAAC;MAC5B;;MAEA;MACA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAACxE,KAAK,CAAC;MAE3D,OAAOJ,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,8BAA8B,WAA9BA,8BAA8BA,CAACC,eAAe,EAAE;IAC9C,IAAMC,OAAO,GAAG,kCAAkC;IAClD,IAAMC,SAAS,GAAG,IAAIC,eAAe,CAAC,IAAIC,GAAG,CAACJ,eAAe,CAAC,CAACK,MAAM,CAAC;IACtE,IAAMC,QAAQ,GAAGJ,SAAS,CAACK,GAAG,CAAC,UAAU,CAAC;IAE1C,IAAID,QAAQ,EAAE;MACZ,IAAO5F,QAAQ,GAAI,IAAI,CAACvB,KAAK,CAACsB,QAAQ,CAA/BC,QAAQ;MACf,IAAM8F,cAAc,GAAG9F,QAAQ,CAAC6F,GAAG,CAAC,cAAc,CAAC;MACnD,IAAME,kBAAkB,GAAG,IAAIL,GAAG,CAACH,OAAO,CAAC;MAC3CQ,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,UAAU,EAAEe,QAAQ,CAAC;MACzDG,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,aAAa,EAAEiB,cAAc,CAAC;MAClE,OAAOC,kBAAkB,CAACxE,QAAQ,CAAC,CAAC;IACtC,CAAC,MAAM;MACL,OAAO+D,eAAe;IACxB;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,eAAe,WAAfA,eAAeA,CAAA,EAAG;IAAA,IAAAC,MAAA;IAChB,IAAI,IAAI,CAAC3I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAI,CAAC1H,KAAK,CACPwF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdkC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,2BAA2B;MACrC1C,IAAI,EAAE;QACJY,SAAS,EAAE,IAAI,CAACT,MAAM,CAACS,SAAS;QAChC+B,KAAK,EAAE,IAAI,CAACxC,MAAM,CAACwC;MACrB,CAAC;MACDjC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB;IACF,CAAC,CAAC,CACDrE,IAAI,CAAC,UAACuE,GAAG,EAAK;MACb,IAAA2B,SAAA,GAAiE3B,GAAG,CAACG,IAAI;QAAlEyB,SAAS,GAAAD,SAAA,CAATC,SAAS;QAAEC,gBAAgB,GAAAF,SAAA,CAAhBE,gBAAgB;QAAEC,yBAAyB,GAAAH,SAAA,CAAzBG,yBAAyB;MAC7D,IAAMC,uBAAuB,GAAGT,MAAI,CAACb,8BAA8B,CAACqB,yBAAyB,CAAC;MAC9FR,MAAI,CAAC7I,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC7B8F,QAAQ,EAAE;UACVhB,QAAQ,EAAEY,SAAS;UACnBK,eAAe,EAAEJ,gBAAgB;UACjCE,uBAAuB,EAAvBA;QACF;MACF,CAAC,CAAC;MACF;MACAT,MAAI,CAACY,mBAAmB,CAAClC,GAAG,CAACG,IAAI,CAAC;IACpC,CAAC,CAAC,CACD7E,KAAK,CAAC,UAAC0E,GAAG,EAAK;MACdsB,MAAI,CAAC7I,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE6D,GAAG,CAACG;MACZ,CAAC,CAAC;IACJ,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE+B,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAe;IAAA,IAAAC,iBAAA;MAAAC,MAAA;IAAA,IAAdrG,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC9B,IAAI,CAAC6C,OAAO,CAACsG,WAAW,EAAE;MACxB,IAAI,CAAC5J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAA0B;MAC5C,CAAC,CAAC;MACF;IACF;IAEA,IAAI,IAAI,CAAC5I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAoBe,UAAU,GAAiCvG,OAAO,CAA/DsG,WAAW;MAAAE,mBAAA,GAA6CxG,OAAO,CAAtCyG,UAAU;MAAEC,SAAS,GAAAF,mBAAA,cAAG,GAAG,GAAAA,mBAAA;IAC3D;IACA,IAAIG,QAAQ,IAAAP,iBAAA,GAAGpG,OAAO,CAAC2G,QAAQ,cAAAP,iBAAA,cAAAA,iBAAA,GAAI,CAAC;;IAEpC;IACA,IAAI,CAACvJ,sBAAsB,GAAG+J,UAAU,CAAC,YAAM;MAC7CP,MAAI,CAACQ,mBAAmB,CAAC,KAAK,CAAC;MAC/BR,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAyB;MAC3C,CAAC,CAAC;IACJ,CAAC,EAAEkB,SAAS,GAAG,IAAI,CAAC;IAEpB,IAAMI,OAAO,GAAG,SAAVA,OAAOA,CAAA,EAAS;MACpB;MACAT,MAAI,CAACvJ,SAAS,IAAI,CAAC;MACnBuJ,MAAI,CAACtJ,gBAAgB,GAAGsJ,MAAI,CAACvJ,SAAS;MAEtCuJ,MAAI,CAACvI,KAAK,CACPwF,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdkC,OAAO,EAAE,cAAc;QACvBC,QAAQ,EAAE,uBAAuB;QACjC1C,IAAI,EAAE;UACJC,UAAU,EAAE,8CAA8C;UAC1DqD,WAAW,EAAEC,UAAU;UACvB3C,SAAS,EAAEyC,MAAI,CAAClD,MAAM,CAACS;QACzB,CAAC;QACDF,IAAI,EAAE;UACJC,IAAI,EAAE0C,MAAI,CAAClD,MAAM,CAACS,SAAS;UAC3BC,IAAI,EAAEwC,MAAI,CAAClD,MAAM,CAACW,aAAa;UAC/BC,eAAe,EAAE;QACnB;MACF,CAAC,CAAC,CACDrE,IAAI,CAAC,UAACuE,GAAG,EAAK;QACb;QACA,IAAIoC,MAAI,CAACtJ,gBAAgB,KAAKsJ,MAAI,CAACvJ,SAAS,EAAE;QAE5CuJ,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UAC3CwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAE6D,GAAG,CAACG;QACZ,CAAC,CAAC;QACFiC,MAAI,CAACvI,KAAK,CAACuD,WAAW,CAAC6C,GAAG,CAAC;UAACC,UAAU,EAAEF,GAAG,CAACG;QAAI,CAAC,CAAC;QAClDiC,MAAI,CAACQ,mBAAmB,CAAC,CAAC;MAC5B,CAAC,CAAC,CACDtH,KAAK,CAAC,UAAC0E,GAAG,EAAK;QACd,IAAIoC,MAAI,CAACtJ,gBAAgB,KAAKsJ,MAAI,CAACvJ,SAAS,EAAE;;QAE9C;QACA,IAAImH,GAAG,CAACI,UAAU,KAAK,GAAG,IAAIJ,GAAG,CAACG,IAAI,CAACoB,OAAO,KAAK,WAAW,EAAE;UAC9DuB,eAAe,CAACJ,QAAQ,GAAG,CAAC,CAAC;UAC7B;QACF;;QAEA;QACA,IAAI1C,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;UAC1BgC,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;YACzCwE,SAAS,EAAE,sBAAsB;YACjCC,IAAI,EAAE6D,GAAG,CAACG;UACZ,CAAC,CAAC;UACF2C,eAAe,CAACJ,QAAQ,CAAC;UACzB;QACF;;QAEA;QACAN,MAAI,CAACQ,mBAAmB,CAAC,CAAC;QAE1BR,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UACzCwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAE6D,GAAG,CAACG;QACZ,CAAC,CAAC;MACJ,CAAC,CAAC;IACN,CAAC;;IAED;IACA,IAAM2C,eAAe,GAAG,SAAlBA,eAAeA,CAAIJ,QAAQ;MAAA,OAC9BN,MAAI,CAACzJ,YAAY,GAAGgK,UAAU,CAACE,OAAO,EAAEH,QAAQ,GAAG,IAAI,CAAC;IAAA,CAAC;IAE5DI,eAAe,CAACJ,QAAQ,CAAC;EAC3B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAyB;IAAA,IAAxBG,eAAe,GAAA7J,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,IAAI;IACxC,IAAI,IAAI,CAACP,YAAY,IAAIoK,eAAe,EAAE;MACxC,IAAI,CAACtK,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE;MACb,CAAC,CAAC;IACJ;IAEA,IAAI,CAACpD,gBAAgB,GAAG,IAAI;IAE5BkK,YAAY,CAAC,IAAI,CAACpK,sBAAsB,CAAC;IACzC,IAAI,CAACA,sBAAsB,GAAG,IAAI;IAClCoK,YAAY,CAAC,IAAI,CAACrK,YAAY,CAAC;IAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqC,qBAAqB,WAArBA,qBAAqBA,CAACf,IAAI,EAAE;IAC1B,OAAO,CAAAA,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEgJ,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAIjH,SAAS;EACzC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEhC,eAAe,WAAfA,eAAeA,CAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACyB,KAAK,EAAE;MACxB,IAAM0E,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACrG,KAAK,CAACyB,KAAK,CAAC;MAExD,MAAM,IAAI0E,gBAAgB,CAACnG,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,WAATA,SAASA,CAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,IAAA6C,iBAAS,EAAC7C,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,IAAI,IAAI,CAACrJ,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,CAACC,YAAY,EAAE;MACjF,IAAAC,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,IAAAmJ,eAAO,EAAC,IAAAC,YAAI,EAAC5J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,IAAAiJ,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACkJ,MAAM,CAClC,IAAAC,UAAA,CAAAnL,OAAA,EAAe,IAAAiL,YAAI,EAAC5J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CACzD,CAAC;MACH;MACAT,QAAQ,CAACqH,MAAM,GAAG0C,oBAAW,CAACC,SAAS,CAAChK,QAAQ,CAACQ,KAAK,CAAC;MACvD,IAAAkJ,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAExJ,YAAG,CAACgK,MAAM,CAACjK,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqD,sBAAsB,WAAtBA,sBAAsBA,CAAA,EAAG;IACvB,IAAI,CAACnB,MAAM,CAACsB,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM0G,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAMvJ,YAAY,GAAGnD,MAAM,CACxB2M,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAACxM,MAAM,CAAC4M,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACzK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjFoF,IAAI,CAAC,EAAE,CAAC;IAEX,IAAM0F,aAAa,GAAGxH,iBAAQ,CAACC,MAAM,CAACnC,YAAY,CAAC,CAACoC,QAAQ,CAACkH,qBAAS,CAAC;IAEvE,IAAI,CAAChK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC0J,OAAO,CAAC5M,oBAAoB,EAAEiD,YAAY,CAAC;IAEjF,OAAO0J,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEpH,sBAAsB,WAAtBA,sBAAsBA,CAAA,EAAG;IACvB,IAAI,CAACjB,MAAM,CAACsB,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMiH,KAAK,GAAGC,aAAI,CAACC,EAAE,CAAC,CAAC;IAEvB,IAAI,CAACxK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC0J,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEvJ,oBAAoB,WAApBA,oBAAoBA,CAACV,KAAK,EAAE;IAC1B,IAAMoK,YAAY,GAAG,IAAI,CAACzK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACpD,iBAAiB,CAAC;IAErF,IAAI,CAACwC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACrD,iBAAiB,CAAC;IACnE,IAAI,CAACiN,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAACpK,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAI2E,KAAK,wBAAAR,MAAA,CAAwBgG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAI,CAACpK,KAAK,CAACC,KAAK,CAACyC,UAAU,EAAE;MAC3B,MAAM,IAAIkC,KAAK,wBAAAR,MAAA,CAAwBgG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAMH,KAAK,GAAGjK,KAAK,CAACC,KAAK,CAACyC,UAAU;IAEpC,IAAIuH,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAIxF,KAAK,eAAAR,MAAA,CAAe6F,KAAK,mCAAA7F,MAAA,CAAgCgG,YAAY,CAAE,CAAC;IACpF;EACF,CAAC;EAAAC,OAAA;AACH,CAAC,MAAAC,0BAAA,CAAAnM,OAAA,EAAAlB,IAAA,qCAAAF,IAAA,OAAAwN,yBAAA,CAAApM,OAAA,EAAAlB,IAAA,qCAAAA,IAAA,OAAAqN,0BAAA,CAAAnM,OAAA,EAAAlB,IAAA,oCAAAD,KAAA,EA7cEwN,iBAAS,OAAAD,yBAAA,CAAApM,OAAA,EAAAlB,IAAA,oCAAAA,IAAA,GAAAA,IAAA,CA6cX,CAAC;AAAC,IAAAwN,QAAA,GAAAnN,OAAA,CAAAa,OAAA,GAEYV,aAAa","ignoreList":[]}

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"names":["_default","exports","default","credentials","clientType","refreshCallback","webex","token","request","method","uri","config","tokenUrl","form","grant_type","redirect_uri","refresh_token","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","then","res","body"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n  credentials: {\n    /**\n     * Controls whether {@link Authorization#initiateLogin()} requests a token\n     * or an auth code. Anything other than 'confidential' will be treated as\n     * 'public'\n     * @private\n     * @type {string}\n     */\n    clientType: 'public',\n\n    refreshCallback(webex, token) {\n      /* eslint-disable camelcase */\n      return webex\n        .request({\n          method: 'POST',\n          uri: token.config.tokenUrl,\n          form: {\n            grant_type: 'refresh_token',\n            redirect_uri: token.config.redirect_uri,\n            refresh_token: token.refresh_token,\n          },\n          auth: {\n            user: token.config.client_id,\n            pass: token.config.client_secret,\n            sendImmediately: true,\n          },\n          shouldRefreshAccessToken: false,\n        })\n        .then((res) => res.body);\n      /* eslint-enable camelcase */\n    },\n  },\n};\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AAFA,IAAAA,QAAA,GAAAC,OAAA,CAAAC,OAAA,GAIe;EACbC,WAAW,EAAE;IACX;AACJ;AACA;AACA;AACA;AACA;AACA;IACIC,UAAU,EAAE,QAAQ;IAEpBC,eAAe,WAAAA,gBAACC,KAAK,EAAEC,KAAK,EAAE;MAC5B;MACA,OAAOD,KAAK,CACTE,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdC,GAAG,EAAEH,KAAK,CAACI,MAAM,CAACC,QAAQ;QAC1BC,IAAI,EAAE;UACJC,UAAU,EAAE,eAAe;UAC3BC,YAAY,EAAER,KAAK,CAACI,MAAM,CAACI,YAAY;UACvCC,aAAa,EAAET,KAAK,CAACS;QACvB,CAAC;QACDC,IAAI,EAAE;UACJC,IAAI,EAAEX,KAAK,CAACI,MAAM,CAACQ,SAAS;UAC5BC,IAAI,EAAEb,KAAK,CAACI,MAAM,CAACU,aAAa;UAChCC,eAAe,EAAE;QACnB,CAAC;QACDC,wBAAwB,EAAE;MAC5B,CAAC,CAAC,CACDC,IAAI,CAAC,UAACC,GAAG;QAAA,OAAKA,GAAG,CAACC,IAAI;MAAA,EAAC;MAC1B;IACF;EACF;AACF,CAAC"}
+{"version":3,"names":["_default","exports","default","credentials","clientType","refreshCallback","webex","token","request","method","uri","config","tokenUrl","form","grant_type","redirect_uri","refresh_token","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","then","res","body"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n  credentials: {\n    /**\n     * Controls whether {@link Authorization#initiateLogin()} requests a token\n     * or an auth code. Anything other than 'confidential' will be treated as\n     * 'public'\n     * @private\n     * @type {string}\n     */\n    clientType: 'public',\n\n    refreshCallback(webex, token) {\n      /* eslint-disable camelcase */\n      return webex\n        .request({\n          method: 'POST',\n          uri: token.config.tokenUrl,\n          form: {\n            grant_type: 'refresh_token',\n            redirect_uri: token.config.redirect_uri,\n            refresh_token: token.refresh_token,\n          },\n          auth: {\n            user: token.config.client_id,\n            pass: token.config.client_secret,\n            sendImmediately: true,\n          },\n          shouldRefreshAccessToken: false,\n        })\n        .then((res) => res.body);\n      /* eslint-enable camelcase */\n    },\n  },\n};\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AAFA,IAAAA,QAAA,GAAAC,OAAA,CAAAC,OAAA,GAIe;EACbC,WAAW,EAAE;IACX;AACJ;AACA;AACA;AACA;AACA;AACA;IACIC,UAAU,EAAE,QAAQ;IAEpBC,eAAe,WAAfA,eAAeA,CAACC,KAAK,EAAEC,KAAK,EAAE;MAC5B;MACA,OAAOD,KAAK,CACTE,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdC,GAAG,EAAEH,KAAK,CAACI,MAAM,CAACC,QAAQ;QAC1BC,IAAI,EAAE;UACJC,UAAU,EAAE,eAAe;UAC3BC,YAAY,EAAER,KAAK,CAACI,MAAM,CAACI,YAAY;UACvCC,aAAa,EAAET,KAAK,CAACS;QACvB,CAAC;QACDC,IAAI,EAAE;UACJC,IAAI,EAAEX,KAAK,CAACI,MAAM,CAACQ,SAAS;UAC5BC,IAAI,EAAEb,KAAK,CAACI,MAAM,CAACU,aAAa;UAChCC,eAAe,EAAE;QACnB,CAAC;QACDC,wBAAwB,EAAE;MAC5B,CAAC,CAAC,CACDC,IAAI,CAAC,UAACC,GAAG;QAAA,OAAKA,GAAG,CAACC,IAAI;MAAA,EAAC;MAC1B;IACF;EACF;AACF,CAAC","ignoreList":[]}

package/dist/index.js

@@ -29,8 +29,7 @@ _Object$defineProperty(exports, "default", {
 var _webexCore = require("@webex/webex-core");
 var _authorization = _interopRequireWildcard(require("./authorization"));
 var _config = _interopRequireDefault(require("./config"));
-function _getRequireWildcardCache(e) { if ("function" != typeof _WeakMap) return null; var r = new _WeakMap(), t = new _WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(e) { return e ? t : r; })(e); }
-function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != _typeof(e) && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = _Object$defineProperty && _Object$getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && Object.prototype.hasOwnProperty.call(e, u)) { var i = a ? _Object$getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? _Object$defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
+function _interopRequireWildcard(e, t) { if ("function" == typeof _WeakMap) var r = new _WeakMap(), n = new _WeakMap(); return (_interopRequireWildcard = function _interopRequireWildcard(e, t) { if (!t && e && e.__esModule) return e; var o, i, f = { __proto__: null, default: e }; if (null === e || "object" != _typeof(e) && "function" != typeof e) return f; if (o = t ? n : r) { if (o.has(e)) return o.get(e); o.set(e, f); } for (var _t in e) "default" !== _t && {}.hasOwnProperty.call(e, _t) && ((i = (o = _Object$defineProperty) && _Object$getOwnPropertyDescriptor(e, _t)) && (i.get || i.set) ? o(f, _t, i) : f[_t] = e[_t]); return f; })(e, t); }
 /*!
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
  */

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_webexCore","require","_authorization","_interopRequireWildcard","_config","_interopRequireDefault","_getRequireWildcardCache","e","_WeakMap","r","t","__esModule","_typeof","default","has","get","n","__proto__","a","_Object$defineProperty","_Object$getOwnPropertyDescriptor","u","Object","prototype","hasOwnProperty","call","i","set","proxies","registerPlugin","Authorization","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {registerPlugin} from '@webex/webex-core';\n\nimport Authorization from './authorization';\nimport config from './config';\n\nconst proxies = ['isAuthorizing', 'isAuthenticating'];\n\nregisterPlugin('authorization', Authorization, {\n  config,\n  proxies,\n});\n\nexport {default, Events} from './authorization';\nexport {default as config} from './config';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA,IAAAA,UAAA,GAAAC,OAAA;AAEA,IAAAC,cAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAA8B,SAAAK,yBAAAC,CAAA,6BAAAC,QAAA,mBAAAC,CAAA,OAAAD,QAAA,IAAAE,CAAA,OAAAF,QAAA,YAAAF,wBAAA,YAAAA,yBAAAC,CAAA,WAAAA,CAAA,GAAAG,CAAA,GAAAD,CAAA,KAAAF,CAAA;AAAA,SAAAJ,wBAAAI,CAAA,EAAAE,CAAA,SAAAA,CAAA,IAAAF,CAAA,IAAAA,CAAA,CAAAI,UAAA,SAAAJ,CAAA,eAAAA,CAAA,gBAAAK,OAAA,CAAAL,CAAA,0BAAAA,CAAA,WAAAM,OAAA,EAAAN,CAAA,QAAAG,CAAA,GAAAJ,wBAAA,CAAAG,CAAA,OAAAC,CAAA,IAAAA,CAAA,CAAAI,GAAA,CAAAP,CAAA,UAAAG,CAAA,CAAAK,GAAA,CAAAR,CAAA,OAAAS,CAAA,KAAAC,SAAA,UAAAC,CAAA,GAAAC,sBAAA,IAAAC,gCAAA,WAAAC,CAAA,IAAAd,CAAA,oBAAAc,CAAA,IAAAC,MAAA,CAAAC,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAlB,CAAA,EAAAc,CAAA,SAAAK,CAAA,GAAAR,CAAA,GAAAE,gCAAA,CAAAb,CAAA,EAAAc,CAAA,UAAAK,CAAA,KAAAA,CAAA,CAAAX,GAAA,IAAAW,CAAA,CAAAC,GAAA,IAAAR,sBAAA,CAAAH,CAAA,EAAAK,CAAA,EAAAK,CAAA,IAAAV,CAAA,CAAAK,CAAA,IAAAd,CAAA,CAAAc,CAAA,YAAAL,CAAA,CAAAH,OAAA,GAAAN,CAAA,EAAAG,CAAA,IAAAA,CAAA,CAAAiB,GAAA,CAAApB,CAAA,EAAAS,CAAA,GAAAA,CAAA;AAP9B;AACA;AACA;;AAOA,IAAMY,OAAO,GAAG,CAAC,eAAe,EAAE,kBAAkB,CAAC;AAErD,IAAAC,yBAAc,EAAC,eAAe,EAAEC,sBAAa,EAAE;EAC7CC,MAAM,EAANA,eAAM;EACNH,OAAO,EAAPA;AACF,CAAC,CAAC"}
+{"version":3,"names":["_webexCore","require","_authorization","_interopRequireWildcard","_config","_interopRequireDefault","e","t","_WeakMap","r","n","__esModule","o","i","f","__proto__","default","_typeof","has","get","set","_t","hasOwnProperty","call","_Object$defineProperty","_Object$getOwnPropertyDescriptor","proxies","registerPlugin","Authorization","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {registerPlugin} from '@webex/webex-core';\n\nimport Authorization from './authorization';\nimport config from './config';\n\nconst proxies = ['isAuthorizing', 'isAuthenticating'];\n\nregisterPlugin('authorization', Authorization, {\n  config,\n  proxies,\n});\n\nexport {default, Events} from './authorization';\nexport {default as config} from './config';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA,IAAAA,UAAA,GAAAC,OAAA;AAEA,IAAAC,cAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAA8B,SAAAE,wBAAAG,CAAA,EAAAC,CAAA,6BAAAC,QAAA,MAAAC,CAAA,OAAAD,QAAA,IAAAE,CAAA,OAAAF,QAAA,YAAAL,uBAAA,YAAAA,wBAAAG,CAAA,EAAAC,CAAA,SAAAA,CAAA,IAAAD,CAAA,IAAAA,CAAA,CAAAK,UAAA,SAAAL,CAAA,MAAAM,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAC,SAAA,QAAAC,OAAA,EAAAV,CAAA,iBAAAA,CAAA,gBAAAW,OAAA,CAAAX,CAAA,0BAAAA,CAAA,SAAAQ,CAAA,MAAAF,CAAA,GAAAL,CAAA,GAAAG,CAAA,GAAAD,CAAA,QAAAG,CAAA,CAAAM,GAAA,CAAAZ,CAAA,UAAAM,CAAA,CAAAO,GAAA,CAAAb,CAAA,GAAAM,CAAA,CAAAQ,GAAA,CAAAd,CAAA,EAAAQ,CAAA,cAAAO,EAAA,IAAAf,CAAA,gBAAAe,EAAA,OAAAC,cAAA,CAAAC,IAAA,CAAAjB,CAAA,EAAAe,EAAA,OAAAR,CAAA,IAAAD,CAAA,GAAAY,sBAAA,KAAAC,gCAAA,CAAAnB,CAAA,EAAAe,EAAA,OAAAR,CAAA,CAAAM,GAAA,IAAAN,CAAA,CAAAO,GAAA,IAAAR,CAAA,CAAAE,CAAA,EAAAO,EAAA,EAAAR,CAAA,IAAAC,CAAA,CAAAO,EAAA,IAAAf,CAAA,CAAAe,EAAA,WAAAP,CAAA,KAAAR,CAAA,EAAAC,CAAA;AAP9B;AACA;AACA;;AAOA,IAAMmB,OAAO,GAAG,CAAC,eAAe,EAAE,kBAAkB,CAAC;AAErD,IAAAC,yBAAc,EAAC,eAAe,EAAEC,sBAAa,EAAE;EAC7CC,MAAM,EAANA,eAAM;EACNH,OAAO,EAAPA;AACF,CAAC,CAAC","ignoreList":[]}

package/package.json

@@ -36,13 +36,13 @@
   },
   "dependencies": {
     "@webex/common": "3.8.1-next.11",
-    "@webex/storage-adapter-local-storage": "3.10.0-next.3",
+    "@webex/storage-adapter-local-storage": "3.10.0-next.4",
     "@webex/test-helper-automation": "3.8.1-next.11",
     "@webex/test-helper-chai": "3.8.1-next.11",
     "@webex/test-helper-mocha": "3.8.1-next.11",
     "@webex/test-helper-mock-webex": "3.8.1-next.11",
     "@webex/test-helper-test-users": "3.8.1-next.11",
-    "@webex/webex-core": "3.10.0-next.3",
+    "@webex/webex-core": "3.10.0-next.4",
     "crypto-js": "^4.1.1",
     "lodash": "^4.17.21",
     "uuid": "^3.3.2"
@@ -56,5 +56,5 @@
     "test:style": "eslint ./src/**/*.*",
     "test:unit": "webex-legacy-tools test --unit --runner jest"
   },
-  "version": "3.10.0-next.3"
+  "version": "3.10.0-next.5"
 }

package/src/authorization.js

@@ -32,6 +32,7 @@ const OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';
  * Authorization plugin events
  */
 export const Events = {
+  login: 'login',
   /**
    * QR code login events
    */
@@ -262,6 +263,14 @@ const Authorization = WebexPlugin.extend({
    * @returns {Promise}
    */
   initiateLogin(options = {}) {
+    this.eventEmitter.emit(Events.login, {
+      eventType: 'initiateLogin',
+      data: {
+        hasEmail: !!options.email,
+        hasState: !!options.state
+      },
+    });
+
     options = cloneDeep(options);
 
     // Optionally compute heuristic email hash for preauth usage
@@ -305,6 +314,11 @@ const Authorization = WebexPlugin.extend({
       Object.assign({response_type: 'code'}, options)
     );
 
+    this.eventEmitter.emit(Events.login, {
+      eventType: 'redirectToLoginUrl',
+      data: { loginUrl },
+    });
+
     if (options?.separateWindow) {
       // If a separate popup window is requested, combine user supplied window features
       const defaultWindowSettings = {

package/test/unit/spec/authorization.js

@@ -14,6 +14,7 @@ import {base64, patterns} from '@webex/common';
 import {merge, times} from 'lodash';
 import CryptoJS from 'crypto-js';
 import Authorization from '@webex/plugin-authorization-browser-first-party';
+import {Events} from '../../../src';
 
 // Necessary to require lodash this way in order to stub the method
 const lodash = require('lodash');
@@ -424,6 +425,48 @@ describe('plugin-authorization-browser-first-party', () => {
 
         return p.then(() => assert.isFalse(webex.authorization.isAuthenticating));
       });
+
+      it('Emits an event containing indicating login is initiating', () => {
+        const webex = makeWebex();
+
+        const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
+        sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
+
+        return webex.authorization.initiateLogin().then(() => {
+          assert.calledOnceWithExactly(emitSpy, Events.login, {
+            eventType: 'initiateLogin',
+            data: { hasEmail: false, hasState: false },
+          });
+        });
+      });
+
+      it('Emits an event containing information about email', () => {
+        const webex = makeWebex();
+
+        const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
+        sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
+
+        return webex.authorization.initiateLogin({ email: 'test@abc.xyz' }).then(() => {
+          assert.calledOnceWithExactly(emitSpy, Events.login, {
+            eventType: 'initiateLogin',
+            data: { hasEmail: true, hasState: false },
+          });
+        });
+      });
+
+      it('Emits an event containing information about state', () => {
+        const webex = makeWebex();
+
+        const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
+        sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
+
+        return webex.authorization.initiateLogin({ state: {} }).then(() => {
+          assert.calledOnceWithExactly(emitSpy, Events.login, {
+            eventType: 'initiateLogin',
+            data: { hasEmail: false, hasState: true },
+          });
+        });
+      });
     });
 
     describe('#initiateAuthorizationCodeGrant()', () => {
@@ -474,14 +517,14 @@ describe('plugin-authorization-browser-first-party', () => {
         toolbar: 'no'
       };
 
-      return webex.authorization.initiateAuthorizationCodeGrant({ 
-        separateWindow: customWindow 
+      return webex.authorization.initiateAuthorizationCodeGrant({
+        separateWindow: customWindow
       }).then(() => {
         assert.called(webex.getWindow().open);
         const openCall = webex.getWindow().open.getCall(0);
         assert.equal(openCall.args[1], '_blank');
         assert.equal(
-        openCall.args[2], 
+        openCall.args[2],
         'width=800,height=600,menubar=no,toolbar=no'
         );
       });
@@ -491,7 +534,7 @@ describe('plugin-authorization-browser-first-party', () => {
       const webex = makeWebex();
       webex.getWindow().open = sinon.spy();
 
-      return webex.authorization.initiateAuthorizationCodeGrant({ 
+      return webex.authorization.initiateAuthorizationCodeGrant({
         separateWindow: true,
         state: {}
       }).then(() => {
@@ -500,6 +543,21 @@ describe('plugin-authorization-browser-first-party', () => {
         assert.include(url, "https://idbrokerbts.webex.com/idb/oauth2/v1/authorize?response_type=code&separateWindow=true&client_id=fake&redirect_uri=http%3A%2F%2Fexample.com&scope=scope%3Aone");
       });
       });
+
+      it('Emits an event containing the login url', () => {
+        const testLoginUrl = "https://test.example.com";
+        const webex = makeWebex();
+
+        sinon.stub(webex.credentials, 'buildLoginUrl').returns(testLoginUrl);
+        const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
+
+        return webex.authorization.initiateAuthorizationCodeGrant().then(() => {
+          assert.calledOnceWithExactly(emitSpy, Events.login, {
+            eventType: 'redirectToLoginUrl',
+            data: { loginUrl: testLoginUrl },
+          });
+        });
+      });
     });
 
     describe('#_generateQRCodeVerificationUrl()', () => {
@@ -770,7 +828,7 @@ describe('plugin-authorization-browser-first-party', () => {
         sinon.spy(webex.authorization, 'cancelQRCodePolling');
         const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
         const credentialsSetSpy = sinon.spy(webex.credentials, 'set');
-        
+
         webex.authorization._startQRCodePolling(options);
         await clock.tickAsync(4000);