@webex/plugin-authorization-browser-first-party 3.10.0-next.4 → 3.10.0-wxc-disconnect.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/authorization.js +1 -15
  2. package/dist/authorization.js.map +1 -1
  3. package/package.json +13 -13
  4. package/src/authorization.js +0 -14
  5. package/test/unit/spec/authorization.js +5 -63
package/dist/authorization.js CHANGED
@@ -45,7 +45,6 @@ var OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';
45
45
  * Authorization plugin events
46
46
  */
47
47
  var Events = exports.Events = {
48
- login: 'login',
49
48
  /**
50
49
  * QR code login events
51
50
  */
@@ -275,13 +274,6 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
275
274
  */
276
275
  initiateLogin: function initiateLogin() {
277
276
  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
278
- this.eventEmitter.emit(Events.login, {
279
- eventType: 'initiateLogin',
280
- data: {
281
- hasEmail: !!options.email,
282
- hasState: !!options.state
283
- }
284
- });
285
277
  options = (0, _lodash.cloneDeep)(options);
286
278
 
287
279
  // Optionally compute heuristic email hash for preauth usage
@@ -321,12 +313,6 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
321
313
  var loginUrl = this.webex.credentials.buildLoginUrl((0, _assign.default)({
322
314
  response_type: 'code'
323
315
  }, options));
324
- this.eventEmitter.emit(Events.login, {
325
- eventType: 'redirectToLoginUrl',
326
- data: {
327
- loginUrl: loginUrl
328
- }
329
- });
330
316
  if (options !== null && options !== void 0 && options.separateWindow) {
331
317
  // If a separate popup window is requested, combine user supplied window features
332
318
  var defaultWindowSettings = {
@@ -799,7 +785,7 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
799
785
  throw new Error("CSRF token ".concat(token, " does not match stored token ").concat(sessionToken));
800
786
  }
801
787
  },
802
- version: "3.10.0-next.4"
788
+ version: "3.10.0-wxc-disconnect.1"
803
789
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "initiateAuthorizationCodeGrant", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "initiateAuthorizationCodeGrant"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "requestAuthorizationCodeGrant", [_dec2, _common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "requestAuthorizationCodeGrant"), _obj)), _obj)));
804
790
  var _default = exports.default = Authorization;
805
791
  //# sourceMappingURL=authorization.js.map
package/dist/authorization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_events","_common","_webexCore","_lodash","_uuid","_encBase64url","_cryptoJs","_dec","_dec2","_obj","lodash","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Events","exports","login","qRCodeLogin","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","eventEmitter","EventEmitter","pollingTimer","pollingExpirationTimer","pollingId","currentPollingId","initialize","_this","_len","arguments","length","attrs","Array","_key","ret","_apply","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","preauthCatalogParams","orgId","_extractOrgIdFromCode","process","nextTick","internal","services","collectPreauthCatalog","catch","_promise","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","undefined","emit","eventType","data","hasEmail","email","hasState","cloneDeep","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","loginUrl","credentials","buildLoginUrl","_assign","response_type","separateWindow","defaultWindowSettings","width","height","windowSettings","_typeof2","windowFeatures","_entries","map","_ref","_ref2","_slicedToArray2","key","value","concat","join","open","logout","noRedirect","buildLogoutUrl","_this2","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","_generateQRCodeVerificationUrl","verificationUrl","baseUrl","urlParams","URLSearchParams","URL","search","userCode","get","oauthHelperUrl","newVerificationUrl","searchParams","initQRCodeLogin","_this3","message","service","resource","scope","_res$body","user_code","verification_uri","verification_uri_complete","verificationUriComplete","userData","verificationUri","_startQRCodePolling","_options$interval","_this4","device_code","deviceCode","_options$expires_in","expires_in","expiresIn","interval","setTimeout","cancelQRCodePolling","polling","schedulePolling","withCancelEvent","clearTimeout","split","history","replaceState","_deleteProperty","isEmpty","omit","encode","_stringify","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","codeChallenge","setItem","token","uuid","v4","sessionToken","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","oneFlight","_default"],"sources":["authorization.js"],"sourcesContent":[" // @ts-nocheck\n/* eslint-disable */\n/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n/**\n * TS checking disabled: file uses legacy decorator syntax inside an object literal\n * transformed by Babel. Safe to ignore for now.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\nimport {EventEmitter} from 'events';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Authorization plugin events\n */\nexport const Events = {\n login: 'login',\n /**\n * QR code login events\n */\n qRCodeLogin: 'qRCodeLogin',\n};\n\n/**\n * Browser support for OAuth2 for first-party (Webex Web Client) usage.\n *\n * High-level flow handled by this module:\n * 1. initiateLogin() constructs authorization request (adds CSRF + PKCE).\n * 2. Browser navigates to IdBroker (login).\n * 3. IdBroker redirects back with ?code=... (&state=...).\n * 4. initialize() detects code, validates state/CSRF, cleans URL, optionally\n * pre-fetches a preauth catalog, then exchanges the code via\n * requestAuthorizationCodeGrant().\n * 5. Sets resulting supertoken (access/refresh token bundle) on credentials.\n *\n * Additional supported flow:\n * - Device Authorization (QR Code login):\n * initQRCodeLogin() obtains device + user codes and begins polling\n * _startQRCodePolling() until tokens are issued or timeout/cancel occurs.\n *\n * Security considerations implemented:\n * - CSRF token (state.csrf_token) generation + verification.\n * - PKCE (S256) code verifier + challenge generation and consumption.\n * - URL cleanup after redirect (removes code & CSRF to prevent leakage).\n *\n * Use of this plugin for anything other than the Webex Web Client is discouraged.\n *\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n derived: {\n /**\n * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthenticating: {\n deps: ['isAuthorizing'],\n fn() {\n return this.isAuthorizing;\n },\n },\n },\n\n session: {\n /**\n * Indicates if an Authorization Code exchange is inflight\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthorizing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Indicates that the plugin has finished any automatic startup\n * processing (e.g., exchanging a returned authorization code)\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n },\n\n namespace: 'Credentials',\n\n /**\n * EventEmitter for authorization events such as QR code login progress\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {EventEmitter}\n * @public\n */\n eventEmitter: new EventEmitter(),\n\n /**\n * Stores the timer ID for QR code polling (device authorization)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingTimer: null,\n /**\n * Stores the expiration timer ID for QR code polling (overall timeout)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingExpirationTimer: null,\n\n /**\n * Monotonically increasing id to identify the current polling request.\n * Used to safely ignore late poll responses after a cancel/reset.\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {number}\n * @private\n */\n pollingId: 0,\n\n /**\n * Identifier for the current polling request (snapshot of pollingId)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n currentPollingId: null,\n\n /**\n * Auto executes during Webex.init() – you do NOT call this yourself.\n *\n * Purpose: Seamless \"redirect completion\" of the OAuth Authorization Code (+ PKCE) flow.\n *\n * Simple summary:\n * - You call initiateLogin() which redirects user to IdBroker.\n * - User signs in; IdBroker redirects back to your redirect_uri with ?code=... (&state=...).\n * - During SDK startup this initialize() runs automatically, sees the code, and\n * silently finishes the login (validates state/CSRF + PKCE, scrubs URL, exchanges code).\n * - When done, webex.credentials.supertoken holds access+refresh and ready=true.\n *\n * Step-by-step:\n * 1. Inspect current window.location for ?code= (& state=).\n * 2. If no code: set ready=true immediately (nothing to complete).\n * 3. If code present:\n * - Decode base64 state JSON.\n * - Verify CSRF token matches sessionStorage value.\n * - Retrieve then delete PKCE code_verifier (single use).\n * - Optionally derive preauth hint (emailhash in state OR orgId parsed from code).\n * - Clean the URL (history.replaceState) to remove code & csrf token data.\n * - nextTick:\n * a. Best‑effort preauth catalog fetch (non-blocking).\n * b. Exchange authorization code (with code_verifier if any) for supertoken\n * and store on webex.credentials.\n * 4. Set ready=true after the async sequence finishes (or immediately if step 2).\n *\n * Result: If the redirect included a valid code the token exchange is completed\n * automatically—no extra API call needed after Webex.init().\n */\n // eslint-disable-next-line complexity\n initialize(...attrs) {\n const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n const location = url.parse(this.webex.getWindow().location.href, true);\n\n // Check if redirect includes error\n this._checkForErrors(location);\n\n const {code} = location.query;\n\n // If no authorization code returned, nothing to do\n if (!code) {\n this.ready = true;\n return ret;\n }\n\n // Decode and parse state object (if present)\n if (location.query.state) {\n location.query.state = JSON.parse(base64.decode(location.query.state));\n } else {\n location.query.state = {};\n }\n\n // Retrieve PKCE code verifier (if a PKCE flow was initiated)\n const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n // Immediately remove code verifier to minimize exposure\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n const {emailhash} = location.query.state;\n\n // Validate CSRF token included in state\n this._verifySecurityToken(location.query);\n // Remove code + CSRF token remnants from URL (history replace)\n this._cleanUrl(location);\n\n let preauthCatalogParams;\n\n // Attempt to extract orgId from structured authorization code (if present)\n const orgId = this._extractOrgIdFromCode(code);\n\n if (emailhash) {\n preauthCatalogParams = {emailhash};\n } else if (orgId) {\n preauthCatalogParams = {orgId};\n }\n\n // Defer token exchange until next tick in case credentials plugin not ready yet\n process.nextTick(() => {\n this.webex.internal.services\n .collectPreauthCatalog(preauthCatalogParams)\n .catch(() => Promise.resolve()) // Non-fatal if catalog collection fails\n .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n .catch((error) => {\n this.logger.warn('authorization: failed initial authorization code grant request', error);\n })\n .then(() => {\n // Mark plugin ready regardless of success/failure of token exchange\n this.ready = true;\n });\n });\n\n return ret;\n },\n\n /**\n * Kicks off an OAuth authorization code flow (first party).\n *\n * Adds security + PKCE properties:\n * - SHA256(email) (emailHash & emailhash) for preauth and redirect flows\n * - state.csrf_token for CSRF protection\n * - PKCE code_challenge (S256)\n *\n * NOTE: This does not itself perform the redirect; it calls\n * initiateAuthorizationCodeGrant() which changes window location or opens\n * a separate window as configured.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateLogin(options = {}) {\n this.eventEmitter.emit(Events.login, {\n eventType: 'initiateLogin',\n data: {\n hasEmail: !!options.email,\n hasState: !!options.state\n },\n });\n\n options = cloneDeep(options);\n\n // Optionally compute heuristic email hash for preauth usage\n if (options.email) {\n options.emailHash = CryptoJS.SHA256(options.email).toString();\n }\n delete options.email; // Ensure raw email not propagated further\n\n options.state = options.state || {};\n // Embed CSRF token\n options.state.csrf_token = this._generateSecurityToken();\n // Provide email hash in lower-case key used by catalog service\n // (Note: catalog uses emailhash and redirectCI uses emailHash)\n options.state.emailhash = options.emailHash;\n\n // PKCE - produce code_challenge (S256) and persist code_verifier\n options.code_challenge = this._generateCodeChallenge();\n options.code_challenge_method = 'S256';\n\n return this.initiateAuthorizationCodeGrant(options);\n },\n\n @whileInFlight('isAuthorizing')\n /**\n * Performs the navigation step of the Authorization Code flow.\n * Builds login URL and either:\n * - Replaces current window location (default), or\n * - Opens a separate window (popup) if options.separateWindow supplied.\n *\n * Decorated with whileInFlight('isAuthorizing') to set isAuthorizing=true\n * during execution to prevent concurrent overlapping attempts.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Already augmented with state + PKCE info\n * @returns {Promise<void>}\n */\n initiateAuthorizationCodeGrant(options) {\n this.logger.info('authorization: initiating authorization code grant flow');\n const loginUrl = this.webex.credentials.buildLoginUrl(\n Object.assign({response_type: 'code'}, options)\n );\n\n this.eventEmitter.emit(Events.login, {\n eventType: 'redirectToLoginUrl',\n data: { loginUrl },\n });\n\n if (options?.separateWindow) {\n // If a separate popup window is requested, combine user supplied window features\n const defaultWindowSettings = {\n width: 600,\n height: 800,\n };\n\n const windowSettings = Object.assign(\n defaultWindowSettings,\n typeof options.separateWindow === 'object' ? options.separateWindow : {}\n );\n\n const windowFeatures = Object.entries(windowSettings)\n .map(([key, value]) => `${key}=${value}`)\n .join(',');\n this.webex.getWindow().open(loginUrl, '_blank', windowFeatures);\n } else {\n // Normal (in-tab) redirect\n this.webex.getWindow().location = loginUrl;\n }\n\n return Promise.resolve();\n },\n\n /**\n * Called by {@link WebexCore#logout()}.\n * Constructs logout URL and (unless suppressed) navigates away to ensure\n * server-side session termination.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {boolean} options.noRedirect if true, does not redirect\n * @returns {Promise<void>}\n */\n logout(options = {}) {\n if (!options.noRedirect) {\n this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n }\n },\n\n @whileInFlight('isAuthorizing')\n @oneFlight\n /**\n * Exchanges an authorization code for an access (super) token bundle.\n *\n * Decorators:\n * - @whileInFlight('isAuthorizing'): prevents overlapping exchanges.\n * - @oneFlight: collapses simultaneous calls into one network request.\n *\n * Includes PKCE code_verifier if present from earlier login initiation.\n *\n * Error Handling:\n * - Non-400 responses are propagated.\n * - 400 responses map to OAuth-specific grantErrors.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {string} options.code - Authorization code from redirect\n * @param {string} [options.codeVerifier] - PKCE code verifier if used\n * @returns {Promise}\n */\n requestAuthorizationCodeGrant(options = {}) {\n this.logger.info('credentials: requesting authorization code grant');\n\n if (!options.code) {\n return Promise.reject(new Error('`options.code` is required'));\n }\n\n const form = {\n grant_type: 'authorization_code',\n redirect_uri: this.config.redirect_uri,\n code: options.code,\n self_contained_token: true, // Request combined access/refresh response\n };\n\n if (options.codeVerifier) {\n form.code_verifier = options.codeVerifier;\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form,\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false, // This is the token acquisition call itself\n })\n .then((res) => {\n // Store supertoken into credentials (includes refresh token)\n this.webex.credentials.set({supertoken: res.body});\n })\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n // Map standard OAuth error to strongly typed error class\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n /**\n * Generate a QR code verification URL for device authorization flow.\n * When a user scans the QR code with a mobile device, this deep-links into\n * Webex (web) to continue login, including passing along userCode and the\n * helper service base URL.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} verificationUrl - Original verification URI (complete)\n * @returns {String} Possibly rewritten verification URL\n */\n _generateQRCodeVerificationUrl(verificationUrl) {\n const baseUrl = 'https://web.webex.com/deviceAuth';\n const urlParams = new URLSearchParams(new URL(verificationUrl).search);\n const userCode = urlParams.get('userCode');\n\n if (userCode) {\n const {services} = this.webex.internal;\n const oauthHelperUrl = services.get('oauth-helper');\n const newVerificationUrl = new URL(baseUrl);\n newVerificationUrl.searchParams.set('usercode', userCode);\n newVerificationUrl.searchParams.set('oauthhelper', oauthHelperUrl);\n return newVerificationUrl.toString();\n } else {\n return verificationUrl;\n }\n },\n\n /**\n * Initiates Device Authorization (QR Code) flow.\n *\n * Steps:\n * 1. Obtain device_code, user_code, verification URLs from oauth-helper.\n * 2. Emit getUserCodeSuccess (provides data for generating QR code).\n * 3. Start polling token endpoint with device_code.\n *\n * Emits qRCodeLogin events for UI to react (success, failure, pending, etc.).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @emits #qRCodeLogin\n */\n initQRCodeLogin() {\n if (this.pollingTimer) {\n // Prevent concurrent device authorization attempts\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/authorize',\n form: {\n client_id: this.config.client_id,\n scope: this.config.scope,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n const {user_code, verification_uri, verification_uri_complete} = res.body;\n const verificationUriComplete = this._generateQRCodeVerificationUrl(verification_uri_complete);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeSuccess',\n userData: {\n userCode: user_code,\n verificationUri: verification_uri,\n verificationUriComplete,\n },\n });\n // Begin polling for authorization completion\n this._startQRCodePolling(res.body);\n })\n .catch((res) => {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: res.body,\n });\n });\n },\n\n /**\n * Poll the device token endpoint until user authorizes, an error occurs,\n * or timeout happens.\n *\n * Polling behavior:\n * - Interval provided by server (default 2s). 'slow_down' doubles interval once.\n * - 428 status => pending (continue).\n * - Success => set credentials + emit authorizationSuccess + stop polling.\n * - Any other error => emit authorizationFailure + stop polling.\n *\n * Cancellation:\n * - cancelQRCodePolling() resets timers and polling ids so late responses are ignored.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Must include device_code, may include interval/expires_in\n * @emits #qRCodeLogin\n */\n _startQRCodePolling(options = {}) {\n if (!options.device_code) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'A deviceCode is required'},\n });\n return;\n }\n\n if (this.pollingTimer) {\n // Already polling; avoid starting a duplicate cycle\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n const {device_code: deviceCode, expires_in: expiresIn = 300} = options;\n // Server recommended polling interval (seconds)\n let interval = options.interval ?? 2;\n\n // Global timeout for entire device authorization attempt\n this.pollingExpirationTimer = setTimeout(() => {\n this.cancelQRCodePolling(false);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'Authorization timed out'},\n });\n }, expiresIn * 1000);\n\n const polling = () => {\n // Increment id so any previous poll loops can be invalidated\n this.pollingId += 1;\n this.currentPollingId = this.pollingId;\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/token',\n form: {\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: this.config.client_id,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n // If polling canceled (id changed), ignore this response\n if (this.currentPollingId !== this.pollingId) return;\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationSuccess',\n data: res.body,\n });\n this.webex.credentials.set({supertoken: res.body});\n this.cancelQRCodePolling();\n })\n .catch((res) => {\n if (this.currentPollingId !== this.pollingId) return;\n\n // Backoff signal from server; increase interval just once for next cycle\n if (res.statusCode === 400 && res.body.message === 'slow_down') {\n schedulePolling(interval * 2);\n return;\n }\n\n // Pending: keep polling\n if (res.statusCode === 428) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationPending',\n data: res.body,\n });\n schedulePolling(interval);\n return;\n }\n\n // Terminal error\n this.cancelQRCodePolling();\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: res.body,\n });\n });\n };\n\n // Schedules next poll invocation\n const schedulePolling = (interval) =>\n (this.pollingTimer = setTimeout(polling, interval * 1000));\n\n schedulePolling(interval);\n },\n\n /**\n * Cancel active device authorization polling loop.\n *\n * @param {boolean} withCancelEvent emit a pollingCanceled event (default true)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @returns {void}\n */\n cancelQRCodePolling(withCancelEvent = true) {\n if (this.pollingTimer && withCancelEvent) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'pollingCanceled',\n });\n }\n\n this.currentPollingId = null;\n\n clearTimeout(this.pollingExpirationTimer);\n this.pollingExpirationTimer = null;\n clearTimeout(this.pollingTimer);\n this.pollingTimer = null;\n },\n\n /**\n * Extracts the orgId from the returned code from idbroker.\n *\n * Certain authorization codes encode organization info in a structured\n * underscore-delimited format. This method parses out the 3rd segment.\n *\n * For undocumented formats or unexpected code shapes, returns undefined.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} code\n * @private\n * @returns {String|undefined}\n */\n _extractOrgIdFromCode(code) {\n return code?.split('_')[2] || undefined;\n },\n\n /**\n * Checks if the result of the login redirect contains an OAuth error.\n * Throws a mapped grant error if encountered.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _checkForErrors(location) {\n const {query} = location;\n\n if (query && query.error) {\n const ErrorConstructor = grantErrors.select(query.error);\n\n throw new ErrorConstructor(query);\n }\n },\n\n /**\n * Removes no-longer needed values from the URL (authorization code, CSRF token).\n * This is important to avoid leaking sensitive parameters via:\n * - Browser history\n * - Copy/paste of URL\n * - HTTP referrer headers to third-party content\n *\n * Approach:\n * - Remove 'code'.\n * - Remove 'state' entirely if only contained csrf_token.\n * - Else, re-encode remaining state fields (minus csrf_token).\n * - Replace current history entry (no page reload).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _cleanUrl(location) {\n location = cloneDeep(location);\n if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n Reflect.deleteProperty(location.query, 'code');\n if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n Reflect.deleteProperty(location.query, 'state');\n } else {\n location.query.state = base64.encode(\n JSON.stringify(omit(location.query.state, 'csrf_token'))\n );\n }\n location.search = querystring.stringify(location.query);\n Reflect.deleteProperty(location, 'query');\n this.webex.getWindow().history.replaceState({}, null, url.format(location));\n }\n },\n\n /**\n * Generates a PKCE (RFC 7636) code verifier and corresponding S256 code challenge.\n * Persists the verifier in sessionStorage (single-use) for later retrieval\n * during authorization code exchange; removes it once consumed.\n *\n * Implementation details:\n * - Creates a 128 character string using base64url safe alphabet.\n * - Computes SHA256 hash, encodes to base64url (no padding).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} code_challenge\n */\n _generateCodeChallenge() {\n this.logger.info('authorization: generating PKCE code challenge');\n\n // eslint-disable-next-line no-underscore-dangle\n const safeCharacterMap = base64url._safe_map;\n\n const codeVerifier = lodash\n .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n .join('');\n\n const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n return codeChallenge;\n },\n\n /**\n * Generates a CSRF token and stores it in sessionStorage.\n * Token is embedded in 'state' and validated upon redirect return.\n *\n * Uses UUID v4 for randomness.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} token\n */\n _generateSecurityToken() {\n this.logger.info('authorization: generating csrf token');\n\n const token = uuid.v4();\n\n this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n return token;\n },\n\n /**\n * Verifies that the CSRF token returned in the 'state' matches the one\n * previously stored in sessionStorage.\n *\n * Steps:\n * - Retrieve and immediately remove stored token (one-time use).\n * - Ensure state + state.csrf_token exist.\n * - Compare values; throw descriptive errors on mismatch / absence.\n *\n * If no stored token (e.g., user navigated directly), silently returns.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} query - Parsed query (location.query)\n * @private\n * @returns {void}\n */\n _verifySecurityToken(query) {\n const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n if (!sessionToken) {\n return;\n }\n\n if (!query.state) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n if (!query.state.csrf_token) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n const token = query.state.csrf_token;\n\n if (token !== sessionToken) {\n throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n }\n },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAYA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,aAAA,GAAAR,sBAAA,CAAAC,OAAA;AACA,IAAAQ,SAAA,GAAAT,sBAAA,CAAAC,OAAA;AAAiC,IAAAS,IAAA,EAAAC,KAAA,EAAAC,IAAA,EArBhC;AACD;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAaA;AACA;AACA,IAAMC,MAAM,GAAGZ,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMa,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACO,IAAMC,MAAM,GAAAC,OAAA,CAAAD,MAAA,GAAG;EACpBE,KAAK,EAAE,OAAO;EACd;AACF;AACA;EACEC,WAAW,EAAE;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,EAAAZ,IAAA,GAkOrC,IAAAa,qBAAa,EAAC,eAAe,CAAC,EAAAZ,KAAA,GAmE9B,IAAAY,qBAAa,EAAC,eAAe,CAAC,GAAAX,IAAA,GArSQ;EACvCY,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,WAAAA,GAAA,EAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAIC,oBAAY,CAAC,CAAC;EAEhC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAI;EAClB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,sBAAsB,EAAE,IAAI;EAE5B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,EAAE,CAAC;EAEZ;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,gBAAgB,EAAE,IAAI;EAEtB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,WAAAA,WAAA,EAAW;IAAA,IAAAC,KAAA;IAAA,SAAAC,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAPC,KAAK,OAAAC,KAAA,CAAAJ,IAAA,GAAAK,IAAA,MAAAA,IAAA,GAAAL,IAAA,EAAAK,IAAA;MAALF,KAAK,CAAAE,IAAA,IAAAJ,SAAA,CAAAI,IAAA;IAAA;IACjB,IAAMC,GAAG,GAAG,IAAAC,MAAA,CAAAnB,OAAA,EAAcT,sBAAW,CAAC6B,SAAS,CAACV,UAAU,EAAE,IAAI,EAAEK,KAAK,CAAC;IACxE,IAAMM,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;;IAEtE;IACA,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;;IAEX;IACA,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAAC1B,KAAK,GAAG,IAAI;MACjB,OAAOgB,GAAG;IACZ;;IAEA;IACA,IAAIG,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;;IAEA;IACA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACnD,oBAAoB,CAAC;IACxF;IACA,IAAI,CAACuC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACpD,oBAAoB,CAAC;IAEtE,IAAOqD,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;;IAEhB;IACA,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC;IACA,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;IAExB,IAAIoB,oBAAoB;;IAExB;IACA,IAAMC,KAAK,GAAG,IAAI,CAACC,qBAAqB,CAACf,IAAI,CAAC;IAE9C,IAAIU,SAAS,EAAE;MACbG,oBAAoB,GAAG;QAACH,SAAS,EAATA;MAAS,CAAC;IACpC,CAAC,MAAM,IAAII,KAAK,EAAE;MAChBD,oBAAoB,GAAG;QAACC,KAAK,EAALA;MAAK,CAAC;IAChC;;IAEA;IACAE,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrBlC,KAAI,CAACa,KAAK,CAACsB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAACP,oBAAoB,CAAC,CAC3CQ,KAAK,CAAC;QAAA,OAAMC,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;MAAA,EAAC,CAAC;MAAA,CAC/BC,IAAI,CAAC;QAAA,OAAMzC,KAAI,CAAC0C,6BAA6B,CAAC;UAACzB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEe,KAAK,CAAC,UAACK,KAAK,EAAK;QAChB3C,KAAI,CAAC4C,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV;QACAzC,KAAI,CAACT,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOgB,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuC,aAAa,WAAAA,cAAA,EAAe;IAAA,IAAdC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxB,IAAI,CAACT,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,eAAe;MAC1BC,IAAI,EAAE;QACJC,QAAQ,EAAE,CAAC,CAACL,OAAO,CAACM,KAAK;QACzBC,QAAQ,EAAE,CAAC,CAACP,OAAO,CAAC5B;MACtB;IACF,CAAC,CAAC;IAEF4B,OAAO,GAAG,IAAAQ,iBAAS,EAACR,OAAO,CAAC;;IAE5B;IACA,IAAIA,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACS,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACX,OAAO,CAACM,KAAK,CAAC,CAACM,QAAQ,CAAC,CAAC;IAC/D;IACA,OAAOZ,OAAO,CAACM,KAAK,CAAC,CAAC;;IAEtBN,OAAO,CAAC5B,KAAK,GAAG4B,OAAO,CAAC5B,KAAK,IAAI,CAAC,CAAC;IACnC;IACA4B,OAAO,CAAC5B,KAAK,CAACyC,UAAU,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACxD;IACA;IACAd,OAAO,CAAC5B,KAAK,CAACQ,SAAS,GAAGoB,OAAO,CAACS,SAAS;;IAE3C;IACAT,OAAO,CAACe,cAAc,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACtDhB,OAAO,CAACiB,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAAClB,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEkB,8BAA8B,WAAAA,+BAAClB,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACsB,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAMC,QAAQ,GAAG,IAAI,CAACtD,KAAK,CAACuD,WAAW,CAACC,aAAa,CACnD,IAAAC,OAAA,CAAAjF,OAAA,EAAc;MAACkF,aAAa,EAAE;IAAM,CAAC,EAAExB,OAAO,CAChD,CAAC;IAED,IAAI,CAACtD,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,oBAAoB;MAC/BC,IAAI,EAAE;QAAEgB,QAAQ,EAARA;MAAS;IACnB,CAAC,CAAC;IAEF,IAAIpB,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEyB,cAAc,EAAE;MAC3B;MACA,IAAMC,qBAAqB,GAAG;QAC5BC,KAAK,EAAE,GAAG;QACVC,MAAM,EAAE;MACV,CAAC;MAED,IAAMC,cAAc,GAAG,IAAAN,OAAA,CAAAjF,OAAA,EACrBoF,qBAAqB,EACrB,IAAAI,QAAA,CAAAxF,OAAA,EAAO0D,OAAO,CAACyB,cAAc,MAAK,QAAQ,GAAGzB,OAAO,CAACyB,cAAc,GAAG,CAAC,CACzE,CAAC;MAED,IAAMM,cAAc,GAAG,IAAAC,QAAA,CAAA1F,OAAA,EAAeuF,cAAc,CAAC,CAClDI,GAAG,CAAC,UAAAC,IAAA;QAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA9F,OAAA,EAAA4F,IAAA;UAAEG,GAAG,GAAAF,KAAA;UAAEG,KAAK,GAAAH,KAAA;QAAA,UAAAI,MAAA,CAASF,GAAG,OAAAE,MAAA,CAAID,KAAK;MAAA,CAAE,CAAC,CACxCE,IAAI,CAAC,GAAG,CAAC;MACZ,IAAI,CAAC1E,KAAK,CAACC,SAAS,CAAC,CAAC,CAAC0E,IAAI,CAACrB,QAAQ,EAAE,QAAQ,EAAEW,cAAc,CAAC;IACjE,CAAC,MAAM;MACL;MACA,IAAI,CAACjE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGyD,QAAQ;IAC5C;IAEA,OAAO5B,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,MAAM,WAAAA,OAAA,EAAe;IAAA,IAAd1C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACjB,IAAI,CAAC6C,OAAO,CAAC2C,UAAU,EAAE;MACvB,IAAI,CAAC7E,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACuD,WAAW,CAACuB,cAAc,CAAC5C,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,WAAAA,8BAAA,EAAe;IAAA,IAAAkD,MAAA;IAAA,IAAd7C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxC,IAAI,CAAC0C,MAAM,CAACsB,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACnB,OAAO,CAAC9B,IAAI,EAAE;MACjB,OAAOsB,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtChF,IAAI,EAAE8B,OAAO,CAAC9B,IAAI;MAClBkF,oBAAoB,EAAE,IAAI,CAAE;IAC9B,CAAC;;IAED,IAAIpD,OAAO,CAACxB,YAAY,EAAE;MACxBwE,IAAI,CAACK,aAAa,GAAGrD,OAAO,CAACxB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACdwF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE,KAAK,CAAE;IACnC,CAAC,CAAC,CACDtE,IAAI,CAAC,UAACuE,GAAG,EAAK;MACb;MACApB,MAAI,CAAC/E,KAAK,CAACuD,WAAW,CAAC6C,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACD7E,KAAK,CAAC,UAAC0E,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO7E,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAACmB,GAAG,CAAC;MAC5B;;MAEA;MACA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAACxE,KAAK,CAAC;MAE3D,OAAOJ,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,8BAA8B,WAAAA,+BAACC,eAAe,EAAE;IAC9C,IAAMC,OAAO,GAAG,kCAAkC;IAClD,IAAMC,SAAS,GAAG,IAAIC,eAAe,CAAC,IAAIC,GAAG,CAACJ,eAAe,CAAC,CAACK,MAAM,CAAC;IACtE,IAAMC,QAAQ,GAAGJ,SAAS,CAACK,GAAG,CAAC,UAAU,CAAC;IAE1C,IAAID,QAAQ,EAAE;MACZ,IAAO5F,QAAQ,GAAI,IAAI,CAACvB,KAAK,CAACsB,QAAQ,CAA/BC,QAAQ;MACf,IAAM8F,cAAc,GAAG9F,QAAQ,CAAC6F,GAAG,CAAC,cAAc,CAAC;MACnD,IAAME,kBAAkB,GAAG,IAAIL,GAAG,CAACH,OAAO,CAAC;MAC3CQ,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,UAAU,EAAEe,QAAQ,CAAC;MACzDG,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,aAAa,EAAEiB,cAAc,CAAC;MAClE,OAAOC,kBAAkB,CAACxE,QAAQ,CAAC,CAAC;IACtC,CAAC,MAAM;MACL,OAAO+D,eAAe;IACxB;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,eAAe,WAAAA,gBAAA,EAAG;IAAA,IAAAC,MAAA;IAChB,IAAI,IAAI,CAAC3I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAI,CAAC1H,KAAK,CACPwF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdkC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,2BAA2B;MACrC1C,IAAI,EAAE;QACJY,SAAS,EAAE,IAAI,CAACT,MAAM,CAACS,SAAS;QAChC+B,KAAK,EAAE,IAAI,CAACxC,MAAM,CAACwC;MACrB,CAAC;MACDjC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB;IACF,CAAC,CAAC,CACDrE,IAAI,CAAC,UAACuE,GAAG,EAAK;MACb,IAAA2B,SAAA,GAAiE3B,GAAG,CAACG,IAAI;QAAlEyB,SAAS,GAAAD,SAAA,CAATC,SAAS;QAAEC,gBAAgB,GAAAF,SAAA,CAAhBE,gBAAgB;QAAEC,yBAAyB,GAAAH,SAAA,CAAzBG,yBAAyB;MAC7D,IAAMC,uBAAuB,GAAGT,MAAI,CAACb,8BAA8B,CAACqB,yBAAyB,CAAC;MAC9FR,MAAI,CAAC7I,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC7B8F,QAAQ,EAAE;UACVhB,QAAQ,EAAEY,SAAS;UACnBK,eAAe,EAAEJ,gBAAgB;UACjCE,uBAAuB,EAAvBA;QACF;MACF,CAAC,CAAC;MACF;MACAT,MAAI,CAACY,mBAAmB,CAAClC,GAAG,CAACG,IAAI,CAAC;IACpC,CAAC,CAAC,CACD7E,KAAK,CAAC,UAAC0E,GAAG,EAAK;MACdsB,MAAI,CAAC7I,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE6D,GAAG,CAACG;MACZ,CAAC,CAAC;IACJ,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE+B,mBAAmB,WAAAA,oBAAA,EAAe;IAAA,IAAAC,iBAAA;MAAAC,MAAA;IAAA,IAAdrG,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC9B,IAAI,CAAC6C,OAAO,CAACsG,WAAW,EAAE;MACxB,IAAI,CAAC5J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAA0B;MAC5C,CAAC,CAAC;MACF;IACF;IAEA,IAAI,IAAI,CAAC5I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAoBe,UAAU,GAAiCvG,OAAO,CAA/DsG,WAAW;MAAAE,mBAAA,GAA6CxG,OAAO,CAAtCyG,UAAU;MAAEC,SAAS,GAAAF,mBAAA,cAAG,GAAG,GAAAA,mBAAA;IAC3D;IACA,IAAIG,QAAQ,IAAAP,iBAAA,GAAGpG,OAAO,CAAC2G,QAAQ,cAAAP,iBAAA,cAAAA,iBAAA,GAAI,CAAC;;IAEpC;IACA,IAAI,CAACvJ,sBAAsB,GAAG+J,UAAU,CAAC,YAAM;MAC7CP,MAAI,CAACQ,mBAAmB,CAAC,KAAK,CAAC;MAC/BR,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAyB;MAC3C,CAAC,CAAC;IACJ,CAAC,EAAEkB,SAAS,GAAG,IAAI,CAAC;IAEpB,IAAMI,OAAO,GAAG,SAAVA,OAAOA,CAAA,EAAS;MACpB;MACAT,MAAI,CAACvJ,SAAS,IAAI,CAAC;MACnBuJ,MAAI,CAACtJ,gBAAgB,GAAGsJ,MAAI,CAACvJ,SAAS;MAEtCuJ,MAAI,CAACvI,KAAK,CACPwF,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdkC,OAAO,EAAE,cAAc;QACvBC,QAAQ,EAAE,uBAAuB;QACjC1C,IAAI,EAAE;UACJC,UAAU,EAAE,8CAA8C;UAC1DqD,WAAW,EAAEC,UAAU;UACvB3C,SAAS,EAAEyC,MAAI,CAAClD,MAAM,CAACS;QACzB,CAAC;QACDF,IAAI,EAAE;UACJC,IAAI,EAAE0C,MAAI,CAAClD,MAAM,CAACS,SAAS;UAC3BC,IAAI,EAAEwC,MAAI,CAAClD,MAAM,CAACW,aAAa;UAC/BC,eAAe,EAAE;QACnB;MACF,CAAC,CAAC,CACDrE,IAAI,CAAC,UAACuE,GAAG,EAAK;QACb;QACA,IAAIoC,MAAI,CAACtJ,gBAAgB,KAAKsJ,MAAI,CAACvJ,SAAS,EAAE;QAE5CuJ,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UAC3CwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAE6D,GAAG,CAACG;QACZ,CAAC,CAAC;QACFiC,MAAI,CAACvI,KAAK,CAACuD,WAAW,CAAC6C,GAAG,CAAC;UAACC,UAAU,EAAEF,GAAG,CAACG;QAAI,CAAC,CAAC;QAClDiC,MAAI,CAACQ,mBAAmB,CAAC,CAAC;MAC5B,CAAC,CAAC,CACDtH,KAAK,CAAC,UAAC0E,GAAG,EAAK;QACd,IAAIoC,MAAI,CAACtJ,gBAAgB,KAAKsJ,MAAI,CAACvJ,SAAS,EAAE;;QAE9C;QACA,IAAImH,GAAG,CAACI,UAAU,KAAK,GAAG,IAAIJ,GAAG,CAACG,IAAI,CAACoB,OAAO,KAAK,WAAW,EAAE;UAC9DuB,eAAe,CAACJ,QAAQ,GAAG,CAAC,CAAC;UAC7B;QACF;;QAEA;QACA,IAAI1C,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;UAC1BgC,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;YACzCwE,SAAS,EAAE,sBAAsB;YACjCC,IAAI,EAAE6D,GAAG,CAACG;UACZ,CAAC,CAAC;UACF2C,eAAe,CAACJ,QAAQ,CAAC;UACzB;QACF;;QAEA;QACAN,MAAI,CAACQ,mBAAmB,CAAC,CAAC;QAE1BR,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UACzCwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAE6D,GAAG,CAACG;QACZ,CAAC,CAAC;MACJ,CAAC,CAAC;IACN,CAAC;;IAED;IACA,IAAM2C,eAAe,GAAG,SAAlBA,eAAeA,CAAIJ,QAAQ;MAAA,OAC9BN,MAAI,CAACzJ,YAAY,GAAGgK,UAAU,CAACE,OAAO,EAAEH,QAAQ,GAAG,IAAI,CAAC;IAAA,CAAC;IAE5DI,eAAe,CAACJ,QAAQ,CAAC;EAC3B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBAAmB,WAAAA,oBAAA,EAAyB;IAAA,IAAxBG,eAAe,GAAA7J,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,IAAI;IACxC,IAAI,IAAI,CAACP,YAAY,IAAIoK,eAAe,EAAE;MACxC,IAAI,CAACtK,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE;MACb,CAAC,CAAC;IACJ;IAEA,IAAI,CAACpD,gBAAgB,GAAG,IAAI;IAE5BkK,YAAY,CAAC,IAAI,CAACpK,sBAAsB,CAAC;IACzC,IAAI,CAACA,sBAAsB,GAAG,IAAI;IAClCoK,YAAY,CAAC,IAAI,CAACrK,YAAY,CAAC;IAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqC,qBAAqB,WAAAA,sBAACf,IAAI,EAAE;IAC1B,OAAO,CAAAA,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEgJ,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAIjH,SAAS;EACzC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEhC,eAAe,WAAAA,gBAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACyB,KAAK,EAAE;MACxB,IAAM0E,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACrG,KAAK,CAACyB,KAAK,CAAC;MAExD,MAAM,IAAI0E,gBAAgB,CAACnG,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,WAAAA,UAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,IAAA6C,iBAAS,EAAC7C,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,IAAI,IAAI,CAACrJ,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,CAACC,YAAY,EAAE;MACjF,IAAAC,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,IAAAmJ,eAAO,EAAC,IAAAC,YAAI,EAAC5J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,IAAAiJ,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACkJ,MAAM,CAClC,IAAAC,UAAA,CAAAnL,OAAA,EAAe,IAAAiL,YAAI,EAAC5J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CACzD,CAAC;MACH;MACAT,QAAQ,CAACqH,MAAM,GAAG0C,oBAAW,CAACC,SAAS,CAAChK,QAAQ,CAACQ,KAAK,CAAC;MACvD,IAAAkJ,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAExJ,YAAG,CAACgK,MAAM,CAACjK,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqD,sBAAsB,WAAAA,uBAAA,EAAG;IACvB,IAAI,CAACnB,MAAM,CAACsB,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM0G,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAMvJ,YAAY,GAAGnD,MAAM,CACxB2M,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAACxM,MAAM,CAAC4M,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACzK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjFoF,IAAI,CAAC,EAAE,CAAC;IAEX,IAAM0F,aAAa,GAAGxH,iBAAQ,CAACC,MAAM,CAACnC,YAAY,CAAC,CAACoC,QAAQ,CAACkH,qBAAS,CAAC;IAEvE,IAAI,CAAChK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC0J,OAAO,CAAC5M,oBAAoB,EAAEiD,YAAY,CAAC;IAEjF,OAAO0J,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEpH,sBAAsB,WAAAA,uBAAA,EAAG;IACvB,IAAI,CAACjB,MAAM,CAACsB,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMiH,KAAK,GAAGC,aAAI,CAACC,EAAE,CAAC,CAAC;IAEvB,IAAI,CAACxK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC0J,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEvJ,oBAAoB,WAAAA,qBAACV,KAAK,EAAE;IAC1B,IAAMoK,YAAY,GAAG,IAAI,CAACzK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACpD,iBAAiB,CAAC;IAErF,IAAI,CAACwC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACrD,iBAAiB,CAAC;IACnE,IAAI,CAACiN,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAACpK,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAI2E,KAAK,wBAAAR,MAAA,CAAwBgG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAI,CAACpK,KAAK,CAACC,KAAK,CAACyC,UAAU,EAAE;MAC3B,MAAM,IAAIkC,KAAK,wBAAAR,MAAA,CAAwBgG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAMH,KAAK,GAAGjK,KAAK,CAACC,KAAK,CAACyC,UAAU;IAEpC,IAAIuH,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAIxF,KAAK,eAAAR,MAAA,CAAe6F,KAAK,mCAAA7F,MAAA,CAAgCgG,YAAY,CAAE,CAAC;IACpF;EACF,CAAC;EAAAC,OAAA;AACH,CAAC,OAAAC,0BAAA,CAAAnM,OAAA,EAAAlB,IAAA,qCAAAF,IAAA,OAAAwN,yBAAA,CAAApM,OAAA,EAAAlB,IAAA,qCAAAA,IAAA,OAAAqN,0BAAA,CAAAnM,OAAA,EAAAlB,IAAA,oCAAAD,KAAA,EA7cEwN,iBAAS,OAAAD,yBAAA,CAAApM,OAAA,EAAAlB,IAAA,oCAAAA,IAAA,IAAAA,IAAA,EA6cX,CAAC;AAAC,IAAAwN,QAAA,GAAAnN,OAAA,CAAAa,OAAA,GAEYV,aAAa"}
1
+ {"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_events","_common","_webexCore","_lodash","_uuid","_encBase64url","_cryptoJs","_dec","_dec2","_obj","lodash","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Events","exports","qRCodeLogin","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","eventEmitter","EventEmitter","pollingTimer","pollingExpirationTimer","pollingId","currentPollingId","initialize","_this","_len","arguments","length","attrs","Array","_key","ret","_apply","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","preauthCatalogParams","orgId","_extractOrgIdFromCode","process","nextTick","internal","services","collectPreauthCatalog","catch","_promise","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","undefined","cloneDeep","email","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","loginUrl","credentials","buildLoginUrl","_assign","response_type","separateWindow","defaultWindowSettings","width","height","windowSettings","_typeof2","windowFeatures","_entries","map","_ref","_ref2","_slicedToArray2","key","value","concat","join","open","logout","noRedirect","buildLogoutUrl","_this2","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","_generateQRCodeVerificationUrl","verificationUrl","baseUrl","urlParams","URLSearchParams","URL","search","userCode","get","oauthHelperUrl","newVerificationUrl","searchParams","initQRCodeLogin","_this3","emit","eventType","data","message","service","resource","scope","_res$body","user_code","verification_uri","verification_uri_complete","verificationUriComplete","userData","verificationUri","_startQRCodePolling","_options$interval","_this4","device_code","deviceCode","_options$expires_in","expires_in","expiresIn","interval","setTimeout","cancelQRCodePolling","polling","schedulePolling","withCancelEvent","clearTimeout","split","history","replaceState","_deleteProperty","isEmpty","omit","encode","_stringify","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","codeChallenge","setItem","token","uuid","v4","sessionToken","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","oneFlight","_default"],"sources":["authorization.js"],"sourcesContent":[" // @ts-nocheck\n/* eslint-disable */\n/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n/**\n * TS checking disabled: file uses legacy decorator syntax inside an object literal\n * transformed by Babel. Safe to ignore for now.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\nimport {EventEmitter} from 'events';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Authorization plugin events\n */\nexport const Events = {\n /**\n * QR code login events\n */\n qRCodeLogin: 'qRCodeLogin',\n};\n\n/**\n * Browser support for OAuth2 for first-party (Webex Web Client) usage.\n *\n * High-level flow handled by this module:\n * 1. initiateLogin() constructs authorization request (adds CSRF + PKCE).\n * 2. Browser navigates to IdBroker (login).\n * 3. IdBroker redirects back with ?code=... (&state=...).\n * 4. initialize() detects code, validates state/CSRF, cleans URL, optionally\n * pre-fetches a preauth catalog, then exchanges the code via\n * requestAuthorizationCodeGrant().\n * 5. Sets resulting supertoken (access/refresh token bundle) on credentials.\n *\n * Additional supported flow:\n * - Device Authorization (QR Code login):\n * initQRCodeLogin() obtains device + user codes and begins polling\n * _startQRCodePolling() until tokens are issued or timeout/cancel occurs.\n *\n * Security considerations implemented:\n * - CSRF token (state.csrf_token) generation + verification.\n * - PKCE (S256) code verifier + challenge generation and consumption.\n * - URL cleanup after redirect (removes code & CSRF to prevent leakage).\n *\n * Use of this plugin for anything other than the Webex Web Client is discouraged.\n *\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n derived: {\n /**\n * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthenticating: {\n deps: ['isAuthorizing'],\n fn() {\n return this.isAuthorizing;\n },\n },\n },\n\n session: {\n /**\n * Indicates if an Authorization Code exchange is inflight\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthorizing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Indicates that the plugin has finished any automatic startup\n * processing (e.g., exchanging a returned authorization code)\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n },\n\n namespace: 'Credentials',\n\n /**\n * EventEmitter for authorization events such as QR code login progress\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {EventEmitter}\n * @public\n */\n eventEmitter: new EventEmitter(),\n\n /**\n * Stores the timer ID for QR code polling (device authorization)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingTimer: null,\n /**\n * Stores the expiration timer ID for QR code polling (overall timeout)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingExpirationTimer: null,\n\n /**\n * Monotonically increasing id to identify the current polling request.\n * Used to safely ignore late poll responses after a cancel/reset.\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {number}\n * @private\n */\n pollingId: 0,\n\n /**\n * Identifier for the current polling request (snapshot of pollingId)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n currentPollingId: null,\n\n /**\n * Auto executes during Webex.init() – you do NOT call this yourself.\n *\n * Purpose: Seamless \"redirect completion\" of the OAuth Authorization Code (+ PKCE) flow.\n *\n * Simple summary:\n * - You call initiateLogin() which redirects user to IdBroker.\n * - User signs in; IdBroker redirects back to your redirect_uri with ?code=... (&state=...).\n * - During SDK startup this initialize() runs automatically, sees the code, and\n * silently finishes the login (validates state/CSRF + PKCE, scrubs URL, exchanges code).\n * - When done, webex.credentials.supertoken holds access+refresh and ready=true.\n *\n * Step-by-step:\n * 1. Inspect current window.location for ?code= (& state=).\n * 2. If no code: set ready=true immediately (nothing to complete).\n * 3. If code present:\n * - Decode base64 state JSON.\n * - Verify CSRF token matches sessionStorage value.\n * - Retrieve then delete PKCE code_verifier (single use).\n * - Optionally derive preauth hint (emailhash in state OR orgId parsed from code).\n * - Clean the URL (history.replaceState) to remove code & csrf token data.\n * - nextTick:\n * a. Best‑effort preauth catalog fetch (non-blocking).\n * b. Exchange authorization code (with code_verifier if any) for supertoken\n * and store on webex.credentials.\n * 4. Set ready=true after the async sequence finishes (or immediately if step 2).\n *\n * Result: If the redirect included a valid code the token exchange is completed\n * automatically—no extra API call needed after Webex.init().\n */\n // eslint-disable-next-line complexity\n initialize(...attrs) {\n const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n const location = url.parse(this.webex.getWindow().location.href, true);\n\n // Check if redirect includes error\n this._checkForErrors(location);\n\n const {code} = location.query;\n\n // If no authorization code returned, nothing to do\n if (!code) {\n this.ready = true;\n return ret;\n }\n\n // Decode and parse state object (if present)\n if (location.query.state) {\n location.query.state = JSON.parse(base64.decode(location.query.state));\n } else {\n location.query.state = {};\n }\n\n // Retrieve PKCE code verifier (if a PKCE flow was initiated)\n const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n // Immediately remove code verifier to minimize exposure\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n const {emailhash} = location.query.state;\n\n // Validate CSRF token included in state\n this._verifySecurityToken(location.query);\n // Remove code + CSRF token remnants from URL (history replace)\n this._cleanUrl(location);\n\n let preauthCatalogParams;\n\n // Attempt to extract orgId from structured authorization code (if present)\n const orgId = this._extractOrgIdFromCode(code);\n\n if (emailhash) {\n preauthCatalogParams = {emailhash};\n } else if (orgId) {\n preauthCatalogParams = {orgId};\n }\n\n // Defer token exchange until next tick in case credentials plugin not ready yet\n process.nextTick(() => {\n this.webex.internal.services\n .collectPreauthCatalog(preauthCatalogParams)\n .catch(() => Promise.resolve()) // Non-fatal if catalog collection fails\n .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n .catch((error) => {\n this.logger.warn('authorization: failed initial authorization code grant request', error);\n })\n .then(() => {\n // Mark plugin ready regardless of success/failure of token exchange\n this.ready = true;\n });\n });\n\n return ret;\n },\n\n /**\n * Kicks off an OAuth authorization code flow (first party).\n *\n * Adds security + PKCE properties:\n * - SHA256(email) (emailHash & emailhash) for preauth and redirect flows\n * - state.csrf_token for CSRF protection\n * - PKCE code_challenge (S256)\n *\n * NOTE: This does not itself perform the redirect; it calls\n * initiateAuthorizationCodeGrant() which changes window location or opens\n * a separate window as configured.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateLogin(options = {}) {\n options = cloneDeep(options);\n\n // Optionally compute heuristic email hash for preauth usage\n if (options.email) {\n options.emailHash = CryptoJS.SHA256(options.email).toString();\n }\n delete options.email; // Ensure raw email not propagated further\n\n options.state = options.state || {};\n // Embed CSRF token\n options.state.csrf_token = this._generateSecurityToken();\n // Provide email hash in lower-case key used by catalog service\n // (Note: catalog uses emailhash and redirectCI uses emailHash)\n options.state.emailhash = options.emailHash;\n\n // PKCE - produce code_challenge (S256) and persist code_verifier\n options.code_challenge = this._generateCodeChallenge();\n options.code_challenge_method = 'S256';\n\n return this.initiateAuthorizationCodeGrant(options);\n },\n\n @whileInFlight('isAuthorizing')\n /**\n * Performs the navigation step of the Authorization Code flow.\n * Builds login URL and either:\n * - Replaces current window location (default), or\n * - Opens a separate window (popup) if options.separateWindow supplied.\n *\n * Decorated with whileInFlight('isAuthorizing') to set isAuthorizing=true\n * during execution to prevent concurrent overlapping attempts.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Already augmented with state + PKCE info\n * @returns {Promise<void>}\n */\n initiateAuthorizationCodeGrant(options) {\n this.logger.info('authorization: initiating authorization code grant flow');\n const loginUrl = this.webex.credentials.buildLoginUrl(\n Object.assign({response_type: 'code'}, options)\n );\n\n if (options?.separateWindow) {\n // If a separate popup window is requested, combine user supplied window features\n const defaultWindowSettings = {\n width: 600,\n height: 800,\n };\n\n const windowSettings = Object.assign(\n defaultWindowSettings,\n typeof options.separateWindow === 'object' ? options.separateWindow : {}\n );\n\n const windowFeatures = Object.entries(windowSettings)\n .map(([key, value]) => `${key}=${value}`)\n .join(',');\n this.webex.getWindow().open(loginUrl, '_blank', windowFeatures);\n } else {\n // Normal (in-tab) redirect\n this.webex.getWindow().location = loginUrl;\n }\n\n return Promise.resolve();\n },\n\n /**\n * Called by {@link WebexCore#logout()}.\n * Constructs logout URL and (unless suppressed) navigates away to ensure\n * server-side session termination.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {boolean} options.noRedirect if true, does not redirect\n * @returns {Promise<void>}\n */\n logout(options = {}) {\n if (!options.noRedirect) {\n this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n }\n },\n\n @whileInFlight('isAuthorizing')\n @oneFlight\n /**\n * Exchanges an authorization code for an access (super) token bundle.\n *\n * Decorators:\n * - @whileInFlight('isAuthorizing'): prevents overlapping exchanges.\n * - @oneFlight: collapses simultaneous calls into one network request.\n *\n * Includes PKCE code_verifier if present from earlier login initiation.\n *\n * Error Handling:\n * - Non-400 responses are propagated.\n * - 400 responses map to OAuth-specific grantErrors.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {string} options.code - Authorization code from redirect\n * @param {string} [options.codeVerifier] - PKCE code verifier if used\n * @returns {Promise}\n */\n requestAuthorizationCodeGrant(options = {}) {\n this.logger.info('credentials: requesting authorization code grant');\n\n if (!options.code) {\n return Promise.reject(new Error('`options.code` is required'));\n }\n\n const form = {\n grant_type: 'authorization_code',\n redirect_uri: this.config.redirect_uri,\n code: options.code,\n self_contained_token: true, // Request combined access/refresh response\n };\n\n if (options.codeVerifier) {\n form.code_verifier = options.codeVerifier;\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form,\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false, // This is the token acquisition call itself\n })\n .then((res) => {\n // Store supertoken into credentials (includes refresh token)\n this.webex.credentials.set({supertoken: res.body});\n })\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n // Map standard OAuth error to strongly typed error class\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n /**\n * Generate a QR code verification URL for device authorization flow.\n * When a user scans the QR code with a mobile device, this deep-links into\n * Webex (web) to continue login, including passing along userCode and the\n * helper service base URL.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} verificationUrl - Original verification URI (complete)\n * @returns {String} Possibly rewritten verification URL\n */\n _generateQRCodeVerificationUrl(verificationUrl) {\n const baseUrl = 'https://web.webex.com/deviceAuth';\n const urlParams = new URLSearchParams(new URL(verificationUrl).search);\n const userCode = urlParams.get('userCode');\n\n if (userCode) {\n const {services} = this.webex.internal;\n const oauthHelperUrl = services.get('oauth-helper');\n const newVerificationUrl = new URL(baseUrl);\n newVerificationUrl.searchParams.set('usercode', userCode);\n newVerificationUrl.searchParams.set('oauthhelper', oauthHelperUrl);\n return newVerificationUrl.toString();\n } else {\n return verificationUrl;\n }\n },\n\n /**\n * Initiates Device Authorization (QR Code) flow.\n *\n * Steps:\n * 1. Obtain device_code, user_code, verification URLs from oauth-helper.\n * 2. Emit getUserCodeSuccess (provides data for generating QR code).\n * 3. Start polling token endpoint with device_code.\n *\n * Emits qRCodeLogin events for UI to react (success, failure, pending, etc.).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @emits #qRCodeLogin\n */\n initQRCodeLogin() {\n if (this.pollingTimer) {\n // Prevent concurrent device authorization attempts\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/authorize',\n form: {\n client_id: this.config.client_id,\n scope: this.config.scope,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n const {user_code, verification_uri, verification_uri_complete} = res.body;\n const verificationUriComplete = this._generateQRCodeVerificationUrl(verification_uri_complete);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeSuccess',\n userData: {\n userCode: user_code,\n verificationUri: verification_uri,\n verificationUriComplete,\n },\n });\n // Begin polling for authorization completion\n this._startQRCodePolling(res.body);\n })\n .catch((res) => {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: res.body,\n });\n });\n },\n\n /**\n * Poll the device token endpoint until user authorizes, an error occurs,\n * or timeout happens.\n *\n * Polling behavior:\n * - Interval provided by server (default 2s). 'slow_down' doubles interval once.\n * - 428 status => pending (continue).\n * - Success => set credentials + emit authorizationSuccess + stop polling.\n * - Any other error => emit authorizationFailure + stop polling.\n *\n * Cancellation:\n * - cancelQRCodePolling() resets timers and polling ids so late responses are ignored.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Must include device_code, may include interval/expires_in\n * @emits #qRCodeLogin\n */\n _startQRCodePolling(options = {}) {\n if (!options.device_code) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'A deviceCode is required'},\n });\n return;\n }\n\n if (this.pollingTimer) {\n // Already polling; avoid starting a duplicate cycle\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n const {device_code: deviceCode, expires_in: expiresIn = 300} = options;\n // Server recommended polling interval (seconds)\n let interval = options.interval ?? 2;\n\n // Global timeout for entire device authorization attempt\n this.pollingExpirationTimer = setTimeout(() => {\n this.cancelQRCodePolling(false);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'Authorization timed out'},\n });\n }, expiresIn * 1000);\n\n const polling = () => {\n // Increment id so any previous poll loops can be invalidated\n this.pollingId += 1;\n this.currentPollingId = this.pollingId;\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/token',\n form: {\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: this.config.client_id,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n // If polling canceled (id changed), ignore this response\n if (this.currentPollingId !== this.pollingId) return;\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationSuccess',\n data: res.body,\n });\n this.webex.credentials.set({supertoken: res.body});\n this.cancelQRCodePolling();\n })\n .catch((res) => {\n if (this.currentPollingId !== this.pollingId) return;\n\n // Backoff signal from server; increase interval just once for next cycle\n if (res.statusCode === 400 && res.body.message === 'slow_down') {\n schedulePolling(interval * 2);\n return;\n }\n\n // Pending: keep polling\n if (res.statusCode === 428) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationPending',\n data: res.body,\n });\n schedulePolling(interval);\n return;\n }\n\n // Terminal error\n this.cancelQRCodePolling();\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: res.body,\n });\n });\n };\n\n // Schedules next poll invocation\n const schedulePolling = (interval) =>\n (this.pollingTimer = setTimeout(polling, interval * 1000));\n\n schedulePolling(interval);\n },\n\n /**\n * Cancel active device authorization polling loop.\n *\n * @param {boolean} withCancelEvent emit a pollingCanceled event (default true)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @returns {void}\n */\n cancelQRCodePolling(withCancelEvent = true) {\n if (this.pollingTimer && withCancelEvent) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'pollingCanceled',\n });\n }\n\n this.currentPollingId = null;\n\n clearTimeout(this.pollingExpirationTimer);\n this.pollingExpirationTimer = null;\n clearTimeout(this.pollingTimer);\n this.pollingTimer = null;\n },\n\n /**\n * Extracts the orgId from the returned code from idbroker.\n *\n * Certain authorization codes encode organization info in a structured\n * underscore-delimited format. This method parses out the 3rd segment.\n *\n * For undocumented formats or unexpected code shapes, returns undefined.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} code\n * @private\n * @returns {String|undefined}\n */\n _extractOrgIdFromCode(code) {\n return code?.split('_')[2] || undefined;\n },\n\n /**\n * Checks if the result of the login redirect contains an OAuth error.\n * Throws a mapped grant error if encountered.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _checkForErrors(location) {\n const {query} = location;\n\n if (query && query.error) {\n const ErrorConstructor = grantErrors.select(query.error);\n\n throw new ErrorConstructor(query);\n }\n },\n\n /**\n * Removes no-longer needed values from the URL (authorization code, CSRF token).\n * This is important to avoid leaking sensitive parameters via:\n * - Browser history\n * - Copy/paste of URL\n * - HTTP referrer headers to third-party content\n *\n * Approach:\n * - Remove 'code'.\n * - Remove 'state' entirely if only contained csrf_token.\n * - Else, re-encode remaining state fields (minus csrf_token).\n * - Replace current history entry (no page reload).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _cleanUrl(location) {\n location = cloneDeep(location);\n if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n Reflect.deleteProperty(location.query, 'code');\n if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n Reflect.deleteProperty(location.query, 'state');\n } else {\n location.query.state = base64.encode(\n JSON.stringify(omit(location.query.state, 'csrf_token'))\n );\n }\n location.search = querystring.stringify(location.query);\n Reflect.deleteProperty(location, 'query');\n this.webex.getWindow().history.replaceState({}, null, url.format(location));\n }\n },\n\n /**\n * Generates a PKCE (RFC 7636) code verifier and corresponding S256 code challenge.\n * Persists the verifier in sessionStorage (single-use) for later retrieval\n * during authorization code exchange; removes it once consumed.\n *\n * Implementation details:\n * - Creates a 128 character string using base64url safe alphabet.\n * - Computes SHA256 hash, encodes to base64url (no padding).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} code_challenge\n */\n _generateCodeChallenge() {\n this.logger.info('authorization: generating PKCE code challenge');\n\n // eslint-disable-next-line no-underscore-dangle\n const safeCharacterMap = base64url._safe_map;\n\n const codeVerifier = lodash\n .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n .join('');\n\n const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n return codeChallenge;\n },\n\n /**\n * Generates a CSRF token and stores it in sessionStorage.\n * Token is embedded in 'state' and validated upon redirect return.\n *\n * Uses UUID v4 for randomness.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} token\n */\n _generateSecurityToken() {\n this.logger.info('authorization: generating csrf token');\n\n const token = uuid.v4();\n\n this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n return token;\n },\n\n /**\n * Verifies that the CSRF token returned in the 'state' matches the one\n * previously stored in sessionStorage.\n *\n * Steps:\n * - Retrieve and immediately remove stored token (one-time use).\n * - Ensure state + state.csrf_token exist.\n * - Compare values; throw descriptive errors on mismatch / absence.\n *\n * If no stored token (e.g., user navigated directly), silently returns.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} query - Parsed query (location.query)\n * @private\n * @returns {void}\n */\n _verifySecurityToken(query) {\n const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n if (!sessionToken) {\n return;\n }\n\n if (!query.state) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n if (!query.state.csrf_token) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n const token = query.state.csrf_token;\n\n if (token !== sessionToken) {\n throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n }\n },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAYA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,aAAA,GAAAR,sBAAA,CAAAC,OAAA;AACA,IAAAQ,SAAA,GAAAT,sBAAA,CAAAC,OAAA;AAAiC,IAAAS,IAAA,EAAAC,KAAA,EAAAC,IAAA,EArBhC;AACD;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAaA;AACA;AACA,IAAMC,MAAM,GAAGZ,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMa,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACO,IAAMC,MAAM,GAAAC,OAAA,CAAAD,MAAA,GAAG;EACpB;AACF;AACA;EACEE,WAAW,EAAE;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,EAAAX,IAAA,GA0NrC,IAAAY,qBAAa,EAAC,eAAe,CAAC,EAAAX,KAAA,GA8D9B,IAAAW,qBAAa,EAAC,eAAe,CAAC,GAAAV,IAAA,GAxRQ;EACvCW,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,WAAAA,GAAA,EAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAIC,oBAAY,CAAC,CAAC;EAEhC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAI;EAClB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,sBAAsB,EAAE,IAAI;EAE5B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,EAAE,CAAC;EAEZ;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,gBAAgB,EAAE,IAAI;EAEtB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,WAAAA,WAAA,EAAW;IAAA,IAAAC,KAAA;IAAA,SAAAC,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAPC,KAAK,OAAAC,KAAA,CAAAJ,IAAA,GAAAK,IAAA,MAAAA,IAAA,GAAAL,IAAA,EAAAK,IAAA;MAALF,KAAK,CAAAE,IAAA,IAAAJ,SAAA,CAAAI,IAAA;IAAA;IACjB,IAAMC,GAAG,GAAG,IAAAC,MAAA,CAAAnB,OAAA,EAAcT,sBAAW,CAAC6B,SAAS,CAACV,UAAU,EAAE,IAAI,EAAEK,KAAK,CAAC;IACxE,IAAMM,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;;IAEtE;IACA,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;;IAEX;IACA,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAAC1B,KAAK,GAAG,IAAI;MACjB,OAAOgB,GAAG;IACZ;;IAEA;IACA,IAAIG,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;;IAEA;IACA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAAClD,oBAAoB,CAAC;IACxF;IACA,IAAI,CAACsC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACnD,oBAAoB,CAAC;IAEtE,IAAOoD,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;;IAEhB;IACA,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC;IACA,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;IAExB,IAAIoB,oBAAoB;;IAExB;IACA,IAAMC,KAAK,GAAG,IAAI,CAACC,qBAAqB,CAACf,IAAI,CAAC;IAE9C,IAAIU,SAAS,EAAE;MACbG,oBAAoB,GAAG;QAACH,SAAS,EAATA;MAAS,CAAC;IACpC,CAAC,MAAM,IAAII,KAAK,EAAE;MAChBD,oBAAoB,GAAG;QAACC,KAAK,EAALA;MAAK,CAAC;IAChC;;IAEA;IACAE,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrBlC,KAAI,CAACa,KAAK,CAACsB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAACP,oBAAoB,CAAC,CAC3CQ,KAAK,CAAC;QAAA,OAAMC,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;MAAA,EAAC,CAAC;MAAA,CAC/BC,IAAI,CAAC;QAAA,OAAMzC,KAAI,CAAC0C,6BAA6B,CAAC;UAACzB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEe,KAAK,CAAC,UAACK,KAAK,EAAK;QAChB3C,KAAI,CAAC4C,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV;QACAzC,KAAI,CAACT,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOgB,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuC,aAAa,WAAAA,cAAA,EAAe;IAAA,IAAdC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxB6C,OAAO,GAAG,IAAAE,iBAAS,EAACF,OAAO,CAAC;;IAE5B;IACA,IAAIA,OAAO,CAACG,KAAK,EAAE;MACjBH,OAAO,CAACI,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACN,OAAO,CAACG,KAAK,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/D;IACA,OAAOP,OAAO,CAACG,KAAK,CAAC,CAAC;;IAEtBH,OAAO,CAAC5B,KAAK,GAAG4B,OAAO,CAAC5B,KAAK,IAAI,CAAC,CAAC;IACnC;IACA4B,OAAO,CAAC5B,KAAK,CAACoC,UAAU,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACxD;IACA;IACAT,OAAO,CAAC5B,KAAK,CAACQ,SAAS,GAAGoB,OAAO,CAACI,SAAS;;IAE3C;IACAJ,OAAO,CAACU,cAAc,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACtDX,OAAO,CAACY,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAACb,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEa,8BAA8B,WAAAA,+BAACb,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACiB,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAMC,QAAQ,GAAG,IAAI,CAACjD,KAAK,CAACkD,WAAW,CAACC,aAAa,CACnD,IAAAC,OAAA,CAAA5E,OAAA,EAAc;MAAC6E,aAAa,EAAE;IAAM,CAAC,EAAEnB,OAAO,CAChD,CAAC;IAED,IAAIA,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEoB,cAAc,EAAE;MAC3B;MACA,IAAMC,qBAAqB,GAAG;QAC5BC,KAAK,EAAE,GAAG;QACVC,MAAM,EAAE;MACV,CAAC;MAED,IAAMC,cAAc,GAAG,IAAAN,OAAA,CAAA5E,OAAA,EACrB+E,qBAAqB,EACrB,IAAAI,QAAA,CAAAnF,OAAA,EAAO0D,OAAO,CAACoB,cAAc,MAAK,QAAQ,GAAGpB,OAAO,CAACoB,cAAc,GAAG,CAAC,CACzE,CAAC;MAED,IAAMM,cAAc,GAAG,IAAAC,QAAA,CAAArF,OAAA,EAAekF,cAAc,CAAC,CAClDI,GAAG,CAAC,UAAAC,IAAA;QAAA,IAAAC,KAAA,OAAAC,eAAA,CAAAzF,OAAA,EAAAuF,IAAA;UAAEG,GAAG,GAAAF,KAAA;UAAEG,KAAK,GAAAH,KAAA;QAAA,UAAAI,MAAA,CAASF,GAAG,OAAAE,MAAA,CAAID,KAAK;MAAA,CAAE,CAAC,CACxCE,IAAI,CAAC,GAAG,CAAC;MACZ,IAAI,CAACrE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACqE,IAAI,CAACrB,QAAQ,EAAE,QAAQ,EAAEW,cAAc,CAAC;IACjE,CAAC,MAAM;MACL;MACA,IAAI,CAAC5D,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGoD,QAAQ;IAC5C;IAEA,OAAOvB,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE4C,MAAM,WAAAA,OAAA,EAAe;IAAA,IAAdrC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACjB,IAAI,CAAC6C,OAAO,CAACsC,UAAU,EAAE;MACvB,IAAI,CAACxE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACkD,WAAW,CAACuB,cAAc,CAACvC,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,WAAAA,8BAAA,EAAe;IAAA,IAAA6C,MAAA;IAAA,IAAdxC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxC,IAAI,CAAC0C,MAAM,CAACiB,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACd,OAAO,CAAC9B,IAAI,EAAE;MACjB,OAAOsB,QAAA,CAAAlD,OAAA,CAAQmG,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtC3E,IAAI,EAAE8B,OAAO,CAAC9B,IAAI;MAClB6E,oBAAoB,EAAE,IAAI,CAAE;IAC9B,CAAC;;IAED,IAAI/C,OAAO,CAACxB,YAAY,EAAE;MACxBmE,IAAI,CAACK,aAAa,GAAGhD,OAAO,CAACxB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACdmF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE,KAAK,CAAE;IACnC,CAAC,CAAC,CACDjE,IAAI,CAAC,UAACkE,GAAG,EAAK;MACb;MACApB,MAAI,CAAC1E,KAAK,CAACkD,WAAW,CAAC6C,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACDxE,KAAK,CAAC,UAACqE,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAOxE,QAAA,CAAAlD,OAAA,CAAQmG,MAAM,CAACmB,GAAG,CAAC;MAC5B;;MAEA;MACA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAACnE,KAAK,CAAC;MAE3D,OAAOJ,QAAA,CAAAlD,OAAA,CAAQmG,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,8BAA8B,WAAAA,+BAACC,eAAe,EAAE;IAC9C,IAAMC,OAAO,GAAG,kCAAkC;IAClD,IAAMC,SAAS,GAAG,IAAIC,eAAe,CAAC,IAAIC,GAAG,CAACJ,eAAe,CAAC,CAACK,MAAM,CAAC;IACtE,IAAMC,QAAQ,GAAGJ,SAAS,CAACK,GAAG,CAAC,UAAU,CAAC;IAE1C,IAAID,QAAQ,EAAE;MACZ,IAAOvF,QAAQ,GAAI,IAAI,CAACvB,KAAK,CAACsB,QAAQ,CAA/BC,QAAQ;MACf,IAAMyF,cAAc,GAAGzF,QAAQ,CAACwF,GAAG,CAAC,cAAc,CAAC;MACnD,IAAME,kBAAkB,GAAG,IAAIL,GAAG,CAACH,OAAO,CAAC;MAC3CQ,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,UAAU,EAAEe,QAAQ,CAAC;MACzDG,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,aAAa,EAAEiB,cAAc,CAAC;MAClE,OAAOC,kBAAkB,CAACxE,QAAQ,CAAC,CAAC;IACtC,CAAC,MAAM;MACL,OAAO+D,eAAe;IACxB;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,eAAe,WAAAA,gBAAA,EAAG;IAAA,IAAAC,MAAA;IAChB,IAAI,IAAI,CAACtI,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE;UAACC,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAI,CAACxH,KAAK,CACPmF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdqC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,2BAA2B;MACrC7C,IAAI,EAAE;QACJY,SAAS,EAAE,IAAI,CAACT,MAAM,CAACS,SAAS;QAChCkC,KAAK,EAAE,IAAI,CAAC3C,MAAM,CAAC2C;MACrB,CAAC;MACDpC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB;IACF,CAAC,CAAC,CACDhE,IAAI,CAAC,UAACkE,GAAG,EAAK;MACb,IAAA8B,SAAA,GAAiE9B,GAAG,CAACG,IAAI;QAAlE4B,SAAS,GAAAD,SAAA,CAATC,SAAS;QAAEC,gBAAgB,GAAAF,SAAA,CAAhBE,gBAAgB;QAAEC,yBAAyB,GAAAH,SAAA,CAAzBG,yBAAyB;MAC7D,IAAMC,uBAAuB,GAAGZ,MAAI,CAACb,8BAA8B,CAACwB,yBAAyB,CAAC;MAC9FX,MAAI,CAACxI,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,oBAAoB;QAC7BW,QAAQ,EAAE;UACVnB,QAAQ,EAAEe,SAAS;UACnBK,eAAe,EAAEJ,gBAAgB;UACjCE,uBAAuB,EAAvBA;QACF;MACF,CAAC,CAAC;MACF;MACAZ,MAAI,CAACe,mBAAmB,CAACrC,GAAG,CAACG,IAAI,CAAC;IACpC,CAAC,CAAC,CACDxE,KAAK,CAAC,UAACqE,GAAG,EAAK;MACdsB,MAAI,CAACxI,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAEzB,GAAG,CAACG;MACZ,CAAC,CAAC;IACJ,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEkC,mBAAmB,WAAAA,oBAAA,EAAe;IAAA,IAAAC,iBAAA;MAAAC,MAAA;IAAA,IAAdnG,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC9B,IAAI,CAAC6C,OAAO,CAACoG,WAAW,EAAE;MACxB,IAAI,CAAC1J,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACC,OAAO,EAAE;QAA0B;MAC5C,CAAC,CAAC;MACF;IACF;IAEA,IAAI,IAAI,CAAC1I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACC,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAoBe,UAAU,GAAiCrG,OAAO,CAA/DoG,WAAW;MAAAE,mBAAA,GAA6CtG,OAAO,CAAtCuG,UAAU;MAAEC,SAAS,GAAAF,mBAAA,cAAG,GAAG,GAAAA,mBAAA;IAC3D;IACA,IAAIG,QAAQ,IAAAP,iBAAA,GAAGlG,OAAO,CAACyG,QAAQ,cAAAP,iBAAA,cAAAA,iBAAA,GAAI,CAAC;;IAEpC;IACA,IAAI,CAACrJ,sBAAsB,GAAG6J,UAAU,CAAC,YAAM;MAC7CP,MAAI,CAACQ,mBAAmB,CAAC,KAAK,CAAC;MAC/BR,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACC,OAAO,EAAE;QAAyB;MAC3C,CAAC,CAAC;IACJ,CAAC,EAAEkB,SAAS,GAAG,IAAI,CAAC;IAEpB,IAAMI,OAAO,GAAG,SAAVA,OAAOA,CAAA,EAAS;MACpB;MACAT,MAAI,CAACrJ,SAAS,IAAI,CAAC;MACnBqJ,MAAI,CAACpJ,gBAAgB,GAAGoJ,MAAI,CAACrJ,SAAS;MAEtCqJ,MAAI,CAACrI,KAAK,CACPmF,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdqC,OAAO,EAAE,cAAc;QACvBC,QAAQ,EAAE,uBAAuB;QACjC7C,IAAI,EAAE;UACJC,UAAU,EAAE,8CAA8C;UAC1DwD,WAAW,EAAEC,UAAU;UACvB9C,SAAS,EAAE4C,MAAI,CAACrD,MAAM,CAACS;QACzB,CAAC;QACDF,IAAI,EAAE;UACJC,IAAI,EAAE6C,MAAI,CAACrD,MAAM,CAACS,SAAS;UAC3BC,IAAI,EAAE2C,MAAI,CAACrD,MAAM,CAACW,aAAa;UAC/BC,eAAe,EAAE;QACnB;MACF,CAAC,CAAC,CACDhE,IAAI,CAAC,UAACkE,GAAG,EAAK;QACb;QACA,IAAIuC,MAAI,CAACpJ,gBAAgB,KAAKoJ,MAAI,CAACrJ,SAAS,EAAE;QAE5CqJ,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;UAC3CyJ,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAEzB,GAAG,CAACG;QACZ,CAAC,CAAC;QACFoC,MAAI,CAACrI,KAAK,CAACkD,WAAW,CAAC6C,GAAG,CAAC;UAACC,UAAU,EAAEF,GAAG,CAACG;QAAI,CAAC,CAAC;QAClDoC,MAAI,CAACQ,mBAAmB,CAAC,CAAC;MAC5B,CAAC,CAAC,CACDpH,KAAK,CAAC,UAACqE,GAAG,EAAK;QACd,IAAIuC,MAAI,CAACpJ,gBAAgB,KAAKoJ,MAAI,CAACrJ,SAAS,EAAE;;QAE9C;QACA,IAAI8G,GAAG,CAACI,UAAU,KAAK,GAAG,IAAIJ,GAAG,CAACG,IAAI,CAACuB,OAAO,KAAK,WAAW,EAAE;UAC9DuB,eAAe,CAACJ,QAAQ,GAAG,CAAC,CAAC;UAC7B;QACF;;QAEA;QACA,IAAI7C,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;UAC1BmC,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;YACzCyJ,SAAS,EAAE,sBAAsB;YACjCC,IAAI,EAAEzB,GAAG,CAACG;UACZ,CAAC,CAAC;UACF8C,eAAe,CAACJ,QAAQ,CAAC;UACzB;QACF;;QAEA;QACAN,MAAI,CAACQ,mBAAmB,CAAC,CAAC;QAE1BR,MAAI,CAACzJ,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;UACzCyJ,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAEzB,GAAG,CAACG;QACZ,CAAC,CAAC;MACJ,CAAC,CAAC;IACN,CAAC;;IAED;IACA,IAAM8C,eAAe,GAAG,SAAlBA,eAAeA,CAAIJ,QAAQ;MAAA,OAC9BN,MAAI,CAACvJ,YAAY,GAAG8J,UAAU,CAACE,OAAO,EAAEH,QAAQ,GAAG,IAAI,CAAC;IAAA,CAAC;IAE5DI,eAAe,CAACJ,QAAQ,CAAC;EAC3B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBAAmB,WAAAA,oBAAA,EAAyB;IAAA,IAAxBG,eAAe,GAAA3J,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,IAAI;IACxC,IAAI,IAAI,CAACP,YAAY,IAAIkK,eAAe,EAAE;MACxC,IAAI,CAACpK,YAAY,CAACyI,IAAI,CAAC1J,MAAM,CAACE,WAAW,EAAE;QACzCyJ,SAAS,EAAE;MACb,CAAC,CAAC;IACJ;IAEA,IAAI,CAACrI,gBAAgB,GAAG,IAAI;IAE5BgK,YAAY,CAAC,IAAI,CAAClK,sBAAsB,CAAC;IACzC,IAAI,CAACA,sBAAsB,GAAG,IAAI;IAClCkK,YAAY,CAAC,IAAI,CAACnK,YAAY,CAAC;IAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqC,qBAAqB,WAAAA,sBAACf,IAAI,EAAE;IAC1B,OAAO,CAAAA,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAE8I,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAI/G,SAAS;EACzC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEhC,eAAe,WAAAA,gBAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACyB,KAAK,EAAE;MACxB,IAAMqE,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAAChG,KAAK,CAACyB,KAAK,CAAC;MAExD,MAAM,IAAIqE,gBAAgB,CAAC9F,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,WAAAA,UAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,IAAAuC,iBAAS,EAACvC,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACkJ,OAAO,IAAI,IAAI,CAACnJ,KAAK,CAACC,SAAS,CAAC,CAAC,CAACkJ,OAAO,CAACC,YAAY,EAAE;MACjF,IAAAC,eAAA,CAAA7K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,IAAAiJ,eAAO,EAAC,IAAAC,YAAI,EAAC1J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,IAAA+I,eAAA,CAAA7K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACgJ,MAAM,CAClC,IAAAC,UAAA,CAAAjL,OAAA,EAAe,IAAA+K,YAAI,EAAC1J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CACzD,CAAC;MACH;MACAT,QAAQ,CAACgH,MAAM,GAAG6C,oBAAW,CAACC,SAAS,CAAC9J,QAAQ,CAACQ,KAAK,CAAC;MACvD,IAAAgJ,eAAA,CAAA7K,OAAA,EAAuBqB,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACkJ,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAEtJ,YAAG,CAAC8J,MAAM,CAAC/J,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEgD,sBAAsB,WAAAA,uBAAA,EAAG;IACvB,IAAI,CAACd,MAAM,CAACiB,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM6G,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAMrJ,YAAY,GAAGlD,MAAM,CACxBwM,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAACrM,MAAM,CAACyM,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACvK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjF+E,IAAI,CAAC,EAAE,CAAC;IAEX,IAAM6F,aAAa,GAAG3H,iBAAQ,CAACC,MAAM,CAAC9B,YAAY,CAAC,CAAC+B,QAAQ,CAACqH,qBAAS,CAAC;IAEvE,IAAI,CAAC9J,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACwJ,OAAO,CAACzM,oBAAoB,EAAEgD,YAAY,CAAC;IAEjF,OAAOwJ,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEvH,sBAAsB,WAAAA,uBAAA,EAAG;IACvB,IAAI,CAACZ,MAAM,CAACiB,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMoH,KAAK,GAAGC,aAAI,CAACC,EAAE,CAAC,CAAC;IAEvB,IAAI,CAACtK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACwJ,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACErJ,oBAAoB,WAAAA,qBAACV,KAAK,EAAE;IAC1B,IAAMkK,YAAY,GAAG,IAAI,CAACvK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACnD,iBAAiB,CAAC;IAErF,IAAI,CAACuC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACpD,iBAAiB,CAAC;IACnE,IAAI,CAAC8M,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAAClK,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAIsE,KAAK,wBAAAR,MAAA,CAAwBmG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAI,CAAClK,KAAK,CAACC,KAAK,CAACoC,UAAU,EAAE;MAC3B,MAAM,IAAIkC,KAAK,wBAAAR,MAAA,CAAwBmG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAMH,KAAK,GAAG/J,KAAK,CAACC,KAAK,CAACoC,UAAU;IAEpC,IAAI0H,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAI3F,KAAK,eAAAR,MAAA,CAAegG,KAAK,mCAAAhG,MAAA,CAAgCmG,YAAY,CAAE,CAAC;IACpF;EACF,CAAC;EAAAC,OAAA;AACH,CAAC,OAAAC,0BAAA,CAAAjM,OAAA,EAAAjB,IAAA,qCAAAF,IAAA,OAAAqN,yBAAA,CAAAlM,OAAA,EAAAjB,IAAA,qCAAAA,IAAA,OAAAkN,0BAAA,CAAAjM,OAAA,EAAAjB,IAAA,oCAAAD,KAAA,EA7cEqN,iBAAS,OAAAD,yBAAA,CAAAlM,OAAA,EAAAjB,IAAA,oCAAAA,IAAA,IAAAA,IAAA,EA6cX,CAAC;AAAC,IAAAqN,QAAA,GAAAhN,OAAA,CAAAY,OAAA,GAEYV,aAAa"}
package/package.json CHANGED
@@ -26,23 +26,23 @@
26
26
  "@webex/eslint-config-legacy": "0.0.0",
27
27
  "@webex/jest-config-legacy": "0.0.0",
28
28
  "@webex/legacy-tools": "0.0.0",
29
- "@webex/test-helper-chai": "3.8.1-next.11",
30
- "@webex/test-helper-mocha": "3.8.1-next.11",
31
- "@webex/test-helper-mock-webex": "3.8.1-next.11",
32
- "@webex/test-helper-test-users": "3.8.1-next.11",
29
+ "@webex/test-helper-chai": "3.10.0-wxc-disconnect.1",
30
+ "@webex/test-helper-mocha": "3.10.0-wxc-disconnect.1",
31
+ "@webex/test-helper-mock-webex": "3.10.0-wxc-disconnect.1",
32
+ "@webex/test-helper-test-users": "3.10.0-wxc-disconnect.1",
33
33
  "eslint": "^8.24.0",
34
34
  "prettier": "^2.7.1",
35
35
  "sinon": "^9.2.4"
36
36
  },
37
37
  "dependencies": {
38
- "@webex/common": "3.8.1-next.11",
39
- "@webex/storage-adapter-local-storage": "3.10.0-next.3",
40
- "@webex/test-helper-automation": "3.8.1-next.11",
41
- "@webex/test-helper-chai": "3.8.1-next.11",
42
- "@webex/test-helper-mocha": "3.8.1-next.11",
43
- "@webex/test-helper-mock-webex": "3.8.1-next.11",
44
- "@webex/test-helper-test-users": "3.8.1-next.11",
45
- "@webex/webex-core": "3.10.0-next.3",
38
+ "@webex/common": "3.10.0-wxc-disconnect.1",
39
+ "@webex/storage-adapter-local-storage": "3.10.0-wxc-disconnect.1",
40
+ "@webex/test-helper-automation": "3.10.0-wxc-disconnect.1",
41
+ "@webex/test-helper-chai": "3.10.0-wxc-disconnect.1",
42
+ "@webex/test-helper-mocha": "3.10.0-wxc-disconnect.1",
43
+ "@webex/test-helper-mock-webex": "3.10.0-wxc-disconnect.1",
44
+ "@webex/test-helper-test-users": "3.10.0-wxc-disconnect.1",
45
+ "@webex/webex-core": "3.10.0-wxc-disconnect.1",
46
46
  "crypto-js": "^4.1.1",
47
47
  "lodash": "^4.17.21",
48
48
  "uuid": "^3.3.2"
@@ -56,5 +56,5 @@
56
56
  "test:style": "eslint ./src/**/*.*",
57
57
  "test:unit": "webex-legacy-tools test --unit --runner jest"
58
58
  },
59
- "version": "3.10.0-next.4"
59
+ "version": "3.10.0-wxc-disconnect.1"
60
60
  }
package/src/authorization.js CHANGED
@@ -32,7 +32,6 @@ const OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';
32
32
  * Authorization plugin events
33
33
  */
34
34
  export const Events = {
35
- login: 'login',
36
35
  /**
37
36
  * QR code login events
38
37
  */
@@ -263,14 +262,6 @@ const Authorization = WebexPlugin.extend({
263
262
  * @returns {Promise}
264
263
  */
265
264
  initiateLogin(options = {}) {
266
- this.eventEmitter.emit(Events.login, {
267
- eventType: 'initiateLogin',
268
- data: {
269
- hasEmail: !!options.email,
270
- hasState: !!options.state
271
- },
272
- });
273
-
274
265
  options = cloneDeep(options);
275
266
 
276
267
  // Optionally compute heuristic email hash for preauth usage
@@ -314,11 +305,6 @@ const Authorization = WebexPlugin.extend({
314
305
  Object.assign({response_type: 'code'}, options)
315
306
  );
316
307
 
317
- this.eventEmitter.emit(Events.login, {
318
- eventType: 'redirectToLoginUrl',
319
- data: { loginUrl },
320
- });
321
-
322
308
  if (options?.separateWindow) {
323
309
  // If a separate popup window is requested, combine user supplied window features
324
310
  const defaultWindowSettings = {
package/test/unit/spec/authorization.js CHANGED
@@ -14,7 +14,6 @@ import {base64, patterns} from '@webex/common';
14
14
  import {merge, times} from 'lodash';
15
15
  import CryptoJS from 'crypto-js';
16
16
  import Authorization from '@webex/plugin-authorization-browser-first-party';
17
- import {Events} from '../../../src';
18
17
 
19
18
  // Necessary to require lodash this way in order to stub the method
20
19
  const lodash = require('lodash');
@@ -425,48 +424,6 @@ describe('plugin-authorization-browser-first-party', () => {
425
424
 
426
425
  return p.then(() => assert.isFalse(webex.authorization.isAuthenticating));
427
426
  });
428
-
429
- it('Emits an event containing indicating login is initiating', () => {
430
- const webex = makeWebex();
431
-
432
- const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
433
- sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
434
-
435
- return webex.authorization.initiateLogin().then(() => {
436
- assert.calledOnceWithExactly(emitSpy, Events.login, {
437
- eventType: 'initiateLogin',
438
- data: { hasEmail: false, hasState: false },
439
- });
440
- });
441
- });
442
-
443
- it('Emits an event containing information about email', () => {
444
- const webex = makeWebex();
445
-
446
- const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
447
- sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
448
-
449
- return webex.authorization.initiateLogin({ email: 'test@abc.xyz' }).then(() => {
450
- assert.calledOnceWithExactly(emitSpy, Events.login, {
451
- eventType: 'initiateLogin',
452
- data: { hasEmail: true, hasState: false },
453
- });
454
- });
455
- });
456
-
457
- it('Emits an event containing information about state', () => {
458
- const webex = makeWebex();
459
-
460
- const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
461
- sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
462
-
463
- return webex.authorization.initiateLogin({ state: {} }).then(() => {
464
- assert.calledOnceWithExactly(emitSpy, Events.login, {
465
- eventType: 'initiateLogin',
466
- data: { hasEmail: false, hasState: true },
467
- });
468
- });
469
- });
470
427
  });
471
428
 
472
429
  describe('#initiateAuthorizationCodeGrant()', () => {
@@ -517,14 +474,14 @@ describe('plugin-authorization-browser-first-party', () => {
517
474
  toolbar: 'no'
518
475
  };
519
476
 
520
- return webex.authorization.initiateAuthorizationCodeGrant({
521
- separateWindow: customWindow
477
+ return webex.authorization.initiateAuthorizationCodeGrant({
478
+ separateWindow: customWindow
522
479
  }).then(() => {
523
480
  assert.called(webex.getWindow().open);
524
481
  const openCall = webex.getWindow().open.getCall(0);
525
482
  assert.equal(openCall.args[1], '_blank');
526
483
  assert.equal(
527
- openCall.args[2],
484
+ openCall.args[2],
528
485
  'width=800,height=600,menubar=no,toolbar=no'
529
486
  );
530
487
  });
@@ -534,7 +491,7 @@ describe('plugin-authorization-browser-first-party', () => {
534
491
  const webex = makeWebex();
535
492
  webex.getWindow().open = sinon.spy();
536
493
 
537
- return webex.authorization.initiateAuthorizationCodeGrant({
494
+ return webex.authorization.initiateAuthorizationCodeGrant({
538
495
  separateWindow: true,
539
496
  state: {}
540
497
  }).then(() => {
@@ -543,21 +500,6 @@ describe('plugin-authorization-browser-first-party', () => {
543
500
  assert.include(url, "https://idbrokerbts.webex.com/idb/oauth2/v1/authorize?response_type=code&separateWindow=true&client_id=fake&redirect_uri=http%3A%2F%2Fexample.com&scope=scope%3Aone");
544
501
  });
545
502
  });
546
-
547
- it('Emits an event containing the login url', () => {
548
- const testLoginUrl = "https://test.example.com";
549
- const webex = makeWebex();
550
-
551
- sinon.stub(webex.credentials, 'buildLoginUrl').returns(testLoginUrl);
552
- const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
553
-
554
- return webex.authorization.initiateAuthorizationCodeGrant().then(() => {
555
- assert.calledOnceWithExactly(emitSpy, Events.login, {
556
- eventType: 'redirectToLoginUrl',
557
- data: { loginUrl: testLoginUrl },
558
- });
559
- });
560
- });
561
503
  });
562
504
 
563
505
  describe('#_generateQRCodeVerificationUrl()', () => {
@@ -828,7 +770,7 @@ describe('plugin-authorization-browser-first-party', () => {
828
770
  sinon.spy(webex.authorization, 'cancelQRCodePolling');
829
771
  const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
830
772
  const credentialsSetSpy = sinon.spy(webex.credentials, 'set');
831
-
773
+
832
774
  webex.authorization._startQRCodePolling(options);
833
775
  await clock.tickAsync(4000);
834
776