@webex/plugin-authorization-browser-first-party 3.12.0-next.15 → 3.12.0-next.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/authorization.js +51 -4
  2. package/dist/authorization.js.map +1 -1
  3. package/package.json +13 -13
  4. package/src/authorization.js +57 -6
  5. package/test/unit/spec/authorization.js +134 -66
package/dist/authorization.js CHANGED
@@ -17,7 +17,7 @@ var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/hel
17
17
  var _typeof2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/typeof"));
18
18
  var _applyDecoratedDescriptor2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/applyDecoratedDescriptor"));
19
19
  var _querystring = _interopRequireDefault(require("querystring"));
20
- var _url = _interopRequireDefault(require("url"));
20
+ var _url2 = _interopRequireDefault(require("url"));
21
21
  var _events = require("events");
22
22
  var _common = require("@webex/common");
23
23
  var _webexCore = require("@webex/webex-core");
@@ -194,7 +194,7 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
194
194
  attrs[_key] = arguments[_key];
195
195
  }
196
196
  var ret = (0, _apply.default)(_webexCore.WebexPlugin.prototype.initialize, this, attrs);
197
- var location = _url.default.parse(this.webex.getWindow().location.href, true);
197
+ var location = _url2.default.parse(this.webex.getWindow().location.href, true);
198
198
 
199
199
  // Check if redirect includes error
200
200
  this._checkForErrors(location);
@@ -347,6 +347,53 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
347
347
  }
348
348
  return _promise.default.resolve();
349
349
  },
350
+ /**
351
+ * Initiates third-party (social provider) login by redirecting the user
352
+ * to IdBroker's `/idb/ThirdPartyLogin` endpoint.
353
+ *
354
+ * Mirrors `initiateLogin`'s role for the standard `/authorize` flow.
355
+ * Delegates to `initiateThirdPartyLoginRedirect` so any pre-redirect
356
+ * security plumbing (CSRF / `state`) can be added here without changing
357
+ * the navigation method.
358
+ *
359
+ * @instance
360
+ * @memberof AuthorizationBrowserFirstParty
361
+ * @param {Object} options
362
+ * @param {string} options.oauth2provider
363
+ * @param {string} options.returnURL
364
+ * @returns {Promise<void>}
365
+ */
366
+ initiateThirdPartyLogin: function initiateThirdPartyLogin() {
367
+ var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
368
+ return this.initiateThirdPartyLoginRedirect(options);
369
+ },
370
+ /**
371
+ * Performs the navigation step of the third-party login flow. Builds the
372
+ * IdBroker URL via `Credentials#buildThirdPartyLoginUrl` and assigns it
373
+ * to `getWindow().location`.
374
+ *
375
+ * Mirrors `initiateAuthorizationCodeGrant` for the `/authorize` flow.
376
+ * Consumers may override this method for custom navigation handling
377
+ * (e.g. postMessage in iframed contexts).
378
+ *
379
+ * @instance
380
+ * @memberof AuthorizationBrowserFirstParty
381
+ * @param {Object} options
382
+ * @param {string} options.oauth2provider
383
+ * @param {string} options.returnURL
384
+ * @returns {Promise<void>}
385
+ */
386
+ initiateThirdPartyLoginRedirect: function initiateThirdPartyLoginRedirect() {
387
+ var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
388
+ this.logger.info('authorization: initiating third-party login redirect');
389
+ try {
390
+ var _url = this.webex.credentials.buildThirdPartyLoginUrl(options);
391
+ this.webex.getWindow().location = _url;
392
+ } catch (err) {
393
+ return _promise.default.reject(err);
394
+ }
395
+ return _promise.default.resolve();
396
+ },
350
397
  /**
351
398
  * Called by {@link WebexCore#logout()}.
352
399
  * Constructs logout URL and (unless suppressed) navigates away to ensure
@@ -718,7 +765,7 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
718
765
  }
719
766
  location.search = _querystring.default.stringify(location.query);
720
767
  (0, _deleteProperty.default)(location, 'query');
721
- this.webex.getWindow().history.replaceState({}, null, _url.default.format(location));
768
+ this.webex.getWindow().history.replaceState({}, null, _url2.default.format(location));
722
769
  }
723
770
  },
724
771
  /**
@@ -798,7 +845,7 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
798
845
  throw new Error("CSRF token ".concat(token, " does not match stored token ").concat(sessionToken));
799
846
  }
800
847
  },
801
- version: "3.12.0-next.15"
848
+ version: "3.12.0-next.16"
802
849
  }, (0, _applyDecoratedDescriptor2.default)(_obj, "initiateAuthorizationCodeGrant", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "initiateAuthorizationCodeGrant"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "requestAuthorizationCodeGrant", [_dec2, _common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "requestAuthorizationCodeGrant"), _obj), _obj));
803
850
  var _default = exports.default = Authorization;
804
851
  //# sourceMappingURL=authorization.js.map
package/dist/authorization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_events","_common","_webexCore","_lodash","_uuid","_encBase64url","_cryptoJs","_dec","_dec2","_obj","lodash","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Events","exports","login","qRCodeLogin","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","eventEmitter","EventEmitter","pollingTimer","pollingExpirationTimer","pollingId","currentPollingId","initialize","_this","_len","arguments","length","attrs","Array","_key","ret","_apply","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","preauthCatalogParams","orgId","_extractOrgIdFromCode","process","nextTick","internal","services","collectPreauthCatalog","catch","_promise","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","undefined","emit","eventType","data","hasEmail","email","hasState","cloneDeep","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","loginUrl","credentials","buildLoginUrl","_assign","response_type","separateWindow","defaultWindowSettings","width","height","windowSettings","_typeof2","windowFeatures","_entries","map","_ref","_ref2","_slicedToArray2","key","value","concat","join","open","logout","noRedirect","buildLogoutUrl","_this2","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","_generateQRCodeVerificationUrl","verificationUrl","baseUrl","urlParams","URLSearchParams","URL","search","userCode","get","oauthHelperUrl","newVerificationUrl","searchParams","initQRCodeLogin","_this3","message","service","resource","scope","_res$body","user_code","verification_uri","verification_uri_complete","verificationUriComplete","userData","verificationUri","_startQRCodePolling","_options$interval","_this4","device_code","deviceCode","_options$expires_in","expires_in","expiresIn","interval","setTimeout","cancelQRCodePolling","polling","schedulePolling","withCancelEvent","clearTimeout","split","history","replaceState","_deleteProperty","isEmpty","omit","encode","_stringify","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","codeChallenge","setItem","token","uuid","v4","sessionToken","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","oneFlight","_default"],"sources":["authorization.js"],"sourcesContent":[" // @ts-nocheck\n/* eslint-disable */\n/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n/**\n * TS checking disabled: file uses legacy decorator syntax inside an object literal\n * transformed by Babel. Safe to ignore for now.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\nimport {EventEmitter} from 'events';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Authorization plugin events\n */\nexport const Events = {\n login: 'login',\n /**\n * QR code login events\n */\n qRCodeLogin: 'qRCodeLogin',\n};\n\n/**\n * Browser support for OAuth2 for first-party (Webex Web Client) usage.\n *\n * High-level flow handled by this module:\n * 1. initiateLogin() constructs authorization request (adds CSRF + PKCE).\n * 2. Browser navigates to IdBroker (login).\n * 3. IdBroker redirects back with ?code=... (&state=...).\n * 4. initialize() detects code, validates state/CSRF, cleans URL, optionally\n * pre-fetches a preauth catalog, then exchanges the code via\n * requestAuthorizationCodeGrant().\n * 5. Sets resulting supertoken (access/refresh token bundle) on credentials.\n *\n * Additional supported flow:\n * - Device Authorization (QR Code login):\n * initQRCodeLogin() obtains device + user codes and begins polling\n * _startQRCodePolling() until tokens are issued or timeout/cancel occurs.\n *\n * Security considerations implemented:\n * - CSRF token (state.csrf_token) generation + verification.\n * - PKCE (S256) code verifier + challenge generation and consumption.\n * - URL cleanup after redirect (removes code & CSRF to prevent leakage).\n *\n * Use of this plugin for anything other than the Webex Web Client is discouraged.\n *\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n derived: {\n /**\n * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthenticating: {\n deps: ['isAuthorizing'],\n fn() {\n return this.isAuthorizing;\n },\n },\n },\n\n session: {\n /**\n * Indicates if an Authorization Code exchange is inflight\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthorizing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Indicates that the plugin has finished any automatic startup\n * processing (e.g., exchanging a returned authorization code)\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n },\n\n namespace: 'Credentials',\n\n /**\n * EventEmitter for authorization events such as QR code login progress\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {EventEmitter}\n * @public\n */\n eventEmitter: new EventEmitter(),\n\n /**\n * Stores the timer ID for QR code polling (device authorization)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingTimer: null,\n /**\n * Stores the expiration timer ID for QR code polling (overall timeout)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingExpirationTimer: null,\n\n /**\n * Monotonically increasing id to identify the current polling request.\n * Used to safely ignore late poll responses after a cancel/reset.\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {number}\n * @private\n */\n pollingId: 0,\n\n /**\n * Identifier for the current polling request (snapshot of pollingId)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n currentPollingId: null,\n\n /**\n * Auto executes during Webex.init() – you do NOT call this yourself.\n *\n * Purpose: Seamless \"redirect completion\" of the OAuth Authorization Code (+ PKCE) flow.\n *\n * Simple summary:\n * - You call initiateLogin() which redirects user to IdBroker.\n * - User signs in; IdBroker redirects back to your redirect_uri with ?code=... (&state=...).\n * - During SDK startup this initialize() runs automatically, sees the code, and\n * silently finishes the login (validates state/CSRF + PKCE, scrubs URL, exchanges code).\n * - When done, webex.credentials.supertoken holds access+refresh and ready=true.\n *\n * Step-by-step:\n * 1. Inspect current window.location for ?code= (& state=).\n * 2. If no code: set ready=true immediately (nothing to complete).\n * 3. If code present:\n * - Decode base64 state JSON.\n * - Verify CSRF token matches sessionStorage value.\n * - Retrieve then delete PKCE code_verifier (single use).\n * - Optionally derive preauth hint (emailhash in state OR orgId parsed from code).\n * - Clean the URL (history.replaceState) to remove code & csrf token data.\n * - nextTick:\n * a. Best‑effort preauth catalog fetch (non-blocking).\n * b. Exchange authorization code (with code_verifier if any) for supertoken\n * and store on webex.credentials.\n * 4. Set ready=true after the async sequence finishes (or immediately if step 2).\n *\n * Result: If the redirect included a valid code the token exchange is completed\n * automatically—no extra API call needed after Webex.init().\n */\n // eslint-disable-next-line complexity\n initialize(...attrs) {\n const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n const location = url.parse(this.webex.getWindow().location.href, true);\n\n // Check if redirect includes error\n this._checkForErrors(location);\n\n const {code} = location.query;\n\n // If no authorization code returned, nothing to do\n if (!code) {\n this.ready = true;\n return ret;\n }\n\n // Decode and parse state object (if present)\n if (location.query.state) {\n location.query.state = JSON.parse(base64.decode(location.query.state));\n } else {\n location.query.state = {};\n }\n\n // Retrieve PKCE code verifier (if a PKCE flow was initiated)\n const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n // Immediately remove code verifier to minimize exposure\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n const {emailhash} = location.query.state;\n\n // Validate CSRF token included in state\n this._verifySecurityToken(location.query);\n // Remove code + CSRF token remnants from URL (history replace)\n this._cleanUrl(location);\n\n let preauthCatalogParams;\n\n // Attempt to extract orgId from structured authorization code (if present)\n const orgId = this._extractOrgIdFromCode(code);\n\n if (emailhash) {\n preauthCatalogParams = {emailhash};\n } else if (orgId) {\n preauthCatalogParams = {orgId};\n }\n\n // Defer token exchange until next tick in case credentials plugin not ready yet\n process.nextTick(() => {\n this.webex.internal.services\n .collectPreauthCatalog(preauthCatalogParams)\n .catch(() => Promise.resolve()) // Non-fatal if catalog collection fails\n .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n .catch((error) => {\n this.logger.warn('authorization: failed initial authorization code grant request', error);\n })\n .then(() => {\n // Mark plugin ready regardless of success/failure of token exchange\n this.ready = true;\n });\n });\n\n return ret;\n },\n\n /**\n * Kicks off an OAuth authorization code flow (first party).\n *\n * Adds security + PKCE properties:\n * - SHA256(email) (emailHash & emailhash) for preauth and redirect flows\n * - state.csrf_token for CSRF protection\n * - PKCE code_challenge (S256)\n *\n * NOTE: This does not itself perform the redirect; it calls\n * initiateAuthorizationCodeGrant() which changes window location or opens\n * a separate window as configured.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateLogin(options = {}) {\n this.eventEmitter.emit(Events.login, {\n eventType: 'initiateLogin',\n data: {\n hasEmail: !!options.email,\n hasState: !!options.state\n },\n });\n\n options = cloneDeep(options);\n\n // Optionally compute heuristic email hash for preauth usage\n if (options.email) {\n options.emailHash = CryptoJS.SHA256(options.email).toString();\n }\n delete options.email; // Ensure raw email not propagated further\n\n options.state = options.state || {};\n // Embed CSRF token\n options.state.csrf_token = this._generateSecurityToken();\n // Provide email hash in lower-case key used by catalog service\n // (Note: catalog uses emailhash and redirectCI uses emailHash)\n options.state.emailhash = options.emailHash;\n\n // PKCE - produce code_challenge (S256) and persist code_verifier\n options.code_challenge = this._generateCodeChallenge();\n options.code_challenge_method = 'S256';\n\n return this.initiateAuthorizationCodeGrant(options);\n },\n\n @whileInFlight('isAuthorizing')\n /**\n * Performs the navigation step of the Authorization Code flow.\n * Builds login URL and either:\n * - Replaces current window location (default), or\n * - Opens a separate window (popup) if options.separateWindow supplied.\n *\n * Decorated with whileInFlight('isAuthorizing') to set isAuthorizing=true\n * during execution to prevent concurrent overlapping attempts.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Already augmented with state + PKCE info\n * @returns {Promise<void>}\n */\n initiateAuthorizationCodeGrant(options) {\n this.logger.info('authorization: initiating authorization code grant flow');\n const loginUrl = this.webex.credentials.buildLoginUrl(\n Object.assign({response_type: 'code'}, options)\n );\n\n this.eventEmitter.emit(Events.login, {\n eventType: 'redirectToLoginUrl',\n data: { loginUrl },\n });\n\n if (options?.separateWindow) {\n // If a separate popup window is requested, combine user supplied window features\n const defaultWindowSettings = {\n width: 600,\n height: 800,\n };\n\n const windowSettings = Object.assign(\n defaultWindowSettings,\n typeof options.separateWindow === 'object' ? options.separateWindow : {}\n );\n\n const windowFeatures = Object.entries(windowSettings)\n .map(([key, value]) => `${key}=${value}`)\n .join(',');\n this.webex.getWindow().open(loginUrl, '_blank', windowFeatures);\n } else {\n // Normal (in-tab) redirect\n this.webex.getWindow().location = loginUrl;\n }\n\n return Promise.resolve();\n },\n\n /**\n * Called by {@link WebexCore#logout()}.\n * Constructs logout URL and (unless suppressed) navigates away to ensure\n * server-side session termination.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {boolean} options.noRedirect if true, does not redirect\n * @returns {Promise<void>}\n */\n logout(options = {}) {\n if (!options.noRedirect) {\n this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n }\n },\n\n @whileInFlight('isAuthorizing')\n @oneFlight\n /**\n * Exchanges an authorization code for an access (super) token bundle.\n *\n * Decorators:\n * - @whileInFlight('isAuthorizing'): prevents overlapping exchanges.\n * - @oneFlight: collapses simultaneous calls into one network request.\n *\n * Includes PKCE code_verifier if present from earlier login initiation.\n *\n * Error Handling:\n * - Non-400 responses are propagated.\n * - 400 responses map to OAuth-specific grantErrors.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {string} options.code - Authorization code from redirect\n * @param {string} [options.codeVerifier] - PKCE code verifier if used\n * @returns {Promise}\n */\n requestAuthorizationCodeGrant(options = {}) {\n this.logger.info('credentials: requesting authorization code grant');\n\n if (!options.code) {\n return Promise.reject(new Error('`options.code` is required'));\n }\n\n const form = {\n grant_type: 'authorization_code',\n redirect_uri: this.config.redirect_uri,\n code: options.code,\n self_contained_token: true, // Request combined access/refresh response\n };\n\n if (options.codeVerifier) {\n form.code_verifier = options.codeVerifier;\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form,\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false, // This is the token acquisition call itself\n })\n .then((res) => {\n // Store supertoken into credentials (includes refresh token)\n this.webex.credentials.set({supertoken: res.body});\n })\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n // Map standard OAuth error to strongly typed error class\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n /**\n * Generate a QR code verification URL for device authorization flow.\n * When a user scans the QR code with a mobile device, this deep-links into\n * Webex (web) to continue login, including passing along userCode and the\n * helper service base URL.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} verificationUrl - Original verification URI (complete)\n * @returns {String} Possibly rewritten verification URL\n */\n _generateQRCodeVerificationUrl(verificationUrl) {\n const baseUrl = 'https://web.webex.com/deviceAuth';\n const urlParams = new URLSearchParams(new URL(verificationUrl).search);\n const userCode = urlParams.get('userCode');\n\n if (userCode) {\n const {services} = this.webex.internal;\n const oauthHelperUrl = services.get('oauth-helper');\n const newVerificationUrl = new URL(baseUrl);\n newVerificationUrl.searchParams.set('usercode', userCode);\n newVerificationUrl.searchParams.set('oauthhelper', oauthHelperUrl);\n return newVerificationUrl.toString();\n } else {\n return verificationUrl;\n }\n },\n\n /**\n * Initiates Device Authorization (QR Code) flow.\n *\n * Steps:\n * 1. Obtain device_code, user_code, verification URLs from oauth-helper.\n * 2. Emit getUserCodeSuccess (provides data for generating QR code).\n * 3. Start polling token endpoint with device_code.\n *\n * Emits qRCodeLogin events for UI to react (success, failure, pending, etc.).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @emits #qRCodeLogin\n */\n initQRCodeLogin() {\n if (this.pollingTimer) {\n // Prevent concurrent device authorization attempts\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/authorize',\n form: {\n client_id: this.config.client_id,\n scope: this.config.scope,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n const {user_code, verification_uri, verification_uri_complete} = res.body;\n const verificationUriComplete = this._generateQRCodeVerificationUrl(verification_uri_complete);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeSuccess',\n userData: {\n userCode: user_code,\n verificationUri: verification_uri,\n verificationUriComplete,\n },\n });\n // Begin polling for authorization completion\n this._startQRCodePolling(res.body);\n })\n .catch((res) => {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: res.body,\n });\n });\n },\n\n /**\n * Poll the device token endpoint until user authorizes, an error occurs,\n * or timeout happens.\n *\n * Polling behavior:\n * - Interval provided by server (default 2s). 'slow_down' doubles interval once.\n * - 428 status => pending (continue).\n * - Success => set credentials + emit authorizationSuccess + stop polling.\n * - Any other error => emit authorizationFailure + stop polling.\n *\n * Cancellation:\n * - cancelQRCodePolling() resets timers and polling ids so late responses are ignored.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Must include device_code, may include interval/expires_in\n * @emits #qRCodeLogin\n */\n _startQRCodePolling(options = {}) {\n if (!options.device_code) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'A deviceCode is required'},\n });\n return;\n }\n\n if (this.pollingTimer) {\n // Already polling; avoid starting a duplicate cycle\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n const {device_code: deviceCode, expires_in: expiresIn = 300} = options;\n // Server recommended polling interval (seconds)\n let interval = options.interval ?? 2;\n\n // Global timeout for entire device authorization attempt\n this.pollingExpirationTimer = setTimeout(() => {\n this.cancelQRCodePolling(false);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'Authorization timed out'},\n });\n }, expiresIn * 1000);\n\n const polling = () => {\n // Increment id so any previous poll loops can be invalidated\n this.pollingId += 1;\n this.currentPollingId = this.pollingId;\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/token',\n form: {\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: this.config.client_id,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n // If polling canceled (id changed), ignore this response\n if (this.currentPollingId !== this.pollingId) return;\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationSuccess',\n data: res.body,\n });\n this.webex.credentials.set({supertoken: res.body});\n this.cancelQRCodePolling();\n })\n .catch((res) => {\n if (this.currentPollingId !== this.pollingId) return;\n\n // Backoff signal from server; increase interval just once for next cycle\n if (res.statusCode === 400 && res.body.message === 'slow_down') {\n schedulePolling(interval * 2);\n return;\n }\n\n // Pending: keep polling\n if (res.statusCode === 428) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationPending',\n data: res.body,\n });\n schedulePolling(interval);\n return;\n }\n\n // Terminal error\n this.cancelQRCodePolling();\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: res.body,\n });\n });\n };\n\n // Schedules next poll invocation\n const schedulePolling = (interval) =>\n (this.pollingTimer = setTimeout(polling, interval * 1000));\n\n schedulePolling(interval);\n },\n\n /**\n * Cancel active device authorization polling loop.\n *\n * @param {boolean} withCancelEvent emit a pollingCanceled event (default true)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @returns {void}\n */\n cancelQRCodePolling(withCancelEvent = true) {\n if (this.pollingTimer && withCancelEvent) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'pollingCanceled',\n });\n }\n\n this.currentPollingId = null;\n\n clearTimeout(this.pollingExpirationTimer);\n this.pollingExpirationTimer = null;\n clearTimeout(this.pollingTimer);\n this.pollingTimer = null;\n },\n\n /**\n * Extracts the orgId from the returned code from idbroker.\n *\n * Certain authorization codes encode organization info in a structured\n * underscore-delimited format. This method parses out the 3rd segment.\n *\n * For undocumented formats or unexpected code shapes, returns undefined.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} code\n * @private\n * @returns {String|undefined}\n */\n _extractOrgIdFromCode(code) {\n return code?.split('_')[2] || undefined;\n },\n\n /**\n * Checks if the result of the login redirect contains an OAuth error.\n * Throws a mapped grant error if encountered.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _checkForErrors(location) {\n const {query} = location;\n\n if (query && query.error) {\n const ErrorConstructor = grantErrors.select(query.error);\n\n throw new ErrorConstructor(query);\n }\n },\n\n /**\n * Removes no-longer needed values from the URL (authorization code, CSRF token).\n * This is important to avoid leaking sensitive parameters via:\n * - Browser history\n * - Copy/paste of URL\n * - HTTP referrer headers to third-party content\n *\n * Approach:\n * - Remove 'code'.\n * - Remove 'state' entirely if only contained csrf_token.\n * - Else, re-encode remaining state fields (minus csrf_token).\n * - Replace current history entry (no page reload).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _cleanUrl(location) {\n location = cloneDeep(location);\n if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n Reflect.deleteProperty(location.query, 'code');\n if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n Reflect.deleteProperty(location.query, 'state');\n } else {\n location.query.state = base64.encode(\n JSON.stringify(omit(location.query.state, 'csrf_token'))\n );\n }\n location.search = querystring.stringify(location.query);\n Reflect.deleteProperty(location, 'query');\n this.webex.getWindow().history.replaceState({}, null, url.format(location));\n }\n },\n\n /**\n * Generates a PKCE (RFC 7636) code verifier and corresponding S256 code challenge.\n * Persists the verifier in sessionStorage (single-use) for later retrieval\n * during authorization code exchange; removes it once consumed.\n *\n * Implementation details:\n * - Creates a 128 character string using base64url safe alphabet.\n * - Computes SHA256 hash, encodes to base64url (no padding).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} code_challenge\n */\n _generateCodeChallenge() {\n this.logger.info('authorization: generating PKCE code challenge');\n\n // eslint-disable-next-line no-underscore-dangle\n const safeCharacterMap = base64url._safe_map;\n\n const codeVerifier = lodash\n .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n .join('');\n\n const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n return codeChallenge;\n },\n\n /**\n * Generates a CSRF token and stores it in sessionStorage.\n * Token is embedded in 'state' and validated upon redirect return.\n *\n * Uses UUID v4 for randomness.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} token\n */\n _generateSecurityToken() {\n this.logger.info('authorization: generating csrf token');\n\n const token = uuid.v4();\n\n this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n return token;\n },\n\n /**\n * Verifies that the CSRF token returned in the 'state' matches the one\n * previously stored in sessionStorage.\n *\n * Steps:\n * - Retrieve and immediately remove stored token (one-time use).\n * - Ensure state + state.csrf_token exist.\n * - Compare values; throw descriptive errors on mismatch / absence.\n *\n * If no stored token (e.g., user navigated directly), silently returns.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} query - Parsed query (location.query)\n * @private\n * @returns {void}\n */\n _verifySecurityToken(query) {\n const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n if (!sessionToken) {\n return;\n }\n\n if (!query.state) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n if (!query.state.csrf_token) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n const token = query.state.csrf_token;\n\n if (token !== sessionToken) {\n throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n }\n },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAYA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,aAAA,GAAAR,sBAAA,CAAAC,OAAA;AACA,IAAAQ,SAAA,GAAAT,sBAAA,CAAAC,OAAA;AAAiC,IAAAS,IAAA,EAAAC,KAAA,EAAAC,IAAA,EArBhC;AACD;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAaA;AACA;AACA,IAAMC,MAAM,GAAGZ,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMa,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACO,IAAMC,MAAM,GAAAC,OAAA,CAAAD,MAAA,GAAG;EACpBE,KAAK,EAAE,OAAO;EACd;AACF;AACA;EACEC,WAAW,EAAE;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,EAAAZ,IAAA,GAkOrC,IAAAa,qBAAa,EAAC,eAAe,CAAC,EAAAZ,KAAA,GAmE9B,IAAAY,qBAAa,EAAC,eAAe,CAAC,EAAAX,IAAA,GArSQ;EACvCY,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAIC,oBAAY,CAAC,CAAC;EAEhC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAI;EAClB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,sBAAsB,EAAE,IAAI;EAE5B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,EAAE,CAAC;EAEZ;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,gBAAgB,EAAE,IAAI;EAEtB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,WAAVA,UAAUA,CAAA,EAAW;IAAA,IAAAC,KAAA;IAAA,SAAAC,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAPC,KAAK,OAAAC,KAAA,CAAAJ,IAAA,GAAAK,IAAA,MAAAA,IAAA,GAAAL,IAAA,EAAAK,IAAA;MAALF,KAAK,CAAAE,IAAA,IAAAJ,SAAA,CAAAI,IAAA;IAAA;IACjB,IAAMC,GAAG,GAAG,IAAAC,MAAA,CAAAnB,OAAA,EAAcT,sBAAW,CAAC6B,SAAS,CAACV,UAAU,EAAE,IAAI,EAAEK,KAAK,CAAC;IACxE,IAAMM,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;;IAEtE;IACA,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;;IAEX;IACA,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAAC1B,KAAK,GAAG,IAAI;MACjB,OAAOgB,GAAG;IACZ;;IAEA;IACA,IAAIG,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;;IAEA;IACA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACnD,oBAAoB,CAAC;IACxF;IACA,IAAI,CAACuC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACpD,oBAAoB,CAAC;IAEtE,IAAOqD,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;;IAEhB;IACA,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC;IACA,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;IAExB,IAAIoB,oBAAoB;;IAExB;IACA,IAAMC,KAAK,GAAG,IAAI,CAACC,qBAAqB,CAACf,IAAI,CAAC;IAE9C,IAAIU,SAAS,EAAE;MACbG,oBAAoB,GAAG;QAACH,SAAS,EAATA;MAAS,CAAC;IACpC,CAAC,MAAM,IAAII,KAAK,EAAE;MAChBD,oBAAoB,GAAG;QAACC,KAAK,EAALA;MAAK,CAAC;IAChC;;IAEA;IACAE,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrBlC,KAAI,CAACa,KAAK,CAACsB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAACP,oBAAoB,CAAC,CAC3CQ,KAAK,CAAC;QAAA,OAAMC,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;MAAA,EAAC,CAAC;MAAA,CAC/BC,IAAI,CAAC;QAAA,OAAMzC,KAAI,CAAC0C,6BAA6B,CAAC;UAACzB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEe,KAAK,CAAC,UAACK,KAAK,EAAK;QAChB3C,KAAI,CAAC4C,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV;QACAzC,KAAI,CAACT,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOgB,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuC,aAAa,WAAbA,aAAaA,CAAA,EAAe;IAAA,IAAdC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxB,IAAI,CAACT,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,eAAe;MAC1BC,IAAI,EAAE;QACJC,QAAQ,EAAE,CAAC,CAACL,OAAO,CAACM,KAAK;QACzBC,QAAQ,EAAE,CAAC,CAACP,OAAO,CAAC5B;MACtB;IACF,CAAC,CAAC;IAEF4B,OAAO,GAAG,IAAAQ,iBAAS,EAACR,OAAO,CAAC;;IAE5B;IACA,IAAIA,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACS,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACX,OAAO,CAACM,KAAK,CAAC,CAACM,QAAQ,CAAC,CAAC;IAC/D;IACA,OAAOZ,OAAO,CAACM,KAAK,CAAC,CAAC;;IAEtBN,OAAO,CAAC5B,KAAK,GAAG4B,OAAO,CAAC5B,KAAK,IAAI,CAAC,CAAC;IACnC;IACA4B,OAAO,CAAC5B,KAAK,CAACyC,UAAU,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACxD;IACA;IACAd,OAAO,CAAC5B,KAAK,CAACQ,SAAS,GAAGoB,OAAO,CAACS,SAAS;;IAE3C;IACAT,OAAO,CAACe,cAAc,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACtDhB,OAAO,CAACiB,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAAClB,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEkB,8BAA8B,WAA9BA,8BAA8BA,CAAClB,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACsB,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAMC,QAAQ,GAAG,IAAI,CAACtD,KAAK,CAACuD,WAAW,CAACC,aAAa,CACnD,IAAAC,OAAA,CAAAjF,OAAA,EAAc;MAACkF,aAAa,EAAE;IAAM,CAAC,EAAExB,OAAO,CAChD,CAAC;IAED,IAAI,CAACtD,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,oBAAoB;MAC/BC,IAAI,EAAE;QAAEgB,QAAQ,EAARA;MAAS;IACnB,CAAC,CAAC;IAEF,IAAIpB,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEyB,cAAc,EAAE;MAC3B;MACA,IAAMC,qBAAqB,GAAG;QAC5BC,KAAK,EAAE,GAAG;QACVC,MAAM,EAAE;MACV,CAAC;MAED,IAAMC,cAAc,GAAG,IAAAN,OAAA,CAAAjF,OAAA,EACrBoF,qBAAqB,EACrB,IAAAI,QAAA,CAAAxF,OAAA,EAAO0D,OAAO,CAACyB,cAAc,MAAK,QAAQ,GAAGzB,OAAO,CAACyB,cAAc,GAAG,CAAC,CACzE,CAAC;MAED,IAAMM,cAAc,GAAG,IAAAC,QAAA,CAAA1F,OAAA,EAAeuF,cAAc,CAAC,CAClDI,GAAG,CAAC,UAAAC,IAAA;QAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA9F,OAAA,EAAA4F,IAAA;UAAEG,GAAG,GAAAF,KAAA;UAAEG,KAAK,GAAAH,KAAA;QAAA,UAAAI,MAAA,CAASF,GAAG,OAAAE,MAAA,CAAID,KAAK;MAAA,CAAE,CAAC,CACxCE,IAAI,CAAC,GAAG,CAAC;MACZ,IAAI,CAAC1E,KAAK,CAACC,SAAS,CAAC,CAAC,CAAC0E,IAAI,CAACrB,QAAQ,EAAE,QAAQ,EAAEW,cAAc,CAAC;IACjE,CAAC,MAAM;MACL;MACA,IAAI,CAACjE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGyD,QAAQ;IAC5C;IAEA,OAAO5B,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,MAAM,WAANA,MAAMA,CAAA,EAAe;IAAA,IAAd1C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACjB,IAAI,CAAC6C,OAAO,CAAC2C,UAAU,EAAE;MACvB,IAAI,CAAC7E,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACuD,WAAW,CAACuB,cAAc,CAAC5C,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,WAA7BA,6BAA6BA,CAAA,EAAe;IAAA,IAAAkD,MAAA;IAAA,IAAd7C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxC,IAAI,CAAC0C,MAAM,CAACsB,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACnB,OAAO,CAAC9B,IAAI,EAAE;MACjB,OAAOsB,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtChF,IAAI,EAAE8B,OAAO,CAAC9B,IAAI;MAClBkF,oBAAoB,EAAE,IAAI,CAAE;IAC9B,CAAC;IAED,IAAIpD,OAAO,CAACxB,YAAY,EAAE;MACxBwE,IAAI,CAACK,aAAa,GAAGrD,OAAO,CAACxB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACdwF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE,KAAK,CAAE;IACnC,CAAC,CAAC,CACDtE,IAAI,CAAC,UAACuE,GAAG,EAAK;MACb;MACApB,MAAI,CAAC/E,KAAK,CAACuD,WAAW,CAAC6C,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACD7E,KAAK,CAAC,UAAC0E,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO7E,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAACmB,GAAG,CAAC;MAC5B;;MAEA;MACA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAACxE,KAAK,CAAC;MAE3D,OAAOJ,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,8BAA8B,WAA9BA,8BAA8BA,CAACC,eAAe,EAAE;IAC9C,IAAMC,OAAO,GAAG,kCAAkC;IAClD,IAAMC,SAAS,GAAG,IAAIC,eAAe,CAAC,IAAIC,GAAG,CAACJ,eAAe,CAAC,CAACK,MAAM,CAAC;IACtE,IAAMC,QAAQ,GAAGJ,SAAS,CAACK,GAAG,CAAC,UAAU,CAAC;IAE1C,IAAID,QAAQ,EAAE;MACZ,IAAO5F,QAAQ,GAAI,IAAI,CAACvB,KAAK,CAACsB,QAAQ,CAA/BC,QAAQ;MACf,IAAM8F,cAAc,GAAG9F,QAAQ,CAAC6F,GAAG,CAAC,cAAc,CAAC;MACnD,IAAME,kBAAkB,GAAG,IAAIL,GAAG,CAACH,OAAO,CAAC;MAC3CQ,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,UAAU,EAAEe,QAAQ,CAAC;MACzDG,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,aAAa,EAAEiB,cAAc,CAAC;MAClE,OAAOC,kBAAkB,CAACxE,QAAQ,CAAC,CAAC;IACtC,CAAC,MAAM;MACL,OAAO+D,eAAe;IACxB;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,eAAe,WAAfA,eAAeA,CAAA,EAAG;IAAA,IAAAC,MAAA;IAChB,IAAI,IAAI,CAAC3I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAI,CAAC1H,KAAK,CACPwF,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdkC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,2BAA2B;MACrC1C,IAAI,EAAE;QACJY,SAAS,EAAE,IAAI,CAACT,MAAM,CAACS,SAAS;QAChC+B,KAAK,EAAE,IAAI,CAACxC,MAAM,CAACwC;MACrB,CAAC;MACDjC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB;IACF,CAAC,CAAC,CACDrE,IAAI,CAAC,UAACuE,GAAG,EAAK;MACb,IAAA2B,SAAA,GAAiE3B,GAAG,CAACG,IAAI;QAAlEyB,SAAS,GAAAD,SAAA,CAATC,SAAS;QAAEC,gBAAgB,GAAAF,SAAA,CAAhBE,gBAAgB;QAAEC,yBAAyB,GAAAH,SAAA,CAAzBG,yBAAyB;MAC7D,IAAMC,uBAAuB,GAAGT,MAAI,CAACb,8BAA8B,CAACqB,yBAAyB,CAAC;MAC9FR,MAAI,CAAC7I,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC7B8F,QAAQ,EAAE;UACVhB,QAAQ,EAAEY,SAAS;UACnBK,eAAe,EAAEJ,gBAAgB;UACjCE,uBAAuB,EAAvBA;QACF;MACF,CAAC,CAAC;MACF;MACAT,MAAI,CAACY,mBAAmB,CAAClC,GAAG,CAACG,IAAI,CAAC;IACpC,CAAC,CAAC,CACD7E,KAAK,CAAC,UAAC0E,GAAG,EAAK;MACdsB,MAAI,CAAC7I,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE6D,GAAG,CAACG;MACZ,CAAC,CAAC;IACJ,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE+B,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAe;IAAA,IAAAC,iBAAA;MAAAC,MAAA;IAAA,IAAdrG,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC9B,IAAI,CAAC6C,OAAO,CAACsG,WAAW,EAAE;MACxB,IAAI,CAAC5J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAA0B;MAC5C,CAAC,CAAC;MACF;IACF;IAEA,IAAI,IAAI,CAAC5I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAoBe,UAAU,GAAiCvG,OAAO,CAA/DsG,WAAW;MAAAE,mBAAA,GAA6CxG,OAAO,CAAtCyG,UAAU;MAAEC,SAAS,GAAAF,mBAAA,cAAG,GAAG,GAAAA,mBAAA;IAC3D;IACA,IAAIG,QAAQ,IAAAP,iBAAA,GAAGpG,OAAO,CAAC2G,QAAQ,cAAAP,iBAAA,cAAAA,iBAAA,GAAI,CAAC;;IAEpC;IACA,IAAI,CAACvJ,sBAAsB,GAAG+J,UAAU,CAAC,YAAM;MAC7CP,MAAI,CAACQ,mBAAmB,CAAC,KAAK,CAAC;MAC/BR,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACoF,OAAO,EAAE;QAAyB;MAC3C,CAAC,CAAC;IACJ,CAAC,EAAEkB,SAAS,GAAG,IAAI,CAAC;IAEpB,IAAMI,OAAO,GAAG,SAAVA,OAAOA,CAAA,EAAS;MACpB;MACAT,MAAI,CAACvJ,SAAS,IAAI,CAAC;MACnBuJ,MAAI,CAACtJ,gBAAgB,GAAGsJ,MAAI,CAACvJ,SAAS;MAEtCuJ,MAAI,CAACvI,KAAK,CACPwF,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdkC,OAAO,EAAE,cAAc;QACvBC,QAAQ,EAAE,uBAAuB;QACjC1C,IAAI,EAAE;UACJC,UAAU,EAAE,8CAA8C;UAC1DqD,WAAW,EAAEC,UAAU;UACvB3C,SAAS,EAAEyC,MAAI,CAAClD,MAAM,CAACS;QACzB,CAAC;QACDF,IAAI,EAAE;UACJC,IAAI,EAAE0C,MAAI,CAAClD,MAAM,CAACS,SAAS;UAC3BC,IAAI,EAAEwC,MAAI,CAAClD,MAAM,CAACW,aAAa;UAC/BC,eAAe,EAAE;QACnB;MACF,CAAC,CAAC,CACDrE,IAAI,CAAC,UAACuE,GAAG,EAAK;QACb;QACA,IAAIoC,MAAI,CAACtJ,gBAAgB,KAAKsJ,MAAI,CAACvJ,SAAS,EAAE;QAE5CuJ,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UAC3CwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAE6D,GAAG,CAACG;QACZ,CAAC,CAAC;QACFiC,MAAI,CAACvI,KAAK,CAACuD,WAAW,CAAC6C,GAAG,CAAC;UAACC,UAAU,EAAEF,GAAG,CAACG;QAAI,CAAC,CAAC;QAClDiC,MAAI,CAACQ,mBAAmB,CAAC,CAAC;MAC5B,CAAC,CAAC,CACDtH,KAAK,CAAC,UAAC0E,GAAG,EAAK;QACd,IAAIoC,MAAI,CAACtJ,gBAAgB,KAAKsJ,MAAI,CAACvJ,SAAS,EAAE;;QAE9C;QACA,IAAImH,GAAG,CAACI,UAAU,KAAK,GAAG,IAAIJ,GAAG,CAACG,IAAI,CAACoB,OAAO,KAAK,WAAW,EAAE;UAC9DuB,eAAe,CAACJ,QAAQ,GAAG,CAAC,CAAC;UAC7B;QACF;;QAEA;QACA,IAAI1C,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;UAC1BgC,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;YACzCwE,SAAS,EAAE,sBAAsB;YACjCC,IAAI,EAAE6D,GAAG,CAACG;UACZ,CAAC,CAAC;UACF2C,eAAe,CAACJ,QAAQ,CAAC;UACzB;QACF;;QAEA;QACAN,MAAI,CAACQ,mBAAmB,CAAC,CAAC;QAE1BR,MAAI,CAAC3J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UACzCwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAE6D,GAAG,CAACG;QACZ,CAAC,CAAC;MACJ,CAAC,CAAC;IACN,CAAC;;IAED;IACA,IAAM2C,eAAe,GAAG,SAAlBA,eAAeA,CAAIJ,QAAQ;MAAA,OAC9BN,MAAI,CAACzJ,YAAY,GAAGgK,UAAU,CAACE,OAAO,EAAEH,QAAQ,GAAG,IAAI,CAAC;IAAA,CAAC;IAE5DI,eAAe,CAACJ,QAAQ,CAAC;EAC3B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAyB;IAAA,IAAxBG,eAAe,GAAA7J,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,IAAI;IACxC,IAAI,IAAI,CAACP,YAAY,IAAIoK,eAAe,EAAE;MACxC,IAAI,CAACtK,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE;MACb,CAAC,CAAC;IACJ;IAEA,IAAI,CAACpD,gBAAgB,GAAG,IAAI;IAE5BkK,YAAY,CAAC,IAAI,CAACpK,sBAAsB,CAAC;IACzC,IAAI,CAACA,sBAAsB,GAAG,IAAI;IAClCoK,YAAY,CAAC,IAAI,CAACrK,YAAY,CAAC;IAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqC,qBAAqB,WAArBA,qBAAqBA,CAACf,IAAI,EAAE;IAC1B,OAAO,CAAAA,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEgJ,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAIjH,SAAS;EACzC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEhC,eAAe,WAAfA,eAAeA,CAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACyB,KAAK,EAAE;MACxB,IAAM0E,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACrG,KAAK,CAACyB,KAAK,CAAC;MAExD,MAAM,IAAI0E,gBAAgB,CAACnG,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,WAATA,SAASA,CAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,IAAA6C,iBAAS,EAAC7C,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,IAAI,IAAI,CAACrJ,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,CAACC,YAAY,EAAE;MACjF,IAAAC,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,IAAAmJ,eAAO,EAAC,IAAAC,YAAI,EAAC5J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,IAAAiJ,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACkJ,MAAM,CAClC,IAAAC,UAAA,CAAAnL,OAAA,EAAe,IAAAiL,YAAI,EAAC5J,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CACzD,CAAC;MACH;MACAT,QAAQ,CAACqH,MAAM,GAAG0C,oBAAW,CAACC,SAAS,CAAChK,QAAQ,CAACQ,KAAK,CAAC;MACvD,IAAAkJ,eAAA,CAAA/K,OAAA,EAAuBqB,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACoJ,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAExJ,YAAG,CAACgK,MAAM,CAACjK,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqD,sBAAsB,WAAtBA,sBAAsBA,CAAA,EAAG;IACvB,IAAI,CAACnB,MAAM,CAACsB,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM0G,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAMvJ,YAAY,GAAGnD,MAAM,CACxB2M,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAACxM,MAAM,CAAC4M,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACzK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjFoF,IAAI,CAAC,EAAE,CAAC;IAEX,IAAM0F,aAAa,GAAGxH,iBAAQ,CAACC,MAAM,CAACnC,YAAY,CAAC,CAACoC,QAAQ,CAACkH,qBAAS,CAAC;IAEvE,IAAI,CAAChK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC0J,OAAO,CAAC5M,oBAAoB,EAAEiD,YAAY,CAAC;IAEjF,OAAO0J,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEpH,sBAAsB,WAAtBA,sBAAsBA,CAAA,EAAG;IACvB,IAAI,CAACjB,MAAM,CAACsB,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMiH,KAAK,GAAGC,aAAI,CAACC,EAAE,CAAC,CAAC;IAEvB,IAAI,CAACxK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC0J,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEvJ,oBAAoB,WAApBA,oBAAoBA,CAACV,KAAK,EAAE;IAC1B,IAAMoK,YAAY,GAAG,IAAI,CAACzK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACpD,iBAAiB,CAAC;IAErF,IAAI,CAACwC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACrD,iBAAiB,CAAC;IACnE,IAAI,CAACiN,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAACpK,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAI2E,KAAK,wBAAAR,MAAA,CAAwBgG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAI,CAACpK,KAAK,CAACC,KAAK,CAACyC,UAAU,EAAE;MAC3B,MAAM,IAAIkC,KAAK,wBAAAR,MAAA,CAAwBgG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAMH,KAAK,GAAGjK,KAAK,CAACC,KAAK,CAACyC,UAAU;IAEpC,IAAIuH,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAIxF,KAAK,eAAAR,MAAA,CAAe6F,KAAK,mCAAA7F,MAAA,CAAgCgG,YAAY,CAAE,CAAC;IACpF;EACF,CAAC;EAAAC,OAAA;AACH,CAAC,MAAAC,0BAAA,CAAAnM,OAAA,EAAAlB,IAAA,qCAAAF,IAAA,OAAAwN,yBAAA,CAAApM,OAAA,EAAAlB,IAAA,qCAAAA,IAAA,OAAAqN,0BAAA,CAAAnM,OAAA,EAAAlB,IAAA,oCAAAD,KAAA,EA7cEwN,iBAAS,OAAAD,yBAAA,CAAApM,OAAA,EAAAlB,IAAA,oCAAAA,IAAA,GAAAA,IAAA,CA6cX,CAAC;AAAC,IAAAwN,QAAA,GAAAnN,OAAA,CAAAa,OAAA,GAEYV,aAAa","ignoreList":[]}
1
+ {"version":3,"names":["_querystring","_interopRequireDefault","require","_url2","_events","_common","_webexCore","_lodash","_uuid","_encBase64url","_cryptoJs","_dec","_dec2","_obj","lodash","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Events","exports","login","qRCodeLogin","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","eventEmitter","EventEmitter","pollingTimer","pollingExpirationTimer","pollingId","currentPollingId","initialize","_this","_len","arguments","length","attrs","Array","_key","ret","_apply","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","preauthCatalogParams","orgId","_extractOrgIdFromCode","process","nextTick","internal","services","collectPreauthCatalog","catch","_promise","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","undefined","emit","eventType","data","hasEmail","email","hasState","cloneDeep","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","loginUrl","credentials","buildLoginUrl","_assign","response_type","separateWindow","defaultWindowSettings","width","height","windowSettings","_typeof2","windowFeatures","_entries","map","_ref","_ref2","_slicedToArray2","key","value","concat","join","open","initiateThirdPartyLogin","initiateThirdPartyLoginRedirect","buildThirdPartyLoginUrl","err","reject","logout","noRedirect","buildLogoutUrl","_this2","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","_generateQRCodeVerificationUrl","verificationUrl","baseUrl","urlParams","URLSearchParams","URL","search","userCode","get","oauthHelperUrl","newVerificationUrl","searchParams","initQRCodeLogin","_this3","message","service","resource","scope","_res$body","user_code","verification_uri","verification_uri_complete","verificationUriComplete","userData","verificationUri","_startQRCodePolling","_options$interval","_this4","device_code","deviceCode","_options$expires_in","expires_in","expiresIn","interval","setTimeout","cancelQRCodePolling","polling","schedulePolling","withCancelEvent","clearTimeout","split","history","replaceState","_deleteProperty","isEmpty","omit","encode","_stringify","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","codeChallenge","setItem","token","uuid","v4","sessionToken","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","oneFlight","_default"],"sources":["authorization.js"],"sourcesContent":["// @ts-nocheck\n/* eslint-disable */\n/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n/**\n * TS checking disabled: file uses legacy decorator syntax inside an object literal\n * transformed by Babel. Safe to ignore for now.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\nimport {EventEmitter} from 'events';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Authorization plugin events\n */\nexport const Events = {\n login: 'login',\n /**\n * QR code login events\n */\n qRCodeLogin: 'qRCodeLogin',\n};\n\n/**\n * Browser support for OAuth2 for first-party (Webex Web Client) usage.\n *\n * High-level flow handled by this module:\n * 1. initiateLogin() constructs authorization request (adds CSRF + PKCE).\n * 2. Browser navigates to IdBroker (login).\n * 3. IdBroker redirects back with ?code=... (&state=...).\n * 4. initialize() detects code, validates state/CSRF, cleans URL, optionally\n * pre-fetches a preauth catalog, then exchanges the code via\n * requestAuthorizationCodeGrant().\n * 5. Sets resulting supertoken (access/refresh token bundle) on credentials.\n *\n * Additional supported flow:\n * - Device Authorization (QR Code login):\n * initQRCodeLogin() obtains device + user codes and begins polling\n * _startQRCodePolling() until tokens are issued or timeout/cancel occurs.\n *\n * Security considerations implemented:\n * - CSRF token (state.csrf_token) generation + verification.\n * - PKCE (S256) code verifier + challenge generation and consumption.\n * - URL cleanup after redirect (removes code & CSRF to prevent leakage).\n *\n * Use of this plugin for anything other than the Webex Web Client is discouraged.\n *\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n derived: {\n /**\n * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthenticating: {\n deps: ['isAuthorizing'],\n fn() {\n return this.isAuthorizing;\n },\n },\n },\n\n session: {\n /**\n * Indicates if an Authorization Code exchange is inflight\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthorizing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Indicates that the plugin has finished any automatic startup\n * processing (e.g., exchanging a returned authorization code)\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n },\n\n namespace: 'Credentials',\n\n /**\n * EventEmitter for authorization events such as QR code login progress\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {EventEmitter}\n * @public\n */\n eventEmitter: new EventEmitter(),\n\n /**\n * Stores the timer ID for QR code polling (device authorization)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingTimer: null,\n /**\n * Stores the expiration timer ID for QR code polling (overall timeout)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n pollingExpirationTimer: null,\n\n /**\n * Monotonically increasing id to identify the current polling request.\n * Used to safely ignore late poll responses after a cancel/reset.\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {number}\n * @private\n */\n pollingId: 0,\n\n /**\n * Identifier for the current polling request (snapshot of pollingId)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {?number}\n * @private\n */\n currentPollingId: null,\n\n /**\n * Auto executes during Webex.init() – you do NOT call this yourself.\n *\n * Purpose: Seamless \"redirect completion\" of the OAuth Authorization Code (+ PKCE) flow.\n *\n * Simple summary:\n * - You call initiateLogin() which redirects user to IdBroker.\n * - User signs in; IdBroker redirects back to your redirect_uri with ?code=... (&state=...).\n * - During SDK startup this initialize() runs automatically, sees the code, and\n * silently finishes the login (validates state/CSRF + PKCE, scrubs URL, exchanges code).\n * - When done, webex.credentials.supertoken holds access+refresh and ready=true.\n *\n * Step-by-step:\n * 1. Inspect current window.location for ?code= (& state=).\n * 2. If no code: set ready=true immediately (nothing to complete).\n * 3. If code present:\n * - Decode base64 state JSON.\n * - Verify CSRF token matches sessionStorage value.\n * - Retrieve then delete PKCE code_verifier (single use).\n * - Optionally derive preauth hint (emailhash in state OR orgId parsed from code).\n * - Clean the URL (history.replaceState) to remove code & csrf token data.\n * - nextTick:\n * a. Best‑effort preauth catalog fetch (non-blocking).\n * b. Exchange authorization code (with code_verifier if any) for supertoken\n * and store on webex.credentials.\n * 4. Set ready=true after the async sequence finishes (or immediately if step 2).\n *\n * Result: If the redirect included a valid code the token exchange is completed\n * automatically—no extra API call needed after Webex.init().\n */\n // eslint-disable-next-line complexity\n initialize(...attrs) {\n const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n const location = url.parse(this.webex.getWindow().location.href, true);\n\n // Check if redirect includes error\n this._checkForErrors(location);\n\n const {code} = location.query;\n\n // If no authorization code returned, nothing to do\n if (!code) {\n this.ready = true;\n return ret;\n }\n\n // Decode and parse state object (if present)\n if (location.query.state) {\n location.query.state = JSON.parse(base64.decode(location.query.state));\n } else {\n location.query.state = {};\n }\n\n // Retrieve PKCE code verifier (if a PKCE flow was initiated)\n const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n // Immediately remove code verifier to minimize exposure\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n const {emailhash} = location.query.state;\n\n // Validate CSRF token included in state\n this._verifySecurityToken(location.query);\n // Remove code + CSRF token remnants from URL (history replace)\n this._cleanUrl(location);\n\n let preauthCatalogParams;\n\n // Attempt to extract orgId from structured authorization code (if present)\n const orgId = this._extractOrgIdFromCode(code);\n\n if (emailhash) {\n preauthCatalogParams = {emailhash};\n } else if (orgId) {\n preauthCatalogParams = {orgId};\n }\n\n // Defer token exchange until next tick in case credentials plugin not ready yet\n process.nextTick(() => {\n this.webex.internal.services\n .collectPreauthCatalog(preauthCatalogParams)\n .catch(() => Promise.resolve()) // Non-fatal if catalog collection fails\n .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n .catch((error) => {\n this.logger.warn('authorization: failed initial authorization code grant request', error);\n })\n .then(() => {\n // Mark plugin ready regardless of success/failure of token exchange\n this.ready = true;\n });\n });\n\n return ret;\n },\n\n /**\n * Kicks off an OAuth authorization code flow (first party).\n *\n * Adds security + PKCE properties:\n * - SHA256(email) (emailHash & emailhash) for preauth and redirect flows\n * - state.csrf_token for CSRF protection\n * - PKCE code_challenge (S256)\n *\n * NOTE: This does not itself perform the redirect; it calls\n * initiateAuthorizationCodeGrant() which changes window location or opens\n * a separate window as configured.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateLogin(options = {}) {\n this.eventEmitter.emit(Events.login, {\n eventType: 'initiateLogin',\n data: {\n hasEmail: !!options.email,\n hasState: !!options.state,\n },\n });\n\n options = cloneDeep(options);\n\n // Optionally compute heuristic email hash for preauth usage\n if (options.email) {\n options.emailHash = CryptoJS.SHA256(options.email).toString();\n }\n delete options.email; // Ensure raw email not propagated further\n\n options.state = options.state || {};\n // Embed CSRF token\n options.state.csrf_token = this._generateSecurityToken();\n // Provide email hash in lower-case key used by catalog service\n // (Note: catalog uses emailhash and redirectCI uses emailHash)\n options.state.emailhash = options.emailHash;\n\n // PKCE - produce code_challenge (S256) and persist code_verifier\n options.code_challenge = this._generateCodeChallenge();\n options.code_challenge_method = 'S256';\n\n return this.initiateAuthorizationCodeGrant(options);\n },\n\n @whileInFlight('isAuthorizing')\n /**\n * Performs the navigation step of the Authorization Code flow.\n * Builds login URL and either:\n * - Replaces current window location (default), or\n * - Opens a separate window (popup) if options.separateWindow supplied.\n *\n * Decorated with whileInFlight('isAuthorizing') to set isAuthorizing=true\n * during execution to prevent concurrent overlapping attempts.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Already augmented with state + PKCE info\n * @returns {Promise<void>}\n */\n initiateAuthorizationCodeGrant(options) {\n this.logger.info('authorization: initiating authorization code grant flow');\n const loginUrl = this.webex.credentials.buildLoginUrl(\n Object.assign({response_type: 'code'}, options)\n );\n\n this.eventEmitter.emit(Events.login, {\n eventType: 'redirectToLoginUrl',\n data: {loginUrl},\n });\n\n if (options?.separateWindow) {\n // If a separate popup window is requested, combine user supplied window features\n const defaultWindowSettings = {\n width: 600,\n height: 800,\n };\n\n const windowSettings = Object.assign(\n defaultWindowSettings,\n typeof options.separateWindow === 'object' ? options.separateWindow : {}\n );\n\n const windowFeatures = Object.entries(windowSettings)\n .map(([key, value]) => `${key}=${value}`)\n .join(',');\n this.webex.getWindow().open(loginUrl, '_blank', windowFeatures);\n } else {\n // Normal (in-tab) redirect\n this.webex.getWindow().location = loginUrl;\n }\n\n return Promise.resolve();\n },\n\n /**\n * Initiates third-party (social provider) login by redirecting the user\n * to IdBroker's `/idb/ThirdPartyLogin` endpoint.\n *\n * Mirrors `initiateLogin`'s role for the standard `/authorize` flow.\n * Delegates to `initiateThirdPartyLoginRedirect` so any pre-redirect\n * security plumbing (CSRF / `state`) can be added here without changing\n * the navigation method.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {string} options.oauth2provider\n * @param {string} options.returnURL\n * @returns {Promise<void>}\n */\n initiateThirdPartyLogin(options = {}) {\n return this.initiateThirdPartyLoginRedirect(options);\n },\n\n /**\n * Performs the navigation step of the third-party login flow. Builds the\n * IdBroker URL via `Credentials#buildThirdPartyLoginUrl` and assigns it\n * to `getWindow().location`.\n *\n * Mirrors `initiateAuthorizationCodeGrant` for the `/authorize` flow.\n * Consumers may override this method for custom navigation handling\n * (e.g. postMessage in iframed contexts).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {string} options.oauth2provider\n * @param {string} options.returnURL\n * @returns {Promise<void>}\n */\n initiateThirdPartyLoginRedirect(options = {}) {\n this.logger.info('authorization: initiating third-party login redirect');\n\n try {\n const url = this.webex.credentials.buildThirdPartyLoginUrl(options);\n\n this.webex.getWindow().location = url;\n } catch (err) {\n return Promise.reject(err);\n }\n\n return Promise.resolve();\n },\n\n /**\n * Called by {@link WebexCore#logout()}.\n * Constructs logout URL and (unless suppressed) navigates away to ensure\n * server-side session termination.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {boolean} options.noRedirect if true, does not redirect\n * @returns {Promise<void>}\n */\n logout(options = {}) {\n if (!options.noRedirect) {\n this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n }\n },\n\n @whileInFlight('isAuthorizing')\n @oneFlight\n /**\n * Exchanges an authorization code for an access (super) token bundle.\n *\n * Decorators:\n * - @whileInFlight('isAuthorizing'): prevents overlapping exchanges.\n * - @oneFlight: collapses simultaneous calls into one network request.\n *\n * Includes PKCE code_verifier if present from earlier login initiation.\n *\n * Error Handling:\n * - Non-400 responses are propagated.\n * - 400 responses map to OAuth-specific grantErrors.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {string} options.code - Authorization code from redirect\n * @param {string} [options.codeVerifier] - PKCE code verifier if used\n * @returns {Promise}\n */\n requestAuthorizationCodeGrant(options = {}) {\n this.logger.info('credentials: requesting authorization code grant');\n\n if (!options.code) {\n return Promise.reject(new Error('`options.code` is required'));\n }\n\n const form = {\n grant_type: 'authorization_code',\n redirect_uri: this.config.redirect_uri,\n code: options.code,\n self_contained_token: true, // Request combined access/refresh response\n };\n\n if (options.codeVerifier) {\n form.code_verifier = options.codeVerifier;\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form,\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false, // This is the token acquisition call itself\n })\n .then((res) => {\n // Store supertoken into credentials (includes refresh token)\n this.webex.credentials.set({supertoken: res.body});\n })\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n // Map standard OAuth error to strongly typed error class\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n /**\n * Generate a QR code verification URL for device authorization flow.\n * When a user scans the QR code with a mobile device, this deep-links into\n * Webex (web) to continue login, including passing along userCode and the\n * helper service base URL.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} verificationUrl - Original verification URI (complete)\n * @returns {String} Possibly rewritten verification URL\n */\n _generateQRCodeVerificationUrl(verificationUrl) {\n const baseUrl = 'https://web.webex.com/deviceAuth';\n const urlParams = new URLSearchParams(new URL(verificationUrl).search);\n const userCode = urlParams.get('userCode');\n\n if (userCode) {\n const {services} = this.webex.internal;\n const oauthHelperUrl = services.get('oauth-helper');\n const newVerificationUrl = new URL(baseUrl);\n newVerificationUrl.searchParams.set('usercode', userCode);\n newVerificationUrl.searchParams.set('oauthhelper', oauthHelperUrl);\n return newVerificationUrl.toString();\n } else {\n return verificationUrl;\n }\n },\n\n /**\n * Initiates Device Authorization (QR Code) flow.\n *\n * Steps:\n * 1. Obtain device_code, user_code, verification URLs from oauth-helper.\n * 2. Emit getUserCodeSuccess (provides data for generating QR code).\n * 3. Start polling token endpoint with device_code.\n *\n * Emits qRCodeLogin events for UI to react (success, failure, pending, etc.).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @emits #qRCodeLogin\n */\n initQRCodeLogin() {\n if (this.pollingTimer) {\n // Prevent concurrent device authorization attempts\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/authorize',\n form: {\n client_id: this.config.client_id,\n scope: this.config.scope,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n const {user_code, verification_uri, verification_uri_complete} = res.body;\n const verificationUriComplete =\n this._generateQRCodeVerificationUrl(verification_uri_complete);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeSuccess',\n userData: {\n userCode: user_code,\n verificationUri: verification_uri,\n verificationUriComplete,\n },\n });\n // Begin polling for authorization completion\n this._startQRCodePolling(res.body);\n })\n .catch((res) => {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'getUserCodeFailure',\n data: res.body,\n });\n });\n },\n\n /**\n * Poll the device token endpoint until user authorizes, an error occurs,\n * or timeout happens.\n *\n * Polling behavior:\n * - Interval provided by server (default 2s). 'slow_down' doubles interval once.\n * - 428 status => pending (continue).\n * - Success => set credentials + emit authorizationSuccess + stop polling.\n * - Any other error => emit authorizationFailure + stop polling.\n *\n * Cancellation:\n * - cancelQRCodePolling() resets timers and polling ids so late responses are ignored.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options - Must include device_code, may include interval/expires_in\n * @emits #qRCodeLogin\n */\n _startQRCodePolling(options = {}) {\n if (!options.device_code) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'A deviceCode is required'},\n });\n return;\n }\n\n if (this.pollingTimer) {\n // Already polling; avoid starting a duplicate cycle\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'There is already a polling request'},\n });\n return;\n }\n\n const {device_code: deviceCode, expires_in: expiresIn = 300} = options;\n // Server recommended polling interval (seconds)\n let interval = options.interval ?? 2;\n\n // Global timeout for entire device authorization attempt\n this.pollingExpirationTimer = setTimeout(() => {\n this.cancelQRCodePolling(false);\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: {message: 'Authorization timed out'},\n });\n }, expiresIn * 1000);\n\n const polling = () => {\n // Increment id so any previous poll loops can be invalidated\n this.pollingId += 1;\n this.currentPollingId = this.pollingId;\n\n this.webex\n .request({\n method: 'POST',\n service: 'oauth-helper',\n resource: '/actions/device/token',\n form: {\n grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n device_code: deviceCode,\n client_id: this.config.client_id,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n })\n .then((res) => {\n // If polling canceled (id changed), ignore this response\n if (this.currentPollingId !== this.pollingId) return;\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationSuccess',\n data: res.body,\n });\n this.webex.credentials.set({supertoken: res.body});\n this.cancelQRCodePolling();\n })\n .catch((res) => {\n if (this.currentPollingId !== this.pollingId) return;\n\n // Backoff signal from server; increase interval just once for next cycle\n if (res.statusCode === 400 && res.body.message === 'slow_down') {\n schedulePolling(interval * 2);\n return;\n }\n\n // Pending: keep polling\n if (res.statusCode === 428) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationPending',\n data: res.body,\n });\n schedulePolling(interval);\n return;\n }\n\n // Terminal error\n this.cancelQRCodePolling();\n\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'authorizationFailure',\n data: res.body,\n });\n });\n };\n\n // Schedules next poll invocation\n const schedulePolling = (interval) =>\n (this.pollingTimer = setTimeout(polling, interval * 1000));\n\n schedulePolling(interval);\n },\n\n /**\n * Cancel active device authorization polling loop.\n *\n * @param {boolean} withCancelEvent emit a pollingCanceled event (default true)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @returns {void}\n */\n cancelQRCodePolling(withCancelEvent = true) {\n if (this.pollingTimer && withCancelEvent) {\n this.eventEmitter.emit(Events.qRCodeLogin, {\n eventType: 'pollingCanceled',\n });\n }\n\n this.currentPollingId = null;\n\n clearTimeout(this.pollingExpirationTimer);\n this.pollingExpirationTimer = null;\n clearTimeout(this.pollingTimer);\n this.pollingTimer = null;\n },\n\n /**\n * Extracts the orgId from the returned code from idbroker.\n *\n * Certain authorization codes encode organization info in a structured\n * underscore-delimited format. This method parses out the 3rd segment.\n *\n * For undocumented formats or unexpected code shapes, returns undefined.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {String} code\n * @private\n * @returns {String|undefined}\n */\n _extractOrgIdFromCode(code) {\n return code?.split('_')[2] || undefined;\n },\n\n /**\n * Checks if the result of the login redirect contains an OAuth error.\n * Throws a mapped grant error if encountered.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _checkForErrors(location) {\n const {query} = location;\n\n if (query && query.error) {\n const ErrorConstructor = grantErrors.select(query.error);\n\n throw new ErrorConstructor(query);\n }\n },\n\n /**\n * Removes no-longer needed values from the URL (authorization code, CSRF token).\n * This is important to avoid leaking sensitive parameters via:\n * - Browser history\n * - Copy/paste of URL\n * - HTTP referrer headers to third-party content\n *\n * Approach:\n * - Remove 'code'.\n * - Remove 'state' entirely if only contained csrf_token.\n * - Else, re-encode remaining state fields (minus csrf_token).\n * - Replace current history entry (no page reload).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {void}\n */\n _cleanUrl(location) {\n location = cloneDeep(location);\n if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n Reflect.deleteProperty(location.query, 'code');\n if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n Reflect.deleteProperty(location.query, 'state');\n } else {\n location.query.state = base64.encode(\n JSON.stringify(omit(location.query.state, 'csrf_token'))\n );\n }\n location.search = querystring.stringify(location.query);\n Reflect.deleteProperty(location, 'query');\n this.webex.getWindow().history.replaceState({}, null, url.format(location));\n }\n },\n\n /**\n * Generates a PKCE (RFC 7636) code verifier and corresponding S256 code challenge.\n * Persists the verifier in sessionStorage (single-use) for later retrieval\n * during authorization code exchange; removes it once consumed.\n *\n * Implementation details:\n * - Creates a 128 character string using base64url safe alphabet.\n * - Computes SHA256 hash, encodes to base64url (no padding).\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} code_challenge\n */\n _generateCodeChallenge() {\n this.logger.info('authorization: generating PKCE code challenge');\n\n // eslint-disable-next-line no-underscore-dangle\n const safeCharacterMap = base64url._safe_map;\n\n const codeVerifier = lodash\n .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n .join('');\n\n const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n return codeChallenge;\n },\n\n /**\n * Generates a CSRF token and stores it in sessionStorage.\n * Token is embedded in 'state' and validated upon redirect return.\n *\n * Uses UUID v4 for randomness.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string} token\n */\n _generateSecurityToken() {\n this.logger.info('authorization: generating csrf token');\n\n const token = uuid.v4();\n\n this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n return token;\n },\n\n /**\n * Verifies that the CSRF token returned in the 'state' matches the one\n * previously stored in sessionStorage.\n *\n * Steps:\n * - Retrieve and immediately remove stored token (one-time use).\n * - Ensure state + state.csrf_token exist.\n * - Compare values; throw descriptive errors on mismatch / absence.\n *\n * If no stored token (e.g., user navigated directly), silently returns.\n *\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} query - Parsed query (location.query)\n * @private\n * @returns {void}\n */\n _verifySecurityToken(query) {\n const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n if (!sessionToken) {\n return;\n }\n\n if (!query.state) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n if (!query.state.csrf_token) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n const token = query.state.csrf_token;\n\n if (token !== sessionToken) {\n throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n }\n },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAYA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,KAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,aAAA,GAAAR,sBAAA,CAAAC,OAAA;AACA,IAAAQ,SAAA,GAAAT,sBAAA,CAAAC,OAAA;AAAiC,IAAAS,IAAA,EAAAC,KAAA,EAAAC,IAAA,EArBjC;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAaA;AACA;AACA,IAAMC,MAAM,GAAGZ,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMa,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACO,IAAMC,MAAM,GAAAC,OAAA,CAAAD,MAAA,GAAG;EACpBE,KAAK,EAAE,OAAO;EACd;AACF;AACA;EACEC,WAAW,EAAE;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,EAAAZ,IAAA,GAkOrC,IAAAa,qBAAa,EAAC,eAAe,CAAC,EAAAZ,KAAA,GAqH9B,IAAAY,qBAAa,EAAC,eAAe,CAAC,EAAAX,IAAA,GAvVQ;EACvCY,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAIC,oBAAY,CAAC,CAAC;EAEhC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,YAAY,EAAE,IAAI;EAClB;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,sBAAsB,EAAE,IAAI;EAE5B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,EAAE,CAAC;EAEZ;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,gBAAgB,EAAE,IAAI;EAEtB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,WAAVA,UAAUA,CAAA,EAAW;IAAA,IAAAC,KAAA;IAAA,SAAAC,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAPC,KAAK,OAAAC,KAAA,CAAAJ,IAAA,GAAAK,IAAA,MAAAA,IAAA,GAAAL,IAAA,EAAAK,IAAA;MAALF,KAAK,CAAAE,IAAA,IAAAJ,SAAA,CAAAI,IAAA;IAAA;IACjB,IAAMC,GAAG,GAAG,IAAAC,MAAA,CAAAnB,OAAA,EAAcT,sBAAW,CAAC6B,SAAS,CAACV,UAAU,EAAE,IAAI,EAAEK,KAAK,CAAC;IACxE,IAAMM,QAAQ,GAAGC,aAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;;IAEtE;IACA,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;;IAEX;IACA,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAAC1B,KAAK,GAAG,IAAI;MACjB,OAAOgB,GAAG;IACZ;;IAEA;IACA,IAAIG,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;;IAEA;IACA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACnD,oBAAoB,CAAC;IACxF;IACA,IAAI,CAACuC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACpD,oBAAoB,CAAC;IAEtE,IAAOqD,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;;IAEhB;IACA,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC;IACA,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;IAExB,IAAIoB,oBAAoB;;IAExB;IACA,IAAMC,KAAK,GAAG,IAAI,CAACC,qBAAqB,CAACf,IAAI,CAAC;IAE9C,IAAIU,SAAS,EAAE;MACbG,oBAAoB,GAAG;QAACH,SAAS,EAATA;MAAS,CAAC;IACpC,CAAC,MAAM,IAAII,KAAK,EAAE;MAChBD,oBAAoB,GAAG;QAACC,KAAK,EAALA;MAAK,CAAC;IAChC;;IAEA;IACAE,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrBlC,KAAI,CAACa,KAAK,CAACsB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAACP,oBAAoB,CAAC,CAC3CQ,KAAK,CAAC;QAAA,OAAMC,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;MAAA,EAAC,CAAC;MAAA,CAC/BC,IAAI,CAAC;QAAA,OAAMzC,KAAI,CAAC0C,6BAA6B,CAAC;UAACzB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEe,KAAK,CAAC,UAACK,KAAK,EAAK;QAChB3C,KAAI,CAAC4C,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV;QACAzC,KAAI,CAACT,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOgB,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuC,aAAa,WAAbA,aAAaA,CAAA,EAAe;IAAA,IAAdC,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxB,IAAI,CAACT,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,eAAe;MAC1BC,IAAI,EAAE;QACJC,QAAQ,EAAE,CAAC,CAACL,OAAO,CAACM,KAAK;QACzBC,QAAQ,EAAE,CAAC,CAACP,OAAO,CAAC5B;MACtB;IACF,CAAC,CAAC;IAEF4B,OAAO,GAAG,IAAAQ,iBAAS,EAACR,OAAO,CAAC;;IAE5B;IACA,IAAIA,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACS,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACX,OAAO,CAACM,KAAK,CAAC,CAACM,QAAQ,CAAC,CAAC;IAC/D;IACA,OAAOZ,OAAO,CAACM,KAAK,CAAC,CAAC;;IAEtBN,OAAO,CAAC5B,KAAK,GAAG4B,OAAO,CAAC5B,KAAK,IAAI,CAAC,CAAC;IACnC;IACA4B,OAAO,CAAC5B,KAAK,CAACyC,UAAU,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACxD;IACA;IACAd,OAAO,CAAC5B,KAAK,CAACQ,SAAS,GAAGoB,OAAO,CAACS,SAAS;;IAE3C;IACAT,OAAO,CAACe,cAAc,GAAG,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACtDhB,OAAO,CAACiB,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAAClB,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEkB,8BAA8B,WAA9BA,8BAA8BA,CAAClB,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACsB,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAMC,QAAQ,GAAG,IAAI,CAACtD,KAAK,CAACuD,WAAW,CAACC,aAAa,CACnD,IAAAC,OAAA,CAAAjF,OAAA,EAAc;MAACkF,aAAa,EAAE;IAAM,CAAC,EAAExB,OAAO,CAChD,CAAC;IAED,IAAI,CAACtD,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACE,KAAK,EAAE;MACnCyE,SAAS,EAAE,oBAAoB;MAC/BC,IAAI,EAAE;QAACgB,QAAQ,EAARA;MAAQ;IACjB,CAAC,CAAC;IAEF,IAAIpB,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEyB,cAAc,EAAE;MAC3B;MACA,IAAMC,qBAAqB,GAAG;QAC5BC,KAAK,EAAE,GAAG;QACVC,MAAM,EAAE;MACV,CAAC;MAED,IAAMC,cAAc,GAAG,IAAAN,OAAA,CAAAjF,OAAA,EACrBoF,qBAAqB,EACrB,IAAAI,QAAA,CAAAxF,OAAA,EAAO0D,OAAO,CAACyB,cAAc,MAAK,QAAQ,GAAGzB,OAAO,CAACyB,cAAc,GAAG,CAAC,CACzE,CAAC;MAED,IAAMM,cAAc,GAAG,IAAAC,QAAA,CAAA1F,OAAA,EAAeuF,cAAc,CAAC,CAClDI,GAAG,CAAC,UAAAC,IAAA;QAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA9F,OAAA,EAAA4F,IAAA;UAAEG,GAAG,GAAAF,KAAA;UAAEG,KAAK,GAAAH,KAAA;QAAA,UAAAI,MAAA,CAASF,GAAG,OAAAE,MAAA,CAAID,KAAK;MAAA,CAAE,CAAC,CACxCE,IAAI,CAAC,GAAG,CAAC;MACZ,IAAI,CAAC1E,KAAK,CAACC,SAAS,CAAC,CAAC,CAAC0E,IAAI,CAACrB,QAAQ,EAAE,QAAQ,EAAEW,cAAc,CAAC;IACjE,CAAC,MAAM;MACL;MACA,IAAI,CAACjE,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGyD,QAAQ;IAC5C;IAEA,OAAO5B,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,uBAAuB,WAAvBA,uBAAuBA,CAAA,EAAe;IAAA,IAAd1C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAClC,OAAO,IAAI,CAACwF,+BAA+B,CAAC3C,OAAO,CAAC;EACtD,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE2C,+BAA+B,WAA/BA,+BAA+BA,CAAA,EAAe;IAAA,IAAd3C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC1C,IAAI,CAAC0C,MAAM,CAACsB,IAAI,CAAC,sDAAsD,CAAC;IAExE,IAAI;MACF,IAAMvD,IAAG,GAAG,IAAI,CAACE,KAAK,CAACuD,WAAW,CAACuB,uBAAuB,CAAC5C,OAAO,CAAC;MAEnE,IAAI,CAAClC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAGC,IAAG;IACvC,CAAC,CAAC,OAAOiF,GAAG,EAAE;MACZ,OAAOrD,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAACD,GAAG,CAAC;IAC5B;IAEA,OAAOrD,QAAA,CAAAlD,OAAA,CAAQmD,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEsD,MAAM,WAANA,MAAMA,CAAA,EAAe;IAAA,IAAd/C,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACjB,IAAI,CAAC6C,OAAO,CAACgD,UAAU,EAAE;MACvB,IAAI,CAAClF,KAAK,CAACC,SAAS,CAAC,CAAC,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACuD,WAAW,CAAC4B,cAAc,CAACjD,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,WAA7BA,6BAA6BA,CAAA,EAAe;IAAA,IAAAuD,MAAA;IAAA,IAAdlD,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IACxC,IAAI,CAAC0C,MAAM,CAACsB,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACnB,OAAO,CAAC9B,IAAI,EAAE;MACjB,OAAOsB,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAIK,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtCpF,IAAI,EAAE8B,OAAO,CAAC9B,IAAI;MAClBsF,oBAAoB,EAAE,IAAI,CAAE;IAC9B,CAAC;IAED,IAAIxD,OAAO,CAACxB,YAAY,EAAE;MACxB4E,IAAI,CAACK,aAAa,GAAGzD,OAAO,CAACxB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACd4F,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE,KAAK,CAAE;IACnC,CAAC,CAAC,CACD1E,IAAI,CAAC,UAAC2E,GAAG,EAAK;MACb;MACAnB,MAAI,CAACpF,KAAK,CAACuD,WAAW,CAACiD,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACDjF,KAAK,CAAC,UAAC8E,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAOjF,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAACuB,GAAG,CAAC;MAC5B;;MAEA;MACA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAAC5E,KAAK,CAAC;MAE3D,OAAOJ,QAAA,CAAAlD,OAAA,CAAQwG,MAAM,CAAC,IAAI4B,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,8BAA8B,WAA9BA,8BAA8BA,CAACC,eAAe,EAAE;IAC9C,IAAMC,OAAO,GAAG,kCAAkC;IAClD,IAAMC,SAAS,GAAG,IAAIC,eAAe,CAAC,IAAIC,GAAG,CAACJ,eAAe,CAAC,CAACK,MAAM,CAAC;IACtE,IAAMC,QAAQ,GAAGJ,SAAS,CAACK,GAAG,CAAC,UAAU,CAAC;IAE1C,IAAID,QAAQ,EAAE;MACZ,IAAOhG,QAAQ,GAAI,IAAI,CAACvB,KAAK,CAACsB,QAAQ,CAA/BC,QAAQ;MACf,IAAMkG,cAAc,GAAGlG,QAAQ,CAACiG,GAAG,CAAC,cAAc,CAAC;MACnD,IAAME,kBAAkB,GAAG,IAAIL,GAAG,CAACH,OAAO,CAAC;MAC3CQ,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,UAAU,EAAEe,QAAQ,CAAC;MACzDG,kBAAkB,CAACC,YAAY,CAACnB,GAAG,CAAC,aAAa,EAAEiB,cAAc,CAAC;MAClE,OAAOC,kBAAkB,CAAC5E,QAAQ,CAAC,CAAC;IACtC,CAAC,MAAM;MACL,OAAOmE,eAAe;IACxB;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,eAAe,WAAfA,eAAeA,CAAA,EAAG;IAAA,IAAAC,MAAA;IAChB,IAAI,IAAI,CAAC/I,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAE;UAACwF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAI,CAAC9H,KAAK,CACP4F,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdkC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,2BAA2B;MACrC1C,IAAI,EAAE;QACJY,SAAS,EAAE,IAAI,CAACT,MAAM,CAACS,SAAS;QAChC+B,KAAK,EAAE,IAAI,CAACxC,MAAM,CAACwC;MACrB,CAAC;MACDjC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB;IACF,CAAC,CAAC,CACDzE,IAAI,CAAC,UAAC2E,GAAG,EAAK;MACb,IAAA2B,SAAA,GAAiE3B,GAAG,CAACG,IAAI;QAAlEyB,SAAS,GAAAD,SAAA,CAATC,SAAS;QAAEC,gBAAgB,GAAAF,SAAA,CAAhBE,gBAAgB;QAAEC,yBAAyB,GAAAH,SAAA,CAAzBG,yBAAyB;MAC7D,IAAMC,uBAAuB,GAC3BT,MAAI,CAACb,8BAA8B,CAACqB,yBAAyB,CAAC;MAChER,MAAI,CAACjJ,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BkG,QAAQ,EAAE;UACRhB,QAAQ,EAAEY,SAAS;UACnBK,eAAe,EAAEJ,gBAAgB;UACjCE,uBAAuB,EAAvBA;QACF;MACF,CAAC,CAAC;MACF;MACAT,MAAI,CAACY,mBAAmB,CAAClC,GAAG,CAACG,IAAI,CAAC;IACpC,CAAC,CAAC,CACDjF,KAAK,CAAC,UAAC8E,GAAG,EAAK;MACdsB,MAAI,CAACjJ,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,oBAAoB;QAC/BC,IAAI,EAAEiE,GAAG,CAACG;MACZ,CAAC,CAAC;IACJ,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE+B,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAe;IAAA,IAAAC,iBAAA;MAAAC,MAAA;IAAA,IAAdzG,OAAO,GAAA7C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,CAAC,CAAC;IAC9B,IAAI,CAAC6C,OAAO,CAAC0G,WAAW,EAAE;MACxB,IAAI,CAAChK,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACwF,OAAO,EAAE;QAA0B;MAC5C,CAAC,CAAC;MACF;IACF;IAEA,IAAI,IAAI,CAAChJ,YAAY,EAAE;MACrB;MACA,IAAI,CAACF,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACwF,OAAO,EAAE;QAAoC;MACtD,CAAC,CAAC;MACF;IACF;IAEA,IAAoBe,UAAU,GAAiC3G,OAAO,CAA/D0G,WAAW;MAAAE,mBAAA,GAA6C5G,OAAO,CAAtC6G,UAAU;MAAEC,SAAS,GAAAF,mBAAA,cAAG,GAAG,GAAAA,mBAAA;IAC3D;IACA,IAAIG,QAAQ,IAAAP,iBAAA,GAAGxG,OAAO,CAAC+G,QAAQ,cAAAP,iBAAA,cAAAA,iBAAA,GAAI,CAAC;;IAEpC;IACA,IAAI,CAAC3J,sBAAsB,GAAGmK,UAAU,CAAC,YAAM;MAC7CP,MAAI,CAACQ,mBAAmB,CAAC,KAAK,CAAC;MAC/BR,MAAI,CAAC/J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE,sBAAsB;QACjCC,IAAI,EAAE;UAACwF,OAAO,EAAE;QAAyB;MAC3C,CAAC,CAAC;IACJ,CAAC,EAAEkB,SAAS,GAAG,IAAI,CAAC;IAEpB,IAAMI,OAAO,GAAG,SAAVA,OAAOA,CAAA,EAAS;MACpB;MACAT,MAAI,CAAC3J,SAAS,IAAI,CAAC;MACnB2J,MAAI,CAAC1J,gBAAgB,GAAG0J,MAAI,CAAC3J,SAAS;MAEtC2J,MAAI,CAAC3I,KAAK,CACP4F,OAAO,CAAC;QACPC,MAAM,EAAE,MAAM;QACdkC,OAAO,EAAE,cAAc;QACvBC,QAAQ,EAAE,uBAAuB;QACjC1C,IAAI,EAAE;UACJC,UAAU,EAAE,8CAA8C;UAC1DqD,WAAW,EAAEC,UAAU;UACvB3C,SAAS,EAAEyC,MAAI,CAAClD,MAAM,CAACS;QACzB,CAAC;QACDF,IAAI,EAAE;UACJC,IAAI,EAAE0C,MAAI,CAAClD,MAAM,CAACS,SAAS;UAC3BC,IAAI,EAAEwC,MAAI,CAAClD,MAAM,CAACW,aAAa;UAC/BC,eAAe,EAAE;QACnB;MACF,CAAC,CAAC,CACDzE,IAAI,CAAC,UAAC2E,GAAG,EAAK;QACb;QACA,IAAIoC,MAAI,CAAC1J,gBAAgB,KAAK0J,MAAI,CAAC3J,SAAS,EAAE;QAE9C2J,MAAI,CAAC/J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UACzCwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAEiE,GAAG,CAACG;QACZ,CAAC,CAAC;QACFiC,MAAI,CAAC3I,KAAK,CAACuD,WAAW,CAACiD,GAAG,CAAC;UAACC,UAAU,EAAEF,GAAG,CAACG;QAAI,CAAC,CAAC;QAClDiC,MAAI,CAACQ,mBAAmB,CAAC,CAAC;MAC5B,CAAC,CAAC,CACD1H,KAAK,CAAC,UAAC8E,GAAG,EAAK;QACd,IAAIoC,MAAI,CAAC1J,gBAAgB,KAAK0J,MAAI,CAAC3J,SAAS,EAAE;;QAE9C;QACA,IAAIuH,GAAG,CAACI,UAAU,KAAK,GAAG,IAAIJ,GAAG,CAACG,IAAI,CAACoB,OAAO,KAAK,WAAW,EAAE;UAC9DuB,eAAe,CAACJ,QAAQ,GAAG,CAAC,CAAC;UAC7B;QACF;;QAEA;QACA,IAAI1C,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;UAC1BgC,MAAI,CAAC/J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;YACzCwE,SAAS,EAAE,sBAAsB;YACjCC,IAAI,EAAEiE,GAAG,CAACG;UACZ,CAAC,CAAC;UACF2C,eAAe,CAACJ,QAAQ,CAAC;UACzB;QACF;;QAEA;QACAN,MAAI,CAACQ,mBAAmB,CAAC,CAAC;QAE1BR,MAAI,CAAC/J,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;UACzCwE,SAAS,EAAE,sBAAsB;UACjCC,IAAI,EAAEiE,GAAG,CAACG;QACZ,CAAC,CAAC;MACJ,CAAC,CAAC;IACN,CAAC;;IAED;IACA,IAAM2C,eAAe,GAAG,SAAlBA,eAAeA,CAAIJ,QAAQ;MAAA,OAC9BN,MAAI,CAAC7J,YAAY,GAAGoK,UAAU,CAACE,OAAO,EAAEH,QAAQ,GAAG,IAAI,CAAC;IAAA,CAAC;IAE5DI,eAAe,CAACJ,QAAQ,CAAC;EAC3B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAyB;IAAA,IAAxBG,eAAe,GAAAjK,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8C,SAAA,GAAA9C,SAAA,MAAG,IAAI;IACxC,IAAI,IAAI,CAACP,YAAY,IAAIwK,eAAe,EAAE;MACxC,IAAI,CAAC1K,YAAY,CAACwD,IAAI,CAAC1E,MAAM,CAACG,WAAW,EAAE;QACzCwE,SAAS,EAAE;MACb,CAAC,CAAC;IACJ;IAEA,IAAI,CAACpD,gBAAgB,GAAG,IAAI;IAE5BsK,YAAY,CAAC,IAAI,CAACxK,sBAAsB,CAAC;IACzC,IAAI,CAACA,sBAAsB,GAAG,IAAI;IAClCwK,YAAY,CAAC,IAAI,CAACzK,YAAY,CAAC;IAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqC,qBAAqB,WAArBA,qBAAqBA,CAACf,IAAI,EAAE;IAC1B,OAAO,CAAAA,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEoJ,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAIrH,SAAS;EACzC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEhC,eAAe,WAAfA,eAAeA,CAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACyB,KAAK,EAAE;MACxB,IAAM8E,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACzG,KAAK,CAACyB,KAAK,CAAC;MAExD,MAAM,IAAI8E,gBAAgB,CAACvG,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,WAATA,SAASA,CAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,IAAA6C,iBAAS,EAAC7C,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACwJ,OAAO,IAAI,IAAI,CAACzJ,KAAK,CAACC,SAAS,CAAC,CAAC,CAACwJ,OAAO,CAACC,YAAY,EAAE;MACjF,IAAAC,eAAA,CAAAnL,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,IAAAuJ,eAAO,EAAC,IAAAC,YAAI,EAAChK,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,IAAAqJ,eAAA,CAAAnL,OAAA,EAAuBqB,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACsJ,MAAM,CAClC,IAAAC,UAAA,CAAAvL,OAAA,EAAe,IAAAqL,YAAI,EAAChK,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CACzD,CAAC;MACH;MACAT,QAAQ,CAACyH,MAAM,GAAG0C,oBAAW,CAACC,SAAS,CAACpK,QAAQ,CAACQ,KAAK,CAAC;MACvD,IAAAsJ,eAAA,CAAAnL,OAAA,EAAuBqB,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,CAAC,CAAC,CAACwJ,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE5J,aAAG,CAACoK,MAAM,CAACrK,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEqD,sBAAsB,WAAtBA,sBAAsBA,CAAA,EAAG;IACvB,IAAI,CAACnB,MAAM,CAACsB,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM8G,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAM3J,YAAY,GAAGnD,MAAM,CACxB+M,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAAC5M,MAAM,CAACgN,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAAC7K,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjFoF,IAAI,CAAC,EAAE,CAAC;IAEX,IAAM8F,aAAa,GAAG5H,iBAAQ,CAACC,MAAM,CAACnC,YAAY,CAAC,CAACoC,QAAQ,CAACsH,qBAAS,CAAC;IAEvE,IAAI,CAACpK,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC8J,OAAO,CAAChN,oBAAoB,EAAEiD,YAAY,CAAC;IAEjF,OAAO8J,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACExH,sBAAsB,WAAtBA,sBAAsBA,CAAA,EAAG;IACvB,IAAI,CAACjB,MAAM,CAACsB,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMqH,KAAK,GAAGC,aAAI,CAACC,EAAE,CAAC,CAAC;IAEvB,IAAI,CAAC5K,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAAC8J,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE3J,oBAAoB,WAApBA,oBAAoBA,CAACV,KAAK,EAAE;IAC1B,IAAMwK,YAAY,GAAG,IAAI,CAAC7K,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACC,OAAO,CAACpD,iBAAiB,CAAC;IAErF,IAAI,CAACwC,KAAK,CAACC,SAAS,CAAC,CAAC,CAACU,cAAc,CAACE,UAAU,CAACrD,iBAAiB,CAAC;IACnE,IAAI,CAACqN,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAACxK,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAI+E,KAAK,wBAAAZ,MAAA,CAAwBoG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAI,CAACxK,KAAK,CAACC,KAAK,CAACyC,UAAU,EAAE;MAC3B,MAAM,IAAIsC,KAAK,wBAAAZ,MAAA,CAAwBoG,YAAY,sCAAmC,CAAC;IACzF;IAEA,IAAMH,KAAK,GAAGrK,KAAK,CAACC,KAAK,CAACyC,UAAU;IAEpC,IAAI2H,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAIxF,KAAK,eAAAZ,MAAA,CAAeiG,KAAK,mCAAAjG,MAAA,CAAgCoG,YAAY,CAAE,CAAC;IACpF;EACF,CAAC;EAAAC,OAAA;AACH,CAAC,MAAAC,0BAAA,CAAAvM,OAAA,EAAAlB,IAAA,qCAAAF,IAAA,OAAA4N,yBAAA,CAAAxM,OAAA,EAAAlB,IAAA,qCAAAA,IAAA,OAAAyN,0BAAA,CAAAvM,OAAA,EAAAlB,IAAA,oCAAAD,KAAA,EA9cE4N,iBAAS,OAAAD,yBAAA,CAAAxM,OAAA,EAAAlB,IAAA,oCAAAA,IAAA,GAAAA,IAAA,CA8cX,CAAC;AAAC,IAAA4N,QAAA,GAAAvN,OAAA,CAAAa,OAAA,GAEYV,aAAa","ignoreList":[]}
package/package.json CHANGED
@@ -26,23 +26,23 @@
26
26
  "@webex/eslint-config-legacy": "0.0.0",
27
27
  "@webex/jest-config-legacy": "0.0.0",
28
28
  "@webex/legacy-tools": "0.0.0",
29
- "@webex/test-helper-chai": "3.12.0-next.1",
30
- "@webex/test-helper-mocha": "3.12.0-next.1",
31
- "@webex/test-helper-mock-webex": "3.12.0-next.1",
32
- "@webex/test-helper-test-users": "3.12.0-next.1",
29
+ "@webex/test-helper-chai": "3.12.0-next.2",
30
+ "@webex/test-helper-mocha": "3.12.0-next.2",
31
+ "@webex/test-helper-mock-webex": "3.12.0-next.2",
32
+ "@webex/test-helper-test-users": "3.12.0-next.2",
33
33
  "eslint": "^8.24.0",
34
34
  "prettier": "^2.7.1",
35
35
  "sinon": "^9.2.4"
36
36
  },
37
37
  "dependencies": {
38
- "@webex/common": "3.12.0-next.1",
39
- "@webex/storage-adapter-local-storage": "3.12.0-next.15",
40
- "@webex/test-helper-automation": "3.12.0-next.1",
41
- "@webex/test-helper-chai": "3.12.0-next.1",
42
- "@webex/test-helper-mocha": "3.12.0-next.1",
43
- "@webex/test-helper-mock-webex": "3.12.0-next.1",
44
- "@webex/test-helper-test-users": "3.12.0-next.1",
45
- "@webex/webex-core": "3.12.0-next.15",
38
+ "@webex/common": "3.12.0-next.2",
39
+ "@webex/storage-adapter-local-storage": "3.12.0-next.16",
40
+ "@webex/test-helper-automation": "3.12.0-next.2",
41
+ "@webex/test-helper-chai": "3.12.0-next.2",
42
+ "@webex/test-helper-mocha": "3.12.0-next.2",
43
+ "@webex/test-helper-mock-webex": "3.12.0-next.2",
44
+ "@webex/test-helper-test-users": "3.12.0-next.2",
45
+ "@webex/webex-core": "3.12.0-next.16",
46
46
  "crypto-js": "^4.1.1",
47
47
  "lodash": "^4.17.21",
48
48
  "uuid": "^3.3.2"
@@ -56,5 +56,5 @@
56
56
  "test:style": "eslint ./src/**/*.*",
57
57
  "test:unit": "webex-legacy-tools test --unit --runner jest"
58
58
  },
59
- "version": "3.12.0-next.15"
59
+ "version": "3.12.0-next.16"
60
60
  }
package/src/authorization.js CHANGED
@@ -1,4 +1,4 @@
1
- // @ts-nocheck
1
+ // @ts-nocheck
2
2
  /* eslint-disable */
3
3
  /*!
4
4
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
@@ -267,7 +267,7 @@ const Authorization = WebexPlugin.extend({
267
267
  eventType: 'initiateLogin',
268
268
  data: {
269
269
  hasEmail: !!options.email,
270
- hasState: !!options.state
270
+ hasState: !!options.state,
271
271
  },
272
272
  });
273
273
 
@@ -316,7 +316,7 @@ const Authorization = WebexPlugin.extend({
316
316
 
317
317
  this.eventEmitter.emit(Events.login, {
318
318
  eventType: 'redirectToLoginUrl',
319
- data: { loginUrl },
319
+ data: {loginUrl},
320
320
  });
321
321
 
322
322
  if (options?.separateWindow) {
@@ -343,6 +343,56 @@ const Authorization = WebexPlugin.extend({
343
343
  return Promise.resolve();
344
344
  },
345
345
 
346
+ /**
347
+ * Initiates third-party (social provider) login by redirecting the user
348
+ * to IdBroker's `/idb/ThirdPartyLogin` endpoint.
349
+ *
350
+ * Mirrors `initiateLogin`'s role for the standard `/authorize` flow.
351
+ * Delegates to `initiateThirdPartyLoginRedirect` so any pre-redirect
352
+ * security plumbing (CSRF / `state`) can be added here without changing
353
+ * the navigation method.
354
+ *
355
+ * @instance
356
+ * @memberof AuthorizationBrowserFirstParty
357
+ * @param {Object} options
358
+ * @param {string} options.oauth2provider
359
+ * @param {string} options.returnURL
360
+ * @returns {Promise<void>}
361
+ */
362
+ initiateThirdPartyLogin(options = {}) {
363
+ return this.initiateThirdPartyLoginRedirect(options);
364
+ },
365
+
366
+ /**
367
+ * Performs the navigation step of the third-party login flow. Builds the
368
+ * IdBroker URL via `Credentials#buildThirdPartyLoginUrl` and assigns it
369
+ * to `getWindow().location`.
370
+ *
371
+ * Mirrors `initiateAuthorizationCodeGrant` for the `/authorize` flow.
372
+ * Consumers may override this method for custom navigation handling
373
+ * (e.g. postMessage in iframed contexts).
374
+ *
375
+ * @instance
376
+ * @memberof AuthorizationBrowserFirstParty
377
+ * @param {Object} options
378
+ * @param {string} options.oauth2provider
379
+ * @param {string} options.returnURL
380
+ * @returns {Promise<void>}
381
+ */
382
+ initiateThirdPartyLoginRedirect(options = {}) {
383
+ this.logger.info('authorization: initiating third-party login redirect');
384
+
385
+ try {
386
+ const url = this.webex.credentials.buildThirdPartyLoginUrl(options);
387
+
388
+ this.webex.getWindow().location = url;
389
+ } catch (err) {
390
+ return Promise.reject(err);
391
+ }
392
+
393
+ return Promise.resolve();
394
+ },
395
+
346
396
  /**
347
397
  * Called by {@link WebexCore#logout()}.
348
398
  * Constructs logout URL and (unless suppressed) navigates away to ensure
@@ -497,10 +547,11 @@ const Authorization = WebexPlugin.extend({
497
547
  })
498
548
  .then((res) => {
499
549
  const {user_code, verification_uri, verification_uri_complete} = res.body;
500
- const verificationUriComplete = this._generateQRCodeVerificationUrl(verification_uri_complete);
550
+ const verificationUriComplete =
551
+ this._generateQRCodeVerificationUrl(verification_uri_complete);
501
552
  this.eventEmitter.emit(Events.qRCodeLogin, {
502
553
  eventType: 'getUserCodeSuccess',
503
- userData: {
554
+ userData: {
504
555
  userCode: user_code,
505
556
  verificationUri: verification_uri,
506
557
  verificationUriComplete,
@@ -591,7 +642,7 @@ const Authorization = WebexPlugin.extend({
591
642
  // If polling canceled (id changed), ignore this response
592
643
  if (this.currentPollingId !== this.pollingId) return;
593
644
 
594
- this.eventEmitter.emit(Events.qRCodeLogin, {
645
+ this.eventEmitter.emit(Events.qRCodeLogin, {
595
646
  eventType: 'authorizationSuccess',
596
647
  data: res.body,
597
648
  });
package/test/unit/spec/authorization.js CHANGED
@@ -430,12 +430,14 @@ describe('plugin-authorization-browser-first-party', () => {
430
430
  const webex = makeWebex();
431
431
 
432
432
  const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
433
- sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
433
+ sinon
434
+ .stub(webex.authorization, 'initiateAuthorizationCodeGrant')
435
+ .returns(Promise.resolve());
434
436
 
435
437
  return webex.authorization.initiateLogin().then(() => {
436
438
  assert.calledOnceWithExactly(emitSpy, Events.login, {
437
439
  eventType: 'initiateLogin',
438
- data: { hasEmail: false, hasState: false },
440
+ data: {hasEmail: false, hasState: false},
439
441
  });
440
442
  });
441
443
  });
@@ -444,12 +446,14 @@ describe('plugin-authorization-browser-first-party', () => {
444
446
  const webex = makeWebex();
445
447
 
446
448
  const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
447
- sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
449
+ sinon
450
+ .stub(webex.authorization, 'initiateAuthorizationCodeGrant')
451
+ .returns(Promise.resolve());
448
452
 
449
- return webex.authorization.initiateLogin({ email: 'test@abc.xyz' }).then(() => {
453
+ return webex.authorization.initiateLogin({email: 'test@abc.xyz'}).then(() => {
450
454
  assert.calledOnceWithExactly(emitSpy, Events.login, {
451
455
  eventType: 'initiateLogin',
452
- data: { hasEmail: true, hasState: false },
456
+ data: {hasEmail: true, hasState: false},
453
457
  });
454
458
  });
455
459
  });
@@ -458,12 +462,14 @@ describe('plugin-authorization-browser-first-party', () => {
458
462
  const webex = makeWebex();
459
463
 
460
464
  const emitSpy = sinon.spy(webex.authorization.eventEmitter, 'emit');
461
- sinon.stub(webex.authorization, 'initiateAuthorizationCodeGrant').returns(Promise.resolve());
465
+ sinon
466
+ .stub(webex.authorization, 'initiateAuthorizationCodeGrant')
467
+ .returns(Promise.resolve());
462
468
 
463
- return webex.authorization.initiateLogin({ state: {} }).then(() => {
469
+ return webex.authorization.initiateLogin({state: {}}).then(() => {
464
470
  assert.calledOnceWithExactly(emitSpy, Events.login, {
465
471
  eventType: 'initiateLogin',
466
- data: { hasEmail: false, hasState: true },
472
+ data: {hasEmail: false, hasState: true},
467
473
  });
468
474
  });
469
475
  });
@@ -471,81 +477,87 @@ describe('plugin-authorization-browser-first-party', () => {
471
477
 
472
478
  describe('#initiateAuthorizationCodeGrant()', () => {
473
479
  it('redirects to the login page with response_type=code', () => {
474
- const webex = makeWebex(undefined, undefined, {
475
- credentials: {
476
- clientType: 'confidential',
477
- },
478
- });
480
+ const webex = makeWebex(undefined, undefined, {
481
+ credentials: {
482
+ clientType: 'confidential',
483
+ },
484
+ });
479
485
 
480
- sinon.spy(webex.authorization, 'initiateAuthorizationCodeGrant');
486
+ sinon.spy(webex.authorization, 'initiateAuthorizationCodeGrant');
481
487
 
482
- return webex.authorization.initiateLogin().then(() => {
483
- assert.called(webex.authorization.initiateAuthorizationCodeGrant);
484
- assert.include(webex.getWindow().location, 'response_type=code');
485
- });
488
+ return webex.authorization.initiateLogin().then(() => {
489
+ assert.called(webex.authorization.initiateAuthorizationCodeGrant);
490
+ assert.include(webex.getWindow().location, 'response_type=code');
491
+ });
486
492
  });
487
493
 
488
494
  it('redirects to the login page in the same window by default', () => {
489
- const webex = makeWebex();
495
+ const webex = makeWebex();
490
496
 
491
- return webex.authorization.initiateAuthorizationCodeGrant().then(() => {
492
- assert.isDefined(webex.getWindow().location);
493
- assert.isUndefined(webex.getWindow().open);
494
- });
497
+ return webex.authorization.initiateAuthorizationCodeGrant().then(() => {
498
+ assert.isDefined(webex.getWindow().location);
499
+ assert.isUndefined(webex.getWindow().open);
500
+ });
495
501
  });
496
502
 
497
503
  it('opens login page in a new window when separateWindow is true', () => {
498
- const webex = makeWebex();
499
- webex.getWindow().open = sinon.spy();
500
-
501
- return webex.authorization.initiateAuthorizationCodeGrant({ separateWindow: true }).then(() => {
502
- assert.called(webex.getWindow().open);
503
- const openCall = webex.getWindow().open.getCall(0);
504
- assert.equal(openCall.args[1], '_blank');
505
- assert.equal(openCall.args[2], 'width=600,height=800');
506
- });
504
+ const webex = makeWebex();
505
+ webex.getWindow().open = sinon.spy();
506
+
507
+ return webex.authorization
508
+ .initiateAuthorizationCodeGrant({separateWindow: true})
509
+ .then(() => {
510
+ assert.called(webex.getWindow().open);
511
+ const openCall = webex.getWindow().open.getCall(0);
512
+ assert.equal(openCall.args[1], '_blank');
513
+ assert.equal(openCall.args[2], 'width=600,height=800');
514
+ });
507
515
  });
508
516
 
509
517
  it('opens login page in a new window with custom dimensions', () => {
510
- const webex = makeWebex();
511
- webex.getWindow().open = sinon.spy();
512
-
513
- const customWindow = {
514
- width: 800,
515
- height: 600,
516
- menubar: 'no',
517
- toolbar: 'no'
518
- };
518
+ const webex = makeWebex();
519
+ webex.getWindow().open = sinon.spy();
519
520
 
520
- return webex.authorization.initiateAuthorizationCodeGrant({
521
- separateWindow: customWindow
522
- }).then(() => {
523
- assert.called(webex.getWindow().open);
524
- const openCall = webex.getWindow().open.getCall(0);
525
- assert.equal(openCall.args[1], '_blank');
526
- assert.equal(
527
- openCall.args[2],
528
- 'width=800,height=600,menubar=no,toolbar=no'
529
- );
530
- });
521
+ const customWindow = {
522
+ width: 800,
523
+ height: 600,
524
+ menubar: 'no',
525
+ toolbar: 'no',
526
+ };
527
+
528
+ return webex.authorization
529
+ .initiateAuthorizationCodeGrant({
530
+ separateWindow: customWindow,
531
+ })
532
+ .then(() => {
533
+ assert.called(webex.getWindow().open);
534
+ const openCall = webex.getWindow().open.getCall(0);
535
+ assert.equal(openCall.args[1], '_blank');
536
+ assert.equal(openCall.args[2], 'width=800,height=600,menubar=no,toolbar=no');
537
+ });
531
538
  });
532
539
 
533
540
  it('preserves other options when using separateWindow', () => {
534
- const webex = makeWebex();
535
- webex.getWindow().open = sinon.spy();
536
-
537
- return webex.authorization.initiateAuthorizationCodeGrant({
538
- separateWindow: true,
539
- state: {}
540
- }).then(() => {
541
- assert.called(webex.getWindow().open);
542
- const url = webex.getWindow().open.getCall(0).args[0];
543
- assert.include(url, "https://idbrokerbts.webex.com/idb/oauth2/v1/authorize?response_type=code&separateWindow=true&client_id=fake&redirect_uri=http%3A%2F%2Fexample.com&scope=scope%3Aone");
544
- });
541
+ const webex = makeWebex();
542
+ webex.getWindow().open = sinon.spy();
543
+
544
+ return webex.authorization
545
+ .initiateAuthorizationCodeGrant({
546
+ separateWindow: true,
547
+ state: {},
548
+ })
549
+ .then(() => {
550
+ assert.called(webex.getWindow().open);
551
+ const url = webex.getWindow().open.getCall(0).args[0];
552
+ assert.include(
553
+ url,
554
+ 'https://idbrokerbts.webex.com/idb/oauth2/v1/authorize?response_type=code&separateWindow=true&client_id=fake&redirect_uri=http%3A%2F%2Fexample.com&scope=scope%3Aone'
555
+ );
556
+ });
545
557
  });
546
558
 
547
559
  it('Emits an event containing the login url', () => {
548
- const testLoginUrl = "https://test.example.com";
560
+ const testLoginUrl = 'https://test.example.com';
549
561
  const webex = makeWebex();
550
562
 
551
563
  sinon.stub(webex.credentials, 'buildLoginUrl').returns(testLoginUrl);
@@ -554,17 +566,73 @@ describe('plugin-authorization-browser-first-party', () => {
554
566
  return webex.authorization.initiateAuthorizationCodeGrant().then(() => {
555
567
  assert.calledOnceWithExactly(emitSpy, Events.login, {
556
568
  eventType: 'redirectToLoginUrl',
557
- data: { loginUrl: testLoginUrl },
569
+ data: {loginUrl: testLoginUrl},
558
570
  });
559
571
  });
560
572
  });
561
573
  });
562
574
 
575
+ describe('#initiateThirdPartyLogin()', () => {
576
+ it('delegates to #initiateThirdPartyLoginRedirect and returns its promise', () => {
577
+ const webex = makeWebex();
578
+ const expected = Promise.resolve();
579
+ const stub = sinon
580
+ .stub(webex.authorization, 'initiateThirdPartyLoginRedirect')
581
+ .returns(expected);
582
+ const options = {
583
+ oauth2provider: 'google',
584
+ returnURL: 'https://web.webex.com',
585
+ };
586
+
587
+ const result = webex.authorization.initiateThirdPartyLogin(options);
588
+
589
+ assert.equal(result, expected);
590
+ assert.calledOnceWithExactly(stub, options);
591
+
592
+ return result;
593
+ });
594
+ });
595
+
596
+ describe('#initiateThirdPartyLoginRedirect()', () => {
597
+ it('builds the third-party login URL and assigns it to getWindow().location', () => {
598
+ const webex = makeWebex();
599
+ const builtUrl =
600
+ 'https://idbroker.webex.com/idb/ThirdPartyLogin?oauth2provider=google&returnURL=https%3A%2F%2Fweb.webex.com';
601
+ sinon.stub(webex.credentials, 'buildThirdPartyLoginUrl').returns(builtUrl);
602
+
603
+ return webex.authorization
604
+ .initiateThirdPartyLoginRedirect({
605
+ oauth2provider: 'google',
606
+ returnURL: 'https://web.webex.com',
607
+ })
608
+ .then(() => {
609
+ assert.calledOnceWithExactly(webex.credentials.buildThirdPartyLoginUrl, {
610
+ oauth2provider: 'google',
611
+ returnURL: 'https://web.webex.com',
612
+ });
613
+ assert.equal(webex.getWindow().location, builtUrl);
614
+ });
615
+ });
616
+
617
+ it('returns a rejected promise if buildThirdPartyLoginUrl throws', () => {
618
+ const webex = makeWebex();
619
+ sinon
620
+ .stub(webex.credentials, 'buildThirdPartyLoginUrl')
621
+ .throws(new Error('`options.oauth2provider` is required'));
622
+
623
+ return assert.isRejected(
624
+ webex.authorization.initiateThirdPartyLoginRedirect({}),
625
+ /`options.oauth2provider` is required/
626
+ );
627
+ });
628
+ });
629
+
563
630
  describe('#_generateQRCodeVerificationUrl()', () => {
564
631
  it('should generate a QR code URL when a userCode is present', () => {
565
632
  const verificationUrl = 'https://example.com/verify?userCode=123456';
566
633
  const oauthHelperUrl = 'https://oauth-helper-a.wbx2.com/helperservice/v1';
567
- const expectedUrl = 'https://web.webex.com/deviceAuth?usercode=123456&oauthhelper=https%3A%2F%2Foauth-helper-a.wbx2.com%2Fhelperservice%2Fv1';
634
+ const expectedUrl =
635
+ 'https://web.webex.com/deviceAuth?usercode=123456&oauthhelper=https%3A%2F%2Foauth-helper-a.wbx2.com%2Fhelperservice%2Fv1';
568
636
 
569
637
  const webex = makeWebex('http://example.com');
570
638