@webex/webex-core 3.0.0-beta.42 → 3.0.0-beta.421

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/lib/batcher.js +1 -1
  2. package/dist/lib/constants.js +14 -0
  3. package/dist/lib/constants.js.map +1 -0
  4. package/dist/lib/credentials/credentials.js +61 -22
  5. package/dist/lib/credentials/credentials.js.map +1 -1
  6. package/dist/lib/credentials/scope.js +25 -8
  7. package/dist/lib/credentials/scope.js.map +1 -1
  8. package/dist/lib/credentials/token.js +4 -1
  9. package/dist/lib/credentials/token.js.map +1 -1
  10. package/dist/lib/services/interceptors/server-error.js +2 -2
  11. package/dist/lib/services/interceptors/server-error.js.map +1 -1
  12. package/dist/lib/services/interceptors/service.js +4 -2
  13. package/dist/lib/services/interceptors/service.js.map +1 -1
  14. package/dist/lib/services/service-catalog.js +2 -1
  15. package/dist/lib/services/service-catalog.js.map +1 -1
  16. package/dist/lib/services/services.js +56 -9
  17. package/dist/lib/services/services.js.map +1 -1
  18. package/dist/plugins/logger.js +1 -1
  19. package/dist/webex-core.js +7 -2
  20. package/dist/webex-core.js.map +1 -1
  21. package/package.json +14 -14
  22. package/src/lib/constants.js +6 -0
  23. package/src/lib/credentials/credentials.js +82 -40
  24. package/src/lib/credentials/scope.js +24 -5
  25. package/src/lib/credentials/token.js +9 -1
  26. package/src/lib/services/interceptors/server-error.js +1 -1
  27. package/src/lib/services/interceptors/service.js +2 -2
  28. package/src/lib/services/service-catalog.js +3 -1
  29. package/src/lib/services/services.js +48 -1
  30. package/src/webex-core.js +13 -1
  31. package/test/integration/spec/unit-browser/auth.js +93 -0
  32. package/test/integration/spec/unit-browser/token.js +122 -0
  33. package/test/unit/spec/credentials/credentials.js +168 -13
  34. package/test/unit/spec/credentials/scope.js +80 -0
  35. package/test/unit/spec/credentials/token.js +11 -1
  36. package/test/unit/spec/interceptors/auth.js +3 -0
  37. package/test/unit/spec/services/interceptors/service.js +9 -3
  38. package/test/unit/spec/services/services.js +62 -0
  39. package/test/unit/spec/webex-core.js +12 -0
package/dist/lib/batcher.js CHANGED
@@ -282,7 +282,7 @@ var Batcher = _webexPlugin.default.extend({
282
282
  fingerprintResponse: function fingerprintResponse(item) {
283
283
  throw new Error('fingerprintResponse() must be implemented');
284
284
  },
285
- version: "3.0.0-beta.42"
285
+ version: "3.0.0-beta.421"
286
286
  });
287
287
  var _default2 = Batcher;
288
288
  exports.default = _default2;
package/dist/lib/constants.js ADDED
@@ -0,0 +1,14 @@
1
+ "use strict";
2
+
3
+ var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
4
+ _Object$defineProperty(exports, "__esModule", {
5
+ value: true
6
+ });
7
+ exports.METRICS = void 0;
8
+ // Metric to do with WDM registration
9
+ var METRICS = {
10
+ JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED: 'JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED',
11
+ JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH: 'JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH'
12
+ };
13
+ exports.METRICS = METRICS;
14
+ //# sourceMappingURL=constants.js.map
package/dist/lib/constants.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["METRICS","JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED","JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH"],"sources":["constants.js"],"sourcesContent":["// Metric to do with WDM registration\nexport const METRICS = {\n JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED: 'JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED',\n JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH:\n 'JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH',\n};\n"],"mappings":";;;;;;;AAAA;AACO,IAAMA,OAAO,GAAG;EACrBC,mCAAmC,EAAE,qCAAqC;EAC1EC,+CAA+C,EAC7C;AACJ,CAAC;AAAC"}
package/dist/lib/credentials/credentials.js CHANGED
@@ -1,11 +1,13 @@
1
1
  "use strict";
2
2
 
3
+ var _typeof = require("@babel/runtime-corejs2/helpers/typeof");
3
4
  var _Object$keys2 = require("@babel/runtime-corejs2/core-js/object/keys");
4
5
  var _Object$getOwnPropertySymbols = require("@babel/runtime-corejs2/core-js/object/get-own-property-symbols");
5
6
  var _Object$getOwnPropertyDescriptor2 = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptor");
6
7
  var _Object$getOwnPropertyDescriptors = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptors");
7
8
  var _Object$defineProperties = require("@babel/runtime-corejs2/core-js/object/define-properties");
8
9
  var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
10
+ var _WeakMap = require("@babel/runtime-corejs2/core-js/weak-map");
9
11
  var _interopRequireDefault = require("@babel/runtime-corejs2/helpers/interopRequireDefault");
10
12
  _Object$defineProperty(exports, "__esModule", {
11
13
  value: true
@@ -31,11 +33,14 @@ var _common = require("@webex/common");
31
33
  var _commonTimers = require("@webex/common-timers");
32
34
  var _webexPlugin = _interopRequireDefault(require("../webex-plugin"));
33
35
  var _decorators = require("../storage/decorators");
34
- var _grantErrors = _interopRequireDefault(require("./grant-errors"));
36
+ var _grantErrors = _interopRequireWildcard(require("./grant-errors"));
35
37
  var _scope = require("./scope");
36
38
  var _token = _interopRequireDefault(require("./token"));
37
39
  var _tokenCollection = _interopRequireDefault(require("./token-collection"));
40
+ var _constants = require("../constants");
38
41
  var _dec, _dec2, _dec3, _dec4, _dec5, _dec6, _obj;
42
+ function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
43
+ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = _Object$defineProperty && _Object$getOwnPropertyDescriptor2; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor2(obj, key) : null; if (desc && (desc.get || desc.set)) { _Object$defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
39
44
  function ownKeys(object, enumerableOnly) { var keys = _Object$keys2(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return _Object$getOwnPropertyDescriptor2(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
40
45
  function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { (0, _defineProperty2.default)(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor2(source, key)); }); } return target; }
41
46
  /**
@@ -68,6 +73,22 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
68
73
  }
69
74
  return Boolean(this.supertoken && this.supertoken.canRefresh);
70
75
  }
76
+ },
77
+ isUnverifiedGuest: {
78
+ deps: ['supertoken'],
79
+ /**
80
+ * Returns true if the user is an unverified guest
81
+ * @returns {boolean}
82
+ */
83
+ fn: function fn() {
84
+ var isGuest = false;
85
+ try {
86
+ isGuest = JSON.parse(_common.base64.decode(this.supertoken.access_token.split('.')[1])).user_type === 'guest';
87
+ } catch (_unused) {
88
+ /* the non-guest token is formatted differently so catch is expected */
89
+ }
90
+ return isGuest;
91
+ }
71
92
  }
72
93
  },
73
94
  props: {
@@ -252,8 +273,16 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
252
273
  downscope: function downscope(scope) {
253
274
  var _this2 = this;
254
275
  return this.supertoken.downscope(scope).catch(function (reason) {
255
- _this2.logger.trace("credentials: failed to downscope supertoken to ".concat(scope), reason);
276
+ var _reason$body;
277
+ var failReason = (_reason$body = reason === null || reason === void 0 ? void 0 : reason.body) !== null && _reason$body !== void 0 ? _reason$body : reason;
278
+ _this2.logger.warn("credentials: failed to downscope supertoken to \"".concat(scope, "\""), failReason);
256
279
  _this2.logger.trace("credentials: falling back to supertoken for ".concat(scope));
280
+ _this2.webex.internal.metrics.submitClientMetrics(_constants.METRICS.JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED, {
281
+ fields: {
282
+ requestedScope: scope,
283
+ failReason: failReason
284
+ }
285
+ });
257
286
  return _promise.default.resolve(new _token.default(_objectSpread({
258
287
  scope: scope
259
288
  }, _this2.supertoken.serialize())), {
@@ -325,10 +354,10 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
325
354
  return _promise.default.reject(new Error('Current state cannot produce an access token'));
326
355
  }
327
356
  if (!scope) {
328
- scope = (0, _scope.filterScope)('spark:kms', _this4.config.scope);
357
+ scope = (0, _scope.filterScope)('spark:kms', _this4.supertoken.scope);
329
358
  }
330
359
  scope = (0, _scope.sortScope)(scope);
331
- if (scope === (0, _scope.sortScope)(_this4.config.scope)) {
360
+ if (scope === (0, _scope.sortScope)(_this4.supertoken.scope)) {
332
361
  return _promise.default.resolve(_this4.supertoken);
333
362
  }
334
363
  var token = _this4.userTokens.get(scope);
@@ -460,15 +489,40 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
460
489
  if (this.webex.internal.services) {
461
490
  this.webex.internal.services.updateCredentialsConfig();
462
491
  }
463
- return supertoken.refresh().then(function (st) {
492
+ return supertoken.refresh().catch(function (error) {
493
+ if (error instanceof _grantErrors.OAuthError) {
494
+ // Error: super token refresh failed with 400 status code.
495
+ // Hence emit an event to the client, an opportunity to logout.
496
+ _this6.unset('supertoken');
497
+ while (_this6.userTokens.models.length) {
498
+ try {
499
+ _this6.userTokens.remove(_this6.userTokens.models[0]);
500
+ } catch (err) {
501
+ _this6.logger.warn('credentials: failed to remove user token', err);
502
+ }
503
+ }
504
+ _this6.webex.trigger('client:InvalidRequestError');
505
+ }
506
+ return _promise.default.reject(error);
507
+ }).then(function (st) {
464
508
  // clear refresh timer
465
509
  if (_this6.refreshTimer) {
466
510
  clearTimeout(_this6.refreshTimer);
467
511
  _this6.unset('refreshTimer');
468
512
  }
469
513
  _this6.supertoken = st;
514
+ var invalidScopes = (0, _scope.diffScopes)(_this6.config.scope, st.scope);
515
+ if (invalidScopes !== '') {
516
+ _this6.logger.warn("credentials: \"".concat(invalidScopes, "\" scope(s) are invalid because not listed in the supertoken, they will be excluded from user token requests."));
517
+ _this6.webex.internal.metrics.submitClientMetrics(_constants.METRICS.JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH, {
518
+ fields: {
519
+ invalidScopes: invalidScopes
520
+ }
521
+ });
522
+ }
470
523
  return _promise.default.all(tokens.map(function (token) {
471
- return _this6.downscope(token.scope)
524
+ var tokenScope = (0, _scope.filterScope)((0, _scope.diffScopes)(token.scope, st.scope), token.scope);
525
+ return _this6.downscope(tokenScope)
472
526
  // eslint-disable-next-line max-nested-callbacks
473
527
  .then(function (t) {
474
528
  _this6.logger.info("credentials: revoking token for ".concat(token.scope));
@@ -482,21 +536,6 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
482
536
  }));
483
537
  }).then(function () {
484
538
  _this6.scheduleRefresh(_this6.supertoken.expires);
485
- }).catch(function (error) {
486
- var InvalidRequestError = _grantErrors.default.InvalidRequestError;
487
- if (error instanceof InvalidRequestError) {
488
- // Error: The refresh token provided is expired, revoked, malformed, or invalid. Hence emit an event to the client, an opportunity to logout.
489
- _this6.unset('supertoken');
490
- while (_this6.userTokens.models.length) {
491
- try {
492
- _this6.userTokens.remove(_this6.userTokens.models[0]);
493
- } catch (err) {
494
- _this6.logger.warn('credentials: failed to remove user token', err);
495
- }
496
- }
497
- _this6.webex.trigger('client:InvalidRequestError');
498
- }
499
- return _promise.default.reject(error);
500
539
  });
501
540
  },
502
541
  /**
@@ -519,7 +558,7 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
519
558
  this.refresh();
520
559
  }
521
560
  },
522
- version: "3.0.0-beta.42"
561
+ version: "3.0.0-beta.421"
523
562
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "getUserToken", [_dec, _dec2], (0, _getOwnPropertyDescriptor.default)(_obj, "getUserToken"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "initialize", [_dec3], (0, _getOwnPropertyDescriptor.default)(_obj, "initialize"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "invalidate", [_common.oneFlight, _dec4], (0, _getOwnPropertyDescriptor.default)(_obj, "invalidate"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "refresh", [_common.oneFlight, _dec5, _dec6], (0, _getOwnPropertyDescriptor.default)(_obj, "refresh"), _obj)), _obj)));
524
563
  var _default = Credentials;
525
564
  exports.default = _default;
package/dist/lib/credentials/credentials.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["Credentials","WebexPlugin","extend","oneFlight","keyFactory","scope","waitForValue","persist","whileInFlight","collections","userTokens","TokenCollection","dataTypes","token","makeStateDataType","Token","dataType","derived","canAuthorize","deps","fn","Boolean","supertoken","canRefresh","config","jwtRefreshCallback","props","prop","namespace","session","isRefreshing","default","type","ready","refreshTimer","undefined","buildLoginUrl","options","clientType","state","Error","client_id","redirect_uri","response_type","base64","toBase64Url","authorizeUrl","querystring","stringify","getOrgId","logger","info","extractOrgIdFromJWT","access_token","e","extractOrgIdFromUserToken","f","decodedJWT","jwt","decode","realm","fields","split","length","buildLogoutUrl","logoutUrl","cisService","service","goto","calcRefreshTimeout","expiration","Math","floor","random","constructor","_dataTypes","forEach","key","set","bind","args","downscope","catch","reason","trace","resolve","serialize","parent","getClientToken","webex","request","method","uri","tokenUrl","form","grant_type","self_contained_token","auth","user","pass","client_secret","sendImmediately","shouldRefreshAccessToken","then","res","body","statusCode","reject","ErrorConstructor","grantErrors","select","error","_res","getUserToken","once","filterScope","sortScope","get","tap","t","add","initialize","attrs","authorization","expires","scheduleRefresh","prototype","listenToOnce","authorizationString","parsed","url","parse","query","href","substr","indexOf","invalidate","clearTimeout","unset","err","warn","models","remove","refresh","tokens","requestAccessTokenFromJwt","internal","services","updateCredentialsConfig","st","all","map","revoke","InvalidRequestError","trigger","expiresIn","timeoutLength","safeSetTimeout"],"sources":["credentials.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\n\nimport jwt from 'jsonwebtoken';\nimport {base64, makeStateDataType, oneFlight, tap, whileInFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {clone, cloneDeep, isObject, isEmpty} from 'lodash';\n\nimport WebexPlugin from '../webex-plugin';\nimport {persist, waitForValue} from '../storage/decorators';\n\nimport grantErrors from './grant-errors';\nimport {filterScope, sortScope} from './scope';\nimport Token from './token';\nimport TokenCollection from './token-collection';\n\n/**\n * @class\n */\nconst Credentials = WebexPlugin.extend({\n collections: {\n userTokens: TokenCollection,\n },\n\n dataTypes: {\n token: makeStateDataType(Token, 'token').dataType,\n },\n\n derived: {\n canAuthorize: {\n deps: ['supertoken', 'supertoken.canAuthorize', 'canRefresh'],\n fn() {\n return Boolean((this.supertoken && this.supertoken.canAuthorize) || this.canRefresh);\n },\n },\n canRefresh: {\n deps: ['supertoken', 'supertoken.canRefresh'],\n fn() {\n // If we're operating in JWT mode, we have to delegate to the consumer\n if (this.config.jwtRefreshCallback) {\n return true;\n }\n\n return Boolean(this.supertoken && this.supertoken.canRefresh);\n },\n },\n },\n\n props: {\n supertoken: makeStateDataType(Token, 'token').prop,\n },\n\n namespace: 'Credentials',\n\n session: {\n isRefreshing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Becomes `true` once the {@link loaded} event fires.\n * @see {@link WebexPlugin#ready}\n * @instance\n * @memberof Credentials\n * @type {boolean}\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n refreshTimer: {\n default: undefined,\n type: 'any',\n },\n },\n\n /**\n * Generates an OAuth Login URL. Prefers the api.ciscospark.com proxy if the\n * instance is initialize with an authorizatUrl, but fallsback to idbroker\n * as the base otherwise.\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {string}\n */\n buildLoginUrl(options = {clientType: 'public'}) {\n /* eslint-disable camelcase */\n if (options.state && !isObject(options.state)) {\n throw new Error('if specified, `options.state` must be an object');\n }\n\n options.client_id = this.config.client_id;\n options.redirect_uri = this.config.redirect_uri;\n options.scope = this.config.scope;\n\n options = cloneDeep(options);\n\n if (!options.response_type) {\n options.response_type = options.clientType === 'public' ? 'token' : 'code';\n }\n Reflect.deleteProperty(options, 'clientType');\n\n if (options.state) {\n if (!isEmpty(options.state)) {\n options.state = base64.toBase64Url(JSON.stringify(options.state));\n } else {\n delete options.state;\n }\n }\n\n return `${this.config.authorizeUrl}?${querystring.stringify(options)}`;\n /* eslint-enable camelcase */\n },\n\n /**\n * Get the determined OrgId.\n *\n * @throws {Error} - If the OrgId could not be determined.\n * @returns {string} - The OrgId.\n */\n getOrgId() {\n this.logger.info('credentials: attempting to retrieve the OrgId from token');\n\n try {\n // Attempt to extract a client-authenticated token's OrgId.\n this.logger.info('credentials: trying to extract OrgId from JWT');\n\n return this.extractOrgIdFromJWT(this.supertoken.access_token);\n } catch (e) {\n // Attempt to extract a user token's OrgId.\n this.logger.info('credentials: could not extract OrgId from JWT');\n this.logger.info('credentials: attempting to extract OrgId from user token');\n\n try {\n return this.extractOrgIdFromUserToken(this.supertoken?.access_token);\n } catch (f) {\n this.logger.info('credentials: could not extract OrgId from user token');\n throw f;\n }\n }\n },\n\n /**\n * Extract the OrgId [realm] from a provided JWT.\n *\n * @private\n * @param {string} token - The JWT to extract the OrgId from.\n * @throws {Error} - If the token does not pass JWT general/realm validation.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromJWT(token = '') {\n // Decoded the provided token.\n const decodedJWT = jwt.decode(token);\n\n // Validate that the provided token is a JWT.\n if (!decodedJWT) {\n throw new Error('unable to extract the OrgId from the provided JWT');\n }\n\n if (!decodedJWT.realm) {\n throw new Error('the provided JWT does not contain an OrgId');\n }\n\n // Return the OrgId [realm].\n return decodedJWT.realm;\n },\n\n /**\n * Extract the OrgId [realm] from a provided user token.\n *\n * @private\n * @param {string} token - The user token to extract the OrgId from.\n * @throws {Error} - Will throw an error if the provided token is invalid.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromUserToken(token = '') {\n // Split the provided token into subsections.\n const fields = token.split('_');\n\n // Validate that the provided token has the proper amount of sections.\n if (fields.length !== 3) {\n throw new Error('the provided token is not a valid format');\n }\n\n // Return the token section that contains the OrgId.\n return fields[2];\n },\n\n /**\n * Generates a Logout URL\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {[type]}\n */\n buildLogoutUrl(options = {}) {\n return `${this.config.logoutUrl}?${querystring.stringify({\n cisService: this.config.service,\n goto: this.config.redirect_uri,\n ...options,\n })}`;\n },\n\n /**\n * Generates a number between 60% - 90% of expired value\n * @instance\n * @memberof Credentials\n * @param {number} expiration\n * @private\n * @returns {number}\n */\n calcRefreshTimeout(expiration) {\n return Math.floor(((Math.floor(Math.random() * 4) + 6) / 10) * expiration);\n },\n\n constructor(...args) {\n // HACK to deal with the fact that AmpersandState#dataTypes#set is a pure\n // function.\n this._dataTypes = cloneDeep(this._dataTypes);\n Object.keys(this._dataTypes).forEach((key) => {\n if (this._dataTypes[key].set) {\n this._dataTypes[key].set = this._dataTypes[key].set.bind(this);\n }\n });\n // END HACK\n Reflect.apply(WebexPlugin, this, args);\n },\n\n /**\n * Downscopes a token\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @private\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n return this.supertoken.downscope(scope).catch((reason) => {\n this.logger.trace(`credentials: failed to downscope supertoken to ${scope}`, reason);\n this.logger.trace(`credentials: falling back to supertoken for ${scope}`);\n\n return Promise.resolve(new Token({scope, ...this.supertoken.serialize()}), {\n parent: this,\n });\n });\n },\n\n /**\n * Requests a client credentials grant and returns the token. Given the\n * limited use for such tokens as this time, this method does not cache its\n * token.\n * @instance\n * @memberof Credentials\n * @param {Object} options\n * @returns {Promise<Token>}\n */\n getClientToken(options = {}) {\n this.logger.info('credentials: requesting client credentials grant');\n\n return this.webex\n .request({\n /* eslint-disable camelcase */\n method: 'POST',\n uri: options.uri || this.config.tokenUrl,\n form: {\n grant_type: 'client_credentials',\n scope: options.scope || 'webexsquare:admin',\n self_contained_token: true,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n /* eslint-enable camelcase */\n })\n .then((res) => new Token(res.body, {parent: this}))\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n @oneFlight({keyFactory: (scope) => scope})\n @waitForValue('@')\n /**\n * Resolves with a token with the specified scopes. If no scope is specified,\n * defaults to omit(webex.credentials.scope, 'spark:kms'). If no such token is\n * available, downscopes the supertoken to that scope.\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n getUserToken(scope) {\n return Promise.resolve(\n !this.isRefreshing ||\n new Promise((resolve) => {\n this.logger.info(\n 'credentials: token refresh inflight; delaying getUserToken until refresh completes'\n );\n this.once('change:isRefreshing', () => {\n this.logger.info('credentials: token refresh complete; reinvoking getUserToken');\n resolve();\n });\n })\n ).then(() => {\n if (!this.canAuthorize) {\n this.logger.info('credentials: cannot produce an access token from current state');\n\n return Promise.reject(new Error('Current state cannot produce an access token'));\n }\n\n if (!scope) {\n scope = filterScope('spark:kms', this.config.scope);\n }\n\n scope = sortScope(scope);\n\n if (scope === sortScope(this.config.scope)) {\n return Promise.resolve(this.supertoken);\n }\n\n const token = this.userTokens.get(scope);\n\n // we should also check for the token.access_token since token object does\n // not get cleared on unsetting while logging out.\n if (!token || !token.access_token) {\n return this.downscope(scope).then(tap((t) => this.userTokens.add(t)));\n }\n\n return Promise.resolve(token);\n });\n },\n\n @persist('@')\n /**\n * Initializer\n * @instance\n * @memberof Credentials\n * @param {Object} attrs\n * @param {Object} options\n * @private\n * @returns {Credentials}\n */\n initialize(attrs, options) {\n if (attrs) {\n if (typeof attrs === 'string') {\n this.supertoken = attrs;\n }\n\n if (attrs.access_token) {\n this.supertoken = attrs;\n }\n\n if (attrs.authorization) {\n if (attrs.authorization.supertoken) {\n this.supertoken = attrs.authorization.supertoken;\n } else {\n this.supertoken = attrs.authorization;\n }\n }\n\n // schedule refresh\n if (this.supertoken && this.supertoken.expires) {\n this.scheduleRefresh(this.supertoken.expires);\n }\n }\n\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n this.listenToOnce(this.parent, 'change:config', () => {\n if (this.config.authorizationString) {\n const parsed = url.parse(this.config.authorizationString, true);\n\n /* eslint-disable camelcase */\n this.config.client_id = parsed.query.client_id;\n this.config.redirect_uri = parsed.query.redirect_uri;\n this.config.scope = parsed.query.scope;\n this.config.authorizeUrl = parsed.href.substr(0, parsed.href.indexOf('?'));\n /* eslint-enable camelcase */\n }\n });\n\n this.webex.once('loaded', () => {\n this.ready = true;\n });\n },\n\n @oneFlight\n @waitForValue('@')\n /**\n * Clears all tokens from store them from the stores.\n *\n * This is no longer quite the right name for this method, but all of the\n * alternatives I'm coming up with are already taken.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n invalidate() {\n this.logger.info('credentials: invalidating tokens');\n\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n\n try {\n this.unset('supertoken');\n } catch (err) {\n this.logger.warn('credentials: failed to clear supertoken', err);\n }\n\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n\n this.logger.info('credentials: finished removing tokens');\n\n // Return a promise to give the storage layer a tick or two to clear\n // localStorage\n return Promise.resolve();\n },\n\n @oneFlight\n @whileInFlight('isRefreshing')\n @waitForValue('@')\n /**\n * Removes the supertoken and child tokens, then refreshes the supertoken;\n * subsequent calls to {@link Credentials#getUserToken()} will re-downscope\n * child tokens. Enqueus revocation of previous previousTokens. Yes, that's\n * the correct number of \"previous\"es.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n refresh() {\n this.logger.info('credentials: refresh requested');\n\n const {supertoken} = this;\n const tokens = clone(this.userTokens.models);\n\n // This is kind of a leaky abstraction, since it relies on the authorization\n // plugin, but the only alternatives I see are\n // 1. put all JWT support in core\n // 2. have separate jwt and non-jwt auth plugins\n // while I like #2 from a code simplicity standpoint, the third-party DX\n // isn't great\n if (this.config.jwtRefreshCallback) {\n return (\n this.config\n .jwtRefreshCallback(this.webex)\n // eslint-disable-next-line no-shadow\n .then((jwt) => this.webex.authorization.requestAccessTokenFromJwt({jwt}))\n );\n }\n\n if (this.webex.internal.services) {\n this.webex.internal.services.updateCredentialsConfig();\n }\n\n return supertoken\n .refresh()\n .then((st) => {\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n this.supertoken = st;\n\n return Promise.all(\n tokens.map((token) =>\n this.downscope(token.scope)\n // eslint-disable-next-line max-nested-callbacks\n .then((t) => {\n this.logger.info(`credentials: revoking token for ${token.scope}`);\n\n return token\n .revoke()\n .catch((err) => {\n this.logger.warn('credentials: failed to revoke user token', err);\n })\n .then(() => {\n this.userTokens.remove(token.scope);\n this.userTokens.add(t);\n });\n })\n )\n );\n })\n .then(() => {\n this.scheduleRefresh(this.supertoken.expires);\n })\n .catch((error) => {\n const {InvalidRequestError} = grantErrors;\n\n if (error instanceof InvalidRequestError) {\n // Error: The refresh token provided is expired, revoked, malformed, or invalid. Hence emit an event to the client, an opportunity to logout.\n this.unset('supertoken');\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n this.webex.trigger('client:InvalidRequestError');\n }\n\n return Promise.reject(error);\n });\n },\n\n /**\n * Schedules a token refresh or refreshes the token if token has expired\n * @instance\n * @memberof Credentials\n * @param {number} expires\n * @private\n * @returns {undefined}\n */\n scheduleRefresh(expires) {\n const expiresIn = expires - Date.now();\n\n if (expiresIn > 0) {\n const timeoutLength = this.calcRefreshTimeout(expiresIn);\n\n this.refreshTimer = safeSetTimeout(() => this.refresh(), timeoutLength);\n } else {\n this.refresh();\n }\n },\n});\n\nexport default Credentials;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;AACA;AAEA;AACA;AACA;AAGA;AACA;AAEA;AACA;AACA;AACA;AAAiD;AAAA;AAAA;AAEjD;AACA;AACA;AACA,IAAMA,WAAW,GAAGC,oBAAW,CAACC,MAAM,SA8QnC,IAAAC,iBAAS,EAAC;EAACC,UAAU,EAAE,oBAACC,KAAK;IAAA,OAAKA,KAAK;EAAA;AAAA,CAAC,CAAC,UACzC,IAAAC,wBAAY,EAAC,GAAG,CAAC,UAmDjB,IAAAC,mBAAO,EAAC,GAAG,CAAC,UAuDZ,IAAAD,wBAAY,EAAC,GAAG,CAAC,UAyCjB,IAAAE,qBAAa,EAAC,cAAc,CAAC,UAC7B,IAAAF,wBAAY,EAAC,GAAG,CAAC,UAnamB;EACrCG,WAAW,EAAE;IACXC,UAAU,EAAEC;EACd,CAAC;EAEDC,SAAS,EAAE;IACTC,KAAK,EAAE,IAAAC,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACC;EAC3C,CAAC;EAEDC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,YAAY,EAAE,yBAAyB,EAAE,YAAY,CAAC;MAC7DC,EAAE,gBAAG;QACH,OAAOC,OAAO,CAAE,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACJ,YAAY,IAAK,IAAI,CAACK,UAAU,CAAC;MACtF;IACF,CAAC;IACDA,UAAU,EAAE;MACVJ,IAAI,EAAE,CAAC,YAAY,EAAE,uBAAuB,CAAC;MAC7CC,EAAE,gBAAG;QACH;QACA,IAAI,IAAI,CAACI,MAAM,CAACC,kBAAkB,EAAE;UAClC,OAAO,IAAI;QACb;QAEA,OAAOJ,OAAO,CAAC,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACC,UAAU,CAAC;MAC/D;IACF;EACF,CAAC;EAEDG,KAAK,EAAE;IACLJ,UAAU,EAAE,IAAAR,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACY;EAChD,CAAC;EAEDC,SAAS,EAAE,aAAa;EAExBC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZC,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACDE,YAAY,EAAE;MACZH,OAAO,EAAEI,SAAS;MAClBH,IAAI,EAAE;IACR;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEI,aAAa,2BAAmC;IAAA,IAAlCC,OAAO,uEAAG;MAACC,UAAU,EAAE;IAAQ,CAAC;IAC5C;IACA,IAAID,OAAO,CAACE,KAAK,IAAI,CAAC,wBAASF,OAAO,CAACE,KAAK,CAAC,EAAE;MAC7C,MAAM,IAAIC,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEAH,OAAO,CAACI,SAAS,GAAG,IAAI,CAACjB,MAAM,CAACiB,SAAS;IACzCJ,OAAO,CAACK,YAAY,GAAG,IAAI,CAAClB,MAAM,CAACkB,YAAY;IAC/CL,OAAO,CAAChC,KAAK,GAAG,IAAI,CAACmB,MAAM,CAACnB,KAAK;IAEjCgC,OAAO,GAAG,yBAAUA,OAAO,CAAC;IAE5B,IAAI,CAACA,OAAO,CAACM,aAAa,EAAE;MAC1BN,OAAO,CAACM,aAAa,GAAGN,OAAO,CAACC,UAAU,KAAK,QAAQ,GAAG,OAAO,GAAG,MAAM;IAC5E;IACA,6BAAuBD,OAAO,EAAE,YAAY,CAAC;IAE7C,IAAIA,OAAO,CAACE,KAAK,EAAE;MACjB,IAAI,CAAC,uBAAQF,OAAO,CAACE,KAAK,CAAC,EAAE;QAC3BF,OAAO,CAACE,KAAK,GAAGK,cAAM,CAACC,WAAW,CAAC,wBAAeR,OAAO,CAACE,KAAK,CAAC,CAAC;MACnE,CAAC,MAAM;QACL,OAAOF,OAAO,CAACE,KAAK;MACtB;IACF;IAEA,iBAAU,IAAI,CAACf,MAAM,CAACsB,YAAY,cAAIC,oBAAW,CAACC,SAAS,CAACX,OAAO,CAAC;IACpE;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEY,QAAQ,sBAAG;IACT,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;IAE5E,IAAI;MACF;MACA,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MAEjE,OAAO,IAAI,CAACC,mBAAmB,CAAC,IAAI,CAAC9B,UAAU,CAAC+B,YAAY,CAAC;IAC/D,CAAC,CAAC,OAAOC,CAAC,EAAE;MACV;MACA,IAAI,CAACJ,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MACjE,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;MAE5E,IAAI;QAAA;QACF,OAAO,IAAI,CAACI,yBAAyB,qBAAC,IAAI,CAACjC,UAAU,qDAAf,iBAAiB+B,YAAY,CAAC;MACtE,CAAC,CAAC,OAAOG,CAAC,EAAE;QACV,IAAI,CAACN,MAAM,CAACC,IAAI,CAAC,sDAAsD,CAAC;QACxE,MAAMK,CAAC;MACT;IACF;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEJ,mBAAmB,iCAAa;IAAA,IAAZvC,KAAK,uEAAG,EAAE;IAC5B;IACA,IAAM4C,UAAU,GAAGC,qBAAG,CAACC,MAAM,CAAC9C,KAAK,CAAC;;IAEpC;IACA,IAAI,CAAC4C,UAAU,EAAE;MACf,MAAM,IAAIjB,KAAK,CAAC,mDAAmD,CAAC;IACtE;IAEA,IAAI,CAACiB,UAAU,CAACG,KAAK,EAAE;MACrB,MAAM,IAAIpB,KAAK,CAAC,4CAA4C,CAAC;IAC/D;;IAEA;IACA,OAAOiB,UAAU,CAACG,KAAK;EACzB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,yBAAyB,uCAAa;IAAA,IAAZ1C,KAAK,uEAAG,EAAE;IAClC;IACA,IAAMgD,MAAM,GAAGhD,KAAK,CAACiD,KAAK,CAAC,GAAG,CAAC;;IAE/B;IACA,IAAID,MAAM,CAACE,MAAM,KAAK,CAAC,EAAE;MACvB,MAAM,IAAIvB,KAAK,CAAC,0CAA0C,CAAC;IAC7D;;IAEA;IACA,OAAOqB,MAAM,CAAC,CAAC,CAAC;EAClB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEG,cAAc,4BAAe;IAAA,IAAd3B,OAAO,uEAAG,CAAC,CAAC;IACzB,iBAAU,IAAI,CAACb,MAAM,CAACyC,SAAS,cAAIlB,oBAAW,CAACC,SAAS;MACtDkB,UAAU,EAAE,IAAI,CAAC1C,MAAM,CAAC2C,OAAO;MAC/BC,IAAI,EAAE,IAAI,CAAC5C,MAAM,CAACkB;IAAY,GAC3BL,OAAO,EACV;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEgC,kBAAkB,8BAACC,UAAU,EAAE;IAC7B,OAAOC,IAAI,CAACC,KAAK,CAAE,CAACD,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAIH,UAAU,CAAC;EAC5E,CAAC;EAEDI,WAAW,yBAAU;IAAA;IACnB;IACA;IACA,IAAI,CAACC,UAAU,GAAG,yBAAU,IAAI,CAACA,UAAU,CAAC;IAC5C,mBAAY,IAAI,CAACA,UAAU,CAAC,CAACC,OAAO,CAAC,UAACC,GAAG,EAAK;MAC5C,IAAI,KAAI,CAACF,UAAU,CAACE,GAAG,CAAC,CAACC,GAAG,EAAE;QAC5B,KAAI,CAACH,UAAU,CAACE,GAAG,CAAC,CAACC,GAAG,GAAG,KAAI,CAACH,UAAU,CAACE,GAAG,CAAC,CAACC,GAAG,CAACC,IAAI,CAAC,KAAI,CAAC;MAChE;IACF,CAAC,CAAC;IACF;IAAA,kCATaC,IAAI;MAAJA,IAAI;IAAA;IAUjB,oBAAc/E,oBAAW,EAAE,IAAI,EAAE+E,IAAI,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,qBAAC5E,KAAK,EAAE;IAAA;IACf,OAAO,IAAI,CAACiB,UAAU,CAAC2D,SAAS,CAAC5E,KAAK,CAAC,CAAC6E,KAAK,CAAC,UAACC,MAAM,EAAK;MACxD,MAAI,CAACjC,MAAM,CAACkC,KAAK,0DAAmD/E,KAAK,GAAI8E,MAAM,CAAC;MACpF,MAAI,CAACjC,MAAM,CAACkC,KAAK,uDAAgD/E,KAAK,EAAG;MAEzE,OAAO,iBAAQgF,OAAO,CAAC,IAAItE,cAAK;QAAEV,KAAK,EAALA;MAAK,GAAK,MAAI,CAACiB,UAAU,CAACgE,SAAS,EAAE,EAAE,EAAE;QACzEC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,cAAc,4BAAe;IAAA;IAAA,IAAdnD,OAAO,uEAAG,CAAC,CAAC;IACzB,IAAI,CAACa,MAAM,CAACC,IAAI,CAAC,kDAAkD,CAAC;IAEpE,OAAO,IAAI,CAACsC,KAAK,CACdC,OAAO,CAAC;MACP;MACAC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAEvD,OAAO,CAACuD,GAAG,IAAI,IAAI,CAACpE,MAAM,CAACqE,QAAQ;MACxCC,IAAI,EAAE;QACJC,UAAU,EAAE,oBAAoB;QAChC1F,KAAK,EAAEgC,OAAO,CAAChC,KAAK,IAAI,mBAAmB;QAC3C2F,oBAAoB,EAAE;MACxB,CAAC;MACDC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAAC1E,MAAM,CAACiB,SAAS;QAC3B0D,IAAI,EAAE,IAAI,CAAC3E,MAAM,CAAC4E,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;MAC1B;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAACC,GAAG;MAAA,OAAK,IAAIzF,cAAK,CAACyF,GAAG,CAACC,IAAI,EAAE;QAAClB,MAAM,EAAE;MAAI,CAAC,CAAC;IAAA,EAAC,CAClDL,KAAK,CAAC,UAACsB,GAAG,EAAK;MACd,IAAIA,GAAG,CAACE,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO,iBAAQC,MAAM,CAACH,GAAG,CAAC;MAC5B;MAEA,IAAMI,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACN,GAAG,CAACC,IAAI,CAACM,KAAK,CAAC;MAE3D,OAAO,iBAAQJ,MAAM,CAAC,IAAIC,gBAAgB,CAACJ,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACES,YAAY,wBAAC5G,KAAK,EAAE;IAAA;IAClB,OAAO,iBAAQgF,OAAO,CACpB,CAAC,IAAI,CAACvD,YAAY,IAChB,qBAAY,UAACuD,OAAO,EAAK;MACvB,MAAI,CAACnC,MAAM,CAACC,IAAI,CACd,oFAAoF,CACrF;MACD,MAAI,CAAC+D,IAAI,CAAC,qBAAqB,EAAE,YAAM;QACrC,MAAI,CAAChE,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;QAChFkC,OAAO,EAAE;MACX,CAAC,CAAC;IACJ,CAAC,CAAC,CACL,CAACkB,IAAI,CAAC,YAAM;MACX,IAAI,CAAC,MAAI,CAACrF,YAAY,EAAE;QACtB,MAAI,CAACgC,MAAM,CAACC,IAAI,CAAC,gEAAgE,CAAC;QAElF,OAAO,iBAAQwD,MAAM,CAAC,IAAInE,KAAK,CAAC,8CAA8C,CAAC,CAAC;MAClF;MAEA,IAAI,CAACnC,KAAK,EAAE;QACVA,KAAK,GAAG,IAAA8G,kBAAW,EAAC,WAAW,EAAE,MAAI,CAAC3F,MAAM,CAACnB,KAAK,CAAC;MACrD;MAEAA,KAAK,GAAG,IAAA+G,gBAAS,EAAC/G,KAAK,CAAC;MAExB,IAAIA,KAAK,KAAK,IAAA+G,gBAAS,EAAC,MAAI,CAAC5F,MAAM,CAACnB,KAAK,CAAC,EAAE;QAC1C,OAAO,iBAAQgF,OAAO,CAAC,MAAI,CAAC/D,UAAU,CAAC;MACzC;MAEA,IAAMT,KAAK,GAAG,MAAI,CAACH,UAAU,CAAC2G,GAAG,CAAChH,KAAK,CAAC;;MAExC;MACA;MACA,IAAI,CAACQ,KAAK,IAAI,CAACA,KAAK,CAACwC,YAAY,EAAE;QACjC,OAAO,MAAI,CAAC4B,SAAS,CAAC5E,KAAK,CAAC,CAACkG,IAAI,CAAC,IAAAe,WAAG,EAAC,UAACC,CAAC;UAAA,OAAK,MAAI,CAAC7G,UAAU,CAAC8G,GAAG,CAACD,CAAC,CAAC;QAAA,EAAC,CAAC;MACvE;MAEA,OAAO,iBAAQlC,OAAO,CAACxE,KAAK,CAAC;IAC/B,CAAC,CAAC;EACJ,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE4G,UAAU,sBAACC,KAAK,EAAErF,OAAO,EAAE;IAAA;IACzB,IAAIqF,KAAK,EAAE;MACT,IAAI,OAAOA,KAAK,KAAK,QAAQ,EAAE;QAC7B,IAAI,CAACpG,UAAU,GAAGoG,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACrE,YAAY,EAAE;QACtB,IAAI,CAAC/B,UAAU,GAAGoG,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACC,aAAa,EAAE;QACvB,IAAID,KAAK,CAACC,aAAa,CAACrG,UAAU,EAAE;UAClC,IAAI,CAACA,UAAU,GAAGoG,KAAK,CAACC,aAAa,CAACrG,UAAU;QAClD,CAAC,MAAM;UACL,IAAI,CAACA,UAAU,GAAGoG,KAAK,CAACC,aAAa;QACvC;MACF;;MAEA;MACA,IAAI,IAAI,CAACrG,UAAU,IAAI,IAAI,CAACA,UAAU,CAACsG,OAAO,EAAE;QAC9C,IAAI,CAACC,eAAe,CAAC,IAAI,CAACvG,UAAU,CAACsG,OAAO,CAAC;MAC/C;IACF;IAEA,oBAAc3H,oBAAW,CAAC6H,SAAS,CAACL,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAErF,OAAO,CAAC,CAAC;IAEvE,IAAI,CAAC0F,YAAY,CAAC,IAAI,CAACxC,MAAM,EAAE,eAAe,EAAE,YAAM;MACpD,IAAI,MAAI,CAAC/D,MAAM,CAACwG,mBAAmB,EAAE;QACnC,IAAMC,MAAM,GAAGC,YAAG,CAACC,KAAK,CAAC,MAAI,CAAC3G,MAAM,CAACwG,mBAAmB,EAAE,IAAI,CAAC;;QAE/D;QACA,MAAI,CAACxG,MAAM,CAACiB,SAAS,GAAGwF,MAAM,CAACG,KAAK,CAAC3F,SAAS;QAC9C,MAAI,CAACjB,MAAM,CAACkB,YAAY,GAAGuF,MAAM,CAACG,KAAK,CAAC1F,YAAY;QACpD,MAAI,CAAClB,MAAM,CAACnB,KAAK,GAAG4H,MAAM,CAACG,KAAK,CAAC/H,KAAK;QACtC,MAAI,CAACmB,MAAM,CAACsB,YAAY,GAAGmF,MAAM,CAACI,IAAI,CAACC,MAAM,CAAC,CAAC,EAAEL,MAAM,CAACI,IAAI,CAACE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1E;MACF;IACF,CAAC,CAAC;;IAEF,IAAI,CAAC9C,KAAK,CAACyB,IAAI,CAAC,QAAQ,EAAE,YAAM;MAC9B,MAAI,CAACjF,KAAK,GAAG,IAAI;IACnB,CAAC,CAAC;EACJ,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuG,UAAU,wBAAG;IACX,IAAI,CAACtF,MAAM,CAACC,IAAI,CAAC,kCAAkC,CAAC;;IAEpD;IACA,IAAI,IAAI,CAACjB,YAAY,EAAE;MACrBuG,YAAY,CAAC,IAAI,CAACvG,YAAY,CAAC;MAC/B,IAAI,CAACwG,KAAK,CAAC,cAAc,CAAC;IAC5B;IAEA,IAAI;MACF,IAAI,CAACA,KAAK,CAAC,YAAY,CAAC;IAC1B,CAAC,CAAC,OAAOC,GAAG,EAAE;MACZ,IAAI,CAACzF,MAAM,CAAC0F,IAAI,CAAC,yCAAyC,EAAED,GAAG,CAAC;IAClE;IAEA,OAAO,IAAI,CAACjI,UAAU,CAACmI,MAAM,CAAC9E,MAAM,EAAE;MACpC,IAAI;QACF,IAAI,CAACrD,UAAU,CAACoI,MAAM,CAAC,IAAI,CAACpI,UAAU,CAACmI,MAAM,CAAC,CAAC,CAAC,CAAC;MACnD,CAAC,CAAC,OAAOF,GAAG,EAAE;QACZ,IAAI,CAACzF,MAAM,CAAC0F,IAAI,CAAC,0CAA0C,EAAED,GAAG,CAAC;MACnE;IACF;IAEA,IAAI,CAACzF,MAAM,CAACC,IAAI,CAAC,uCAAuC,CAAC;;IAEzD;IACA;IACA,OAAO,iBAAQkC,OAAO,EAAE;EAC1B,CAAC;EAKD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE0D,OAAO,qBAAG;IAAA;IACR,IAAI,CAAC7F,MAAM,CAACC,IAAI,CAAC,gCAAgC,CAAC;IAElD,IAAO7B,UAAU,GAAI,IAAI,CAAlBA,UAAU;IACjB,IAAM0H,MAAM,GAAG,qBAAM,IAAI,CAACtI,UAAU,CAACmI,MAAM,CAAC;;IAE5C;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,IAAI,CAACrH,MAAM,CAACC,kBAAkB,EAAE;MAClC,OACE,IAAI,CAACD,MAAM,CACRC,kBAAkB,CAAC,IAAI,CAACgE,KAAK;MAC9B;MAAA,CACCc,IAAI,CAAC,UAAC7C,GAAG;QAAA,OAAK,MAAI,CAAC+B,KAAK,CAACkC,aAAa,CAACsB,yBAAyB,CAAC;UAACvF,GAAG,EAAHA;QAAG,CAAC,CAAC;MAAA,EAAC;IAE/E;IAEA,IAAI,IAAI,CAAC+B,KAAK,CAACyD,QAAQ,CAACC,QAAQ,EAAE;MAChC,IAAI,CAAC1D,KAAK,CAACyD,QAAQ,CAACC,QAAQ,CAACC,uBAAuB,EAAE;IACxD;IAEA,OAAO9H,UAAU,CACdyH,OAAO,EAAE,CACTxC,IAAI,CAAC,UAAC8C,EAAE,EAAK;MACZ;MACA,IAAI,MAAI,CAACnH,YAAY,EAAE;QACrBuG,YAAY,CAAC,MAAI,CAACvG,YAAY,CAAC;QAC/B,MAAI,CAACwG,KAAK,CAAC,cAAc,CAAC;MAC5B;MACA,MAAI,CAACpH,UAAU,GAAG+H,EAAE;MAEpB,OAAO,iBAAQC,GAAG,CAChBN,MAAM,CAACO,GAAG,CAAC,UAAC1I,KAAK;QAAA,OACf,MAAI,CAACoE,SAAS,CAACpE,KAAK,CAACR,KAAK;QACxB;QAAA,CACCkG,IAAI,CAAC,UAACgB,CAAC,EAAK;UACX,MAAI,CAACrE,MAAM,CAACC,IAAI,2CAAoCtC,KAAK,CAACR,KAAK,EAAG;UAElE,OAAOQ,KAAK,CACT2I,MAAM,EAAE,CACRtE,KAAK,CAAC,UAACyD,GAAG,EAAK;YACd,MAAI,CAACzF,MAAM,CAAC0F,IAAI,CAAC,0CAA0C,EAAED,GAAG,CAAC;UACnE,CAAC,CAAC,CACDpC,IAAI,CAAC,YAAM;YACV,MAAI,CAAC7F,UAAU,CAACoI,MAAM,CAACjI,KAAK,CAACR,KAAK,CAAC;YACnC,MAAI,CAACK,UAAU,CAAC8G,GAAG,CAACD,CAAC,CAAC;UACxB,CAAC,CAAC;QACN,CAAC,CAAC;MAAA,EACL,CACF;IACH,CAAC,CAAC,CACDhB,IAAI,CAAC,YAAM;MACV,MAAI,CAACsB,eAAe,CAAC,MAAI,CAACvG,UAAU,CAACsG,OAAO,CAAC;IAC/C,CAAC,CAAC,CACD1C,KAAK,CAAC,UAAC6B,KAAK,EAAK;MAChB,IAAO0C,mBAAmB,GAAI5C,oBAAW,CAAlC4C,mBAAmB;MAE1B,IAAI1C,KAAK,YAAY0C,mBAAmB,EAAE;QACxC;QACA,MAAI,CAACf,KAAK,CAAC,YAAY,CAAC;QACxB,OAAO,MAAI,CAAChI,UAAU,CAACmI,MAAM,CAAC9E,MAAM,EAAE;UACpC,IAAI;YACF,MAAI,CAACrD,UAAU,CAACoI,MAAM,CAAC,MAAI,CAACpI,UAAU,CAACmI,MAAM,CAAC,CAAC,CAAC,CAAC;UACnD,CAAC,CAAC,OAAOF,GAAG,EAAE;YACZ,MAAI,CAACzF,MAAM,CAAC0F,IAAI,CAAC,0CAA0C,EAAED,GAAG,CAAC;UACnE;QACF;QACA,MAAI,CAAClD,KAAK,CAACiE,OAAO,CAAC,4BAA4B,CAAC;MAClD;MAEA,OAAO,iBAAQ/C,MAAM,CAACI,KAAK,CAAC;IAC9B,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEc,eAAe,2BAACD,OAAO,EAAE;IAAA;IACvB,IAAM+B,SAAS,GAAG/B,OAAO,GAAG,mBAAU;IAEtC,IAAI+B,SAAS,GAAG,CAAC,EAAE;MACjB,IAAMC,aAAa,GAAG,IAAI,CAACvF,kBAAkB,CAACsF,SAAS,CAAC;MAExD,IAAI,CAACzH,YAAY,GAAG,IAAA2H,4BAAc,EAAC;QAAA,OAAM,MAAI,CAACd,OAAO,EAAE;MAAA,GAAEa,aAAa,CAAC;IACzE,CAAC,MAAM;MACL,IAAI,CAACb,OAAO,EAAE;IAChB;EACF,CAAC;EAAA;AACH,CAAC,0VAtJE5I,iBAAS,uIAyCTA,iBAAS,yFA6GV;AAAC,eAEYH,WAAW;AAAA"}
1
+ {"version":3,"names":["Credentials","WebexPlugin","extend","oneFlight","keyFactory","scope","waitForValue","persist","whileInFlight","collections","userTokens","TokenCollection","dataTypes","token","makeStateDataType","Token","dataType","derived","canAuthorize","deps","fn","Boolean","supertoken","canRefresh","config","jwtRefreshCallback","isUnverifiedGuest","isGuest","JSON","parse","base64","decode","access_token","split","user_type","props","prop","namespace","session","isRefreshing","default","type","ready","refreshTimer","undefined","buildLoginUrl","options","clientType","state","Error","client_id","redirect_uri","response_type","toBase64Url","authorizeUrl","querystring","stringify","getOrgId","logger","info","extractOrgIdFromJWT","e","extractOrgIdFromUserToken","f","decodedJWT","jwt","realm","fields","length","buildLogoutUrl","logoutUrl","cisService","service","goto","calcRefreshTimeout","expiration","Math","floor","random","constructor","_dataTypes","forEach","key","set","bind","args","downscope","catch","reason","failReason","body","warn","trace","webex","internal","metrics","submitClientMetrics","METRICS","JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED","requestedScope","resolve","serialize","parent","getClientToken","request","method","uri","tokenUrl","form","grant_type","self_contained_token","auth","user","pass","client_secret","sendImmediately","shouldRefreshAccessToken","then","res","statusCode","reject","ErrorConstructor","grantErrors","select","error","_res","getUserToken","once","filterScope","sortScope","get","tap","t","add","initialize","attrs","authorization","expires","scheduleRefresh","prototype","listenToOnce","authorizationString","parsed","url","query","href","substr","indexOf","invalidate","clearTimeout","unset","err","models","remove","refresh","tokens","requestAccessTokenFromJwt","services","updateCredentialsConfig","OAuthError","trigger","st","invalidScopes","diffScopes","JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH","all","map","tokenScope","revoke","expiresIn","timeoutLength","safeSetTimeout"],"sources":["credentials.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\n\nimport jwt from 'jsonwebtoken';\nimport {base64, makeStateDataType, oneFlight, tap, whileInFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {clone, cloneDeep, isObject, isEmpty} from 'lodash';\n\nimport WebexPlugin from '../webex-plugin';\nimport {persist, waitForValue} from '../storage/decorators';\n\nimport grantErrors, {OAuthError} from './grant-errors';\nimport {filterScope, diffScopes, sortScope} from './scope';\nimport Token from './token';\nimport TokenCollection from './token-collection';\nimport {METRICS} from '../constants';\n\n/**\n * @class\n */\nconst Credentials = WebexPlugin.extend({\n collections: {\n userTokens: TokenCollection,\n },\n\n dataTypes: {\n token: makeStateDataType(Token, 'token').dataType,\n },\n\n derived: {\n canAuthorize: {\n deps: ['supertoken', 'supertoken.canAuthorize', 'canRefresh'],\n fn() {\n return Boolean((this.supertoken && this.supertoken.canAuthorize) || this.canRefresh);\n },\n },\n canRefresh: {\n deps: ['supertoken', 'supertoken.canRefresh'],\n fn() {\n // If we're operating in JWT mode, we have to delegate to the consumer\n if (this.config.jwtRefreshCallback) {\n return true;\n }\n\n return Boolean(this.supertoken && this.supertoken.canRefresh);\n },\n },\n isUnverifiedGuest: {\n deps: ['supertoken'],\n /**\n * Returns true if the user is an unverified guest\n * @returns {boolean}\n */\n fn() {\n let isGuest = false;\n try {\n isGuest =\n JSON.parse(base64.decode(this.supertoken.access_token.split('.')[1])).user_type ===\n 'guest';\n } catch {\n /* the non-guest token is formatted differently so catch is expected */\n }\n\n return isGuest;\n },\n },\n },\n\n props: {\n supertoken: makeStateDataType(Token, 'token').prop,\n },\n\n namespace: 'Credentials',\n\n session: {\n isRefreshing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Becomes `true` once the {@link loaded} event fires.\n * @see {@link WebexPlugin#ready}\n * @instance\n * @memberof Credentials\n * @type {boolean}\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n refreshTimer: {\n default: undefined,\n type: 'any',\n },\n },\n\n /**\n * Generates an OAuth Login URL. Prefers the api.ciscospark.com proxy if the\n * instance is initialize with an authorizatUrl, but fallsback to idbroker\n * as the base otherwise.\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {string}\n */\n buildLoginUrl(options = {clientType: 'public'}) {\n /* eslint-disable camelcase */\n if (options.state && !isObject(options.state)) {\n throw new Error('if specified, `options.state` must be an object');\n }\n\n options.client_id = this.config.client_id;\n options.redirect_uri = this.config.redirect_uri;\n options.scope = this.config.scope;\n\n options = cloneDeep(options);\n\n if (!options.response_type) {\n options.response_type = options.clientType === 'public' ? 'token' : 'code';\n }\n Reflect.deleteProperty(options, 'clientType');\n\n if (options.state) {\n if (!isEmpty(options.state)) {\n options.state = base64.toBase64Url(JSON.stringify(options.state));\n } else {\n delete options.state;\n }\n }\n\n return `${this.config.authorizeUrl}?${querystring.stringify(options)}`;\n /* eslint-enable camelcase */\n },\n\n /**\n * Get the determined OrgId.\n *\n * @throws {Error} - If the OrgId could not be determined.\n * @returns {string} - The OrgId.\n */\n getOrgId() {\n this.logger.info('credentials: attempting to retrieve the OrgId from token');\n\n try {\n // Attempt to extract a client-authenticated token's OrgId.\n this.logger.info('credentials: trying to extract OrgId from JWT');\n\n return this.extractOrgIdFromJWT(this.supertoken.access_token);\n } catch (e) {\n // Attempt to extract a user token's OrgId.\n this.logger.info('credentials: could not extract OrgId from JWT');\n this.logger.info('credentials: attempting to extract OrgId from user token');\n\n try {\n return this.extractOrgIdFromUserToken(this.supertoken?.access_token);\n } catch (f) {\n this.logger.info('credentials: could not extract OrgId from user token');\n throw f;\n }\n }\n },\n\n /**\n * Extract the OrgId [realm] from a provided JWT.\n *\n * @private\n * @param {string} token - The JWT to extract the OrgId from.\n * @throws {Error} - If the token does not pass JWT general/realm validation.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromJWT(token = '') {\n // Decoded the provided token.\n const decodedJWT = jwt.decode(token);\n\n // Validate that the provided token is a JWT.\n if (!decodedJWT) {\n throw new Error('unable to extract the OrgId from the provided JWT');\n }\n\n if (!decodedJWT.realm) {\n throw new Error('the provided JWT does not contain an OrgId');\n }\n\n // Return the OrgId [realm].\n return decodedJWT.realm;\n },\n\n /**\n * Extract the OrgId [realm] from a provided user token.\n *\n * @private\n * @param {string} token - The user token to extract the OrgId from.\n * @throws {Error} - Will throw an error if the provided token is invalid.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromUserToken(token = '') {\n // Split the provided token into subsections.\n const fields = token.split('_');\n\n // Validate that the provided token has the proper amount of sections.\n if (fields.length !== 3) {\n throw new Error('the provided token is not a valid format');\n }\n\n // Return the token section that contains the OrgId.\n return fields[2];\n },\n\n /**\n * Generates a Logout URL\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {[type]}\n */\n buildLogoutUrl(options = {}) {\n return `${this.config.logoutUrl}?${querystring.stringify({\n cisService: this.config.service,\n goto: this.config.redirect_uri,\n ...options,\n })}`;\n },\n\n /**\n * Generates a number between 60% - 90% of expired value\n * @instance\n * @memberof Credentials\n * @param {number} expiration\n * @private\n * @returns {number}\n */\n calcRefreshTimeout(expiration) {\n return Math.floor(((Math.floor(Math.random() * 4) + 6) / 10) * expiration);\n },\n\n constructor(...args) {\n // HACK to deal with the fact that AmpersandState#dataTypes#set is a pure\n // function.\n this._dataTypes = cloneDeep(this._dataTypes);\n Object.keys(this._dataTypes).forEach((key) => {\n if (this._dataTypes[key].set) {\n this._dataTypes[key].set = this._dataTypes[key].set.bind(this);\n }\n });\n // END HACK\n Reflect.apply(WebexPlugin, this, args);\n },\n\n /**\n * Downscopes a token\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @private\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n return this.supertoken.downscope(scope).catch((reason) => {\n const failReason = reason?.body ?? reason;\n this.logger.warn(`credentials: failed to downscope supertoken to \"${scope}\"`, failReason);\n this.logger.trace(`credentials: falling back to supertoken for ${scope}`);\n this.webex.internal.metrics.submitClientMetrics(METRICS.JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED, {\n fields: {\n requestedScope: scope,\n failReason,\n },\n });\n\n return Promise.resolve(new Token({scope, ...this.supertoken.serialize()}), {\n parent: this,\n });\n });\n },\n\n /**\n * Requests a client credentials grant and returns the token. Given the\n * limited use for such tokens as this time, this method does not cache its\n * token.\n * @instance\n * @memberof Credentials\n * @param {Object} options\n * @returns {Promise<Token>}\n */\n getClientToken(options = {}) {\n this.logger.info('credentials: requesting client credentials grant');\n\n return this.webex\n .request({\n /* eslint-disable camelcase */\n method: 'POST',\n uri: options.uri || this.config.tokenUrl,\n form: {\n grant_type: 'client_credentials',\n scope: options.scope || 'webexsquare:admin',\n self_contained_token: true,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n /* eslint-enable camelcase */\n })\n .then((res) => new Token(res.body, {parent: this}))\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n @oneFlight({keyFactory: (scope) => scope})\n @waitForValue('@')\n /**\n * Resolves with a token with the specified scopes. If no scope is specified,\n * defaults to omit(webex.credentials.scope, 'spark:kms'). If no such token is\n * available, downscopes the supertoken to that scope.\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n getUserToken(scope) {\n return Promise.resolve(\n !this.isRefreshing ||\n new Promise((resolve) => {\n this.logger.info(\n 'credentials: token refresh inflight; delaying getUserToken until refresh completes'\n );\n this.once('change:isRefreshing', () => {\n this.logger.info('credentials: token refresh complete; reinvoking getUserToken');\n resolve();\n });\n })\n ).then(() => {\n if (!this.canAuthorize) {\n this.logger.info('credentials: cannot produce an access token from current state');\n\n return Promise.reject(new Error('Current state cannot produce an access token'));\n }\n\n if (!scope) {\n scope = filterScope('spark:kms', this.supertoken.scope);\n }\n\n scope = sortScope(scope);\n\n if (scope === sortScope(this.supertoken.scope)) {\n return Promise.resolve(this.supertoken);\n }\n\n const token = this.userTokens.get(scope);\n\n // we should also check for the token.access_token since token object does\n // not get cleared on unsetting while logging out.\n if (!token || !token.access_token) {\n return this.downscope(scope).then(tap((t) => this.userTokens.add(t)));\n }\n\n return Promise.resolve(token);\n });\n },\n\n @persist('@')\n /**\n * Initializer\n * @instance\n * @memberof Credentials\n * @param {Object} attrs\n * @param {Object} options\n * @private\n * @returns {Credentials}\n */\n initialize(attrs, options) {\n if (attrs) {\n if (typeof attrs === 'string') {\n this.supertoken = attrs;\n }\n\n if (attrs.access_token) {\n this.supertoken = attrs;\n }\n\n if (attrs.authorization) {\n if (attrs.authorization.supertoken) {\n this.supertoken = attrs.authorization.supertoken;\n } else {\n this.supertoken = attrs.authorization;\n }\n }\n\n // schedule refresh\n if (this.supertoken && this.supertoken.expires) {\n this.scheduleRefresh(this.supertoken.expires);\n }\n }\n\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n this.listenToOnce(this.parent, 'change:config', () => {\n if (this.config.authorizationString) {\n const parsed = url.parse(this.config.authorizationString, true);\n\n /* eslint-disable camelcase */\n this.config.client_id = parsed.query.client_id;\n this.config.redirect_uri = parsed.query.redirect_uri;\n this.config.scope = parsed.query.scope;\n this.config.authorizeUrl = parsed.href.substr(0, parsed.href.indexOf('?'));\n /* eslint-enable camelcase */\n }\n });\n\n this.webex.once('loaded', () => {\n this.ready = true;\n });\n },\n\n @oneFlight\n @waitForValue('@')\n /**\n * Clears all tokens from store them from the stores.\n *\n * This is no longer quite the right name for this method, but all of the\n * alternatives I'm coming up with are already taken.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n invalidate() {\n this.logger.info('credentials: invalidating tokens');\n\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n\n try {\n this.unset('supertoken');\n } catch (err) {\n this.logger.warn('credentials: failed to clear supertoken', err);\n }\n\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n\n this.logger.info('credentials: finished removing tokens');\n\n // Return a promise to give the storage layer a tick or two to clear\n // localStorage\n return Promise.resolve();\n },\n\n @oneFlight\n @whileInFlight('isRefreshing')\n @waitForValue('@')\n /**\n * Removes the supertoken and child tokens, then refreshes the supertoken;\n * subsequent calls to {@link Credentials#getUserToken()} will re-downscope\n * child tokens. Enqueus revocation of previous previousTokens. Yes, that's\n * the correct number of \"previous\"es.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n refresh() {\n this.logger.info('credentials: refresh requested');\n\n const {supertoken} = this;\n const tokens = clone(this.userTokens.models);\n\n // This is kind of a leaky abstraction, since it relies on the authorization\n // plugin, but the only alternatives I see are\n // 1. put all JWT support in core\n // 2. have separate jwt and non-jwt auth plugins\n // while I like #2 from a code simplicity standpoint, the third-party DX\n // isn't great\n if (this.config.jwtRefreshCallback) {\n return (\n this.config\n .jwtRefreshCallback(this.webex)\n // eslint-disable-next-line no-shadow\n .then((jwt) => this.webex.authorization.requestAccessTokenFromJwt({jwt}))\n );\n }\n\n if (this.webex.internal.services) {\n this.webex.internal.services.updateCredentialsConfig();\n }\n\n return supertoken\n .refresh()\n .catch((error) => {\n if (error instanceof OAuthError) {\n // Error: super token refresh failed with 400 status code.\n // Hence emit an event to the client, an opportunity to logout.\n this.unset('supertoken');\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n this.webex.trigger('client:InvalidRequestError');\n }\n\n return Promise.reject(error);\n })\n .then((st) => {\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n this.supertoken = st;\n\n const invalidScopes = diffScopes(this.config.scope, st.scope);\n\n if (invalidScopes !== '') {\n this.logger.warn(\n `credentials: \"${invalidScopes}\" scope(s) are invalid because not listed in the supertoken, they will be excluded from user token requests.`\n );\n this.webex.internal.metrics.submitClientMetrics(\n METRICS.JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH,\n {fields: {invalidScopes}}\n );\n }\n\n return Promise.all(\n tokens.map((token) => {\n const tokenScope = filterScope(diffScopes(token.scope, st.scope), token.scope);\n\n return (\n this.downscope(tokenScope)\n // eslint-disable-next-line max-nested-callbacks\n .then((t) => {\n this.logger.info(`credentials: revoking token for ${token.scope}`);\n\n return token\n .revoke()\n .catch((err) => {\n this.logger.warn('credentials: failed to revoke user token', err);\n })\n .then(() => {\n this.userTokens.remove(token.scope);\n this.userTokens.add(t);\n });\n })\n );\n })\n );\n })\n .then(() => {\n this.scheduleRefresh(this.supertoken.expires);\n });\n },\n\n /**\n * Schedules a token refresh or refreshes the token if token has expired\n * @instance\n * @memberof Credentials\n * @param {number} expires\n * @private\n * @returns {undefined}\n */\n scheduleRefresh(expires) {\n const expiresIn = expires - Date.now();\n\n if (expiresIn > 0) {\n const timeoutLength = this.calcRefreshTimeout(expiresIn);\n\n this.refreshTimer = safeSetTimeout(() => this.refresh(), timeoutLength);\n } else {\n this.refresh();\n }\n },\n});\n\nexport default Credentials;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;AACA;AAEA;AACA;AACA;AAGA;AACA;AAEA;AACA;AACA;AACA;AACA;AAAqC;AAAA;AAAA;AAAA;AAAA;AAErC;AACA;AACA;AACA,IAAMA,WAAW,GAAGC,oBAAW,CAACC,MAAM,SAwSnC,IAAAC,iBAAS,EAAC;EAACC,UAAU,EAAE,oBAACC,KAAK;IAAA,OAAKA,KAAK;EAAA;AAAA,CAAC,CAAC,UACzC,IAAAC,wBAAY,EAAC,GAAG,CAAC,UAmDjB,IAAAC,mBAAO,EAAC,GAAG,CAAC,UAuDZ,IAAAD,wBAAY,EAAC,GAAG,CAAC,UAyCjB,IAAAE,qBAAa,EAAC,cAAc,CAAC,UAC7B,IAAAF,wBAAY,EAAC,GAAG,CAAC,UA7bmB;EACrCG,WAAW,EAAE;IACXC,UAAU,EAAEC;EACd,CAAC;EAEDC,SAAS,EAAE;IACTC,KAAK,EAAE,IAAAC,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACC;EAC3C,CAAC;EAEDC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,YAAY,EAAE,yBAAyB,EAAE,YAAY,CAAC;MAC7DC,EAAE,gBAAG;QACH,OAAOC,OAAO,CAAE,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACJ,YAAY,IAAK,IAAI,CAACK,UAAU,CAAC;MACtF;IACF,CAAC;IACDA,UAAU,EAAE;MACVJ,IAAI,EAAE,CAAC,YAAY,EAAE,uBAAuB,CAAC;MAC7CC,EAAE,gBAAG;QACH;QACA,IAAI,IAAI,CAACI,MAAM,CAACC,kBAAkB,EAAE;UAClC,OAAO,IAAI;QACb;QAEA,OAAOJ,OAAO,CAAC,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACC,UAAU,CAAC;MAC/D;IACF,CAAC;IACDG,iBAAiB,EAAE;MACjBP,IAAI,EAAE,CAAC,YAAY,CAAC;MACpB;AACN;AACA;AACA;MACMC,EAAE,gBAAG;QACH,IAAIO,OAAO,GAAG,KAAK;QACnB,IAAI;UACFA,OAAO,GACLC,IAAI,CAACC,KAAK,CAACC,cAAM,CAACC,MAAM,CAAC,IAAI,CAACT,UAAU,CAACU,YAAY,CAACC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAACC,SAAS,KAC/E,OAAO;QACX,CAAC,CAAC,gBAAM;UACN;QAAA;QAGF,OAAOP,OAAO;MAChB;IACF;EACF,CAAC;EAEDQ,KAAK,EAAE;IACLb,UAAU,EAAE,IAAAR,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACqB;EAChD,CAAC;EAEDC,SAAS,EAAE,aAAa;EAExBC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZC,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;IACIC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACDE,YAAY,EAAE;MACZH,OAAO,EAAEI,SAAS;MAClBH,IAAI,EAAE;IACR;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEI,aAAa,2BAAmC;IAAA,IAAlCC,OAAO,uEAAG;MAACC,UAAU,EAAE;IAAQ,CAAC;IAC5C;IACA,IAAID,OAAO,CAACE,KAAK,IAAI,CAAC,wBAASF,OAAO,CAACE,KAAK,CAAC,EAAE;MAC7C,MAAM,IAAIC,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEAH,OAAO,CAACI,SAAS,GAAG,IAAI,CAAC1B,MAAM,CAAC0B,SAAS;IACzCJ,OAAO,CAACK,YAAY,GAAG,IAAI,CAAC3B,MAAM,CAAC2B,YAAY;IAC/CL,OAAO,CAACzC,KAAK,GAAG,IAAI,CAACmB,MAAM,CAACnB,KAAK;IAEjCyC,OAAO,GAAG,yBAAUA,OAAO,CAAC;IAE5B,IAAI,CAACA,OAAO,CAACM,aAAa,EAAE;MAC1BN,OAAO,CAACM,aAAa,GAAGN,OAAO,CAACC,UAAU,KAAK,QAAQ,GAAG,OAAO,GAAG,MAAM;IAC5E;IACA,6BAAuBD,OAAO,EAAE,YAAY,CAAC;IAE7C,IAAIA,OAAO,CAACE,KAAK,EAAE;MACjB,IAAI,CAAC,uBAAQF,OAAO,CAACE,KAAK,CAAC,EAAE;QAC3BF,OAAO,CAACE,KAAK,GAAGlB,cAAM,CAACuB,WAAW,CAAC,wBAAeP,OAAO,CAACE,KAAK,CAAC,CAAC;MACnE,CAAC,MAAM;QACL,OAAOF,OAAO,CAACE,KAAK;MACtB;IACF;IAEA,iBAAU,IAAI,CAACxB,MAAM,CAAC8B,YAAY,cAAIC,oBAAW,CAACC,SAAS,CAACV,OAAO,CAAC;IACpE;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEW,QAAQ,sBAAG;IACT,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;IAE5E,IAAI;MACF;MACA,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MAEjE,OAAO,IAAI,CAACC,mBAAmB,CAAC,IAAI,CAACtC,UAAU,CAACU,YAAY,CAAC;IAC/D,CAAC,CAAC,OAAO6B,CAAC,EAAE;MACV;MACA,IAAI,CAACH,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MACjE,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;MAE5E,IAAI;QAAA;QACF,OAAO,IAAI,CAACG,yBAAyB,qBAAC,IAAI,CAACxC,UAAU,qDAAf,iBAAiBU,YAAY,CAAC;MACtE,CAAC,CAAC,OAAO+B,CAAC,EAAE;QACV,IAAI,CAACL,MAAM,CAACC,IAAI,CAAC,sDAAsD,CAAC;QACxE,MAAMI,CAAC;MACT;IACF;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEH,mBAAmB,iCAAa;IAAA,IAAZ/C,KAAK,uEAAG,EAAE;IAC5B;IACA,IAAMmD,UAAU,GAAGC,qBAAG,CAAClC,MAAM,CAAClB,KAAK,CAAC;;IAEpC;IACA,IAAI,CAACmD,UAAU,EAAE;MACf,MAAM,IAAIf,KAAK,CAAC,mDAAmD,CAAC;IACtE;IAEA,IAAI,CAACe,UAAU,CAACE,KAAK,EAAE;MACrB,MAAM,IAAIjB,KAAK,CAAC,4CAA4C,CAAC;IAC/D;;IAEA;IACA,OAAOe,UAAU,CAACE,KAAK;EACzB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEJ,yBAAyB,uCAAa;IAAA,IAAZjD,KAAK,uEAAG,EAAE;IAClC;IACA,IAAMsD,MAAM,GAAGtD,KAAK,CAACoB,KAAK,CAAC,GAAG,CAAC;;IAE/B;IACA,IAAIkC,MAAM,CAACC,MAAM,KAAK,CAAC,EAAE;MACvB,MAAM,IAAInB,KAAK,CAAC,0CAA0C,CAAC;IAC7D;;IAEA;IACA,OAAOkB,MAAM,CAAC,CAAC,CAAC;EAClB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEE,cAAc,4BAAe;IAAA,IAAdvB,OAAO,uEAAG,CAAC,CAAC;IACzB,iBAAU,IAAI,CAACtB,MAAM,CAAC8C,SAAS,cAAIf,oBAAW,CAACC,SAAS;MACtDe,UAAU,EAAE,IAAI,CAAC/C,MAAM,CAACgD,OAAO;MAC/BC,IAAI,EAAE,IAAI,CAACjD,MAAM,CAAC2B;IAAY,GAC3BL,OAAO,EACV;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE4B,kBAAkB,8BAACC,UAAU,EAAE;IAC7B,OAAOC,IAAI,CAACC,KAAK,CAAE,CAACD,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAIH,UAAU,CAAC;EAC5E,CAAC;EAEDI,WAAW,yBAAU;IAAA;IACnB;IACA;IACA,IAAI,CAACC,UAAU,GAAG,yBAAU,IAAI,CAACA,UAAU,CAAC;IAC5C,mBAAY,IAAI,CAACA,UAAU,CAAC,CAACC,OAAO,CAAC,UAACC,GAAG,EAAK;MAC5C,IAAI,KAAI,CAACF,UAAU,CAACE,GAAG,CAAC,CAACC,GAAG,EAAE;QAC5B,KAAI,CAACH,UAAU,CAACE,GAAG,CAAC,CAACC,GAAG,GAAG,KAAI,CAACH,UAAU,CAACE,GAAG,CAAC,CAACC,GAAG,CAACC,IAAI,CAAC,KAAI,CAAC;MAChE;IACF,CAAC,CAAC;IACF;IAAA,kCATaC,IAAI;MAAJA,IAAI;IAAA;IAUjB,oBAAcpF,oBAAW,EAAE,IAAI,EAAEoF,IAAI,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,SAAS,qBAACjF,KAAK,EAAE;IAAA;IACf,OAAO,IAAI,CAACiB,UAAU,CAACgE,SAAS,CAACjF,KAAK,CAAC,CAACkF,KAAK,CAAC,UAACC,MAAM,EAAK;MAAA;MACxD,IAAMC,UAAU,mBAAGD,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEE,IAAI,uDAAIF,MAAM;MACzC,MAAI,CAAC9B,MAAM,CAACiC,IAAI,4DAAoDtF,KAAK,SAAKoF,UAAU,CAAC;MACzF,MAAI,CAAC/B,MAAM,CAACkC,KAAK,uDAAgDvF,KAAK,EAAG;MACzE,MAAI,CAACwF,KAAK,CAACC,QAAQ,CAACC,OAAO,CAACC,mBAAmB,CAACC,kBAAO,CAACC,mCAAmC,EAAE;QAC3F/B,MAAM,EAAE;UACNgC,cAAc,EAAE9F,KAAK;UACrBoF,UAAU,EAAVA;QACF;MACF,CAAC,CAAC;MAEF,OAAO,iBAAQW,OAAO,CAAC,IAAIrF,cAAK;QAAEV,KAAK,EAALA;MAAK,GAAK,MAAI,CAACiB,UAAU,CAAC+E,SAAS,EAAE,EAAE,EAAE;QACzEC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,cAAc,4BAAe;IAAA;IAAA,IAAdzD,OAAO,uEAAG,CAAC,CAAC;IACzB,IAAI,CAACY,MAAM,CAACC,IAAI,CAAC,kDAAkD,CAAC;IAEpE,OAAO,IAAI,CAACkC,KAAK,CACdW,OAAO,CAAC;MACP;MACAC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE5D,OAAO,CAAC4D,GAAG,IAAI,IAAI,CAAClF,MAAM,CAACmF,QAAQ;MACxCC,IAAI,EAAE;QACJC,UAAU,EAAE,oBAAoB;QAChCxG,KAAK,EAAEyC,OAAO,CAACzC,KAAK,IAAI,mBAAmB;QAC3CyG,oBAAoB,EAAE;MACxB,CAAC;MACDC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACxF,MAAM,CAAC0B,SAAS;QAC3B+D,IAAI,EAAE,IAAI,CAACzF,MAAM,CAAC0F,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;MAC1B;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAACC,GAAG;MAAA,OAAK,IAAIvG,cAAK,CAACuG,GAAG,CAAC5B,IAAI,EAAE;QAACY,MAAM,EAAE;MAAI,CAAC,CAAC;IAAA,EAAC,CAClDf,KAAK,CAAC,UAAC+B,GAAG,EAAK;MACd,IAAIA,GAAG,CAACC,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO,iBAAQC,MAAM,CAACF,GAAG,CAAC;MAC5B;MAEA,IAAMG,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACL,GAAG,CAAC5B,IAAI,CAACkC,KAAK,CAAC;MAE3D,OAAO,iBAAQJ,MAAM,CAAC,IAAIC,gBAAgB,CAACH,GAAG,CAACO,IAAI,IAAIP,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEQ,YAAY,wBAACzH,KAAK,EAAE;IAAA;IAClB,OAAO,iBAAQ+F,OAAO,CACpB,CAAC,IAAI,CAAC7D,YAAY,IAChB,qBAAY,UAAC6D,OAAO,EAAK;MACvB,MAAI,CAAC1C,MAAM,CAACC,IAAI,CACd,oFAAoF,CACrF;MACD,MAAI,CAACoE,IAAI,CAAC,qBAAqB,EAAE,YAAM;QACrC,MAAI,CAACrE,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;QAChFyC,OAAO,EAAE;MACX,CAAC,CAAC;IACJ,CAAC,CAAC,CACL,CAACiB,IAAI,CAAC,YAAM;MACX,IAAI,CAAC,MAAI,CAACnG,YAAY,EAAE;QACtB,MAAI,CAACwC,MAAM,CAACC,IAAI,CAAC,gEAAgE,CAAC;QAElF,OAAO,iBAAQ6D,MAAM,CAAC,IAAIvE,KAAK,CAAC,8CAA8C,CAAC,CAAC;MAClF;MAEA,IAAI,CAAC5C,KAAK,EAAE;QACVA,KAAK,GAAG,IAAA2H,kBAAW,EAAC,WAAW,EAAE,MAAI,CAAC1G,UAAU,CAACjB,KAAK,CAAC;MACzD;MAEAA,KAAK,GAAG,IAAA4H,gBAAS,EAAC5H,KAAK,CAAC;MAExB,IAAIA,KAAK,KAAK,IAAA4H,gBAAS,EAAC,MAAI,CAAC3G,UAAU,CAACjB,KAAK,CAAC,EAAE;QAC9C,OAAO,iBAAQ+F,OAAO,CAAC,MAAI,CAAC9E,UAAU,CAAC;MACzC;MAEA,IAAMT,KAAK,GAAG,MAAI,CAACH,UAAU,CAACwH,GAAG,CAAC7H,KAAK,CAAC;;MAExC;MACA;MACA,IAAI,CAACQ,KAAK,IAAI,CAACA,KAAK,CAACmB,YAAY,EAAE;QACjC,OAAO,MAAI,CAACsD,SAAS,CAACjF,KAAK,CAAC,CAACgH,IAAI,CAAC,IAAAc,WAAG,EAAC,UAACC,CAAC;UAAA,OAAK,MAAI,CAAC1H,UAAU,CAAC2H,GAAG,CAACD,CAAC,CAAC;QAAA,EAAC,CAAC;MACvE;MAEA,OAAO,iBAAQhC,OAAO,CAACvF,KAAK,CAAC;IAC/B,CAAC,CAAC;EACJ,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEyH,UAAU,sBAACC,KAAK,EAAEzF,OAAO,EAAE;IAAA;IACzB,IAAIyF,KAAK,EAAE;MACT,IAAI,OAAOA,KAAK,KAAK,QAAQ,EAAE;QAC7B,IAAI,CAACjH,UAAU,GAAGiH,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACvG,YAAY,EAAE;QACtB,IAAI,CAACV,UAAU,GAAGiH,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACC,aAAa,EAAE;QACvB,IAAID,KAAK,CAACC,aAAa,CAAClH,UAAU,EAAE;UAClC,IAAI,CAACA,UAAU,GAAGiH,KAAK,CAACC,aAAa,CAAClH,UAAU;QAClD,CAAC,MAAM;UACL,IAAI,CAACA,UAAU,GAAGiH,KAAK,CAACC,aAAa;QACvC;MACF;;MAEA;MACA,IAAI,IAAI,CAAClH,UAAU,IAAI,IAAI,CAACA,UAAU,CAACmH,OAAO,EAAE;QAC9C,IAAI,CAACC,eAAe,CAAC,IAAI,CAACpH,UAAU,CAACmH,OAAO,CAAC;MAC/C;IACF;IAEA,oBAAcxI,oBAAW,CAAC0I,SAAS,CAACL,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAEzF,OAAO,CAAC,CAAC;IAEvE,IAAI,CAAC8F,YAAY,CAAC,IAAI,CAACtC,MAAM,EAAE,eAAe,EAAE,YAAM;MACpD,IAAI,MAAI,CAAC9E,MAAM,CAACqH,mBAAmB,EAAE;QACnC,IAAMC,MAAM,GAAGC,YAAG,CAAClH,KAAK,CAAC,MAAI,CAACL,MAAM,CAACqH,mBAAmB,EAAE,IAAI,CAAC;;QAE/D;QACA,MAAI,CAACrH,MAAM,CAAC0B,SAAS,GAAG4F,MAAM,CAACE,KAAK,CAAC9F,SAAS;QAC9C,MAAI,CAAC1B,MAAM,CAAC2B,YAAY,GAAG2F,MAAM,CAACE,KAAK,CAAC7F,YAAY;QACpD,MAAI,CAAC3B,MAAM,CAACnB,KAAK,GAAGyI,MAAM,CAACE,KAAK,CAAC3I,KAAK;QACtC,MAAI,CAACmB,MAAM,CAAC8B,YAAY,GAAGwF,MAAM,CAACG,IAAI,CAACC,MAAM,CAAC,CAAC,EAAEJ,MAAM,CAACG,IAAI,CAACE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1E;MACF;IACF,CAAC,CAAC;;IAEF,IAAI,CAACtD,KAAK,CAACkC,IAAI,CAAC,QAAQ,EAAE,YAAM;MAC9B,MAAI,CAACrF,KAAK,GAAG,IAAI;IACnB,CAAC,CAAC;EACJ,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE0G,UAAU,wBAAG;IACX,IAAI,CAAC1F,MAAM,CAACC,IAAI,CAAC,kCAAkC,CAAC;;IAEpD;IACA,IAAI,IAAI,CAAChB,YAAY,EAAE;MACrB0G,YAAY,CAAC,IAAI,CAAC1G,YAAY,CAAC;MAC/B,IAAI,CAAC2G,KAAK,CAAC,cAAc,CAAC;IAC5B;IAEA,IAAI;MACF,IAAI,CAACA,KAAK,CAAC,YAAY,CAAC;IAC1B,CAAC,CAAC,OAAOC,GAAG,EAAE;MACZ,IAAI,CAAC7F,MAAM,CAACiC,IAAI,CAAC,yCAAyC,EAAE4D,GAAG,CAAC;IAClE;IAEA,OAAO,IAAI,CAAC7I,UAAU,CAAC8I,MAAM,CAACpF,MAAM,EAAE;MACpC,IAAI;QACF,IAAI,CAAC1D,UAAU,CAAC+I,MAAM,CAAC,IAAI,CAAC/I,UAAU,CAAC8I,MAAM,CAAC,CAAC,CAAC,CAAC;MACnD,CAAC,CAAC,OAAOD,GAAG,EAAE;QACZ,IAAI,CAAC7F,MAAM,CAACiC,IAAI,CAAC,0CAA0C,EAAE4D,GAAG,CAAC;MACnE;IACF;IAEA,IAAI,CAAC7F,MAAM,CAACC,IAAI,CAAC,uCAAuC,CAAC;;IAEzD;IACA;IACA,OAAO,iBAAQyC,OAAO,EAAE;EAC1B,CAAC;EAKD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEsD,OAAO,qBAAG;IAAA;IACR,IAAI,CAAChG,MAAM,CAACC,IAAI,CAAC,gCAAgC,CAAC;IAElD,IAAOrC,UAAU,GAAI,IAAI,CAAlBA,UAAU;IACjB,IAAMqI,MAAM,GAAG,qBAAM,IAAI,CAACjJ,UAAU,CAAC8I,MAAM,CAAC;;IAE5C;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,IAAI,CAAChI,MAAM,CAACC,kBAAkB,EAAE;MAClC,OACE,IAAI,CAACD,MAAM,CACRC,kBAAkB,CAAC,IAAI,CAACoE,KAAK;MAC9B;MAAA,CACCwB,IAAI,CAAC,UAACpD,GAAG;QAAA,OAAK,MAAI,CAAC4B,KAAK,CAAC2C,aAAa,CAACoB,yBAAyB,CAAC;UAAC3F,GAAG,EAAHA;QAAG,CAAC,CAAC;MAAA,EAAC;IAE/E;IAEA,IAAI,IAAI,CAAC4B,KAAK,CAACC,QAAQ,CAAC+D,QAAQ,EAAE;MAChC,IAAI,CAAChE,KAAK,CAACC,QAAQ,CAAC+D,QAAQ,CAACC,uBAAuB,EAAE;IACxD;IAEA,OAAOxI,UAAU,CACdoI,OAAO,EAAE,CACTnE,KAAK,CAAC,UAACqC,KAAK,EAAK;MAChB,IAAIA,KAAK,YAAYmC,uBAAU,EAAE;QAC/B;QACA;QACA,MAAI,CAACT,KAAK,CAAC,YAAY,CAAC;QACxB,OAAO,MAAI,CAAC5I,UAAU,CAAC8I,MAAM,CAACpF,MAAM,EAAE;UACpC,IAAI;YACF,MAAI,CAAC1D,UAAU,CAAC+I,MAAM,CAAC,MAAI,CAAC/I,UAAU,CAAC8I,MAAM,CAAC,CAAC,CAAC,CAAC;UACnD,CAAC,CAAC,OAAOD,GAAG,EAAE;YACZ,MAAI,CAAC7F,MAAM,CAACiC,IAAI,CAAC,0CAA0C,EAAE4D,GAAG,CAAC;UACnE;QACF;QACA,MAAI,CAAC1D,KAAK,CAACmE,OAAO,CAAC,4BAA4B,CAAC;MAClD;MAEA,OAAO,iBAAQxC,MAAM,CAACI,KAAK,CAAC;IAC9B,CAAC,CAAC,CACDP,IAAI,CAAC,UAAC4C,EAAE,EAAK;MACZ;MACA,IAAI,MAAI,CAACtH,YAAY,EAAE;QACrB0G,YAAY,CAAC,MAAI,CAAC1G,YAAY,CAAC;QAC/B,MAAI,CAAC2G,KAAK,CAAC,cAAc,CAAC;MAC5B;MACA,MAAI,CAAChI,UAAU,GAAG2I,EAAE;MAEpB,IAAMC,aAAa,GAAG,IAAAC,iBAAU,EAAC,MAAI,CAAC3I,MAAM,CAACnB,KAAK,EAAE4J,EAAE,CAAC5J,KAAK,CAAC;MAE7D,IAAI6J,aAAa,KAAK,EAAE,EAAE;QACxB,MAAI,CAACxG,MAAM,CAACiC,IAAI,0BACGuE,aAAa,mHAC/B;QACD,MAAI,CAACrE,KAAK,CAACC,QAAQ,CAACC,OAAO,CAACC,mBAAmB,CAC7CC,kBAAO,CAACmE,+CAA+C,EACvD;UAACjG,MAAM,EAAE;YAAC+F,aAAa,EAAbA;UAAa;QAAC,CAAC,CAC1B;MACH;MAEA,OAAO,iBAAQG,GAAG,CAChBV,MAAM,CAACW,GAAG,CAAC,UAACzJ,KAAK,EAAK;QACpB,IAAM0J,UAAU,GAAG,IAAAvC,kBAAW,EAAC,IAAAmC,iBAAU,EAACtJ,KAAK,CAACR,KAAK,EAAE4J,EAAE,CAAC5J,KAAK,CAAC,EAAEQ,KAAK,CAACR,KAAK,CAAC;QAE9E,OACE,MAAI,CAACiF,SAAS,CAACiF,UAAU;QACvB;QAAA,CACClD,IAAI,CAAC,UAACe,CAAC,EAAK;UACX,MAAI,CAAC1E,MAAM,CAACC,IAAI,2CAAoC9C,KAAK,CAACR,KAAK,EAAG;UAElE,OAAOQ,KAAK,CACT2J,MAAM,EAAE,CACRjF,KAAK,CAAC,UAACgE,GAAG,EAAK;YACd,MAAI,CAAC7F,MAAM,CAACiC,IAAI,CAAC,0CAA0C,EAAE4D,GAAG,CAAC;UACnE,CAAC,CAAC,CACDlC,IAAI,CAAC,YAAM;YACV,MAAI,CAAC3G,UAAU,CAAC+I,MAAM,CAAC5I,KAAK,CAACR,KAAK,CAAC;YACnC,MAAI,CAACK,UAAU,CAAC2H,GAAG,CAACD,CAAC,CAAC;UACxB,CAAC,CAAC;QACN,CAAC,CAAC;MAER,CAAC,CAAC,CACH;IACH,CAAC,CAAC,CACDf,IAAI,CAAC,YAAM;MACV,MAAI,CAACqB,eAAe,CAAC,MAAI,CAACpH,UAAU,CAACmH,OAAO,CAAC;IAC/C,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,eAAe,2BAACD,OAAO,EAAE;IAAA;IACvB,IAAMgC,SAAS,GAAGhC,OAAO,GAAG,mBAAU;IAEtC,IAAIgC,SAAS,GAAG,CAAC,EAAE;MACjB,IAAMC,aAAa,GAAG,IAAI,CAAChG,kBAAkB,CAAC+F,SAAS,CAAC;MAExD,IAAI,CAAC9H,YAAY,GAAG,IAAAgI,4BAAc,EAAC;QAAA,OAAM,MAAI,CAACjB,OAAO,EAAE;MAAA,GAAEgB,aAAa,CAAC;IACzE,CAAC,MAAM;MACL,IAAI,CAAChB,OAAO,EAAE;IAChB;EACF,CAAC;EAAA;AACH,CAAC,0VArKEvJ,iBAAS,uIAyCTA,iBAAS,yFA4HV;AAAC,eAEYH,WAAW;AAAA"}
package/dist/lib/credentials/scope.js CHANGED
@@ -1,14 +1,16 @@
1
1
  "use strict";
2
2
 
3
3
  var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
4
+ var _interopRequireDefault = require("@babel/runtime-corejs2/helpers/interopRequireDefault");
4
5
  _Object$defineProperty(exports, "__esModule", {
5
6
  value: true
6
7
  });
8
+ exports.diffScopes = diffScopes;
7
9
  exports.filterScope = filterScope;
8
10
  exports.sortScope = sortScope;
9
- /*!
10
- * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
11
- */
11
+ var _isArray = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/array/is-array"));
12
+ var _difference2 = _interopRequireDefault(require("lodash/difference"));
13
+ var SCOPE_SEPARATOR = ' ';
12
14
 
13
15
  /**
14
16
  * sorts a list of scopes
@@ -19,12 +21,12 @@ function sortScope(scope) {
19
21
  if (!scope) {
20
22
  return '';
21
23
  }
22
- return scope.split(' ').sort().join(' ');
24
+ return scope.split(SCOPE_SEPARATOR).sort().join(SCOPE_SEPARATOR);
23
25
  }
24
26
 
25
27
  /**
26
28
  * sorts a list of scopes and filters the specified scope
27
- * @param {string} toFilter
29
+ * @param {string|string[]} toFilter
28
30
  * @param {string} scope
29
31
  * @returns {string}
30
32
  */
@@ -32,8 +34,23 @@ function filterScope(toFilter, scope) {
32
34
  if (!scope) {
33
35
  return '';
34
36
  }
35
- return scope.split(' ').filter(function (item) {
36
- return item !== toFilter;
37
- }).sort().join(' ');
37
+ var toFilterArr = (0, _isArray.default)(toFilter) ? toFilter : [toFilter];
38
+ return scope.split(SCOPE_SEPARATOR).filter(function (item) {
39
+ return !toFilterArr.includes(item);
40
+ }).sort().join(SCOPE_SEPARATOR);
41
+ }
42
+
43
+ /**
44
+ * Returns a string containing all items in scopeA that are not in scopeB, or an empty string if there are none.
45
+ *
46
+ * @param {string} scopeA
47
+ * @param {string} scopeB
48
+ * @returns {string}
49
+ */
50
+ function diffScopes(scopeA, scopeB) {
51
+ var _scopeA$split, _scopeB$split;
52
+ var a = (_scopeA$split = scopeA === null || scopeA === void 0 ? void 0 : scopeA.split(SCOPE_SEPARATOR)) !== null && _scopeA$split !== void 0 ? _scopeA$split : [];
53
+ var b = (_scopeB$split = scopeB === null || scopeB === void 0 ? void 0 : scopeB.split(SCOPE_SEPARATOR)) !== null && _scopeB$split !== void 0 ? _scopeB$split : [];
54
+ return (0, _difference2.default)(a, b).sort().join(SCOPE_SEPARATOR);
38
55
  }
39
56
  //# sourceMappingURL=scope.js.map
package/dist/lib/credentials/scope.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["sortScope","scope","split","sort","join","filterScope","toFilter","filter","item"],"sources":["scope.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/**\n * sorts a list of scopes\n * @param {string} scope\n * @returns {string}\n */\nexport function sortScope(scope) {\n if (!scope) {\n return '';\n }\n\n return scope.split(' ').sort().join(' ');\n}\n\n/**\n * sorts a list of scopes and filters the specified scope\n * @param {string} toFilter\n * @param {string} scope\n * @returns {string}\n */\nexport function filterScope(toFilter, scope) {\n if (!scope) {\n return '';\n }\n\n return scope\n .split(' ')\n .filter((item) => item !== toFilter)\n .sort()\n .join(' ');\n}\n"],"mappings":";;;;;;;;AAAA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASA,SAAS,CAACC,KAAK,EAAE;EAC/B,IAAI,CAACA,KAAK,EAAE;IACV,OAAO,EAAE;EACX;EAEA,OAAOA,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC,CAACC,IAAI,EAAE,CAACC,IAAI,CAAC,GAAG,CAAC;AAC1C;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,WAAW,CAACC,QAAQ,EAAEL,KAAK,EAAE;EAC3C,IAAI,CAACA,KAAK,EAAE;IACV,OAAO,EAAE;EACX;EAEA,OAAOA,KAAK,CACTC,KAAK,CAAC,GAAG,CAAC,CACVK,MAAM,CAAC,UAACC,IAAI;IAAA,OAAKA,IAAI,KAAKF,QAAQ;EAAA,EAAC,CACnCH,IAAI,EAAE,CACNC,IAAI,CAAC,GAAG,CAAC;AACd"}
1
+ {"version":3,"names":["SCOPE_SEPARATOR","sortScope","scope","split","sort","join","filterScope","toFilter","toFilterArr","filter","item","includes","diffScopes","scopeA","scopeB","a","b"],"sources":["scope.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {difference} from 'lodash';\n\nconst SCOPE_SEPARATOR = ' ';\n\n/**\n * sorts a list of scopes\n * @param {string} scope\n * @returns {string}\n */\nexport function sortScope(scope) {\n if (!scope) {\n return '';\n }\n\n return scope.split(SCOPE_SEPARATOR).sort().join(SCOPE_SEPARATOR);\n}\n\n/**\n * sorts a list of scopes and filters the specified scope\n * @param {string|string[]} toFilter\n * @param {string} scope\n * @returns {string}\n */\nexport function filterScope(toFilter, scope) {\n if (!scope) {\n return '';\n }\n const toFilterArr = Array.isArray(toFilter) ? toFilter : [toFilter];\n\n return scope\n .split(SCOPE_SEPARATOR)\n .filter((item) => !toFilterArr.includes(item))\n .sort()\n .join(SCOPE_SEPARATOR);\n}\n\n/**\n * Returns a string containing all items in scopeA that are not in scopeB, or an empty string if there are none.\n *\n * @param {string} scopeA\n * @param {string} scopeB\n * @returns {string}\n */\nexport function diffScopes(scopeA, scopeB) {\n const a = scopeA?.split(SCOPE_SEPARATOR) ?? [];\n const b = scopeB?.split(SCOPE_SEPARATOR) ?? [];\n\n return difference(a, b).sort().join(SCOPE_SEPARATOR);\n}\n"],"mappings":";;;;;;;;;;;;AAMA,IAAMA,eAAe,GAAG,GAAG;;AAE3B;AACA;AACA;AACA;AACA;AACO,SAASC,SAAS,CAACC,KAAK,EAAE;EAC/B,IAAI,CAACA,KAAK,EAAE;IACV,OAAO,EAAE;EACX;EAEA,OAAOA,KAAK,CAACC,KAAK,CAACH,eAAe,CAAC,CAACI,IAAI,EAAE,CAACC,IAAI,CAACL,eAAe,CAAC;AAClE;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASM,WAAW,CAACC,QAAQ,EAAEL,KAAK,EAAE;EAC3C,IAAI,CAACA,KAAK,EAAE;IACV,OAAO,EAAE;EACX;EACA,IAAMM,WAAW,GAAG,sBAAcD,QAAQ,CAAC,GAAGA,QAAQ,GAAG,CAACA,QAAQ,CAAC;EAEnE,OAAOL,KAAK,CACTC,KAAK,CAACH,eAAe,CAAC,CACtBS,MAAM,CAAC,UAACC,IAAI;IAAA,OAAK,CAACF,WAAW,CAACG,QAAQ,CAACD,IAAI,CAAC;EAAA,EAAC,CAC7CN,IAAI,EAAE,CACNC,IAAI,CAACL,eAAe,CAAC;AAC1B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASY,UAAU,CAACC,MAAM,EAAEC,MAAM,EAAE;EAAA;EACzC,IAAMC,CAAC,oBAAGF,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEV,KAAK,CAACH,eAAe,CAAC,yDAAI,EAAE;EAC9C,IAAMgB,CAAC,oBAAGF,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEX,KAAK,CAACH,eAAe,CAAC,yDAAI,EAAE;EAE9C,OAAO,0BAAWe,CAAC,EAAEC,CAAC,CAAC,CAACZ,IAAI,EAAE,CAACC,IAAI,CAACL,eAAe,CAAC;AACtD"}
package/dist/lib/credentials/token.js CHANGED
@@ -262,6 +262,9 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
262
262
  }
263
263
  return _promise.default.reject(new Error('cannot downscope access token'));
264
264
  }
265
+ if ((0, _scope.diffScopes)(scope, this.config.scope) !== '') {
266
+ return _promise.default.reject(new Error("new scope (".concat(scope, ") is not subset of the available scopes (").concat(this.config.scope, ")")));
267
+ }
265
268
 
266
269
  // Since we're going to use scope as the index in our token collection, it's
267
270
  // important scopes are always deterministically specified.
@@ -527,7 +530,7 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
527
530
  return res.body;
528
531
  });
529
532
  },
530
- version: "3.0.0-beta.42"
533
+ version: "3.0.0-beta.421"
531
534
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "downscope", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "downscope"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "refresh", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "refresh"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "revoke", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "revoke"), _obj)), _obj)));
532
535
  var _default = Token;
533
536
  exports.default = _default;
package/dist/lib/credentials/token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["processGrantError","res","statusCode","reject","ErrorConstructor","grantErrors","select","body","error","OAuthError","WebexHttpError","_res","Token","WebexPlugin","extend","oneFlight","keyFactory","scope","derived","canAuthorize","deps","fn","access_token","isExpired","canDownscope","config","client_id","canRefresh","inBrowser","refresh_token","refreshCallback","client_secret","expires","_isExpired","_string","token_type","namespace","props","expires_in","refresh_token_expires","refresh_token_expires_in","default","type","session","previousToken","downscope","logger","info","Error","trace","sortScope","webex","request","method","uri","tokenUrl","addAuthHeader","form","grant_type","token","self_contained_token","then","parent","initialize","attrs","options","prototype","safeSetTimeout","refresh","promise","resolve","redirect_uri","auth","user","pass","sendImmediately","shouldRefreshAccessToken","obj","process","env","NODE_ENV","revoke","unset","catch","revokeUrl","token_type_hint","set","_filterSetParameters","includes","split","now","toString","validate","service","resource","reason","convApi","CONVERSATION_SERVICE","CONVERSATION_SERVICE_URL","headers","authorization"],"sources":["token.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {pick} from 'lodash';\nimport {inBrowser, oneFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\n\nimport WebexHttpError from '../webex-http-error';\nimport WebexPlugin from '../webex-plugin';\n\nimport {sortScope} from './scope';\nimport grantErrors, {OAuthError} from './grant-errors';\n\n/* eslint-disable camelcase */\n\n/**\n * Parse response from CI and converts to structured error when appropriate\n * @param {WebexHttpError} res\n * @private\n * @returns {GrantError}\n */\nfunction processGrantError(res) {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n if (ErrorConstructor === OAuthError && res instanceof WebexHttpError) {\n return Promise.reject(res);\n }\n if (!ErrorConstructor) {\n return Promise.reject(res);\n }\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n}\n\n/**\n * @class\n */\nconst Token = WebexPlugin.extend({\n derived: {\n /**\n * Indicates if this token can be used in an auth header. `true` iff\n * {@link Token#access_token} is defined and {@link Token#isExpired} is\n * false.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canAuthorize: {\n deps: ['access_token', 'isExpired'],\n fn() {\n return !!this.access_token && !this.isExpired;\n },\n },\n\n /**\n * Indicates that this token can be downscoped. `true` iff\n * {@link config.credentials.client_id} is defined and if\n * {@link Token#canAuthorize} is true\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.client_id}. As such,\n * {@link config.credentials.client_id} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canDownscope: {\n deps: ['canAuthorize'],\n fn() {\n return this.canAuthorize && !!this.config.client_id;\n },\n },\n\n /**\n * Indicates if this token can be refreshed. `true` iff\n * {@link Token@refresh_token} is defined and\n * {@link config.credentials.refreshCallback()} is defined\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.refreshCallback()}. As such,\n * {@link config.credentials.refreshCallback()} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canRefresh: {\n deps: ['refresh_token'],\n fn() {\n if (inBrowser) {\n return !!this.refresh_token && !!this.config.refreshCallback;\n }\n\n return !!this.refresh_token && !!this.config.client_secret;\n },\n },\n\n /**\n * Indicates if this `Token` is expired. `true` iff {@link Token#expires} is\n * defined and is less than {@link Date.now()}.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n isExpired: {\n deps: ['expires', '_isExpired'],\n fn() {\n // in order to avoid setting `cache:false`, we'll use a private property\n // and a timer rather than comparing to `Date.now()`;\n return !!this.expires && this._isExpired;\n },\n },\n\n /**\n * Cache for toString()\n * @instance\n * @memberof Token\n * @private\n * @readonly\n * @type {string}\n */\n _string: {\n deps: ['access_token', 'token_type'],\n fn() {\n if (!this.access_token || !this.token_type) {\n return '';\n }\n\n return `${this.token_type} ${this.access_token}`;\n },\n },\n },\n\n namespace: 'Credentials',\n\n props: {\n /**\n * Used for indexing in the credentials userTokens collection\n * @instance\n * @memberof Token\n * @private\n * @type {string}\n */\n scope: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n access_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires_in: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n refresh_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires_in: 'number',\n /**\n * @default \"Bearer\"\n * @instance\n * @memberof Token\n * @type {string}\n */\n token_type: {\n default: 'Bearer',\n type: 'string',\n },\n },\n\n session: {\n /**\n * Used by {@link Token#isExpired} to avoid doing a Date comparison.\n * @instance\n * @memberof Token\n * @private\n * @type {boolean}\n */\n _isExpired: {\n default: false,\n type: 'boolean',\n },\n /**\n * Handle to the previous token that we'll revoke when we refresh this\n * token. The idea is to keep allow two valid tokens when a refresh occurs;\n * we don't want revoke a token that's in the middle of being used, so when\n * we do a token refresh, we won't revoke the token being refreshed, but\n * we'll revoke the previous one.\n * @instance\n * @memberof Token\n * @private\n * @type {Object}\n */\n previousToken: {\n type: 'state',\n },\n },\n\n @oneFlight({\n keyFactory(scope) {\n return scope;\n },\n })\n /**\n * Uses this token to request a new Token with a subset of this Token's scopes\n * @instance\n * @memberof Token\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n this.logger.info(`token: downscoping token to ${scope}`);\n\n if (this.isExpired) {\n this.logger.info('token: request received to downscope expired access_token');\n\n return Promise.reject(new Error('cannot downscope expired access token'));\n }\n\n if (!this.canDownscope) {\n if (this.config.client_id) {\n this.logger.info('token: request received to downscope invalid access_token');\n } else {\n this.logger.trace('token: cannot downscope without client_id');\n }\n\n return Promise.reject(new Error('cannot downscope access token'));\n }\n\n // Since we're going to use scope as the index in our token collection, it's\n // important scopes are always deterministically specified.\n if (scope) {\n scope = sortScope(scope);\n }\n\n // Ideally, we could depend on the service to communicate this error, but\n // all we get is \"invalid scope\", which, to the lay person, implies\n // something wrong with *one* of the scopes, not the whole thing.\n if (scope === sortScope(this.config.scope)) {\n return Promise.reject(new Error('token: scope reduction requires a reduced scope'));\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n addAuthHeader: false,\n form: {\n grant_type: 'urn:cisco:oauth:grant-type:scope-reduction',\n token: this.access_token,\n scope,\n client_id: this.config.client_id,\n self_contained_token: true,\n },\n })\n .then((res) => {\n this.logger.info(`token: downscoped token to ${scope}`);\n\n return new Token(Object.assign(res.body, {scope}), {parent: this.parent});\n });\n },\n\n /**\n * Initializer\n * @instance\n * @memberof Token\n * @param {Object} [attrs={}]\n * @param {Object} [options={}]\n * @see {@link WebexPlugin#initialize()}\n * @returns {Token}\n */\n initialize(attrs = {}, options = {}) {\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n if (typeof attrs === 'string') {\n this.access_token = attrs;\n }\n\n if (!this.access_token) {\n throw new Error('`access_token` is required');\n }\n\n // We don't want the derived property `isExpired` to need {cache:false}, so\n // we'll set up a timer the runs when this token should expire.\n if (this.expires) {\n if (this.expires < Date.now()) {\n this._isExpired = true;\n } else {\n safeSetTimeout(() => {\n this._isExpired = true;\n }, this.expires - Date.now());\n }\n }\n },\n\n @oneFlight\n /**\n * Refreshes this Token. Relies on\n * {@link config.credentials.refreshCallback()}\n * @instance\n * @memberof Token\n * @returns {Promise<Token>}\n */\n refresh() {\n if (!this.canRefresh) {\n throw new Error('Not enough information available to refresh this access token');\n }\n\n let promise;\n\n if (inBrowser) {\n if (!this.config.refreshCallback) {\n throw new Error('Cannot refresh access token without refreshCallback');\n }\n\n promise = Promise.resolve(this.config.refreshCallback(this.webex, this));\n }\n\n return (\n promise ||\n this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form: {\n grant_type: 'refresh_token',\n redirect_uri: this.config.redirect_uri,\n refresh_token: this.refresh_token,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then((res) => res.body)\n )\n .then((obj) => {\n if (!obj) {\n throw new Error('token: refreshCallback() did not produce an object');\n }\n // If the authentication server did not send back a refresh token, copy\n // the current refresh token and related values to the response (note:\n // at time of implementation, CI never sends a new refresh token)\n if (!obj.refresh_token) {\n Object.assign(\n obj,\n pick(this, 'refresh_token', 'refresh_token_expires', 'refresh_token_expires_in')\n );\n }\n\n // If the new token is the same as the previous token, then we may have\n // found a bug in CI; log the details and reject the Promise\n if (this.access_token === obj.access_token) {\n this.logger.error('token: new token matches current token');\n // log the tokens if it is not production\n if (process.env.NODE_ENV !== 'production') {\n this.logger.error('token: current token:', this.access_token);\n this.logger.error('token: new token:', obj.access_token);\n }\n\n return Promise.reject(new Error('new token matches current token'));\n }\n\n if (this.previousToken) {\n this.previousToken.revoke();\n this.unset('previousToken');\n }\n\n obj.previousToken = this;\n obj.scope = this.scope;\n\n return new Token(obj, {parent: this.parent});\n })\n .catch(processGrantError);\n },\n\n @oneFlight\n /**\n * Revokes this token and unsets its local properties\n * @instance\n * @memberof Token\n * @returns {Promise}\n */\n revoke() {\n if (this.isExpired) {\n this.logger.info('token: already expired, not making making revocation request');\n\n return Promise.resolve();\n }\n\n if (!this.canAuthorize) {\n this.logger.info('token: no longer valid, not making revocation request');\n\n return Promise.resolve();\n }\n\n // FIXME we need to use the user token revocation endpoint to revoke a token\n // without a client_secret, but it doesn't current support using a token to\n // revoke itself\n // Note: I'm not making a canRevoke property because there should be changes\n // coming to the user token revocation endpoint that allow us to do this\n // correctly.\n if (!this.config.client_secret) {\n this.logger.info('token: no client secret available, not making revocation request');\n\n return Promise.resolve();\n }\n\n this.logger.info('token: revoking access token');\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.revokeUrl,\n form: {\n token: this.access_token,\n token_type_hint: 'access_token',\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then(() => {\n this.unset(['access_token', 'expires', 'expires_in', 'token_type']);\n this.logger.info('token: access token revoked');\n })\n .catch(processGrantError);\n },\n\n set(...args) {\n // eslint-disable-next-line prefer-const\n let [attrs, options] = this._filterSetParameters(...args);\n\n if (!attrs.token_type && attrs.access_token && attrs.access_token.includes(' ')) {\n const [token_type, access_token] = attrs.access_token.split(' ');\n\n attrs = {...attrs, access_token, token_type};\n }\n const now = Date.now();\n\n if (!attrs.expires && attrs.expires_in) {\n attrs.expires = now + attrs.expires_in * 1000;\n }\n\n if (!attrs.refresh_token_expires && attrs.refresh_token_expires_in) {\n attrs.refresh_token_expires = now + attrs.refresh_token_expires_in * 1000;\n }\n\n if (attrs.scope) {\n attrs.scope = sortScope(attrs.scope);\n }\n\n return Reflect.apply(WebexPlugin.prototype.set, this, [attrs, options]);\n },\n\n /**\n * Renders the token object as an HTTP Header Value\n * @instance\n * @memberof Token\n * @returns {string}\n * @see {@link Object#toString()}\n */\n toString() {\n if (!this._string) {\n throw new Error('cannot stringify Token');\n }\n\n return this._string;\n },\n\n /**\n * Uses a non-producation api to return information about this token. This\n * method is primarily for tests and will throw if NODE_ENV === production\n * @instance\n * @memberof Token\n * @private\n * @returns {Promise}\n */\n validate() {\n if (process.env.NODE_ENV === 'production') {\n throw new Error('Token#validate() must not be used in production');\n }\n\n return this.webex\n .request({\n method: 'POST',\n service: 'conversation',\n resource: 'users/validateAuthToken',\n body: {\n token: this.access_token,\n },\n })\n .catch((reason) => {\n if ('statusCode' in reason) {\n return Promise.reject(reason);\n }\n this.logger.info(\"REMINDER: If you're investigating a network error here, it's normal\");\n\n // If we got an error that isn't a WebexHttpError, assume the problem is\n // that we don't have the wdm plugin loaded and service/resource isn't\n // a valid means of identifying a request.\n const convApi =\n process.env.CONVERSATION_SERVICE ||\n process.env.CONVERSATION_SERVICE_URL ||\n 'https://conv-a.wbx2.com/conversation/api/v1';\n\n return this.webex.request({\n method: 'POST',\n uri: `${convApi}/users/validateAuthToken`,\n body: {\n token: this.access_token,\n },\n headers: {\n authorization: `Bearer ${this.access_token}`,\n },\n });\n })\n .then((res) => res.body);\n },\n});\n\nexport default Token;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAKA;AACA;AAEA;AACA;AAEA;AACA;AAAuD;AAAA;AAAA;AAAA;AAAA;AAEvD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,iBAAiB,CAACC,GAAG,EAAE;EAC9B,IAAIA,GAAG,CAACC,UAAU,KAAK,GAAG,EAAE;IAC1B,OAAO,iBAAQC,MAAM,CAACF,GAAG,CAAC;EAC5B;EAEA,IAAMG,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACL,GAAG,CAACM,IAAI,CAACC,KAAK,CAAC;EAE3D,IAAIJ,gBAAgB,KAAKK,uBAAU,IAAIR,GAAG,YAAYS,uBAAc,EAAE;IACpE,OAAO,iBAAQP,MAAM,CAACF,GAAG,CAAC;EAC5B;EACA,IAAI,CAACG,gBAAgB,EAAE;IACrB,OAAO,iBAAQD,MAAM,CAACF,GAAG,CAAC;EAC5B;EAEA,OAAO,iBAAQE,MAAM,CAAC,IAAIC,gBAAgB,CAACH,GAAG,CAACU,IAAI,IAAIV,GAAG,CAAC,CAAC;AAC9D;;AAEA;AACA;AACA;AACA,IAAMW,KAAK,GAAGC,oBAAW,CAACC,MAAM,SA4L7B,IAAAC,iBAAS,EAAC;EACTC,UAAU,sBAACC,KAAK,EAAE;IAChB,OAAOA,KAAK;EACd;AACF,CAAC,CAAC,UAhM6B;EAC/BC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;MACnCC,EAAE,gBAAG;QACH,OAAO,CAAC,CAAC,IAAI,CAACC,YAAY,IAAI,CAAC,IAAI,CAACC,SAAS;MAC/C;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZJ,IAAI,EAAE,CAAC,cAAc,CAAC;MACtBC,EAAE,gBAAG;QACH,OAAO,IAAI,CAACF,YAAY,IAAI,CAAC,CAAC,IAAI,CAACM,MAAM,CAACC,SAAS;MACrD;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,UAAU,EAAE;MACVP,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,gBAAG;QACH,IAAIO,iBAAS,EAAE;UACb,OAAO,CAAC,CAAC,IAAI,CAACC,aAAa,IAAI,CAAC,CAAC,IAAI,CAACJ,MAAM,CAACK,eAAe;QAC9D;QAEA,OAAO,CAAC,CAAC,IAAI,CAACD,aAAa,IAAI,CAAC,CAAC,IAAI,CAACJ,MAAM,CAACM,aAAa;MAC5D;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIR,SAAS,EAAE;MACTH,IAAI,EAAE,CAAC,SAAS,EAAE,YAAY,CAAC;MAC/BC,EAAE,gBAAG;QACH;QACA;QACA,OAAO,CAAC,CAAC,IAAI,CAACW,OAAO,IAAI,IAAI,CAACC,UAAU;MAC1C;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,OAAO,EAAE;MACPd,IAAI,EAAE,CAAC,cAAc,EAAE,YAAY,CAAC;MACpCC,EAAE,gBAAG;QACH,IAAI,CAAC,IAAI,CAACC,YAAY,IAAI,CAAC,IAAI,CAACa,UAAU,EAAE;UAC1C,OAAO,EAAE;QACX;QAEA,iBAAU,IAAI,CAACA,UAAU,cAAI,IAAI,CAACb,YAAY;MAChD;IACF;EACF,CAAC;EAEDc,SAAS,EAAE,aAAa;EAExBC,KAAK,EAAE;IACL;AACJ;AACA;AACA;AACA;AACA;AACA;IACIpB,KAAK,EAAE,QAAQ;IACf;AACJ;AACA;AACA;AACA;IACIK,YAAY,EAAE,QAAQ;IACtB;AACJ;AACA;AACA;AACA;IACIU,OAAO,EAAE,QAAQ;IACjB;AACJ;AACA;AACA;AACA;IACIM,UAAU,EAAE,QAAQ;IACpB;AACJ;AACA;AACA;AACA;IACIT,aAAa,EAAE,QAAQ;IACvB;AACJ;AACA;AACA;AACA;IACIU,qBAAqB,EAAE,QAAQ;IAC/B;AACJ;AACA;AACA;AACA;IACIC,wBAAwB,EAAE,QAAQ;IAClC;AACJ;AACA;AACA;AACA;AACA;IACIL,UAAU,EAAE;MACVM,OAAO,EAAE,QAAQ;MACjBC,IAAI,EAAE;IACR;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;IACIV,UAAU,EAAE;MACVQ,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIE,aAAa,EAAE;MACbF,IAAI,EAAE;IACR;EACF,CAAC;EAOD;AACF;AACA;AACA;AACA;AACA;AACA;EACEG,SAAS,qBAAC5B,KAAK,EAAE;IAAA;IACf,IAAI,CAAC6B,MAAM,CAACC,IAAI,uCAAgC9B,KAAK,EAAG;IAExD,IAAI,IAAI,CAACM,SAAS,EAAE;MAClB,IAAI,CAACuB,MAAM,CAACC,IAAI,CAAC,2DAA2D,CAAC;MAE7E,OAAO,iBAAQ5C,MAAM,CAAC,IAAI6C,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3E;IAEA,IAAI,CAAC,IAAI,CAACxB,YAAY,EAAE;MACtB,IAAI,IAAI,CAACC,MAAM,CAACC,SAAS,EAAE;QACzB,IAAI,CAACoB,MAAM,CAACC,IAAI,CAAC,2DAA2D,CAAC;MAC/E,CAAC,MAAM;QACL,IAAI,CAACD,MAAM,CAACG,KAAK,CAAC,2CAA2C,CAAC;MAChE;MAEA,OAAO,iBAAQ9C,MAAM,CAAC,IAAI6C,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnE;;IAEA;IACA;IACA,IAAI/B,KAAK,EAAE;MACTA,KAAK,GAAG,IAAAiC,gBAAS,EAACjC,KAAK,CAAC;IAC1B;;IAEA;IACA;IACA;IACA,IAAIA,KAAK,KAAK,IAAAiC,gBAAS,EAAC,IAAI,CAACzB,MAAM,CAACR,KAAK,CAAC,EAAE;MAC1C,OAAO,iBAAQd,MAAM,CAAC,IAAI6C,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrF;IAEA,OAAO,IAAI,CAACG,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC7B,MAAM,CAAC8B,QAAQ;MACzBC,aAAa,EAAE,KAAK;MACpBC,IAAI,EAAE;QACJC,UAAU,EAAE,4CAA4C;QACxDC,KAAK,EAAE,IAAI,CAACrC,YAAY;QACxBL,KAAK,EAALA,KAAK;QACLS,SAAS,EAAE,IAAI,CAACD,MAAM,CAACC,SAAS;QAChCkC,oBAAoB,EAAE;MACxB;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAAC5D,GAAG,EAAK;MACb,KAAI,CAAC6C,MAAM,CAACC,IAAI,sCAA+B9B,KAAK,EAAG;MAEvD,OAAO,IAAIL,KAAK,CAAC,qBAAcX,GAAG,CAACM,IAAI,EAAE;QAACU,KAAK,EAALA;MAAK,CAAC,CAAC,EAAE;QAAC6C,MAAM,EAAE,KAAI,CAACA;MAAM,CAAC,CAAC;IAC3E,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,wBAA2B;IAAA;IAAA,IAA1BC,KAAK,uEAAG,CAAC,CAAC;IAAA,IAAEC,OAAO,uEAAG,CAAC,CAAC;IACjC,oBAAcpD,oBAAW,CAACqD,SAAS,CAACH,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC,CAAC;IAEvE,IAAI,OAAOD,KAAK,KAAK,QAAQ,EAAE;MAC7B,IAAI,CAAC1C,YAAY,GAAG0C,KAAK;IAC3B;IAEA,IAAI,CAAC,IAAI,CAAC1C,YAAY,EAAE;MACtB,MAAM,IAAI0B,KAAK,CAAC,4BAA4B,CAAC;IAC/C;;IAEA;IACA;IACA,IAAI,IAAI,CAAChB,OAAO,EAAE;MAChB,IAAI,IAAI,CAACA,OAAO,GAAG,mBAAU,EAAE;QAC7B,IAAI,CAACC,UAAU,GAAG,IAAI;MACxB,CAAC,MAAM;QACL,IAAAkC,4BAAc,EAAC,YAAM;UACnB,MAAI,CAAClC,UAAU,GAAG,IAAI;QACxB,CAAC,EAAE,IAAI,CAACD,OAAO,GAAG,mBAAU,CAAC;MAC/B;IACF;EACF,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;EACEoC,OAAO,qBAAG;IAAA;IACR,IAAI,CAAC,IAAI,CAACzC,UAAU,EAAE;MACpB,MAAM,IAAIqB,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,IAAIqB,OAAO;IAEX,IAAIzC,iBAAS,EAAE;MACb,IAAI,CAAC,IAAI,CAACH,MAAM,CAACK,eAAe,EAAE;QAChC,MAAM,IAAIkB,KAAK,CAAC,qDAAqD,CAAC;MACxE;MAEAqB,OAAO,GAAG,iBAAQC,OAAO,CAAC,IAAI,CAAC7C,MAAM,CAACK,eAAe,CAAC,IAAI,CAACqB,KAAK,EAAE,IAAI,CAAC,CAAC;IAC1E;IAEA,OAAO,CACLkB,OAAO,IACP,IAAI,CAAClB,KAAK,CACPC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC7B,MAAM,CAAC8B,QAAQ;MACzBE,IAAI,EAAE;QACJC,UAAU,EAAE,eAAe;QAC3Ba,YAAY,EAAE,IAAI,CAAC9C,MAAM,CAAC8C,YAAY;QACtC1C,aAAa,EAAE,IAAI,CAACA;MACtB,CAAC;MACD2C,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAAChD,MAAM,CAACC,SAAS;QAC3BgD,IAAI,EAAE,IAAI,CAACjD,MAAM,CAACM,aAAa;QAC/B4C,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDf,IAAI,CAAC,UAAC5D,GAAG;MAAA,OAAKA,GAAG,CAACM,IAAI;IAAA,EAAC,EAEzBsD,IAAI,CAAC,UAACgB,GAAG,EAAK;MACb,IAAI,CAACA,GAAG,EAAE;QACR,MAAM,IAAI7B,KAAK,CAAC,oDAAoD,CAAC;MACvE;MACA;MACA;MACA;MACA,IAAI,CAAC6B,GAAG,CAAChD,aAAa,EAAE;QACtB,qBACEgD,GAAG,EACH,oBAAK,MAAI,EAAE,eAAe,EAAE,uBAAuB,EAAE,0BAA0B,CAAC,CACjF;MACH;;MAEA;MACA;MACA,IAAI,MAAI,CAACvD,YAAY,KAAKuD,GAAG,CAACvD,YAAY,EAAE;QAC1C,MAAI,CAACwB,MAAM,CAACtC,KAAK,CAAC,wCAAwC,CAAC;QAC3D;QACA,IAAIsE,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzC,MAAI,CAAClC,MAAM,CAACtC,KAAK,CAAC,uBAAuB,EAAE,MAAI,CAACc,YAAY,CAAC;UAC7D,MAAI,CAACwB,MAAM,CAACtC,KAAK,CAAC,mBAAmB,EAAEqE,GAAG,CAACvD,YAAY,CAAC;QAC1D;QAEA,OAAO,iBAAQnB,MAAM,CAAC,IAAI6C,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,IAAI,MAAI,CAACJ,aAAa,EAAE;QACtB,MAAI,CAACA,aAAa,CAACqC,MAAM,EAAE;QAC3B,MAAI,CAACC,KAAK,CAAC,eAAe,CAAC;MAC7B;MAEAL,GAAG,CAACjC,aAAa,GAAG,MAAI;MACxBiC,GAAG,CAAC5D,KAAK,GAAG,MAAI,CAACA,KAAK;MAEtB,OAAO,IAAIL,KAAK,CAACiE,GAAG,EAAE;QAACf,MAAM,EAAE,MAAI,CAACA;MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CACDqB,KAAK,CAACnF,iBAAiB,CAAC;EAC7B,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;EACEiF,MAAM,oBAAG;IAAA;IACP,IAAI,IAAI,CAAC1D,SAAS,EAAE;MAClB,IAAI,CAACuB,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;MAEhF,OAAO,iBAAQuB,OAAO,EAAE;IAC1B;IAEA,IAAI,CAAC,IAAI,CAACnD,YAAY,EAAE;MACtB,IAAI,CAAC2B,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAO,iBAAQuB,OAAO,EAAE;IAC1B;;IAEA;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,CAAC,IAAI,CAAC7C,MAAM,CAACM,aAAa,EAAE;MAC9B,IAAI,CAACe,MAAM,CAACC,IAAI,CAAC,kEAAkE,CAAC;MAEpF,OAAO,iBAAQuB,OAAO,EAAE;IAC1B;IAEA,IAAI,CAACxB,MAAM,CAACC,IAAI,CAAC,8BAA8B,CAAC;IAEhD,OAAO,IAAI,CAACI,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC7B,MAAM,CAAC2D,SAAS;MAC1B3B,IAAI,EAAE;QACJE,KAAK,EAAE,IAAI,CAACrC,YAAY;QACxB+D,eAAe,EAAE;MACnB,CAAC;MACDb,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAAChD,MAAM,CAACC,SAAS;QAC3BgD,IAAI,EAAE,IAAI,CAACjD,MAAM,CAACM,aAAa;QAC/B4C,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDf,IAAI,CAAC,YAAM;MACV,MAAI,CAACqB,KAAK,CAAC,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;MACnE,MAAI,CAACpC,MAAM,CAACC,IAAI,CAAC,6BAA6B,CAAC;IACjD,CAAC,CAAC,CACDoC,KAAK,CAACnF,iBAAiB,CAAC;EAC7B,CAAC;EAEDsF,GAAG,iBAAU;IACX;IACA,4BAAuB,IAAI,CAACC,oBAAoB,OAAzB,IAAI,YAA8B;MAAA;MAApDvB,KAAK;MAAEC,OAAO;IAEnB,IAAI,CAACD,KAAK,CAAC7B,UAAU,IAAI6B,KAAK,CAAC1C,YAAY,IAAI0C,KAAK,CAAC1C,YAAY,CAACkE,QAAQ,CAAC,GAAG,CAAC,EAAE;MAC/E,4BAAmCxB,KAAK,CAAC1C,YAAY,CAACmE,KAAK,CAAC,GAAG,CAAC;QAAA;QAAzDtD,UAAU;QAAEb,YAAY;MAE/B0C,KAAK,mCAAOA,KAAK;QAAE1C,YAAY,EAAZA,YAAY;QAAEa,UAAU,EAAVA;MAAU,EAAC;IAC9C;IACA,IAAMuD,GAAG,GAAG,mBAAU;IAEtB,IAAI,CAAC1B,KAAK,CAAChC,OAAO,IAAIgC,KAAK,CAAC1B,UAAU,EAAE;MACtC0B,KAAK,CAAChC,OAAO,GAAG0D,GAAG,GAAG1B,KAAK,CAAC1B,UAAU,GAAG,IAAI;IAC/C;IAEA,IAAI,CAAC0B,KAAK,CAACzB,qBAAqB,IAAIyB,KAAK,CAACxB,wBAAwB,EAAE;MAClEwB,KAAK,CAACzB,qBAAqB,GAAGmD,GAAG,GAAG1B,KAAK,CAACxB,wBAAwB,GAAG,IAAI;IAC3E;IAEA,IAAIwB,KAAK,CAAC/C,KAAK,EAAE;MACf+C,KAAK,CAAC/C,KAAK,GAAG,IAAAiC,gBAAS,EAACc,KAAK,CAAC/C,KAAK,CAAC;IACtC;IAEA,OAAO,oBAAcJ,oBAAW,CAACqD,SAAS,CAACoB,GAAG,EAAE,IAAI,EAAE,CAACtB,KAAK,EAAEC,OAAO,CAAC,CAAC;EACzE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACE0B,QAAQ,sBAAG;IACT,IAAI,CAAC,IAAI,CAACzD,OAAO,EAAE;MACjB,MAAM,IAAIc,KAAK,CAAC,wBAAwB,CAAC;IAC3C;IAEA,OAAO,IAAI,CAACd,OAAO;EACrB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE0D,QAAQ,sBAAG;IAAA;IACT,IAAId,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;MACzC,MAAM,IAAIhC,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEA,OAAO,IAAI,CAACG,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdwC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,yBAAyB;MACnCvF,IAAI,EAAE;QACJoD,KAAK,EAAE,IAAI,CAACrC;MACd;IACF,CAAC,CAAC,CACD6D,KAAK,CAAC,UAACY,MAAM,EAAK;MACjB,IAAI,YAAY,IAAIA,MAAM,EAAE;QAC1B,OAAO,iBAAQ5F,MAAM,CAAC4F,MAAM,CAAC;MAC/B;MACA,MAAI,CAACjD,MAAM,CAACC,IAAI,CAAC,qEAAqE,CAAC;;MAEvF;MACA;MACA;MACA,IAAMiD,OAAO,GACXlB,OAAO,CAACC,GAAG,CAACkB,oBAAoB,IAChCnB,OAAO,CAACC,GAAG,CAACmB,wBAAwB,IACpC,6CAA6C;MAE/C,OAAO,MAAI,CAAC/C,KAAK,CAACC,OAAO,CAAC;QACxBC,MAAM,EAAE,MAAM;QACdC,GAAG,YAAK0C,OAAO,6BAA0B;QACzCzF,IAAI,EAAE;UACJoD,KAAK,EAAE,MAAI,CAACrC;QACd,CAAC;QACD6E,OAAO,EAAE;UACPC,aAAa,mBAAY,MAAI,CAAC9E,YAAY;QAC5C;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,CACDuC,IAAI,CAAC,UAAC5D,GAAG;MAAA,OAAKA,GAAG,CAACM,IAAI;IAAA,EAAC;EAC5B,CAAC;EAAA;AACH,CAAC,kMArOEQ,iBAAS,4HAmFTA,iBAAS,0EAkJV;AAAC,eAEYH,KAAK;AAAA"}
1
+ {"version":3,"names":["processGrantError","res","statusCode","reject","ErrorConstructor","grantErrors","select","body","error","OAuthError","WebexHttpError","_res","Token","WebexPlugin","extend","oneFlight","keyFactory","scope","derived","canAuthorize","deps","fn","access_token","isExpired","canDownscope","config","client_id","canRefresh","inBrowser","refresh_token","refreshCallback","client_secret","expires","_isExpired","_string","token_type","namespace","props","expires_in","refresh_token_expires","refresh_token_expires_in","default","type","session","previousToken","downscope","logger","info","Error","trace","diffScopes","sortScope","webex","request","method","uri","tokenUrl","addAuthHeader","form","grant_type","token","self_contained_token","then","parent","initialize","attrs","options","prototype","safeSetTimeout","refresh","promise","resolve","redirect_uri","auth","user","pass","sendImmediately","shouldRefreshAccessToken","obj","process","env","NODE_ENV","revoke","unset","catch","revokeUrl","token_type_hint","set","_filterSetParameters","includes","split","now","toString","validate","service","resource","reason","convApi","CONVERSATION_SERVICE","CONVERSATION_SERVICE_URL","headers","authorization"],"sources":["token.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {pick} from 'lodash';\nimport {inBrowser, oneFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\n\nimport WebexHttpError from '../webex-http-error';\nimport WebexPlugin from '../webex-plugin';\n\nimport {sortScope, diffScopes} from './scope';\nimport grantErrors, {OAuthError} from './grant-errors';\n\n/* eslint-disable camelcase */\n\n/**\n * Parse response from CI and converts to structured error when appropriate\n * @param {WebexHttpError} res\n * @private\n * @returns {GrantError}\n */\nfunction processGrantError(res) {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n if (ErrorConstructor === OAuthError && res instanceof WebexHttpError) {\n return Promise.reject(res);\n }\n if (!ErrorConstructor) {\n return Promise.reject(res);\n }\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n}\n\n/**\n * @class\n */\nconst Token = WebexPlugin.extend({\n derived: {\n /**\n * Indicates if this token can be used in an auth header. `true` iff\n * {@link Token#access_token} is defined and {@link Token#isExpired} is\n * false.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canAuthorize: {\n deps: ['access_token', 'isExpired'],\n fn() {\n return !!this.access_token && !this.isExpired;\n },\n },\n\n /**\n * Indicates that this token can be downscoped. `true` iff\n * {@link config.credentials.client_id} is defined and if\n * {@link Token#canAuthorize} is true\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.client_id}. As such,\n * {@link config.credentials.client_id} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canDownscope: {\n deps: ['canAuthorize'],\n fn() {\n return this.canAuthorize && !!this.config.client_id;\n },\n },\n\n /**\n * Indicates if this token can be refreshed. `true` iff\n * {@link Token@refresh_token} is defined and\n * {@link config.credentials.refreshCallback()} is defined\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.refreshCallback()}. As such,\n * {@link config.credentials.refreshCallback()} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canRefresh: {\n deps: ['refresh_token'],\n fn() {\n if (inBrowser) {\n return !!this.refresh_token && !!this.config.refreshCallback;\n }\n\n return !!this.refresh_token && !!this.config.client_secret;\n },\n },\n\n /**\n * Indicates if this `Token` is expired. `true` iff {@link Token#expires} is\n * defined and is less than {@link Date.now()}.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n isExpired: {\n deps: ['expires', '_isExpired'],\n fn() {\n // in order to avoid setting `cache:false`, we'll use a private property\n // and a timer rather than comparing to `Date.now()`;\n return !!this.expires && this._isExpired;\n },\n },\n\n /**\n * Cache for toString()\n * @instance\n * @memberof Token\n * @private\n * @readonly\n * @type {string}\n */\n _string: {\n deps: ['access_token', 'token_type'],\n fn() {\n if (!this.access_token || !this.token_type) {\n return '';\n }\n\n return `${this.token_type} ${this.access_token}`;\n },\n },\n },\n\n namespace: 'Credentials',\n\n props: {\n /**\n * Used for indexing in the credentials userTokens collection\n * @instance\n * @memberof Token\n * @private\n * @type {string}\n */\n scope: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n access_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires_in: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n refresh_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires_in: 'number',\n /**\n * @default \"Bearer\"\n * @instance\n * @memberof Token\n * @type {string}\n */\n token_type: {\n default: 'Bearer',\n type: 'string',\n },\n },\n\n session: {\n /**\n * Used by {@link Token#isExpired} to avoid doing a Date comparison.\n * @instance\n * @memberof Token\n * @private\n * @type {boolean}\n */\n _isExpired: {\n default: false,\n type: 'boolean',\n },\n /**\n * Handle to the previous token that we'll revoke when we refresh this\n * token. The idea is to keep allow two valid tokens when a refresh occurs;\n * we don't want revoke a token that's in the middle of being used, so when\n * we do a token refresh, we won't revoke the token being refreshed, but\n * we'll revoke the previous one.\n * @instance\n * @memberof Token\n * @private\n * @type {Object}\n */\n previousToken: {\n type: 'state',\n },\n },\n\n @oneFlight({\n keyFactory(scope) {\n return scope;\n },\n })\n /**\n * Uses this token to request a new Token with a subset of this Token's scopes\n * @instance\n * @memberof Token\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n this.logger.info(`token: downscoping token to ${scope}`);\n\n if (this.isExpired) {\n this.logger.info('token: request received to downscope expired access_token');\n\n return Promise.reject(new Error('cannot downscope expired access token'));\n }\n\n if (!this.canDownscope) {\n if (this.config.client_id) {\n this.logger.info('token: request received to downscope invalid access_token');\n } else {\n this.logger.trace('token: cannot downscope without client_id');\n }\n\n return Promise.reject(new Error('cannot downscope access token'));\n }\n\n if (diffScopes(scope, this.config.scope) !== '') {\n return Promise.reject(\n new Error(\n `new scope (${scope}) is not subset of the available scopes (${this.config.scope})`\n )\n );\n }\n\n // Since we're going to use scope as the index in our token collection, it's\n // important scopes are always deterministically specified.\n if (scope) {\n scope = sortScope(scope);\n }\n\n // Ideally, we could depend on the service to communicate this error, but\n // all we get is \"invalid scope\", which, to the lay person, implies\n // something wrong with *one* of the scopes, not the whole thing.\n if (scope === sortScope(this.config.scope)) {\n return Promise.reject(new Error('token: scope reduction requires a reduced scope'));\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n addAuthHeader: false,\n form: {\n grant_type: 'urn:cisco:oauth:grant-type:scope-reduction',\n token: this.access_token,\n scope,\n client_id: this.config.client_id,\n self_contained_token: true,\n },\n })\n .then((res) => {\n this.logger.info(`token: downscoped token to ${scope}`);\n\n return new Token(Object.assign(res.body, {scope}), {parent: this.parent});\n });\n },\n\n /**\n * Initializer\n * @instance\n * @memberof Token\n * @param {Object} [attrs={}]\n * @param {Object} [options={}]\n * @see {@link WebexPlugin#initialize()}\n * @returns {Token}\n */\n initialize(attrs = {}, options = {}) {\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n if (typeof attrs === 'string') {\n this.access_token = attrs;\n }\n\n if (!this.access_token) {\n throw new Error('`access_token` is required');\n }\n\n // We don't want the derived property `isExpired` to need {cache:false}, so\n // we'll set up a timer the runs when this token should expire.\n if (this.expires) {\n if (this.expires < Date.now()) {\n this._isExpired = true;\n } else {\n safeSetTimeout(() => {\n this._isExpired = true;\n }, this.expires - Date.now());\n }\n }\n },\n\n @oneFlight\n /**\n * Refreshes this Token. Relies on\n * {@link config.credentials.refreshCallback()}\n * @instance\n * @memberof Token\n * @returns {Promise<Token>}\n */\n refresh() {\n if (!this.canRefresh) {\n throw new Error('Not enough information available to refresh this access token');\n }\n\n let promise;\n\n if (inBrowser) {\n if (!this.config.refreshCallback) {\n throw new Error('Cannot refresh access token without refreshCallback');\n }\n\n promise = Promise.resolve(this.config.refreshCallback(this.webex, this));\n }\n\n return (\n promise ||\n this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form: {\n grant_type: 'refresh_token',\n redirect_uri: this.config.redirect_uri,\n refresh_token: this.refresh_token,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then((res) => res.body)\n )\n .then((obj) => {\n if (!obj) {\n throw new Error('token: refreshCallback() did not produce an object');\n }\n // If the authentication server did not send back a refresh token, copy\n // the current refresh token and related values to the response (note:\n // at time of implementation, CI never sends a new refresh token)\n if (!obj.refresh_token) {\n Object.assign(\n obj,\n pick(this, 'refresh_token', 'refresh_token_expires', 'refresh_token_expires_in')\n );\n }\n\n // If the new token is the same as the previous token, then we may have\n // found a bug in CI; log the details and reject the Promise\n if (this.access_token === obj.access_token) {\n this.logger.error('token: new token matches current token');\n // log the tokens if it is not production\n if (process.env.NODE_ENV !== 'production') {\n this.logger.error('token: current token:', this.access_token);\n this.logger.error('token: new token:', obj.access_token);\n }\n\n return Promise.reject(new Error('new token matches current token'));\n }\n\n if (this.previousToken) {\n this.previousToken.revoke();\n this.unset('previousToken');\n }\n\n obj.previousToken = this;\n obj.scope = this.scope;\n\n return new Token(obj, {parent: this.parent});\n })\n .catch(processGrantError);\n },\n\n @oneFlight\n /**\n * Revokes this token and unsets its local properties\n * @instance\n * @memberof Token\n * @returns {Promise}\n */\n revoke() {\n if (this.isExpired) {\n this.logger.info('token: already expired, not making making revocation request');\n\n return Promise.resolve();\n }\n\n if (!this.canAuthorize) {\n this.logger.info('token: no longer valid, not making revocation request');\n\n return Promise.resolve();\n }\n\n // FIXME we need to use the user token revocation endpoint to revoke a token\n // without a client_secret, but it doesn't current support using a token to\n // revoke itself\n // Note: I'm not making a canRevoke property because there should be changes\n // coming to the user token revocation endpoint that allow us to do this\n // correctly.\n if (!this.config.client_secret) {\n this.logger.info('token: no client secret available, not making revocation request');\n\n return Promise.resolve();\n }\n\n this.logger.info('token: revoking access token');\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.revokeUrl,\n form: {\n token: this.access_token,\n token_type_hint: 'access_token',\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then(() => {\n this.unset(['access_token', 'expires', 'expires_in', 'token_type']);\n this.logger.info('token: access token revoked');\n })\n .catch(processGrantError);\n },\n\n set(...args) {\n // eslint-disable-next-line prefer-const\n let [attrs, options] = this._filterSetParameters(...args);\n\n if (!attrs.token_type && attrs.access_token && attrs.access_token.includes(' ')) {\n const [token_type, access_token] = attrs.access_token.split(' ');\n\n attrs = {...attrs, access_token, token_type};\n }\n const now = Date.now();\n\n if (!attrs.expires && attrs.expires_in) {\n attrs.expires = now + attrs.expires_in * 1000;\n }\n\n if (!attrs.refresh_token_expires && attrs.refresh_token_expires_in) {\n attrs.refresh_token_expires = now + attrs.refresh_token_expires_in * 1000;\n }\n\n if (attrs.scope) {\n attrs.scope = sortScope(attrs.scope);\n }\n\n return Reflect.apply(WebexPlugin.prototype.set, this, [attrs, options]);\n },\n\n /**\n * Renders the token object as an HTTP Header Value\n * @instance\n * @memberof Token\n * @returns {string}\n * @see {@link Object#toString()}\n */\n toString() {\n if (!this._string) {\n throw new Error('cannot stringify Token');\n }\n\n return this._string;\n },\n\n /**\n * Uses a non-producation api to return information about this token. This\n * method is primarily for tests and will throw if NODE_ENV === production\n * @instance\n * @memberof Token\n * @private\n * @returns {Promise}\n */\n validate() {\n if (process.env.NODE_ENV === 'production') {\n throw new Error('Token#validate() must not be used in production');\n }\n\n return this.webex\n .request({\n method: 'POST',\n service: 'conversation',\n resource: 'users/validateAuthToken',\n body: {\n token: this.access_token,\n },\n })\n .catch((reason) => {\n if ('statusCode' in reason) {\n return Promise.reject(reason);\n }\n this.logger.info(\"REMINDER: If you're investigating a network error here, it's normal\");\n\n // If we got an error that isn't a WebexHttpError, assume the problem is\n // that we don't have the wdm plugin loaded and service/resource isn't\n // a valid means of identifying a request.\n const convApi =\n process.env.CONVERSATION_SERVICE ||\n process.env.CONVERSATION_SERVICE_URL ||\n 'https://conv-a.wbx2.com/conversation/api/v1';\n\n return this.webex.request({\n method: 'POST',\n uri: `${convApi}/users/validateAuthToken`,\n body: {\n token: this.access_token,\n },\n headers: {\n authorization: `Bearer ${this.access_token}`,\n },\n });\n })\n .then((res) => res.body);\n },\n});\n\nexport default Token;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAKA;AACA;AAEA;AACA;AAEA;AACA;AAAuD;AAAA;AAAA;AAAA;AAAA;AAEvD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,iBAAiB,CAACC,GAAG,EAAE;EAC9B,IAAIA,GAAG,CAACC,UAAU,KAAK,GAAG,EAAE;IAC1B,OAAO,iBAAQC,MAAM,CAACF,GAAG,CAAC;EAC5B;EAEA,IAAMG,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACL,GAAG,CAACM,IAAI,CAACC,KAAK,CAAC;EAE3D,IAAIJ,gBAAgB,KAAKK,uBAAU,IAAIR,GAAG,YAAYS,uBAAc,EAAE;IACpE,OAAO,iBAAQP,MAAM,CAACF,GAAG,CAAC;EAC5B;EACA,IAAI,CAACG,gBAAgB,EAAE;IACrB,OAAO,iBAAQD,MAAM,CAACF,GAAG,CAAC;EAC5B;EAEA,OAAO,iBAAQE,MAAM,CAAC,IAAIC,gBAAgB,CAACH,GAAG,CAACU,IAAI,IAAIV,GAAG,CAAC,CAAC;AAC9D;;AAEA;AACA;AACA;AACA,IAAMW,KAAK,GAAGC,oBAAW,CAACC,MAAM,SA4L7B,IAAAC,iBAAS,EAAC;EACTC,UAAU,sBAACC,KAAK,EAAE;IAChB,OAAOA,KAAK;EACd;AACF,CAAC,CAAC,UAhM6B;EAC/BC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;MACnCC,EAAE,gBAAG;QACH,OAAO,CAAC,CAAC,IAAI,CAACC,YAAY,IAAI,CAAC,IAAI,CAACC,SAAS;MAC/C;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZJ,IAAI,EAAE,CAAC,cAAc,CAAC;MACtBC,EAAE,gBAAG;QACH,OAAO,IAAI,CAACF,YAAY,IAAI,CAAC,CAAC,IAAI,CAACM,MAAM,CAACC,SAAS;MACrD;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,UAAU,EAAE;MACVP,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,gBAAG;QACH,IAAIO,iBAAS,EAAE;UACb,OAAO,CAAC,CAAC,IAAI,CAACC,aAAa,IAAI,CAAC,CAAC,IAAI,CAACJ,MAAM,CAACK,eAAe;QAC9D;QAEA,OAAO,CAAC,CAAC,IAAI,CAACD,aAAa,IAAI,CAAC,CAAC,IAAI,CAACJ,MAAM,CAACM,aAAa;MAC5D;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIR,SAAS,EAAE;MACTH,IAAI,EAAE,CAAC,SAAS,EAAE,YAAY,CAAC;MAC/BC,EAAE,gBAAG;QACH;QACA;QACA,OAAO,CAAC,CAAC,IAAI,CAACW,OAAO,IAAI,IAAI,CAACC,UAAU;MAC1C;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,OAAO,EAAE;MACPd,IAAI,EAAE,CAAC,cAAc,EAAE,YAAY,CAAC;MACpCC,EAAE,gBAAG;QACH,IAAI,CAAC,IAAI,CAACC,YAAY,IAAI,CAAC,IAAI,CAACa,UAAU,EAAE;UAC1C,OAAO,EAAE;QACX;QAEA,iBAAU,IAAI,CAACA,UAAU,cAAI,IAAI,CAACb,YAAY;MAChD;IACF;EACF,CAAC;EAEDc,SAAS,EAAE,aAAa;EAExBC,KAAK,EAAE;IACL;AACJ;AACA;AACA;AACA;AACA;AACA;IACIpB,KAAK,EAAE,QAAQ;IACf;AACJ;AACA;AACA;AACA;IACIK,YAAY,EAAE,QAAQ;IACtB;AACJ;AACA;AACA;AACA;IACIU,OAAO,EAAE,QAAQ;IACjB;AACJ;AACA;AACA;AACA;IACIM,UAAU,EAAE,QAAQ;IACpB;AACJ;AACA;AACA;AACA;IACIT,aAAa,EAAE,QAAQ;IACvB;AACJ;AACA;AACA;AACA;IACIU,qBAAqB,EAAE,QAAQ;IAC/B;AACJ;AACA;AACA;AACA;IACIC,wBAAwB,EAAE,QAAQ;IAClC;AACJ;AACA;AACA;AACA;AACA;IACIL,UAAU,EAAE;MACVM,OAAO,EAAE,QAAQ;MACjBC,IAAI,EAAE;IACR;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;IACIV,UAAU,EAAE;MACVQ,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIE,aAAa,EAAE;MACbF,IAAI,EAAE;IACR;EACF,CAAC;EAOD;AACF;AACA;AACA;AACA;AACA;AACA;EACEG,SAAS,qBAAC5B,KAAK,EAAE;IAAA;IACf,IAAI,CAAC6B,MAAM,CAACC,IAAI,uCAAgC9B,KAAK,EAAG;IAExD,IAAI,IAAI,CAACM,SAAS,EAAE;MAClB,IAAI,CAACuB,MAAM,CAACC,IAAI,CAAC,2DAA2D,CAAC;MAE7E,OAAO,iBAAQ5C,MAAM,CAAC,IAAI6C,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3E;IAEA,IAAI,CAAC,IAAI,CAACxB,YAAY,EAAE;MACtB,IAAI,IAAI,CAACC,MAAM,CAACC,SAAS,EAAE;QACzB,IAAI,CAACoB,MAAM,CAACC,IAAI,CAAC,2DAA2D,CAAC;MAC/E,CAAC,MAAM;QACL,IAAI,CAACD,MAAM,CAACG,KAAK,CAAC,2CAA2C,CAAC;MAChE;MAEA,OAAO,iBAAQ9C,MAAM,CAAC,IAAI6C,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnE;IAEA,IAAI,IAAAE,iBAAU,EAACjC,KAAK,EAAE,IAAI,CAACQ,MAAM,CAACR,KAAK,CAAC,KAAK,EAAE,EAAE;MAC/C,OAAO,iBAAQd,MAAM,CACnB,IAAI6C,KAAK,sBACO/B,KAAK,sDAA4C,IAAI,CAACQ,MAAM,CAACR,KAAK,OACjF,CACF;IACH;;IAEA;IACA;IACA,IAAIA,KAAK,EAAE;MACTA,KAAK,GAAG,IAAAkC,gBAAS,EAAClC,KAAK,CAAC;IAC1B;;IAEA;IACA;IACA;IACA,IAAIA,KAAK,KAAK,IAAAkC,gBAAS,EAAC,IAAI,CAAC1B,MAAM,CAACR,KAAK,CAAC,EAAE;MAC1C,OAAO,iBAAQd,MAAM,CAAC,IAAI6C,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrF;IAEA,OAAO,IAAI,CAACI,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC9B,MAAM,CAAC+B,QAAQ;MACzBC,aAAa,EAAE,KAAK;MACpBC,IAAI,EAAE;QACJC,UAAU,EAAE,4CAA4C;QACxDC,KAAK,EAAE,IAAI,CAACtC,YAAY;QACxBL,KAAK,EAALA,KAAK;QACLS,SAAS,EAAE,IAAI,CAACD,MAAM,CAACC,SAAS;QAChCmC,oBAAoB,EAAE;MACxB;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAAC7D,GAAG,EAAK;MACb,KAAI,CAAC6C,MAAM,CAACC,IAAI,sCAA+B9B,KAAK,EAAG;MAEvD,OAAO,IAAIL,KAAK,CAAC,qBAAcX,GAAG,CAACM,IAAI,EAAE;QAACU,KAAK,EAALA;MAAK,CAAC,CAAC,EAAE;QAAC8C,MAAM,EAAE,KAAI,CAACA;MAAM,CAAC,CAAC;IAC3E,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,wBAA2B;IAAA;IAAA,IAA1BC,KAAK,uEAAG,CAAC,CAAC;IAAA,IAAEC,OAAO,uEAAG,CAAC,CAAC;IACjC,oBAAcrD,oBAAW,CAACsD,SAAS,CAACH,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC,CAAC;IAEvE,IAAI,OAAOD,KAAK,KAAK,QAAQ,EAAE;MAC7B,IAAI,CAAC3C,YAAY,GAAG2C,KAAK;IAC3B;IAEA,IAAI,CAAC,IAAI,CAAC3C,YAAY,EAAE;MACtB,MAAM,IAAI0B,KAAK,CAAC,4BAA4B,CAAC;IAC/C;;IAEA;IACA;IACA,IAAI,IAAI,CAAChB,OAAO,EAAE;MAChB,IAAI,IAAI,CAACA,OAAO,GAAG,mBAAU,EAAE;QAC7B,IAAI,CAACC,UAAU,GAAG,IAAI;MACxB,CAAC,MAAM;QACL,IAAAmC,4BAAc,EAAC,YAAM;UACnB,MAAI,CAACnC,UAAU,GAAG,IAAI;QACxB,CAAC,EAAE,IAAI,CAACD,OAAO,GAAG,mBAAU,CAAC;MAC/B;IACF;EACF,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;EACEqC,OAAO,qBAAG;IAAA;IACR,IAAI,CAAC,IAAI,CAAC1C,UAAU,EAAE;MACpB,MAAM,IAAIqB,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,IAAIsB,OAAO;IAEX,IAAI1C,iBAAS,EAAE;MACb,IAAI,CAAC,IAAI,CAACH,MAAM,CAACK,eAAe,EAAE;QAChC,MAAM,IAAIkB,KAAK,CAAC,qDAAqD,CAAC;MACxE;MAEAsB,OAAO,GAAG,iBAAQC,OAAO,CAAC,IAAI,CAAC9C,MAAM,CAACK,eAAe,CAAC,IAAI,CAACsB,KAAK,EAAE,IAAI,CAAC,CAAC;IAC1E;IAEA,OAAO,CACLkB,OAAO,IACP,IAAI,CAAClB,KAAK,CACPC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC9B,MAAM,CAAC+B,QAAQ;MACzBE,IAAI,EAAE;QACJC,UAAU,EAAE,eAAe;QAC3Ba,YAAY,EAAE,IAAI,CAAC/C,MAAM,CAAC+C,YAAY;QACtC3C,aAAa,EAAE,IAAI,CAACA;MACtB,CAAC;MACD4C,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACjD,MAAM,CAACC,SAAS;QAC3BiD,IAAI,EAAE,IAAI,CAAClD,MAAM,CAACM,aAAa;QAC/B6C,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDf,IAAI,CAAC,UAAC7D,GAAG;MAAA,OAAKA,GAAG,CAACM,IAAI;IAAA,EAAC,EAEzBuD,IAAI,CAAC,UAACgB,GAAG,EAAK;MACb,IAAI,CAACA,GAAG,EAAE;QACR,MAAM,IAAI9B,KAAK,CAAC,oDAAoD,CAAC;MACvE;MACA;MACA;MACA;MACA,IAAI,CAAC8B,GAAG,CAACjD,aAAa,EAAE;QACtB,qBACEiD,GAAG,EACH,oBAAK,MAAI,EAAE,eAAe,EAAE,uBAAuB,EAAE,0BAA0B,CAAC,CACjF;MACH;;MAEA;MACA;MACA,IAAI,MAAI,CAACxD,YAAY,KAAKwD,GAAG,CAACxD,YAAY,EAAE;QAC1C,MAAI,CAACwB,MAAM,CAACtC,KAAK,CAAC,wCAAwC,CAAC;QAC3D;QACA,IAAIuE,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzC,MAAI,CAACnC,MAAM,CAACtC,KAAK,CAAC,uBAAuB,EAAE,MAAI,CAACc,YAAY,CAAC;UAC7D,MAAI,CAACwB,MAAM,CAACtC,KAAK,CAAC,mBAAmB,EAAEsE,GAAG,CAACxD,YAAY,CAAC;QAC1D;QAEA,OAAO,iBAAQnB,MAAM,CAAC,IAAI6C,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,IAAI,MAAI,CAACJ,aAAa,EAAE;QACtB,MAAI,CAACA,aAAa,CAACsC,MAAM,EAAE;QAC3B,MAAI,CAACC,KAAK,CAAC,eAAe,CAAC;MAC7B;MAEAL,GAAG,CAAClC,aAAa,GAAG,MAAI;MACxBkC,GAAG,CAAC7D,KAAK,GAAG,MAAI,CAACA,KAAK;MAEtB,OAAO,IAAIL,KAAK,CAACkE,GAAG,EAAE;QAACf,MAAM,EAAE,MAAI,CAACA;MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CACDqB,KAAK,CAACpF,iBAAiB,CAAC;EAC7B,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;EACEkF,MAAM,oBAAG;IAAA;IACP,IAAI,IAAI,CAAC3D,SAAS,EAAE;MAClB,IAAI,CAACuB,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;MAEhF,OAAO,iBAAQwB,OAAO,EAAE;IAC1B;IAEA,IAAI,CAAC,IAAI,CAACpD,YAAY,EAAE;MACtB,IAAI,CAAC2B,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAO,iBAAQwB,OAAO,EAAE;IAC1B;;IAEA;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,CAAC,IAAI,CAAC9C,MAAM,CAACM,aAAa,EAAE;MAC9B,IAAI,CAACe,MAAM,CAACC,IAAI,CAAC,kEAAkE,CAAC;MAEpF,OAAO,iBAAQwB,OAAO,EAAE;IAC1B;IAEA,IAAI,CAACzB,MAAM,CAACC,IAAI,CAAC,8BAA8B,CAAC;IAEhD,OAAO,IAAI,CAACK,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC9B,MAAM,CAAC4D,SAAS;MAC1B3B,IAAI,EAAE;QACJE,KAAK,EAAE,IAAI,CAACtC,YAAY;QACxBgE,eAAe,EAAE;MACnB,CAAC;MACDb,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACjD,MAAM,CAACC,SAAS;QAC3BiD,IAAI,EAAE,IAAI,CAAClD,MAAM,CAACM,aAAa;QAC/B6C,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDf,IAAI,CAAC,YAAM;MACV,MAAI,CAACqB,KAAK,CAAC,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;MACnE,MAAI,CAACrC,MAAM,CAACC,IAAI,CAAC,6BAA6B,CAAC;IACjD,CAAC,CAAC,CACDqC,KAAK,CAACpF,iBAAiB,CAAC;EAC7B,CAAC;EAEDuF,GAAG,iBAAU;IACX;IACA,4BAAuB,IAAI,CAACC,oBAAoB,OAAzB,IAAI,YAA8B;MAAA;MAApDvB,KAAK;MAAEC,OAAO;IAEnB,IAAI,CAACD,KAAK,CAAC9B,UAAU,IAAI8B,KAAK,CAAC3C,YAAY,IAAI2C,KAAK,CAAC3C,YAAY,CAACmE,QAAQ,CAAC,GAAG,CAAC,EAAE;MAC/E,4BAAmCxB,KAAK,CAAC3C,YAAY,CAACoE,KAAK,CAAC,GAAG,CAAC;QAAA;QAAzDvD,UAAU;QAAEb,YAAY;MAE/B2C,KAAK,mCAAOA,KAAK;QAAE3C,YAAY,EAAZA,YAAY;QAAEa,UAAU,EAAVA;MAAU,EAAC;IAC9C;IACA,IAAMwD,GAAG,GAAG,mBAAU;IAEtB,IAAI,CAAC1B,KAAK,CAACjC,OAAO,IAAIiC,KAAK,CAAC3B,UAAU,EAAE;MACtC2B,KAAK,CAACjC,OAAO,GAAG2D,GAAG,GAAG1B,KAAK,CAAC3B,UAAU,GAAG,IAAI;IAC/C;IAEA,IAAI,CAAC2B,KAAK,CAAC1B,qBAAqB,IAAI0B,KAAK,CAACzB,wBAAwB,EAAE;MAClEyB,KAAK,CAAC1B,qBAAqB,GAAGoD,GAAG,GAAG1B,KAAK,CAACzB,wBAAwB,GAAG,IAAI;IAC3E;IAEA,IAAIyB,KAAK,CAAChD,KAAK,EAAE;MACfgD,KAAK,CAAChD,KAAK,GAAG,IAAAkC,gBAAS,EAACc,KAAK,CAAChD,KAAK,CAAC;IACtC;IAEA,OAAO,oBAAcJ,oBAAW,CAACsD,SAAS,CAACoB,GAAG,EAAE,IAAI,EAAE,CAACtB,KAAK,EAAEC,OAAO,CAAC,CAAC;EACzE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACE0B,QAAQ,sBAAG;IACT,IAAI,CAAC,IAAI,CAAC1D,OAAO,EAAE;MACjB,MAAM,IAAIc,KAAK,CAAC,wBAAwB,CAAC;IAC3C;IAEA,OAAO,IAAI,CAACd,OAAO;EACrB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE2D,QAAQ,sBAAG;IAAA;IACT,IAAId,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;MACzC,MAAM,IAAIjC,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEA,OAAO,IAAI,CAACI,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdwC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,yBAAyB;MACnCxF,IAAI,EAAE;QACJqD,KAAK,EAAE,IAAI,CAACtC;MACd;IACF,CAAC,CAAC,CACD8D,KAAK,CAAC,UAACY,MAAM,EAAK;MACjB,IAAI,YAAY,IAAIA,MAAM,EAAE;QAC1B,OAAO,iBAAQ7F,MAAM,CAAC6F,MAAM,CAAC;MAC/B;MACA,MAAI,CAAClD,MAAM,CAACC,IAAI,CAAC,qEAAqE,CAAC;;MAEvF;MACA;MACA;MACA,IAAMkD,OAAO,GACXlB,OAAO,CAACC,GAAG,CAACkB,oBAAoB,IAChCnB,OAAO,CAACC,GAAG,CAACmB,wBAAwB,IACpC,6CAA6C;MAE/C,OAAO,MAAI,CAAC/C,KAAK,CAACC,OAAO,CAAC;QACxBC,MAAM,EAAE,MAAM;QACdC,GAAG,YAAK0C,OAAO,6BAA0B;QACzC1F,IAAI,EAAE;UACJqD,KAAK,EAAE,MAAI,CAACtC;QACd,CAAC;QACD8E,OAAO,EAAE;UACPC,aAAa,mBAAY,MAAI,CAAC/E,YAAY;QAC5C;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,CACDwC,IAAI,CAAC,UAAC7D,GAAG;MAAA,OAAKA,GAAG,CAACM,IAAI;IAAA,EAAC;EAC5B,CAAC;EAAA;AACH,CAAC,kMArOEQ,iBAAS,4HAmFTA,iBAAS,0EAkJV;AAAC,eAEYH,KAAK;AAAA"}
package/dist/lib/services/interceptors/server-error.js CHANGED
@@ -14,7 +14,7 @@ var _inherits2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/
14
14
  var _possibleConstructorReturn2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/possibleConstructorReturn"));
15
15
  var _getPrototypeOf2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/getPrototypeOf"));
16
16
  var _httpCore = require("@webex/http-core");
17
- var _webexCore = require("@webex/webex-core");
17
+ var _webexHttpError = _interopRequireDefault(require("../../webex-http-error"));
18
18
  function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = (0, _getPrototypeOf2.default)(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = (0, _getPrototypeOf2.default)(this).constructor; result = _Reflect$construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return (0, _possibleConstructorReturn2.default)(this, result); }; }
19
19
  function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !_Reflect$construct) return false; if (_Reflect$construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(_Reflect$construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
20
20
  /**
@@ -37,7 +37,7 @@ var ServerErrorInterceptor = /*#__PURE__*/function (_Interceptor) {
37
37
  * @returns {Object}
38
38
  */
39
39
  function onResponseError(options, reason) {
40
- if ((reason instanceof _webexCore.WebexHttpError.InternalServerError || reason instanceof _webexCore.WebexHttpError.BadGateway || reason instanceof _webexCore.WebexHttpError.ServiceUnavailable) && options.uri) {
40
+ if ((reason instanceof _webexHttpError.default.InternalServerError || reason instanceof _webexHttpError.default.BadGateway || reason instanceof _webexHttpError.default.ServiceUnavailable) && options.uri) {
41
41
  var feature = this.webex.internal.device.features.developer.get('web-high-availability');
42
42
  if (feature && feature.value) {
43
43
  this.webex.internal.metrics.submitClientMetrics('web-ha', {