@webex/webex-core 3.12.0-next.18 → 3.12.0-next.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/lib/batcher.js +1 -1
  2. package/dist/lib/credentials/credentials.js +18 -7
  3. package/dist/lib/credentials/credentials.js.map +1 -1
  4. package/dist/lib/credentials/token.js +1 -1
  5. package/dist/lib/services/services.js +1 -1
  6. package/dist/lib/services-v2/services-v2.js +1 -1
  7. package/dist/plugins/logger.js +1 -1
  8. package/dist/webex-core.js +2 -2
  9. package/package.json +13 -13
  10. package/src/lib/credentials/credentials.js +19 -6
  11. package/test/unit/spec/credentials/credentials.js +61 -0
package/dist/lib/batcher.js CHANGED
@@ -302,7 +302,7 @@ var Batcher = _webexPlugin.default.extend({
302
302
  fingerprintResponse: function fingerprintResponse(item) {
303
303
  throw new Error('fingerprintResponse() must be implemented');
304
304
  },
305
- version: "3.12.0-next.18"
305
+ version: "3.12.0-next.19"
306
306
  });
307
307
  var _default2 = exports.default = Batcher;
308
308
  //# sourceMappingURL=batcher.js.map
package/dist/lib/credentials/credentials.js CHANGED
@@ -14,7 +14,6 @@ _Object$defineProperty(exports, "__esModule", {
14
14
  });
15
15
  exports.default = void 0;
16
16
  var _deleteProperty = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/reflect/delete-property"));
17
- var _stringify = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/json/stringify"));
18
17
  var _keys = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/keys"));
19
18
  var _apply = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/reflect/apply"));
20
19
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
@@ -129,7 +128,7 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
129
128
  clientType: 'public'
130
129
  };
131
130
  /* eslint-disable camelcase */
132
- if (options.state && !(0, _lodash.isObject)(options.state)) {
131
+ if (options.state !== undefined && !(0, _lodash.isObject)(options.state)) {
133
132
  throw new Error('if specified, `options.state` must be an object');
134
133
  }
135
134
  options.client_id = this.config.client_id;
@@ -142,7 +141,7 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
142
141
  (0, _deleteProperty.default)(options, 'clientType');
143
142
  if (options.state) {
144
143
  if (!(0, _lodash.isEmpty)(options.state)) {
145
- options.state = _common.base64.toBase64Url((0, _stringify.default)(options.state));
144
+ options.state = (0, _common.encodeState)(options.state);
146
145
  } else {
147
146
  delete options.state;
148
147
  }
@@ -236,22 +235,34 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
236
235
  * `microsoft`, `apple`, ...). Required.
237
236
  * @param {string} options.returnURL - URL IdBroker should send the user
238
237
  * back to after the third-party hand-off. Required.
238
+ * @param {Object} [options.state] - Optional state object. When non-empty
239
+ * it is JSON-stringified and base64url-encoded, then emitted as the
240
+ * top-level `state` query param so IdBroker can echo it back unchanged
241
+ * on the callback (mirrors `buildLoginUrl`).
239
242
  * @returns {string}
240
243
  */
241
244
  buildThirdPartyLoginUrl: function buildThirdPartyLoginUrl() {
242
245
  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
243
246
  var oauth2provider = options.oauth2provider,
244
- returnURL = options.returnURL;
247
+ returnURL = options.returnURL,
248
+ state = options.state;
245
249
  if (!oauth2provider) {
246
250
  throw new Error('`options.oauth2provider` is required');
247
251
  }
248
252
  if (!returnURL) {
249
253
  throw new Error('`options.returnURL` is required');
250
254
  }
251
- return "".concat(this.config.thirdPartyLoginUrl, "?").concat(_querystring.default.stringify({
255
+ if (state !== undefined && !(0, _lodash.isObject)(state)) {
256
+ throw new Error('if specified, `options.state` must be an object');
257
+ }
258
+ var query = {
252
259
  oauth2provider: oauth2provider,
253
260
  returnURL: returnURL
254
- }));
261
+ };
262
+ if (state && !(0, _lodash.isEmpty)(state)) {
263
+ query.state = (0, _common.encodeState)(state);
264
+ }
265
+ return "".concat(this.config.thirdPartyLoginUrl, "?").concat(_querystring.default.stringify(query));
255
266
  },
256
267
  /**
257
268
  * Generates a Logout URL
@@ -589,7 +600,7 @@ var Credentials = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
589
600
  this.refresh();
590
601
  }
591
602
  },
592
- version: "3.12.0-next.18"
603
+ version: "3.12.0-next.19"
593
604
  }, (0, _applyDecoratedDescriptor2.default)(_obj, "getUserToken", [_dec, _dec2], (0, _getOwnPropertyDescriptor.default)(_obj, "getUserToken"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "initialize", [_dec3], (0, _getOwnPropertyDescriptor.default)(_obj, "initialize"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "invalidate", [_common.oneFlight, _dec4], (0, _getOwnPropertyDescriptor.default)(_obj, "invalidate"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "refresh", [_common.oneFlight, _dec5, _dec6], (0, _getOwnPropertyDescriptor.default)(_obj, "refresh"), _obj), _obj));
594
605
  var _default = exports.default = Credentials;
595
606
  //# sourceMappingURL=credentials.js.map
package/dist/lib/credentials/credentials.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_jsonwebtoken","_common","_commonTimers","_lodash","_webexPlugin","_decorators","_grantErrors","_interopRequireWildcard","_scope","_token","_tokenCollection","_constants","_dec","_dec2","_dec3","_dec4","_dec5","_dec6","_obj","e","t","_WeakMap","r","n","__esModule","o","i","f","__proto__","default","_typeof","has","get","set","_t","hasOwnProperty","call","_Object$defineProperty","_Object$getOwnPropertyDescriptor2","ownKeys","_Object$keys2","_Object$getOwnPropertySymbols","filter","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","_Object$getOwnPropertyDescriptors","_Object$defineProperties","Credentials","WebexPlugin","extend","oneFlight","keyFactory","scope","waitForValue","persist","whileInFlight","collections","userTokens","TokenCollection","dataTypes","token","makeStateDataType","Token","dataType","derived","canAuthorize","deps","fn","Boolean","supertoken","canRefresh","config","jwtRefreshCallback","isUnverifiedGuest","isGuest","JSON","parse","base64","decode","access_token","split","user_type","_unused","props","prop","namespace","session","isRefreshing","type","ready","refreshTimer","undefined","buildLoginUrl","options","clientType","state","isObject","Error","client_id","redirect_uri","cloneDeep","response_type","_deleteProperty","isEmpty","toBase64Url","_stringify","concat","authorizeUrl","querystring","stringify","getOrgId","logger","info","extractOrgIdFromJWT","_this$supertoken","extractOrgIdFromUserToken","decodedJWT","jwt","realm","fields","buildThirdPartyLoginUrl","oauth2provider","returnURL","thirdPartyLoginUrl","buildLogoutUrl","logoutUrl","cisService","service","goto","calcRefreshTimeout","expiration","Math","floor","random","constructor","_this","_dataTypes","_keys","key","bind","_len","args","Array","_key","_apply","downscope","_this2","catch","reason","_reason$body","failReason","body","warn","trace","webex","internal","metrics","submitClientMetrics","METRICS","JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED","requestedScope","_promise","resolve","serialize","parent","getClientToken","_this3","request","method","uri","tokenUrl","form","grant_type","self_contained_token","auth","user","pass","client_secret","sendImmediately","shouldRefreshAccessToken","then","res","statusCode","reject","ErrorConstructor","grantErrors","select","error","_res","getUserToken","_this4","once","filterScope","sortScope","tap","add","initialize","attrs","_this5","authorization","expires","scheduleRefresh","prototype","listenToOnce","authorizationString","parsed","url","query","href","substr","indexOf","invalidate","clearTimeout","unset","err","models","remove","refresh","_this6","tokens","clone","requestAccessTokenFromJwt","services","updateCredentialsConfig","OAuthError","trigger","st","invalidScopes","diffScopes","JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH","all","map","tokenScope","revoke","_this7","expiresIn","_now","timeoutLength","safeSetTimeout","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","_default","exports"],"sources":["credentials.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\n\nimport jwt from 'jsonwebtoken';\nimport {base64, makeStateDataType, oneFlight, tap, whileInFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {clone, cloneDeep, isObject, isEmpty} from 'lodash';\n\nimport WebexPlugin from '../webex-plugin';\nimport {persist, waitForValue} from '../storage/decorators';\n\nimport grantErrors, {OAuthError} from './grant-errors';\nimport {filterScope, diffScopes, sortScope} from './scope';\nimport Token from './token';\nimport TokenCollection from './token-collection';\nimport {METRICS} from '../constants';\n\n/**\n * @class\n */\nconst Credentials = WebexPlugin.extend({\n collections: {\n userTokens: TokenCollection,\n },\n\n dataTypes: {\n token: makeStateDataType(Token, 'token').dataType,\n },\n\n derived: {\n canAuthorize: {\n deps: ['supertoken', 'supertoken.canAuthorize', 'canRefresh'],\n fn() {\n return Boolean((this.supertoken && this.supertoken.canAuthorize) || this.canRefresh);\n },\n },\n canRefresh: {\n deps: ['supertoken', 'supertoken.canRefresh'],\n fn() {\n // If we're operating in JWT mode, we have to delegate to the consumer\n if (this.config.jwtRefreshCallback) {\n return true;\n }\n\n return Boolean(this.supertoken && this.supertoken.canRefresh);\n },\n },\n isUnverifiedGuest: {\n deps: ['supertoken'],\n /**\n * Returns true if the user is an unverified guest\n * @returns {boolean}\n */\n fn() {\n let isGuest = false;\n try {\n isGuest =\n JSON.parse(base64.decode(this.supertoken.access_token.split('.')[1])).user_type ===\n 'guest';\n } catch {\n /* the non-guest token is formatted differently so catch is expected */\n }\n\n return isGuest;\n },\n },\n },\n\n props: {\n supertoken: makeStateDataType(Token, 'token').prop,\n },\n\n namespace: 'Credentials',\n\n session: {\n isRefreshing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Becomes `true` once the {@link loaded} event fires.\n * @see {@link WebexPlugin#ready}\n * @instance\n * @memberof Credentials\n * @type {boolean}\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n refreshTimer: {\n default: undefined,\n type: 'any',\n },\n },\n\n /**\n * Generates an OAuth Login URL. Prefers the api.ciscospark.com proxy if the\n * instance is initialize with an authorizatUrl, but fallsback to idbroker\n * as the base otherwise.\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {string}\n */\n buildLoginUrl(options = {clientType: 'public'}) {\n /* eslint-disable camelcase */\n if (options.state && !isObject(options.state)) {\n throw new Error('if specified, `options.state` must be an object');\n }\n\n options.client_id = this.config.client_id;\n options.redirect_uri = this.config.redirect_uri;\n options.scope = this.config.scope;\n\n options = cloneDeep(options);\n\n if (!options.response_type) {\n options.response_type = options.clientType === 'public' ? 'token' : 'code';\n }\n Reflect.deleteProperty(options, 'clientType');\n\n if (options.state) {\n if (!isEmpty(options.state)) {\n options.state = base64.toBase64Url(JSON.stringify(options.state));\n } else {\n delete options.state;\n }\n }\n\n return `${this.config.authorizeUrl}?${querystring.stringify(options)}`;\n /* eslint-enable camelcase */\n },\n\n /**\n * Get the determined OrgId.\n *\n * @throws {Error} - If the OrgId could not be determined.\n * @returns {string} - The OrgId.\n */\n getOrgId() {\n this.logger.info('credentials: attempting to retrieve the OrgId from token');\n\n try {\n // Attempt to extract a client-authenticated token's OrgId.\n this.logger.info('credentials: trying to extract OrgId from JWT');\n\n return this.extractOrgIdFromJWT(this.supertoken.access_token);\n } catch (e) {\n // Attempt to extract a user token's OrgId.\n this.logger.info('credentials: could not extract OrgId from JWT');\n this.logger.info('credentials: attempting to extract OrgId from user token');\n\n try {\n return this.extractOrgIdFromUserToken(this.supertoken?.access_token);\n } catch (f) {\n this.logger.info('credentials: could not extract OrgId from user token');\n throw f;\n }\n }\n },\n\n /**\n * Extract the OrgId [realm] from a provided JWT.\n *\n * @private\n * @param {string} token - The JWT to extract the OrgId from.\n * @throws {Error} - If the token does not pass JWT general/realm validation.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromJWT(token = '') {\n // Decoded the provided token.\n const decodedJWT = jwt.decode(token);\n\n // Validate that the provided token is a JWT.\n if (!decodedJWT) {\n throw new Error('unable to extract the OrgId from the provided JWT');\n }\n\n if (!decodedJWT.realm) {\n throw new Error('the provided JWT does not contain an OrgId');\n }\n\n // Return the OrgId [realm].\n return decodedJWT.realm;\n },\n\n /**\n * Extract the OrgId [realm] from a provided user token.\n *\n * @private\n * @param {string} token - The user token to extract the OrgId from.\n * @throws {Error} - Will throw an error if the provided token is invalid.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromUserToken(token = '') {\n // Split the provided token into subsections.\n const fields = token.split('_');\n\n // Validate that the provided token has the proper amount of sections.\n if (fields.length !== 3) {\n throw new Error(\n `the provided token is not a valid format, token has ${fields.length} sections`\n );\n }\n\n // Return the token section that contains the OrgId.\n return fields[2];\n },\n\n /**\n * Generates a Third-Party Login URL pointing at IdBroker's\n * `/idb/ThirdPartyLogin` endpoint. Used by the social-provider sign-in\n * flow (Google / Microsoft / Apple / ...).\n *\n * Mirrors `buildLoginUrl` / `buildLogoutUrl` — pure URL construction,\n * no navigation side effects. Reads from `this.config.thirdPartyLoginUrl`,\n * which is derived from `idbroker.url` in `credentials-config.js`.\n *\n * @instance\n * @memberof Credentials\n * @param {Object} options\n * @param {string} options.oauth2provider - Provider name (`google`,\n * `microsoft`, `apple`, ...). Required.\n * @param {string} options.returnURL - URL IdBroker should send the user\n * back to after the third-party hand-off. Required.\n * @returns {string}\n */\n buildThirdPartyLoginUrl(options = {}) {\n const {oauth2provider, returnURL} = options;\n\n if (!oauth2provider) {\n throw new Error('`options.oauth2provider` is required');\n }\n if (!returnURL) {\n throw new Error('`options.returnURL` is required');\n }\n\n return `${this.config.thirdPartyLoginUrl}?${querystring.stringify({\n oauth2provider,\n returnURL,\n })}`;\n },\n\n /**\n * Generates a Logout URL\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {[type]}\n */\n buildLogoutUrl(options = {}) {\n return `${this.config.logoutUrl}?${querystring.stringify({\n cisService: this.config.service,\n goto: this.config.redirect_uri,\n ...options,\n })}`;\n },\n\n /**\n * Generates a number between 60% - 90% of expired value\n * @instance\n * @memberof Credentials\n * @param {number} expiration\n * @private\n * @returns {number}\n */\n calcRefreshTimeout(expiration) {\n return Math.floor(((Math.floor(Math.random() * 4) + 6) / 10) * expiration);\n },\n\n constructor(...args) {\n // HACK to deal with the fact that AmpersandState#dataTypes#set is a pure\n // function.\n this._dataTypes = cloneDeep(this._dataTypes);\n Object.keys(this._dataTypes).forEach((key) => {\n if (this._dataTypes[key].set) {\n this._dataTypes[key].set = this._dataTypes[key].set.bind(this);\n }\n });\n // END HACK\n Reflect.apply(WebexPlugin, this, args);\n },\n\n /**\n * Downscopes a token\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @private\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n return this.supertoken.downscope(scope).catch((reason) => {\n const failReason = reason?.body ?? reason;\n this.logger.warn(`credentials: failed to downscope supertoken to \"${scope}\"`, failReason);\n this.logger.trace(`credentials: falling back to supertoken for ${scope}`);\n this.webex.internal.metrics.submitClientMetrics(METRICS.JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED, {\n fields: {\n requestedScope: scope,\n failReason,\n },\n });\n\n return Promise.resolve(new Token({scope, ...this.supertoken.serialize()}), {\n parent: this,\n });\n });\n },\n\n /**\n * Requests a client credentials grant and returns the token. Given the\n * limited use for such tokens as this time, this method does not cache its\n * token.\n * @instance\n * @memberof Credentials\n * @param {Object} options\n * @returns {Promise<Token>}\n */\n getClientToken(options = {}) {\n this.logger.info('credentials: requesting client credentials grant');\n\n return this.webex\n .request({\n /* eslint-disable camelcase */\n method: 'POST',\n uri: options.uri || this.config.tokenUrl,\n form: {\n grant_type: 'client_credentials',\n scope: options.scope || 'webexsquare:admin',\n self_contained_token: true,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n /* eslint-enable camelcase */\n })\n .then((res) => new Token(res.body, {parent: this}))\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n @oneFlight({keyFactory: (scope) => scope})\n @waitForValue('@')\n /**\n * Resolves with a token with the specified scopes. If no scope is specified,\n * defaults to omit(webex.credentials.scope, 'spark:kms'). If no such token is\n * available, downscopes the supertoken to that scope.\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n getUserToken(scope) {\n return Promise.resolve(\n !this.isRefreshing ||\n new Promise((resolve) => {\n this.logger.info(\n 'credentials: token refresh inflight; delaying getUserToken until refresh completes'\n );\n this.once('change:isRefreshing', () => {\n this.logger.info('credentials: token refresh complete; reinvoking getUserToken');\n resolve();\n });\n })\n ).then(() => {\n if (!this.canAuthorize) {\n this.logger.info('credentials: cannot produce an access token from current state');\n\n return Promise.reject(new Error('Current state cannot produce an access token'));\n }\n\n if (!scope) {\n scope = filterScope('spark:kms', this.supertoken.scope);\n }\n\n scope = sortScope(scope);\n\n if (scope === sortScope(this.supertoken.scope)) {\n return Promise.resolve(this.supertoken);\n }\n\n const token = this.userTokens.get(scope);\n\n // we should also check for the token.access_token since token object does\n // not get cleared on unsetting while logging out.\n if (!token || !token.access_token) {\n return this.downscope(scope).then(tap((t) => this.userTokens.add(t)));\n }\n\n return Promise.resolve(token);\n });\n },\n\n @persist('@')\n /**\n * Initializer\n * @instance\n * @memberof Credentials\n * @param {Object} attrs\n * @param {Object} options\n * @private\n * @returns {Credentials}\n */\n initialize(attrs, options) {\n if (attrs) {\n if (typeof attrs === 'string') {\n this.supertoken = attrs;\n }\n\n if (attrs.access_token) {\n this.supertoken = attrs;\n }\n\n if (attrs.authorization) {\n if (attrs.authorization.supertoken) {\n this.supertoken = attrs.authorization.supertoken;\n } else {\n this.supertoken = attrs.authorization;\n }\n }\n\n // schedule refresh\n if (this.supertoken && this.supertoken.expires) {\n this.scheduleRefresh(this.supertoken.expires);\n }\n }\n\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n this.listenToOnce(this.parent, 'change:config', () => {\n if (this.config.authorizationString) {\n const parsed = url.parse(this.config.authorizationString, true);\n\n /* eslint-disable camelcase */\n this.config.client_id = parsed.query.client_id;\n this.config.redirect_uri = parsed.query.redirect_uri;\n this.config.scope = parsed.query.scope;\n this.config.authorizeUrl = parsed.href.substr(0, parsed.href.indexOf('?'));\n /* eslint-enable camelcase */\n }\n });\n\n this.webex.once('loaded', () => {\n this.ready = true;\n });\n },\n\n @oneFlight\n @waitForValue('@')\n /**\n * Clears all tokens from store them from the stores.\n *\n * This is no longer quite the right name for this method, but all of the\n * alternatives I'm coming up with are already taken.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n invalidate() {\n this.logger.info('credentials: invalidating tokens');\n\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n\n try {\n this.unset('supertoken');\n } catch (err) {\n this.logger.warn('credentials: failed to clear supertoken', err);\n }\n\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n\n this.logger.info('credentials: finished removing tokens');\n\n // Return a promise to give the storage layer a tick or two to clear\n // localStorage\n return Promise.resolve();\n },\n\n @oneFlight\n @whileInFlight('isRefreshing')\n @waitForValue('@')\n /**\n * Removes the supertoken and child tokens, then refreshes the supertoken;\n * subsequent calls to {@link Credentials#getUserToken()} will re-downscope\n * child tokens. Enqueus revocation of previous previousTokens. Yes, that's\n * the correct number of \"previous\"es.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n refresh() {\n this.logger.info('credentials: refresh requested');\n\n const {supertoken} = this;\n const tokens = clone(this.userTokens.models);\n\n // This is kind of a leaky abstraction, since it relies on the authorization\n // plugin, but the only alternatives I see are\n // 1. put all JWT support in core\n // 2. have separate jwt and non-jwt auth plugins\n // while I like #2 from a code simplicity standpoint, the third-party DX\n // isn't great\n if (this.config.jwtRefreshCallback) {\n return (\n this.config\n .jwtRefreshCallback(this.webex)\n // eslint-disable-next-line no-shadow\n .then((jwt) => this.webex.authorization.requestAccessTokenFromJwt({jwt}))\n );\n }\n\n if (this.webex.internal.services) {\n this.webex.internal.services.updateCredentialsConfig();\n }\n\n return supertoken\n .refresh()\n .catch((error) => {\n if (error instanceof OAuthError) {\n // Error: super token refresh failed with 400 status code.\n // Hence emit an event to the client, an opportunity to logout.\n this.unset('supertoken');\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n this.webex.trigger('client:InvalidRequestError');\n }\n\n return Promise.reject(error);\n })\n .then((st) => {\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n this.supertoken = st;\n\n const invalidScopes = diffScopes(this.config.scope, st.scope);\n\n if (invalidScopes !== '') {\n this.logger.warn(\n `credentials: \"${invalidScopes}\" scope(s) are invalid because not listed in the supertoken, they will be excluded from user token requests.`\n );\n this.webex.internal.metrics.submitClientMetrics(\n METRICS.JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH,\n {fields: {invalidScopes}}\n );\n }\n\n return Promise.all(\n tokens.map((token) => {\n const tokenScope = filterScope(diffScopes(token.scope, st.scope), token.scope);\n\n return (\n this.downscope(tokenScope)\n // eslint-disable-next-line max-nested-callbacks\n .then((t) => {\n this.logger.info(`credentials: revoking token for ${token.scope}`);\n\n return token\n .revoke()\n .catch((err) => {\n this.logger.warn('credentials: failed to revoke user token', err);\n })\n .then(() => {\n this.userTokens.remove(token.scope);\n this.userTokens.add(t);\n });\n })\n );\n })\n );\n })\n .then(() => {\n this.scheduleRefresh(this.supertoken.expires);\n });\n },\n\n /**\n * Schedules a token refresh or refreshes the token if token has expired\n * @instance\n * @memberof Credentials\n * @param {number} expires\n * @private\n * @returns {undefined}\n */\n scheduleRefresh(expires) {\n const expiresIn = expires - Date.now();\n\n if (expiresIn > 0) {\n const timeoutLength = this.calcRefreshTimeout(expiresIn);\n\n this.refreshTimer = safeSetTimeout(() => this.refresh(), timeoutLength);\n } else {\n this.refresh();\n }\n },\n});\n\nexport default Credentials;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAIA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,aAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,aAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAEA,IAAAM,YAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,WAAA,GAAAP,OAAA;AAEA,IAAAQ,YAAA,GAAAC,uBAAA,CAAAT,OAAA;AACA,IAAAU,MAAA,GAAAV,OAAA;AACA,IAAAW,MAAA,GAAAZ,sBAAA,CAAAC,OAAA;AACA,IAAAY,gBAAA,GAAAb,sBAAA,CAAAC,OAAA;AACA,IAAAa,UAAA,GAAAb,OAAA;AAAqC,IAAAc,IAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,IAAA;AAnBrC;AACA;AACA;AAFA,SAAAX,wBAAAY,CAAA,EAAAC,CAAA,6BAAAC,QAAA,MAAAC,CAAA,OAAAD,QAAA,IAAAE,CAAA,OAAAF,QAAA,YAAAd,uBAAA,YAAAA,wBAAAY,CAAA,EAAAC,CAAA,SAAAA,CAAA,IAAAD,CAAA,IAAAA,CAAA,CAAAK,UAAA,SAAAL,CAAA,MAAAM,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAC,SAAA,QAAAC,OAAA,EAAAV,CAAA,iBAAAA,CAAA,gBAAAW,OAAA,CAAAX,CAAA,0BAAAA,CAAA,SAAAQ,CAAA,MAAAF,CAAA,GAAAL,CAAA,GAAAG,CAAA,GAAAD,CAAA,QAAAG,CAAA,CAAAM,GAAA,CAAAZ,CAAA,UAAAM,CAAA,CAAAO,GAAA,CAAAb,CAAA,GAAAM,CAAA,CAAAQ,GAAA,CAAAd,CAAA,EAAAQ,CAAA,cAAAO,EAAA,IAAAf,CAAA,gBAAAe,EAAA,OAAAC,cAAA,CAAAC,IAAA,CAAAjB,CAAA,EAAAe,EAAA,OAAAR,CAAA,IAAAD,CAAA,GAAAY,sBAAA,KAAAC,iCAAA,CAAAnB,CAAA,EAAAe,EAAA,OAAAR,CAAA,CAAAM,GAAA,IAAAN,CAAA,CAAAO,GAAA,IAAAR,CAAA,CAAAE,CAAA,EAAAO,EAAA,EAAAR,CAAA,IAAAC,CAAA,CAAAO,EAAA,IAAAf,CAAA,CAAAe,EAAA,WAAAP,CAAA,KAAAR,CAAA,EAAAC,CAAA;AAAA,SAAAmB,QAAApB,CAAA,EAAAG,CAAA,QAAAF,CAAA,GAAAoB,aAAA,CAAArB,CAAA,OAAAsB,6BAAA,QAAAhB,CAAA,GAAAgB,6BAAA,CAAAtB,CAAA,GAAAG,CAAA,KAAAG,CAAA,GAAAA,CAAA,CAAAiB,MAAA,WAAApB,CAAA,WAAAgB,iCAAA,CAAAnB,CAAA,EAAAG,CAAA,EAAAqB,UAAA,OAAAvB,CAAA,CAAAwB,IAAA,CAAAC,KAAA,CAAAzB,CAAA,EAAAK,CAAA,YAAAL,CAAA;AAAA,SAAA0B,cAAA3B,CAAA,aAAAG,CAAA,MAAAA,CAAA,GAAAyB,SAAA,CAAAC,MAAA,EAAA1B,CAAA,UAAAF,CAAA,WAAA2B,SAAA,CAAAzB,CAAA,IAAAyB,SAAA,CAAAzB,CAAA,QAAAA,CAAA,OAAAiB,OAAA,CAAAU,MAAA,CAAA7B,CAAA,OAAA8B,OAAA,WAAA5B,CAAA,QAAA6B,gBAAA,CAAAtB,OAAA,EAAAV,CAAA,EAAAG,CAAA,EAAAF,CAAA,CAAAE,CAAA,SAAA8B,iCAAA,GAAAC,wBAAA,CAAAlC,CAAA,EAAAiC,iCAAA,CAAAhC,CAAA,KAAAmB,OAAA,CAAAU,MAAA,CAAA7B,CAAA,GAAA8B,OAAA,WAAA5B,CAAA,IAAAe,sBAAA,CAAAlB,CAAA,EAAAG,CAAA,EAAAgB,iCAAA,CAAAlB,CAAA,EAAAE,CAAA,iBAAAH,CAAA;AAqBA;AACA;AACA;AACA,IAAMmC,WAAW,GAAGC,oBAAW,CAACC,MAAM,EAAA5C,IAAA,GA4UnC,IAAA6C,iBAAS,EAAC;EAACC,UAAU,EAAE,SAAZA,UAAUA,CAAGC,KAAK;IAAA,OAAKA,KAAK;EAAA;AAAA,CAAC,CAAC,EAAA9C,KAAA,GACzC,IAAA+C,wBAAY,EAAC,GAAG,CAAC,EAAA9C,KAAA,GAmDjB,IAAA+C,mBAAO,EAAC,GAAG,CAAC,EAAA9C,KAAA,GAuDZ,IAAA6C,wBAAY,EAAC,GAAG,CAAC,EAAA5C,KAAA,GAyCjB,IAAA8C,qBAAa,EAAC,cAAc,CAAC,EAAA7C,KAAA,GAC7B,IAAA2C,wBAAY,EAAC,GAAG,CAAC,EAAA1C,IAAA,GAjemB;EACrC6C,WAAW,EAAE;IACXC,UAAU,EAAEC;EACd,CAAC;EAEDC,SAAS,EAAE;IACTC,KAAK,EAAE,IAAAC,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACC;EAC3C,CAAC;EAEDC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,YAAY,EAAE,yBAAyB,EAAE,YAAY,CAAC;MAC7DC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,OAAOC,OAAO,CAAE,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACJ,YAAY,IAAK,IAAI,CAACK,UAAU,CAAC;MACtF;IACF,CAAC;IACDA,UAAU,EAAE;MACVJ,IAAI,EAAE,CAAC,YAAY,EAAE,uBAAuB,CAAC;MAC7CC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH;QACA,IAAI,IAAI,CAACI,MAAM,CAACC,kBAAkB,EAAE;UAClC,OAAO,IAAI;QACb;QAEA,OAAOJ,OAAO,CAAC,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACC,UAAU,CAAC;MAC/D;IACF,CAAC;IACDG,iBAAiB,EAAE;MACjBP,IAAI,EAAE,CAAC,YAAY,CAAC;MACpB;AACN;AACA;AACA;MACMC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,IAAIO,OAAO,GAAG,KAAK;QACnB,IAAI;UACFA,OAAO,GACLC,IAAI,CAACC,KAAK,CAACC,cAAM,CAACC,MAAM,CAAC,IAAI,CAACT,UAAU,CAACU,YAAY,CAACC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAACC,SAAS,KAC/E,OAAO;QACX,CAAC,CAAC,OAAAC,OAAA,EAAM;UACN;QAAA;QAGF,OAAOR,OAAO;MAChB;IACF;EACF,CAAC;EAEDS,KAAK,EAAE;IACLd,UAAU,EAAE,IAAAR,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACsB;EAChD,CAAC;EAEDC,SAAS,EAAE,aAAa;EAExBC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZjE,OAAO,EAAE,KAAK;MACdkE,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;IACIC,KAAK,EAAE;MACLnE,OAAO,EAAE,KAAK;MACdkE,IAAI,EAAE;IACR,CAAC;IACDE,YAAY,EAAE;MACZpE,OAAO,EAAEqE,SAAS;MAClBH,IAAI,EAAE;IACR;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEI,aAAa,WAAbA,aAAaA,CAAA,EAAmC;IAAA,IAAlCC,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG;MAACsD,UAAU,EAAE;IAAQ,CAAC;IAC5C;IACA,IAAID,OAAO,CAACE,KAAK,IAAI,CAAC,IAAAC,gBAAQ,EAACH,OAAO,CAACE,KAAK,CAAC,EAAE;MAC7C,MAAM,IAAIE,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEAJ,OAAO,CAACK,SAAS,GAAG,IAAI,CAAC3B,MAAM,CAAC2B,SAAS;IACzCL,OAAO,CAACM,YAAY,GAAG,IAAI,CAAC5B,MAAM,CAAC4B,YAAY;IAC/CN,OAAO,CAACzC,KAAK,GAAG,IAAI,CAACmB,MAAM,CAACnB,KAAK;IAEjCyC,OAAO,GAAG,IAAAO,iBAAS,EAACP,OAAO,CAAC;IAE5B,IAAI,CAACA,OAAO,CAACQ,aAAa,EAAE;MAC1BR,OAAO,CAACQ,aAAa,GAAGR,OAAO,CAACC,UAAU,KAAK,QAAQ,GAAG,OAAO,GAAG,MAAM;IAC5E;IACA,IAAAQ,eAAA,CAAAhF,OAAA,EAAuBuE,OAAO,EAAE,YAAY,CAAC;IAE7C,IAAIA,OAAO,CAACE,KAAK,EAAE;MACjB,IAAI,CAAC,IAAAQ,eAAO,EAACV,OAAO,CAACE,KAAK,CAAC,EAAE;QAC3BF,OAAO,CAACE,KAAK,GAAGlB,cAAM,CAAC2B,WAAW,CAAC,IAAAC,UAAA,CAAAnF,OAAA,EAAeuE,OAAO,CAACE,KAAK,CAAC,CAAC;MACnE,CAAC,MAAM;QACL,OAAOF,OAAO,CAACE,KAAK;MACtB;IACF;IAEA,UAAAW,MAAA,CAAU,IAAI,CAACnC,MAAM,CAACoC,YAAY,OAAAD,MAAA,CAAIE,oBAAW,CAACC,SAAS,CAAChB,OAAO,CAAC;IACpE;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEiB,QAAQ,WAARA,QAAQA,CAAA,EAAG;IACT,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;IAE5E,IAAI;MACF;MACA,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MAEjE,OAAO,IAAI,CAACC,mBAAmB,CAAC,IAAI,CAAC5C,UAAU,CAACU,YAAY,CAAC;IAC/D,CAAC,CAAC,OAAOnE,CAAC,EAAE;MACV;MACA,IAAI,CAACmG,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MACjE,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;MAE5E,IAAI;QAAA,IAAAE,gBAAA;QACF,OAAO,IAAI,CAACC,yBAAyB,EAAAD,gBAAA,GAAC,IAAI,CAAC7C,UAAU,cAAA6C,gBAAA,uBAAfA,gBAAA,CAAiBnC,YAAY,CAAC;MACtE,CAAC,CAAC,OAAO3D,CAAC,EAAE;QACV,IAAI,CAAC2F,MAAM,CAACC,IAAI,CAAC,sDAAsD,CAAC;QACxE,MAAM5F,CAAC;MACT;IACF;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE6F,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAa;IAAA,IAAZrD,KAAK,GAAApB,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,EAAE;IAC5B;IACA,IAAM4E,UAAU,GAAGC,qBAAG,CAACvC,MAAM,CAAClB,KAAK,CAAC;;IAEpC;IACA,IAAI,CAACwD,UAAU,EAAE;MACf,MAAM,IAAInB,KAAK,CAAC,mDAAmD,CAAC;IACtE;IAEA,IAAI,CAACmB,UAAU,CAACE,KAAK,EAAE;MACrB,MAAM,IAAIrB,KAAK,CAAC,4CAA4C,CAAC;IAC/D;;IAEA;IACA,OAAOmB,UAAU,CAACE,KAAK;EACzB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEH,yBAAyB,WAAzBA,yBAAyBA,CAAA,EAAa;IAAA,IAAZvD,KAAK,GAAApB,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,EAAE;IAClC;IACA,IAAM+E,MAAM,GAAG3D,KAAK,CAACoB,KAAK,CAAC,GAAG,CAAC;;IAE/B;IACA,IAAIuC,MAAM,CAAC9E,MAAM,KAAK,CAAC,EAAE;MACvB,MAAM,IAAIwD,KAAK,wDAAAS,MAAA,CAC0Ca,MAAM,CAAC9E,MAAM,cACtE,CAAC;IACH;;IAEA;IACA,OAAO8E,MAAM,CAAC,CAAC,CAAC;EAClB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,uBAAuB,WAAvBA,uBAAuBA,CAAA,EAAe;IAAA,IAAd3B,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,CAAC,CAAC;IAClC,IAAOiF,cAAc,GAAe5B,OAAO,CAApC4B,cAAc;MAAEC,SAAS,GAAI7B,OAAO,CAApB6B,SAAS;IAEhC,IAAI,CAACD,cAAc,EAAE;MACnB,MAAM,IAAIxB,KAAK,CAAC,sCAAsC,CAAC;IACzD;IACA,IAAI,CAACyB,SAAS,EAAE;MACd,MAAM,IAAIzB,KAAK,CAAC,iCAAiC,CAAC;IACpD;IAEA,UAAAS,MAAA,CAAU,IAAI,CAACnC,MAAM,CAACoD,kBAAkB,OAAAjB,MAAA,CAAIE,oBAAW,CAACC,SAAS,CAAC;MAChEY,cAAc,EAAdA,cAAc;MACdC,SAAS,EAATA;IACF,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEE,cAAc,WAAdA,cAAcA,CAAA,EAAe;IAAA,IAAd/B,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,CAAC,CAAC;IACzB,UAAAkE,MAAA,CAAU,IAAI,CAACnC,MAAM,CAACsD,SAAS,OAAAnB,MAAA,CAAIE,oBAAW,CAACC,SAAS,CAAAtE,aAAA;MACtDuF,UAAU,EAAE,IAAI,CAACvD,MAAM,CAACwD,OAAO;MAC/BC,IAAI,EAAE,IAAI,CAACzD,MAAM,CAAC4B;IAAY,GAC3BN,OAAO,CACX,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEoC,kBAAkB,WAAlBA,kBAAkBA,CAACC,UAAU,EAAE;IAC7B,OAAOC,IAAI,CAACC,KAAK,CAAE,CAACD,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAIH,UAAU,CAAC;EAC5E,CAAC;EAEDI,WAAW,WAAXA,WAAWA,CAAA,EAAU;IAAA,IAAAC,KAAA;IACnB;IACA;IACA,IAAI,CAACC,UAAU,GAAG,IAAApC,iBAAS,EAAC,IAAI,CAACoC,UAAU,CAAC;IAC5C,IAAAC,KAAA,CAAAnH,OAAA,EAAY,IAAI,CAACkH,UAAU,CAAC,CAAC7F,OAAO,CAAC,UAAC+F,GAAG,EAAK;MAC5C,IAAIH,KAAI,CAACC,UAAU,CAACE,GAAG,CAAC,CAAChH,GAAG,EAAE;QAC5B6G,KAAI,CAACC,UAAU,CAACE,GAAG,CAAC,CAAChH,GAAG,GAAG6G,KAAI,CAACC,UAAU,CAACE,GAAG,CAAC,CAAChH,GAAG,CAACiH,IAAI,CAACJ,KAAI,CAAC;MAChE;IACF,CAAC,CAAC;IACF;IAAA,SAAAK,IAAA,GAAApG,SAAA,CAAAC,MAAA,EATaoG,IAAI,OAAAC,KAAA,CAAAF,IAAA,GAAAG,IAAA,MAAAA,IAAA,GAAAH,IAAA,EAAAG,IAAA;MAAJF,IAAI,CAAAE,IAAA,IAAAvG,SAAA,CAAAuG,IAAA;IAAA;IAUjB,IAAAC,MAAA,CAAA1H,OAAA,EAAc0B,oBAAW,EAAE,IAAI,EAAE6F,IAAI,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEI,SAAS,WAATA,SAASA,CAAC7F,KAAK,EAAE;IAAA,IAAA8F,MAAA;IACf,OAAO,IAAI,CAAC7E,UAAU,CAAC4E,SAAS,CAAC7F,KAAK,CAAC,CAAC+F,KAAK,CAAC,UAACC,MAAM,EAAK;MAAA,IAAAC,YAAA;MACxD,IAAMC,UAAU,IAAAD,YAAA,GAAGD,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEG,IAAI,cAAAF,YAAA,cAAAA,YAAA,GAAID,MAAM;MACzCF,MAAI,CAACnC,MAAM,CAACyC,IAAI,qDAAA9C,MAAA,CAAoDtD,KAAK,SAAKkG,UAAU,CAAC;MACzFJ,MAAI,CAACnC,MAAM,CAAC0C,KAAK,gDAAA/C,MAAA,CAAgDtD,KAAK,CAAE,CAAC;MACzE8F,MAAI,CAACQ,KAAK,CAACC,QAAQ,CAACC,OAAO,CAACC,mBAAmB,CAACC,kBAAO,CAACC,mCAAmC,EAAE;QAC3FxC,MAAM,EAAE;UACNyC,cAAc,EAAE5G,KAAK;UACrBkG,UAAU,EAAVA;QACF;MACF,CAAC,CAAC;MAEF,OAAOW,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAAC,IAAIpG,cAAK,CAAAvB,aAAA;QAAEa,KAAK,EAALA;MAAK,GAAK8F,MAAI,CAAC7E,UAAU,CAAC8F,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE;QACzEC,MAAM,EAAElB;MACV,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEmB,cAAc,WAAdA,cAAcA,CAAA,EAAe;IAAA,IAAAC,MAAA;IAAA,IAAdzE,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,CAAC,CAAC;IACzB,IAAI,CAACuE,MAAM,CAACC,IAAI,CAAC,kDAAkD,CAAC;IAEpE,OAAO,IAAI,CAAC0C,KAAK,CACda,OAAO,CAAC;MACP;MACAC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE5E,OAAO,CAAC4E,GAAG,IAAI,IAAI,CAAClG,MAAM,CAACmG,QAAQ;MACxCC,IAAI,EAAE;QACJC,UAAU,EAAE,oBAAoB;QAChCxH,KAAK,EAAEyC,OAAO,CAACzC,KAAK,IAAI,mBAAmB;QAC3CyH,oBAAoB,EAAE;MACxB,CAAC;MACDC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACxG,MAAM,CAAC2B,SAAS;QAC3B8E,IAAI,EAAE,IAAI,CAACzG,MAAM,CAAC0G,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;MAC1B;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAACC,GAAG;MAAA,OAAK,IAAIvH,cAAK,CAACuH,GAAG,CAAC9B,IAAI,EAAE;QAACa,MAAM,EAAEE;MAAI,CAAC,CAAC;IAAA,EAAC,CAClDnB,KAAK,CAAC,UAACkC,GAAG,EAAK;MACd,IAAIA,GAAG,CAACC,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAOrB,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAACF,GAAG,CAAC;MAC5B;MAEA,IAAMG,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACL,GAAG,CAAC9B,IAAI,CAACoC,KAAK,CAAC;MAE3D,OAAO1B,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAAC,IAAIC,gBAAgB,CAACH,GAAG,CAACO,IAAI,IAAIP,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEQ,YAAY,WAAZA,YAAYA,CAACzI,KAAK,EAAE;IAAA,IAAA0I,MAAA;IAClB,OAAO7B,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CACpB,CAAC,IAAI,CAAC3E,YAAY,IAChB,IAAA0E,QAAA,CAAA3I,OAAA,CAAY,UAAC4I,OAAO,EAAK;MACvB4B,MAAI,CAAC/E,MAAM,CAACC,IAAI,CACd,oFACF,CAAC;MACD8E,MAAI,CAACC,IAAI,CAAC,qBAAqB,EAAE,YAAM;QACrCD,MAAI,CAAC/E,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;QAChFkD,OAAO,CAAC,CAAC;MACX,CAAC,CAAC;IACJ,CAAC,CACL,CAAC,CAACkB,IAAI,CAAC,YAAM;MACX,IAAI,CAACU,MAAI,CAAC7H,YAAY,EAAE;QACtB6H,MAAI,CAAC/E,MAAM,CAACC,IAAI,CAAC,gEAAgE,CAAC;QAElF,OAAOiD,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAAC,IAAItF,KAAK,CAAC,8CAA8C,CAAC,CAAC;MAClF;MAEA,IAAI,CAAC7C,KAAK,EAAE;QACVA,KAAK,GAAG,IAAA4I,kBAAW,EAAC,WAAW,EAAEF,MAAI,CAACzH,UAAU,CAACjB,KAAK,CAAC;MACzD;MAEAA,KAAK,GAAG,IAAA6I,gBAAS,EAAC7I,KAAK,CAAC;MAExB,IAAIA,KAAK,KAAK,IAAA6I,gBAAS,EAACH,MAAI,CAACzH,UAAU,CAACjB,KAAK,CAAC,EAAE;QAC9C,OAAO6G,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAAC4B,MAAI,CAACzH,UAAU,CAAC;MACzC;MAEA,IAAMT,KAAK,GAAGkI,MAAI,CAACrI,UAAU,CAAChC,GAAG,CAAC2B,KAAK,CAAC;;MAExC;MACA;MACA,IAAI,CAACQ,KAAK,IAAI,CAACA,KAAK,CAACmB,YAAY,EAAE;QACjC,OAAO+G,MAAI,CAAC7C,SAAS,CAAC7F,KAAK,CAAC,CAACgI,IAAI,CAAC,IAAAc,WAAG,EAAC,UAACrL,CAAC;UAAA,OAAKiL,MAAI,CAACrI,UAAU,CAAC0I,GAAG,CAACtL,CAAC,CAAC;QAAA,EAAC,CAAC;MACvE;MAEA,OAAOoJ,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAACtG,KAAK,CAAC;IAC/B,CAAC,CAAC;EACJ,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEwI,UAAU,WAAVA,UAAUA,CAACC,KAAK,EAAExG,OAAO,EAAE;IAAA,IAAAyG,MAAA;IACzB,IAAID,KAAK,EAAE;MACT,IAAI,OAAOA,KAAK,KAAK,QAAQ,EAAE;QAC7B,IAAI,CAAChI,UAAU,GAAGgI,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACtH,YAAY,EAAE;QACtB,IAAI,CAACV,UAAU,GAAGgI,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACE,aAAa,EAAE;QACvB,IAAIF,KAAK,CAACE,aAAa,CAAClI,UAAU,EAAE;UAClC,IAAI,CAACA,UAAU,GAAGgI,KAAK,CAACE,aAAa,CAAClI,UAAU;QAClD,CAAC,MAAM;UACL,IAAI,CAACA,UAAU,GAAGgI,KAAK,CAACE,aAAa;QACvC;MACF;;MAEA;MACA,IAAI,IAAI,CAAClI,UAAU,IAAI,IAAI,CAACA,UAAU,CAACmI,OAAO,EAAE;QAC9C,IAAI,CAACC,eAAe,CAAC,IAAI,CAACpI,UAAU,CAACmI,OAAO,CAAC;MAC/C;IACF;IAEA,IAAAxD,MAAA,CAAA1H,OAAA,EAAc0B,oBAAW,CAAC0J,SAAS,CAACN,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAExG,OAAO,CAAC,CAAC;IAEvE,IAAI,CAAC8G,YAAY,CAAC,IAAI,CAACvC,MAAM,EAAE,eAAe,EAAE,YAAM;MACpD,IAAIkC,MAAI,CAAC/H,MAAM,CAACqI,mBAAmB,EAAE;QACnC,IAAMC,MAAM,GAAGC,YAAG,CAAClI,KAAK,CAAC0H,MAAI,CAAC/H,MAAM,CAACqI,mBAAmB,EAAE,IAAI,CAAC;;QAE/D;QACAN,MAAI,CAAC/H,MAAM,CAAC2B,SAAS,GAAG2G,MAAM,CAACE,KAAK,CAAC7G,SAAS;QAC9CoG,MAAI,CAAC/H,MAAM,CAAC4B,YAAY,GAAG0G,MAAM,CAACE,KAAK,CAAC5G,YAAY;QACpDmG,MAAI,CAAC/H,MAAM,CAACnB,KAAK,GAAGyJ,MAAM,CAACE,KAAK,CAAC3J,KAAK;QACtCkJ,MAAI,CAAC/H,MAAM,CAACoC,YAAY,GAAGkG,MAAM,CAACG,IAAI,CAACC,MAAM,CAAC,CAAC,EAAEJ,MAAM,CAACG,IAAI,CAACE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1E;MACF;IACF,CAAC,CAAC;IAEF,IAAI,CAACxD,KAAK,CAACqC,IAAI,CAAC,QAAQ,EAAE,YAAM;MAC9BO,MAAI,CAAC7G,KAAK,GAAG,IAAI;IACnB,CAAC,CAAC;EACJ,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE0H,UAAU,WAAVA,UAAUA,CAAA,EAAG;IACX,IAAI,CAACpG,MAAM,CAACC,IAAI,CAAC,kCAAkC,CAAC;;IAEpD;IACA,IAAI,IAAI,CAACtB,YAAY,EAAE;MACrB0H,YAAY,CAAC,IAAI,CAAC1H,YAAY,CAAC;MAC/B,IAAI,CAAC2H,KAAK,CAAC,cAAc,CAAC;IAC5B;IAEA,IAAI;MACF,IAAI,CAACA,KAAK,CAAC,YAAY,CAAC;IAC1B,CAAC,CAAC,OAAOC,GAAG,EAAE;MACZ,IAAI,CAACvG,MAAM,CAACyC,IAAI,CAAC,yCAAyC,EAAE8D,GAAG,CAAC;IAClE;IAEA,OAAO,IAAI,CAAC7J,UAAU,CAAC8J,MAAM,CAAC9K,MAAM,EAAE;MACpC,IAAI;QACF,IAAI,CAACgB,UAAU,CAAC+J,MAAM,CAAC,IAAI,CAAC/J,UAAU,CAAC8J,MAAM,CAAC,CAAC,CAAC,CAAC;MACnD,CAAC,CAAC,OAAOD,GAAG,EAAE;QACZ,IAAI,CAACvG,MAAM,CAACyC,IAAI,CAAC,0CAA0C,EAAE8D,GAAG,CAAC;MACnE;IACF;IAEA,IAAI,CAACvG,MAAM,CAACC,IAAI,CAAC,uCAAuC,CAAC;;IAEzD;IACA;IACA,OAAOiD,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAAC,CAAC;EAC1B,CAAC;EAKD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuD,OAAO,WAAPA,OAAOA,CAAA,EAAG;IAAA,IAAAC,MAAA;IACR,IAAI,CAAC3G,MAAM,CAACC,IAAI,CAAC,gCAAgC,CAAC;IAElD,IAAO3C,UAAU,GAAI,IAAI,CAAlBA,UAAU;IACjB,IAAMsJ,MAAM,GAAG,IAAAC,aAAK,EAAC,IAAI,CAACnK,UAAU,CAAC8J,MAAM,CAAC;;IAE5C;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,IAAI,CAAChJ,MAAM,CAACC,kBAAkB,EAAE;MAClC,OACE,IAAI,CAACD,MAAM,CACRC,kBAAkB,CAAC,IAAI,CAACkF,KAAK;MAC9B;MAAA,CACC0B,IAAI,CAAC,UAAC/D,GAAG;QAAA,OAAKqG,MAAI,CAAChE,KAAK,CAAC6C,aAAa,CAACsB,yBAAyB,CAAC;UAACxG,GAAG,EAAHA;QAAG,CAAC,CAAC;MAAA,EAAC;IAE/E;IAEA,IAAI,IAAI,CAACqC,KAAK,CAACC,QAAQ,CAACmE,QAAQ,EAAE;MAChC,IAAI,CAACpE,KAAK,CAACC,QAAQ,CAACmE,QAAQ,CAACC,uBAAuB,CAAC,CAAC;IACxD;IAEA,OAAO1J,UAAU,CACdoJ,OAAO,CAAC,CAAC,CACTtE,KAAK,CAAC,UAACwC,KAAK,EAAK;MAChB,IAAIA,KAAK,YAAYqC,uBAAU,EAAE;QAC/B;QACA;QACAN,MAAI,CAACL,KAAK,CAAC,YAAY,CAAC;QACxB,OAAOK,MAAI,CAACjK,UAAU,CAAC8J,MAAM,CAAC9K,MAAM,EAAE;UACpC,IAAI;YACFiL,MAAI,CAACjK,UAAU,CAAC+J,MAAM,CAACE,MAAI,CAACjK,UAAU,CAAC8J,MAAM,CAAC,CAAC,CAAC,CAAC;UACnD,CAAC,CAAC,OAAOD,GAAG,EAAE;YACZI,MAAI,CAAC3G,MAAM,CAACyC,IAAI,CAAC,0CAA0C,EAAE8D,GAAG,CAAC;UACnE;QACF;QACAI,MAAI,CAAChE,KAAK,CAACuE,OAAO,CAAC,4BAA4B,CAAC;MAClD;MAEA,OAAOhE,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAACI,KAAK,CAAC;IAC9B,CAAC,CAAC,CACDP,IAAI,CAAC,UAAC8C,EAAE,EAAK;MACZ;MACA,IAAIR,MAAI,CAAChI,YAAY,EAAE;QACrB0H,YAAY,CAACM,MAAI,CAAChI,YAAY,CAAC;QAC/BgI,MAAI,CAACL,KAAK,CAAC,cAAc,CAAC;MAC5B;MACAK,MAAI,CAACrJ,UAAU,GAAG6J,EAAE;MAEpB,IAAMC,aAAa,GAAG,IAAAC,iBAAU,EAACV,MAAI,CAACnJ,MAAM,CAACnB,KAAK,EAAE8K,EAAE,CAAC9K,KAAK,CAAC;MAE7D,IAAI+K,aAAa,KAAK,EAAE,EAAE;QACxBT,MAAI,CAAC3G,MAAM,CAACyC,IAAI,mBAAA9C,MAAA,CACGyH,aAAa,kHAChC,CAAC;QACDT,MAAI,CAAChE,KAAK,CAACC,QAAQ,CAACC,OAAO,CAACC,mBAAmB,CAC7CC,kBAAO,CAACuE,+CAA+C,EACvD;UAAC9G,MAAM,EAAE;YAAC4G,aAAa,EAAbA;UAAa;QAAC,CAC1B,CAAC;MACH;MAEA,OAAOlE,QAAA,CAAA3I,OAAA,CAAQgN,GAAG,CAChBX,MAAM,CAACY,GAAG,CAAC,UAAC3K,KAAK,EAAK;QACpB,IAAM4K,UAAU,GAAG,IAAAxC,kBAAW,EAAC,IAAAoC,iBAAU,EAACxK,KAAK,CAACR,KAAK,EAAE8K,EAAE,CAAC9K,KAAK,CAAC,EAAEQ,KAAK,CAACR,KAAK,CAAC;QAE9E,OACEsK,MAAI,CAACzE,SAAS,CAACuF,UAAU;QACvB;QAAA,CACCpD,IAAI,CAAC,UAACvK,CAAC,EAAK;UACX6M,MAAI,CAAC3G,MAAM,CAACC,IAAI,oCAAAN,MAAA,CAAoC9C,KAAK,CAACR,KAAK,CAAE,CAAC;UAElE,OAAOQ,KAAK,CACT6K,MAAM,CAAC,CAAC,CACRtF,KAAK,CAAC,UAACmE,GAAG,EAAK;YACdI,MAAI,CAAC3G,MAAM,CAACyC,IAAI,CAAC,0CAA0C,EAAE8D,GAAG,CAAC;UACnE,CAAC,CAAC,CACDlC,IAAI,CAAC,YAAM;YACVsC,MAAI,CAACjK,UAAU,CAAC+J,MAAM,CAAC5J,KAAK,CAACR,KAAK,CAAC;YACnCsK,MAAI,CAACjK,UAAU,CAAC0I,GAAG,CAACtL,CAAC,CAAC;UACxB,CAAC,CAAC;QACN,CAAC,CAAC;MAER,CAAC,CACH,CAAC;IACH,CAAC,CAAC,CACDuK,IAAI,CAAC,YAAM;MACVsC,MAAI,CAACjB,eAAe,CAACiB,MAAI,CAACrJ,UAAU,CAACmI,OAAO,CAAC;IAC/C,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,eAAe,WAAfA,eAAeA,CAACD,OAAO,EAAE;IAAA,IAAAkC,MAAA;IACvB,IAAMC,SAAS,GAAGnC,OAAO,GAAG,IAAAoC,IAAA,CAAAtN,OAAA,EAAS,CAAC;IAEtC,IAAIqN,SAAS,GAAG,CAAC,EAAE;MACjB,IAAME,aAAa,GAAG,IAAI,CAAC5G,kBAAkB,CAAC0G,SAAS,CAAC;MAExD,IAAI,CAACjJ,YAAY,GAAG,IAAAoJ,4BAAc,EAAC;QAAA,OAAMJ,MAAI,CAACjB,OAAO,CAAC,CAAC;MAAA,GAAEoB,aAAa,CAAC;IACzE,CAAC,MAAM;MACL,IAAI,CAACpB,OAAO,CAAC,CAAC;IAChB;EACF,CAAC;EAAAsB,OAAA;AACH,CAAC,MAAAC,0BAAA,CAAA1N,OAAA,EAAAX,IAAA,mBAAAN,IAAA,EAAAC,KAAA,OAAA2O,yBAAA,CAAA3N,OAAA,EAAAX,IAAA,mBAAAA,IAAA,OAAAqO,0BAAA,CAAA1N,OAAA,EAAAX,IAAA,iBAAAJ,KAAA,OAAA0O,yBAAA,CAAA3N,OAAA,EAAAX,IAAA,iBAAAA,IAAA,OAAAqO,0BAAA,CAAA1N,OAAA,EAAAX,IAAA,iBArKEuC,iBAAS,EAAA1C,KAAA,OAAAyO,yBAAA,CAAA3N,OAAA,EAAAX,IAAA,iBAAAA,IAAA,OAAAqO,0BAAA,CAAA1N,OAAA,EAAAX,IAAA,cAyCTuC,iBAAS,EAAAzC,KAAA,EAAAC,KAAA,OAAAuO,yBAAA,CAAA3N,OAAA,EAAAX,IAAA,cAAAA,IAAA,GAAAA,IAAA,CA4HX,CAAC;AAAC,IAAAuO,QAAA,GAAAC,OAAA,CAAA7N,OAAA,GAEYyB,WAAW","ignoreList":[]}
1
+ {"version":3,"names":["_querystring","_interopRequireDefault","require","_url","_jsonwebtoken","_common","_commonTimers","_lodash","_webexPlugin","_decorators","_grantErrors","_interopRequireWildcard","_scope","_token","_tokenCollection","_constants","_dec","_dec2","_dec3","_dec4","_dec5","_dec6","_obj","e","t","_WeakMap","r","n","__esModule","o","i","f","__proto__","default","_typeof","has","get","set","_t","hasOwnProperty","call","_Object$defineProperty","_Object$getOwnPropertyDescriptor2","ownKeys","_Object$keys2","_Object$getOwnPropertySymbols","filter","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","_Object$getOwnPropertyDescriptors","_Object$defineProperties","Credentials","WebexPlugin","extend","oneFlight","keyFactory","scope","waitForValue","persist","whileInFlight","collections","userTokens","TokenCollection","dataTypes","token","makeStateDataType","Token","dataType","derived","canAuthorize","deps","fn","Boolean","supertoken","canRefresh","config","jwtRefreshCallback","isUnverifiedGuest","isGuest","JSON","parse","base64","decode","access_token","split","user_type","_unused","props","prop","namespace","session","isRefreshing","type","ready","refreshTimer","undefined","buildLoginUrl","options","clientType","state","isObject","Error","client_id","redirect_uri","cloneDeep","response_type","_deleteProperty","isEmpty","encodeState","concat","authorizeUrl","querystring","stringify","getOrgId","logger","info","extractOrgIdFromJWT","_this$supertoken","extractOrgIdFromUserToken","decodedJWT","jwt","realm","fields","buildThirdPartyLoginUrl","oauth2provider","returnURL","query","thirdPartyLoginUrl","buildLogoutUrl","logoutUrl","cisService","service","goto","calcRefreshTimeout","expiration","Math","floor","random","constructor","_this","_dataTypes","_keys","key","bind","_len","args","Array","_key","_apply","downscope","_this2","catch","reason","_reason$body","failReason","body","warn","trace","webex","internal","metrics","submitClientMetrics","METRICS","JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED","requestedScope","_promise","resolve","serialize","parent","getClientToken","_this3","request","method","uri","tokenUrl","form","grant_type","self_contained_token","auth","user","pass","client_secret","sendImmediately","shouldRefreshAccessToken","then","res","statusCode","reject","ErrorConstructor","grantErrors","select","error","_res","getUserToken","_this4","once","filterScope","sortScope","tap","add","initialize","attrs","_this5","authorization","expires","scheduleRefresh","prototype","listenToOnce","authorizationString","parsed","url","href","substr","indexOf","invalidate","clearTimeout","unset","err","models","remove","refresh","_this6","tokens","clone","requestAccessTokenFromJwt","services","updateCredentialsConfig","OAuthError","trigger","st","invalidScopes","diffScopes","JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH","all","map","tokenScope","revoke","_this7","expiresIn","_now","timeoutLength","safeSetTimeout","version","_applyDecoratedDescriptor2","_getOwnPropertyDescriptor","_default","exports"],"sources":["credentials.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport querystring from 'querystring';\nimport url from 'url';\n\nimport jwt from 'jsonwebtoken';\nimport {base64, encodeState, makeStateDataType, oneFlight, tap, whileInFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {clone, cloneDeep, isObject, isEmpty} from 'lodash';\n\nimport WebexPlugin from '../webex-plugin';\nimport {persist, waitForValue} from '../storage/decorators';\n\nimport grantErrors, {OAuthError} from './grant-errors';\nimport {filterScope, diffScopes, sortScope} from './scope';\nimport Token from './token';\nimport TokenCollection from './token-collection';\nimport {METRICS} from '../constants';\n\n/**\n * @class\n */\nconst Credentials = WebexPlugin.extend({\n collections: {\n userTokens: TokenCollection,\n },\n\n dataTypes: {\n token: makeStateDataType(Token, 'token').dataType,\n },\n\n derived: {\n canAuthorize: {\n deps: ['supertoken', 'supertoken.canAuthorize', 'canRefresh'],\n fn() {\n return Boolean((this.supertoken && this.supertoken.canAuthorize) || this.canRefresh);\n },\n },\n canRefresh: {\n deps: ['supertoken', 'supertoken.canRefresh'],\n fn() {\n // If we're operating in JWT mode, we have to delegate to the consumer\n if (this.config.jwtRefreshCallback) {\n return true;\n }\n\n return Boolean(this.supertoken && this.supertoken.canRefresh);\n },\n },\n isUnverifiedGuest: {\n deps: ['supertoken'],\n /**\n * Returns true if the user is an unverified guest\n * @returns {boolean}\n */\n fn() {\n let isGuest = false;\n try {\n isGuest =\n JSON.parse(base64.decode(this.supertoken.access_token.split('.')[1])).user_type ===\n 'guest';\n } catch {\n /* the non-guest token is formatted differently so catch is expected */\n }\n\n return isGuest;\n },\n },\n },\n\n props: {\n supertoken: makeStateDataType(Token, 'token').prop,\n },\n\n namespace: 'Credentials',\n\n session: {\n isRefreshing: {\n default: false,\n type: 'boolean',\n },\n /**\n * Becomes `true` once the {@link loaded} event fires.\n * @see {@link WebexPlugin#ready}\n * @instance\n * @memberof Credentials\n * @type {boolean}\n */\n ready: {\n default: false,\n type: 'boolean',\n },\n refreshTimer: {\n default: undefined,\n type: 'any',\n },\n },\n\n /**\n * Generates an OAuth Login URL. Prefers the api.ciscospark.com proxy if the\n * instance is initialize with an authorizatUrl, but fallsback to idbroker\n * as the base otherwise.\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {string}\n */\n buildLoginUrl(options = {clientType: 'public'}) {\n /* eslint-disable camelcase */\n if (options.state !== undefined && !isObject(options.state)) {\n throw new Error('if specified, `options.state` must be an object');\n }\n\n options.client_id = this.config.client_id;\n options.redirect_uri = this.config.redirect_uri;\n options.scope = this.config.scope;\n\n options = cloneDeep(options);\n\n if (!options.response_type) {\n options.response_type = options.clientType === 'public' ? 'token' : 'code';\n }\n Reflect.deleteProperty(options, 'clientType');\n\n if (options.state) {\n if (!isEmpty(options.state)) {\n options.state = encodeState(options.state);\n } else {\n delete options.state;\n }\n }\n\n return `${this.config.authorizeUrl}?${querystring.stringify(options)}`;\n /* eslint-enable camelcase */\n },\n\n /**\n * Get the determined OrgId.\n *\n * @throws {Error} - If the OrgId could not be determined.\n * @returns {string} - The OrgId.\n */\n getOrgId() {\n this.logger.info('credentials: attempting to retrieve the OrgId from token');\n\n try {\n // Attempt to extract a client-authenticated token's OrgId.\n this.logger.info('credentials: trying to extract OrgId from JWT');\n\n return this.extractOrgIdFromJWT(this.supertoken.access_token);\n } catch (e) {\n // Attempt to extract a user token's OrgId.\n this.logger.info('credentials: could not extract OrgId from JWT');\n this.logger.info('credentials: attempting to extract OrgId from user token');\n\n try {\n return this.extractOrgIdFromUserToken(this.supertoken?.access_token);\n } catch (f) {\n this.logger.info('credentials: could not extract OrgId from user token');\n throw f;\n }\n }\n },\n\n /**\n * Extract the OrgId [realm] from a provided JWT.\n *\n * @private\n * @param {string} token - The JWT to extract the OrgId from.\n * @throws {Error} - If the token does not pass JWT general/realm validation.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromJWT(token = '') {\n // Decoded the provided token.\n const decodedJWT = jwt.decode(token);\n\n // Validate that the provided token is a JWT.\n if (!decodedJWT) {\n throw new Error('unable to extract the OrgId from the provided JWT');\n }\n\n if (!decodedJWT.realm) {\n throw new Error('the provided JWT does not contain an OrgId');\n }\n\n // Return the OrgId [realm].\n return decodedJWT.realm;\n },\n\n /**\n * Extract the OrgId [realm] from a provided user token.\n *\n * @private\n * @param {string} token - The user token to extract the OrgId from.\n * @throws {Error} - Will throw an error if the provided token is invalid.\n * @returns {string} - The OrgId.\n */\n extractOrgIdFromUserToken(token = '') {\n // Split the provided token into subsections.\n const fields = token.split('_');\n\n // Validate that the provided token has the proper amount of sections.\n if (fields.length !== 3) {\n throw new Error(\n `the provided token is not a valid format, token has ${fields.length} sections`\n );\n }\n\n // Return the token section that contains the OrgId.\n return fields[2];\n },\n\n /**\n * Generates a Third-Party Login URL pointing at IdBroker's\n * `/idb/ThirdPartyLogin` endpoint. Used by the social-provider sign-in\n * flow (Google / Microsoft / Apple / ...).\n *\n * Mirrors `buildLoginUrl` / `buildLogoutUrl` — pure URL construction,\n * no navigation side effects. Reads from `this.config.thirdPartyLoginUrl`,\n * which is derived from `idbroker.url` in `credentials-config.js`.\n *\n * @instance\n * @memberof Credentials\n * @param {Object} options\n * @param {string} options.oauth2provider - Provider name (`google`,\n * `microsoft`, `apple`, ...). Required.\n * @param {string} options.returnURL - URL IdBroker should send the user\n * back to after the third-party hand-off. Required.\n * @param {Object} [options.state] - Optional state object. When non-empty\n * it is JSON-stringified and base64url-encoded, then emitted as the\n * top-level `state` query param so IdBroker can echo it back unchanged\n * on the callback (mirrors `buildLoginUrl`).\n * @returns {string}\n */\n buildThirdPartyLoginUrl(options = {}) {\n const {oauth2provider, returnURL, state} = options;\n\n if (!oauth2provider) {\n throw new Error('`options.oauth2provider` is required');\n }\n if (!returnURL) {\n throw new Error('`options.returnURL` is required');\n }\n if (state !== undefined && !isObject(state)) {\n throw new Error('if specified, `options.state` must be an object');\n }\n\n const query = {\n oauth2provider,\n returnURL,\n };\n\n if (state && !isEmpty(state)) {\n query.state = encodeState(state);\n }\n\n return `${this.config.thirdPartyLoginUrl}?${querystring.stringify(query)}`;\n },\n\n /**\n * Generates a Logout URL\n * @instance\n * @memberof Credentials\n * @param {Object} [options={}]\n * @returns {[type]}\n */\n buildLogoutUrl(options = {}) {\n return `${this.config.logoutUrl}?${querystring.stringify({\n cisService: this.config.service,\n goto: this.config.redirect_uri,\n ...options,\n })}`;\n },\n\n /**\n * Generates a number between 60% - 90% of expired value\n * @instance\n * @memberof Credentials\n * @param {number} expiration\n * @private\n * @returns {number}\n */\n calcRefreshTimeout(expiration) {\n return Math.floor(((Math.floor(Math.random() * 4) + 6) / 10) * expiration);\n },\n\n constructor(...args) {\n // HACK to deal with the fact that AmpersandState#dataTypes#set is a pure\n // function.\n this._dataTypes = cloneDeep(this._dataTypes);\n Object.keys(this._dataTypes).forEach((key) => {\n if (this._dataTypes[key].set) {\n this._dataTypes[key].set = this._dataTypes[key].set.bind(this);\n }\n });\n // END HACK\n Reflect.apply(WebexPlugin, this, args);\n },\n\n /**\n * Downscopes a token\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @private\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n return this.supertoken.downscope(scope).catch((reason) => {\n const failReason = reason?.body ?? reason;\n this.logger.warn(`credentials: failed to downscope supertoken to \"${scope}\"`, failReason);\n this.logger.trace(`credentials: falling back to supertoken for ${scope}`);\n this.webex.internal.metrics.submitClientMetrics(METRICS.JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED, {\n fields: {\n requestedScope: scope,\n failReason,\n },\n });\n\n return Promise.resolve(new Token({scope, ...this.supertoken.serialize()}), {\n parent: this,\n });\n });\n },\n\n /**\n * Requests a client credentials grant and returns the token. Given the\n * limited use for such tokens as this time, this method does not cache its\n * token.\n * @instance\n * @memberof Credentials\n * @param {Object} options\n * @returns {Promise<Token>}\n */\n getClientToken(options = {}) {\n this.logger.info('credentials: requesting client credentials grant');\n\n return this.webex\n .request({\n /* eslint-disable camelcase */\n method: 'POST',\n uri: options.uri || this.config.tokenUrl,\n form: {\n grant_type: 'client_credentials',\n scope: options.scope || 'webexsquare:admin',\n self_contained_token: true,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n /* eslint-enable camelcase */\n })\n .then((res) => new Token(res.body, {parent: this}))\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n @oneFlight({keyFactory: (scope) => scope})\n @waitForValue('@')\n /**\n * Resolves with a token with the specified scopes. If no scope is specified,\n * defaults to omit(webex.credentials.scope, 'spark:kms'). If no such token is\n * available, downscopes the supertoken to that scope.\n * @instance\n * @memberof Credentials\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n getUserToken(scope) {\n return Promise.resolve(\n !this.isRefreshing ||\n new Promise((resolve) => {\n this.logger.info(\n 'credentials: token refresh inflight; delaying getUserToken until refresh completes'\n );\n this.once('change:isRefreshing', () => {\n this.logger.info('credentials: token refresh complete; reinvoking getUserToken');\n resolve();\n });\n })\n ).then(() => {\n if (!this.canAuthorize) {\n this.logger.info('credentials: cannot produce an access token from current state');\n\n return Promise.reject(new Error('Current state cannot produce an access token'));\n }\n\n if (!scope) {\n scope = filterScope('spark:kms', this.supertoken.scope);\n }\n\n scope = sortScope(scope);\n\n if (scope === sortScope(this.supertoken.scope)) {\n return Promise.resolve(this.supertoken);\n }\n\n const token = this.userTokens.get(scope);\n\n // we should also check for the token.access_token since token object does\n // not get cleared on unsetting while logging out.\n if (!token || !token.access_token) {\n return this.downscope(scope).then(tap((t) => this.userTokens.add(t)));\n }\n\n return Promise.resolve(token);\n });\n },\n\n @persist('@')\n /**\n * Initializer\n * @instance\n * @memberof Credentials\n * @param {Object} attrs\n * @param {Object} options\n * @private\n * @returns {Credentials}\n */\n initialize(attrs, options) {\n if (attrs) {\n if (typeof attrs === 'string') {\n this.supertoken = attrs;\n }\n\n if (attrs.access_token) {\n this.supertoken = attrs;\n }\n\n if (attrs.authorization) {\n if (attrs.authorization.supertoken) {\n this.supertoken = attrs.authorization.supertoken;\n } else {\n this.supertoken = attrs.authorization;\n }\n }\n\n // schedule refresh\n if (this.supertoken && this.supertoken.expires) {\n this.scheduleRefresh(this.supertoken.expires);\n }\n }\n\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n this.listenToOnce(this.parent, 'change:config', () => {\n if (this.config.authorizationString) {\n const parsed = url.parse(this.config.authorizationString, true);\n\n /* eslint-disable camelcase */\n this.config.client_id = parsed.query.client_id;\n this.config.redirect_uri = parsed.query.redirect_uri;\n this.config.scope = parsed.query.scope;\n this.config.authorizeUrl = parsed.href.substr(0, parsed.href.indexOf('?'));\n /* eslint-enable camelcase */\n }\n });\n\n this.webex.once('loaded', () => {\n this.ready = true;\n });\n },\n\n @oneFlight\n @waitForValue('@')\n /**\n * Clears all tokens from store them from the stores.\n *\n * This is no longer quite the right name for this method, but all of the\n * alternatives I'm coming up with are already taken.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n invalidate() {\n this.logger.info('credentials: invalidating tokens');\n\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n\n try {\n this.unset('supertoken');\n } catch (err) {\n this.logger.warn('credentials: failed to clear supertoken', err);\n }\n\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n\n this.logger.info('credentials: finished removing tokens');\n\n // Return a promise to give the storage layer a tick or two to clear\n // localStorage\n return Promise.resolve();\n },\n\n @oneFlight\n @whileInFlight('isRefreshing')\n @waitForValue('@')\n /**\n * Removes the supertoken and child tokens, then refreshes the supertoken;\n * subsequent calls to {@link Credentials#getUserToken()} will re-downscope\n * child tokens. Enqueus revocation of previous previousTokens. Yes, that's\n * the correct number of \"previous\"es.\n * @instance\n * @memberof Credentials\n * @returns {Promise}\n */\n refresh() {\n this.logger.info('credentials: refresh requested');\n\n const {supertoken} = this;\n const tokens = clone(this.userTokens.models);\n\n // This is kind of a leaky abstraction, since it relies on the authorization\n // plugin, but the only alternatives I see are\n // 1. put all JWT support in core\n // 2. have separate jwt and non-jwt auth plugins\n // while I like #2 from a code simplicity standpoint, the third-party DX\n // isn't great\n if (this.config.jwtRefreshCallback) {\n return (\n this.config\n .jwtRefreshCallback(this.webex)\n // eslint-disable-next-line no-shadow\n .then((jwt) => this.webex.authorization.requestAccessTokenFromJwt({jwt}))\n );\n }\n\n if (this.webex.internal.services) {\n this.webex.internal.services.updateCredentialsConfig();\n }\n\n return supertoken\n .refresh()\n .catch((error) => {\n if (error instanceof OAuthError) {\n // Error: super token refresh failed with 400 status code.\n // Hence emit an event to the client, an opportunity to logout.\n this.unset('supertoken');\n while (this.userTokens.models.length) {\n try {\n this.userTokens.remove(this.userTokens.models[0]);\n } catch (err) {\n this.logger.warn('credentials: failed to remove user token', err);\n }\n }\n this.webex.trigger('client:InvalidRequestError');\n }\n\n return Promise.reject(error);\n })\n .then((st) => {\n // clear refresh timer\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.unset('refreshTimer');\n }\n this.supertoken = st;\n\n const invalidScopes = diffScopes(this.config.scope, st.scope);\n\n if (invalidScopes !== '') {\n this.logger.warn(\n `credentials: \"${invalidScopes}\" scope(s) are invalid because not listed in the supertoken, they will be excluded from user token requests.`\n );\n this.webex.internal.metrics.submitClientMetrics(\n METRICS.JS_SDK_CREDENTIALS_TOKEN_REFRESH_SCOPE_MISMATCH,\n {fields: {invalidScopes}}\n );\n }\n\n return Promise.all(\n tokens.map((token) => {\n const tokenScope = filterScope(diffScopes(token.scope, st.scope), token.scope);\n\n return (\n this.downscope(tokenScope)\n // eslint-disable-next-line max-nested-callbacks\n .then((t) => {\n this.logger.info(`credentials: revoking token for ${token.scope}`);\n\n return token\n .revoke()\n .catch((err) => {\n this.logger.warn('credentials: failed to revoke user token', err);\n })\n .then(() => {\n this.userTokens.remove(token.scope);\n this.userTokens.add(t);\n });\n })\n );\n })\n );\n })\n .then(() => {\n this.scheduleRefresh(this.supertoken.expires);\n });\n },\n\n /**\n * Schedules a token refresh or refreshes the token if token has expired\n * @instance\n * @memberof Credentials\n * @param {number} expires\n * @private\n * @returns {undefined}\n */\n scheduleRefresh(expires) {\n const expiresIn = expires - Date.now();\n\n if (expiresIn > 0) {\n const timeoutLength = this.calcRefreshTimeout(expiresIn);\n\n this.refreshTimer = safeSetTimeout(() => this.refresh(), timeoutLength);\n } else {\n this.refresh();\n }\n },\n});\n\nexport default Credentials;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAIA,IAAAA,YAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,aAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,aAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAEA,IAAAM,YAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,WAAA,GAAAP,OAAA;AAEA,IAAAQ,YAAA,GAAAC,uBAAA,CAAAT,OAAA;AACA,IAAAU,MAAA,GAAAV,OAAA;AACA,IAAAW,MAAA,GAAAZ,sBAAA,CAAAC,OAAA;AACA,IAAAY,gBAAA,GAAAb,sBAAA,CAAAC,OAAA;AACA,IAAAa,UAAA,GAAAb,OAAA;AAAqC,IAAAc,IAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,IAAA;AAnBrC;AACA;AACA;AAFA,SAAAX,wBAAAY,CAAA,EAAAC,CAAA,6BAAAC,QAAA,MAAAC,CAAA,OAAAD,QAAA,IAAAE,CAAA,OAAAF,QAAA,YAAAd,uBAAA,YAAAA,wBAAAY,CAAA,EAAAC,CAAA,SAAAA,CAAA,IAAAD,CAAA,IAAAA,CAAA,CAAAK,UAAA,SAAAL,CAAA,MAAAM,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAC,SAAA,QAAAC,OAAA,EAAAV,CAAA,iBAAAA,CAAA,gBAAAW,OAAA,CAAAX,CAAA,0BAAAA,CAAA,SAAAQ,CAAA,MAAAF,CAAA,GAAAL,CAAA,GAAAG,CAAA,GAAAD,CAAA,QAAAG,CAAA,CAAAM,GAAA,CAAAZ,CAAA,UAAAM,CAAA,CAAAO,GAAA,CAAAb,CAAA,GAAAM,CAAA,CAAAQ,GAAA,CAAAd,CAAA,EAAAQ,CAAA,cAAAO,EAAA,IAAAf,CAAA,gBAAAe,EAAA,OAAAC,cAAA,CAAAC,IAAA,CAAAjB,CAAA,EAAAe,EAAA,OAAAR,CAAA,IAAAD,CAAA,GAAAY,sBAAA,KAAAC,iCAAA,CAAAnB,CAAA,EAAAe,EAAA,OAAAR,CAAA,CAAAM,GAAA,IAAAN,CAAA,CAAAO,GAAA,IAAAR,CAAA,CAAAE,CAAA,EAAAO,EAAA,EAAAR,CAAA,IAAAC,CAAA,CAAAO,EAAA,IAAAf,CAAA,CAAAe,EAAA,WAAAP,CAAA,KAAAR,CAAA,EAAAC,CAAA;AAAA,SAAAmB,QAAApB,CAAA,EAAAG,CAAA,QAAAF,CAAA,GAAAoB,aAAA,CAAArB,CAAA,OAAAsB,6BAAA,QAAAhB,CAAA,GAAAgB,6BAAA,CAAAtB,CAAA,GAAAG,CAAA,KAAAG,CAAA,GAAAA,CAAA,CAAAiB,MAAA,WAAApB,CAAA,WAAAgB,iCAAA,CAAAnB,CAAA,EAAAG,CAAA,EAAAqB,UAAA,OAAAvB,CAAA,CAAAwB,IAAA,CAAAC,KAAA,CAAAzB,CAAA,EAAAK,CAAA,YAAAL,CAAA;AAAA,SAAA0B,cAAA3B,CAAA,aAAAG,CAAA,MAAAA,CAAA,GAAAyB,SAAA,CAAAC,MAAA,EAAA1B,CAAA,UAAAF,CAAA,WAAA2B,SAAA,CAAAzB,CAAA,IAAAyB,SAAA,CAAAzB,CAAA,QAAAA,CAAA,OAAAiB,OAAA,CAAAU,MAAA,CAAA7B,CAAA,OAAA8B,OAAA,WAAA5B,CAAA,QAAA6B,gBAAA,CAAAtB,OAAA,EAAAV,CAAA,EAAAG,CAAA,EAAAF,CAAA,CAAAE,CAAA,SAAA8B,iCAAA,GAAAC,wBAAA,CAAAlC,CAAA,EAAAiC,iCAAA,CAAAhC,CAAA,KAAAmB,OAAA,CAAAU,MAAA,CAAA7B,CAAA,GAAA8B,OAAA,WAAA5B,CAAA,IAAAe,sBAAA,CAAAlB,CAAA,EAAAG,CAAA,EAAAgB,iCAAA,CAAAlB,CAAA,EAAAE,CAAA,iBAAAH,CAAA;AAqBA;AACA;AACA;AACA,IAAMmC,WAAW,GAAGC,oBAAW,CAACC,MAAM,EAAA5C,IAAA,GAyVnC,IAAA6C,iBAAS,EAAC;EAACC,UAAU,EAAE,SAAZA,UAAUA,CAAGC,KAAK;IAAA,OAAKA,KAAK;EAAA;AAAA,CAAC,CAAC,EAAA9C,KAAA,GACzC,IAAA+C,wBAAY,EAAC,GAAG,CAAC,EAAA9C,KAAA,GAmDjB,IAAA+C,mBAAO,EAAC,GAAG,CAAC,EAAA9C,KAAA,GAuDZ,IAAA6C,wBAAY,EAAC,GAAG,CAAC,EAAA5C,KAAA,GAyCjB,IAAA8C,qBAAa,EAAC,cAAc,CAAC,EAAA7C,KAAA,GAC7B,IAAA2C,wBAAY,EAAC,GAAG,CAAC,EAAA1C,IAAA,GA9emB;EACrC6C,WAAW,EAAE;IACXC,UAAU,EAAEC;EACd,CAAC;EAEDC,SAAS,EAAE;IACTC,KAAK,EAAE,IAAAC,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACC;EAC3C,CAAC;EAEDC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,YAAY,EAAE,yBAAyB,EAAE,YAAY,CAAC;MAC7DC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,OAAOC,OAAO,CAAE,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACJ,YAAY,IAAK,IAAI,CAACK,UAAU,CAAC;MACtF;IACF,CAAC;IACDA,UAAU,EAAE;MACVJ,IAAI,EAAE,CAAC,YAAY,EAAE,uBAAuB,CAAC;MAC7CC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH;QACA,IAAI,IAAI,CAACI,MAAM,CAACC,kBAAkB,EAAE;UAClC,OAAO,IAAI;QACb;QAEA,OAAOJ,OAAO,CAAC,IAAI,CAACC,UAAU,IAAI,IAAI,CAACA,UAAU,CAACC,UAAU,CAAC;MAC/D;IACF,CAAC;IACDG,iBAAiB,EAAE;MACjBP,IAAI,EAAE,CAAC,YAAY,CAAC;MACpB;AACN;AACA;AACA;MACMC,EAAE,WAAFA,EAAEA,CAAA,EAAG;QACH,IAAIO,OAAO,GAAG,KAAK;QACnB,IAAI;UACFA,OAAO,GACLC,IAAI,CAACC,KAAK,CAACC,cAAM,CAACC,MAAM,CAAC,IAAI,CAACT,UAAU,CAACU,YAAY,CAACC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAACC,SAAS,KAC/E,OAAO;QACX,CAAC,CAAC,OAAAC,OAAA,EAAM;UACN;QAAA;QAGF,OAAOR,OAAO;MAChB;IACF;EACF,CAAC;EAEDS,KAAK,EAAE;IACLd,UAAU,EAAE,IAAAR,yBAAiB,EAACC,cAAK,EAAE,OAAO,CAAC,CAACsB;EAChD,CAAC;EAEDC,SAAS,EAAE,aAAa;EAExBC,OAAO,EAAE;IACPC,YAAY,EAAE;MACZjE,OAAO,EAAE,KAAK;MACdkE,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;IACIC,KAAK,EAAE;MACLnE,OAAO,EAAE,KAAK;MACdkE,IAAI,EAAE;IACR,CAAC;IACDE,YAAY,EAAE;MACZpE,OAAO,EAAEqE,SAAS;MAClBH,IAAI,EAAE;IACR;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEI,aAAa,WAAbA,aAAaA,CAAA,EAAmC;IAAA,IAAlCC,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG;MAACsD,UAAU,EAAE;IAAQ,CAAC;IAC5C;IACA,IAAID,OAAO,CAACE,KAAK,KAAKJ,SAAS,IAAI,CAAC,IAAAK,gBAAQ,EAACH,OAAO,CAACE,KAAK,CAAC,EAAE;MAC3D,MAAM,IAAIE,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEAJ,OAAO,CAACK,SAAS,GAAG,IAAI,CAAC3B,MAAM,CAAC2B,SAAS;IACzCL,OAAO,CAACM,YAAY,GAAG,IAAI,CAAC5B,MAAM,CAAC4B,YAAY;IAC/CN,OAAO,CAACzC,KAAK,GAAG,IAAI,CAACmB,MAAM,CAACnB,KAAK;IAEjCyC,OAAO,GAAG,IAAAO,iBAAS,EAACP,OAAO,CAAC;IAE5B,IAAI,CAACA,OAAO,CAACQ,aAAa,EAAE;MAC1BR,OAAO,CAACQ,aAAa,GAAGR,OAAO,CAACC,UAAU,KAAK,QAAQ,GAAG,OAAO,GAAG,MAAM;IAC5E;IACA,IAAAQ,eAAA,CAAAhF,OAAA,EAAuBuE,OAAO,EAAE,YAAY,CAAC;IAE7C,IAAIA,OAAO,CAACE,KAAK,EAAE;MACjB,IAAI,CAAC,IAAAQ,eAAO,EAACV,OAAO,CAACE,KAAK,CAAC,EAAE;QAC3BF,OAAO,CAACE,KAAK,GAAG,IAAAS,mBAAW,EAACX,OAAO,CAACE,KAAK,CAAC;MAC5C,CAAC,MAAM;QACL,OAAOF,OAAO,CAACE,KAAK;MACtB;IACF;IAEA,UAAAU,MAAA,CAAU,IAAI,CAAClC,MAAM,CAACmC,YAAY,OAAAD,MAAA,CAAIE,oBAAW,CAACC,SAAS,CAACf,OAAO,CAAC;IACpE;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEgB,QAAQ,WAARA,QAAQA,CAAA,EAAG;IACT,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;IAE5E,IAAI;MACF;MACA,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MAEjE,OAAO,IAAI,CAACC,mBAAmB,CAAC,IAAI,CAAC3C,UAAU,CAACU,YAAY,CAAC;IAC/D,CAAC,CAAC,OAAOnE,CAAC,EAAE;MACV;MACA,IAAI,CAACkG,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;MACjE,IAAI,CAACD,MAAM,CAACC,IAAI,CAAC,0DAA0D,CAAC;MAE5E,IAAI;QAAA,IAAAE,gBAAA;QACF,OAAO,IAAI,CAACC,yBAAyB,EAAAD,gBAAA,GAAC,IAAI,CAAC5C,UAAU,cAAA4C,gBAAA,uBAAfA,gBAAA,CAAiBlC,YAAY,CAAC;MACtE,CAAC,CAAC,OAAO3D,CAAC,EAAE;QACV,IAAI,CAAC0F,MAAM,CAACC,IAAI,CAAC,sDAAsD,CAAC;QACxE,MAAM3F,CAAC;MACT;IACF;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE4F,mBAAmB,WAAnBA,mBAAmBA,CAAA,EAAa;IAAA,IAAZpD,KAAK,GAAApB,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,EAAE;IAC5B;IACA,IAAM2E,UAAU,GAAGC,qBAAG,CAACtC,MAAM,CAAClB,KAAK,CAAC;;IAEpC;IACA,IAAI,CAACuD,UAAU,EAAE;MACf,MAAM,IAAIlB,KAAK,CAAC,mDAAmD,CAAC;IACtE;IAEA,IAAI,CAACkB,UAAU,CAACE,KAAK,EAAE;MACrB,MAAM,IAAIpB,KAAK,CAAC,4CAA4C,CAAC;IAC/D;;IAEA;IACA,OAAOkB,UAAU,CAACE,KAAK;EACzB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEH,yBAAyB,WAAzBA,yBAAyBA,CAAA,EAAa;IAAA,IAAZtD,KAAK,GAAApB,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,EAAE;IAClC;IACA,IAAM8E,MAAM,GAAG1D,KAAK,CAACoB,KAAK,CAAC,GAAG,CAAC;;IAE/B;IACA,IAAIsC,MAAM,CAAC7E,MAAM,KAAK,CAAC,EAAE;MACvB,MAAM,IAAIwD,KAAK,wDAAAQ,MAAA,CAC0Ca,MAAM,CAAC7E,MAAM,cACtE,CAAC;IACH;;IAEA;IACA,OAAO6E,MAAM,CAAC,CAAC,CAAC;EAClB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,uBAAuB,WAAvBA,uBAAuBA,CAAA,EAAe;IAAA,IAAd1B,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,CAAC,CAAC;IAClC,IAAOgF,cAAc,GAAsB3B,OAAO,CAA3C2B,cAAc;MAAEC,SAAS,GAAW5B,OAAO,CAA3B4B,SAAS;MAAE1B,KAAK,GAAIF,OAAO,CAAhBE,KAAK;IAEvC,IAAI,CAACyB,cAAc,EAAE;MACnB,MAAM,IAAIvB,KAAK,CAAC,sCAAsC,CAAC;IACzD;IACA,IAAI,CAACwB,SAAS,EAAE;MACd,MAAM,IAAIxB,KAAK,CAAC,iCAAiC,CAAC;IACpD;IACA,IAAIF,KAAK,KAAKJ,SAAS,IAAI,CAAC,IAAAK,gBAAQ,EAACD,KAAK,CAAC,EAAE;MAC3C,MAAM,IAAIE,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEA,IAAMyB,KAAK,GAAG;MACZF,cAAc,EAAdA,cAAc;MACdC,SAAS,EAATA;IACF,CAAC;IAED,IAAI1B,KAAK,IAAI,CAAC,IAAAQ,eAAO,EAACR,KAAK,CAAC,EAAE;MAC5B2B,KAAK,CAAC3B,KAAK,GAAG,IAAAS,mBAAW,EAACT,KAAK,CAAC;IAClC;IAEA,UAAAU,MAAA,CAAU,IAAI,CAAClC,MAAM,CAACoD,kBAAkB,OAAAlB,MAAA,CAAIE,oBAAW,CAACC,SAAS,CAACc,KAAK,CAAC;EAC1E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEE,cAAc,WAAdA,cAAcA,CAAA,EAAe;IAAA,IAAd/B,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,CAAC,CAAC;IACzB,UAAAiE,MAAA,CAAU,IAAI,CAAClC,MAAM,CAACsD,SAAS,OAAApB,MAAA,CAAIE,oBAAW,CAACC,SAAS,CAAArE,aAAA;MACtDuF,UAAU,EAAE,IAAI,CAACvD,MAAM,CAACwD,OAAO;MAC/BC,IAAI,EAAE,IAAI,CAACzD,MAAM,CAAC4B;IAAY,GAC3BN,OAAO,CACX,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEoC,kBAAkB,WAAlBA,kBAAkBA,CAACC,UAAU,EAAE;IAC7B,OAAOC,IAAI,CAACC,KAAK,CAAE,CAACD,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAIH,UAAU,CAAC;EAC5E,CAAC;EAEDI,WAAW,WAAXA,WAAWA,CAAA,EAAU;IAAA,IAAAC,KAAA;IACnB;IACA;IACA,IAAI,CAACC,UAAU,GAAG,IAAApC,iBAAS,EAAC,IAAI,CAACoC,UAAU,CAAC;IAC5C,IAAAC,KAAA,CAAAnH,OAAA,EAAY,IAAI,CAACkH,UAAU,CAAC,CAAC7F,OAAO,CAAC,UAAC+F,GAAG,EAAK;MAC5C,IAAIH,KAAI,CAACC,UAAU,CAACE,GAAG,CAAC,CAAChH,GAAG,EAAE;QAC5B6G,KAAI,CAACC,UAAU,CAACE,GAAG,CAAC,CAAChH,GAAG,GAAG6G,KAAI,CAACC,UAAU,CAACE,GAAG,CAAC,CAAChH,GAAG,CAACiH,IAAI,CAACJ,KAAI,CAAC;MAChE;IACF,CAAC,CAAC;IACF;IAAA,SAAAK,IAAA,GAAApG,SAAA,CAAAC,MAAA,EATaoG,IAAI,OAAAC,KAAA,CAAAF,IAAA,GAAAG,IAAA,MAAAA,IAAA,GAAAH,IAAA,EAAAG,IAAA;MAAJF,IAAI,CAAAE,IAAA,IAAAvG,SAAA,CAAAuG,IAAA;IAAA;IAUjB,IAAAC,MAAA,CAAA1H,OAAA,EAAc0B,oBAAW,EAAE,IAAI,EAAE6F,IAAI,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEI,SAAS,WAATA,SAASA,CAAC7F,KAAK,EAAE;IAAA,IAAA8F,MAAA;IACf,OAAO,IAAI,CAAC7E,UAAU,CAAC4E,SAAS,CAAC7F,KAAK,CAAC,CAAC+F,KAAK,CAAC,UAACC,MAAM,EAAK;MAAA,IAAAC,YAAA;MACxD,IAAMC,UAAU,IAAAD,YAAA,GAAGD,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEG,IAAI,cAAAF,YAAA,cAAAA,YAAA,GAAID,MAAM;MACzCF,MAAI,CAACpC,MAAM,CAAC0C,IAAI,qDAAA/C,MAAA,CAAoDrD,KAAK,SAAKkG,UAAU,CAAC;MACzFJ,MAAI,CAACpC,MAAM,CAAC2C,KAAK,gDAAAhD,MAAA,CAAgDrD,KAAK,CAAE,CAAC;MACzE8F,MAAI,CAACQ,KAAK,CAACC,QAAQ,CAACC,OAAO,CAACC,mBAAmB,CAACC,kBAAO,CAACC,mCAAmC,EAAE;QAC3FzC,MAAM,EAAE;UACN0C,cAAc,EAAE5G,KAAK;UACrBkG,UAAU,EAAVA;QACF;MACF,CAAC,CAAC;MAEF,OAAOW,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAAC,IAAIpG,cAAK,CAAAvB,aAAA;QAAEa,KAAK,EAALA;MAAK,GAAK8F,MAAI,CAAC7E,UAAU,CAAC8F,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE;QACzEC,MAAM,EAAElB;MACV,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEmB,cAAc,WAAdA,cAAcA,CAAA,EAAe;IAAA,IAAAC,MAAA;IAAA,IAAdzE,OAAO,GAAArD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAmD,SAAA,GAAAnD,SAAA,MAAG,CAAC,CAAC;IACzB,IAAI,CAACsE,MAAM,CAACC,IAAI,CAAC,kDAAkD,CAAC;IAEpE,OAAO,IAAI,CAAC2C,KAAK,CACda,OAAO,CAAC;MACP;MACAC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE5E,OAAO,CAAC4E,GAAG,IAAI,IAAI,CAAClG,MAAM,CAACmG,QAAQ;MACxCC,IAAI,EAAE;QACJC,UAAU,EAAE,oBAAoB;QAChCxH,KAAK,EAAEyC,OAAO,CAACzC,KAAK,IAAI,mBAAmB;QAC3CyH,oBAAoB,EAAE;MACxB,CAAC;MACDC,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACxG,MAAM,CAAC2B,SAAS;QAC3B8E,IAAI,EAAE,IAAI,CAACzG,MAAM,CAAC0G,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;MAC1B;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAACC,GAAG;MAAA,OAAK,IAAIvH,cAAK,CAACuH,GAAG,CAAC9B,IAAI,EAAE;QAACa,MAAM,EAAEE;MAAI,CAAC,CAAC;IAAA,EAAC,CAClDnB,KAAK,CAAC,UAACkC,GAAG,EAAK;MACd,IAAIA,GAAG,CAACC,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAOrB,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAACF,GAAG,CAAC;MAC5B;MAEA,IAAMG,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACL,GAAG,CAAC9B,IAAI,CAACoC,KAAK,CAAC;MAE3D,OAAO1B,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAAC,IAAIC,gBAAgB,CAACH,GAAG,CAACO,IAAI,IAAIP,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEQ,YAAY,WAAZA,YAAYA,CAACzI,KAAK,EAAE;IAAA,IAAA0I,MAAA;IAClB,OAAO7B,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CACpB,CAAC,IAAI,CAAC3E,YAAY,IAChB,IAAA0E,QAAA,CAAA3I,OAAA,CAAY,UAAC4I,OAAO,EAAK;MACvB4B,MAAI,CAAChF,MAAM,CAACC,IAAI,CACd,oFACF,CAAC;MACD+E,MAAI,CAACC,IAAI,CAAC,qBAAqB,EAAE,YAAM;QACrCD,MAAI,CAAChF,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;QAChFmD,OAAO,CAAC,CAAC;MACX,CAAC,CAAC;IACJ,CAAC,CACL,CAAC,CAACkB,IAAI,CAAC,YAAM;MACX,IAAI,CAACU,MAAI,CAAC7H,YAAY,EAAE;QACtB6H,MAAI,CAAChF,MAAM,CAACC,IAAI,CAAC,gEAAgE,CAAC;QAElF,OAAOkD,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAAC,IAAItF,KAAK,CAAC,8CAA8C,CAAC,CAAC;MAClF;MAEA,IAAI,CAAC7C,KAAK,EAAE;QACVA,KAAK,GAAG,IAAA4I,kBAAW,EAAC,WAAW,EAAEF,MAAI,CAACzH,UAAU,CAACjB,KAAK,CAAC;MACzD;MAEAA,KAAK,GAAG,IAAA6I,gBAAS,EAAC7I,KAAK,CAAC;MAExB,IAAIA,KAAK,KAAK,IAAA6I,gBAAS,EAACH,MAAI,CAACzH,UAAU,CAACjB,KAAK,CAAC,EAAE;QAC9C,OAAO6G,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAAC4B,MAAI,CAACzH,UAAU,CAAC;MACzC;MAEA,IAAMT,KAAK,GAAGkI,MAAI,CAACrI,UAAU,CAAChC,GAAG,CAAC2B,KAAK,CAAC;;MAExC;MACA;MACA,IAAI,CAACQ,KAAK,IAAI,CAACA,KAAK,CAACmB,YAAY,EAAE;QACjC,OAAO+G,MAAI,CAAC7C,SAAS,CAAC7F,KAAK,CAAC,CAACgI,IAAI,CAAC,IAAAc,WAAG,EAAC,UAACrL,CAAC;UAAA,OAAKiL,MAAI,CAACrI,UAAU,CAAC0I,GAAG,CAACtL,CAAC,CAAC;QAAA,EAAC,CAAC;MACvE;MAEA,OAAOoJ,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAACtG,KAAK,CAAC;IAC/B,CAAC,CAAC;EACJ,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEwI,UAAU,WAAVA,UAAUA,CAACC,KAAK,EAAExG,OAAO,EAAE;IAAA,IAAAyG,MAAA;IACzB,IAAID,KAAK,EAAE;MACT,IAAI,OAAOA,KAAK,KAAK,QAAQ,EAAE;QAC7B,IAAI,CAAChI,UAAU,GAAGgI,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACtH,YAAY,EAAE;QACtB,IAAI,CAACV,UAAU,GAAGgI,KAAK;MACzB;MAEA,IAAIA,KAAK,CAACE,aAAa,EAAE;QACvB,IAAIF,KAAK,CAACE,aAAa,CAAClI,UAAU,EAAE;UAClC,IAAI,CAACA,UAAU,GAAGgI,KAAK,CAACE,aAAa,CAAClI,UAAU;QAClD,CAAC,MAAM;UACL,IAAI,CAACA,UAAU,GAAGgI,KAAK,CAACE,aAAa;QACvC;MACF;;MAEA;MACA,IAAI,IAAI,CAAClI,UAAU,IAAI,IAAI,CAACA,UAAU,CAACmI,OAAO,EAAE;QAC9C,IAAI,CAACC,eAAe,CAAC,IAAI,CAACpI,UAAU,CAACmI,OAAO,CAAC;MAC/C;IACF;IAEA,IAAAxD,MAAA,CAAA1H,OAAA,EAAc0B,oBAAW,CAAC0J,SAAS,CAACN,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAExG,OAAO,CAAC,CAAC;IAEvE,IAAI,CAAC8G,YAAY,CAAC,IAAI,CAACvC,MAAM,EAAE,eAAe,EAAE,YAAM;MACpD,IAAIkC,MAAI,CAAC/H,MAAM,CAACqI,mBAAmB,EAAE;QACnC,IAAMC,MAAM,GAAGC,YAAG,CAAClI,KAAK,CAAC0H,MAAI,CAAC/H,MAAM,CAACqI,mBAAmB,EAAE,IAAI,CAAC;;QAE/D;QACAN,MAAI,CAAC/H,MAAM,CAAC2B,SAAS,GAAG2G,MAAM,CAACnF,KAAK,CAACxB,SAAS;QAC9CoG,MAAI,CAAC/H,MAAM,CAAC4B,YAAY,GAAG0G,MAAM,CAACnF,KAAK,CAACvB,YAAY;QACpDmG,MAAI,CAAC/H,MAAM,CAACnB,KAAK,GAAGyJ,MAAM,CAACnF,KAAK,CAACtE,KAAK;QACtCkJ,MAAI,CAAC/H,MAAM,CAACmC,YAAY,GAAGmG,MAAM,CAACE,IAAI,CAACC,MAAM,CAAC,CAAC,EAAEH,MAAM,CAACE,IAAI,CAACE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1E;MACF;IACF,CAAC,CAAC;IAEF,IAAI,CAACvD,KAAK,CAACqC,IAAI,CAAC,QAAQ,EAAE,YAAM;MAC9BO,MAAI,CAAC7G,KAAK,GAAG,IAAI;IACnB,CAAC,CAAC;EACJ,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEyH,UAAU,WAAVA,UAAUA,CAAA,EAAG;IACX,IAAI,CAACpG,MAAM,CAACC,IAAI,CAAC,kCAAkC,CAAC;;IAEpD;IACA,IAAI,IAAI,CAACrB,YAAY,EAAE;MACrByH,YAAY,CAAC,IAAI,CAACzH,YAAY,CAAC;MAC/B,IAAI,CAAC0H,KAAK,CAAC,cAAc,CAAC;IAC5B;IAEA,IAAI;MACF,IAAI,CAACA,KAAK,CAAC,YAAY,CAAC;IAC1B,CAAC,CAAC,OAAOC,GAAG,EAAE;MACZ,IAAI,CAACvG,MAAM,CAAC0C,IAAI,CAAC,yCAAyC,EAAE6D,GAAG,CAAC;IAClE;IAEA,OAAO,IAAI,CAAC5J,UAAU,CAAC6J,MAAM,CAAC7K,MAAM,EAAE;MACpC,IAAI;QACF,IAAI,CAACgB,UAAU,CAAC8J,MAAM,CAAC,IAAI,CAAC9J,UAAU,CAAC6J,MAAM,CAAC,CAAC,CAAC,CAAC;MACnD,CAAC,CAAC,OAAOD,GAAG,EAAE;QACZ,IAAI,CAACvG,MAAM,CAAC0C,IAAI,CAAC,0CAA0C,EAAE6D,GAAG,CAAC;MACnE;IACF;IAEA,IAAI,CAACvG,MAAM,CAACC,IAAI,CAAC,uCAAuC,CAAC;;IAEzD;IACA;IACA,OAAOkD,QAAA,CAAA3I,OAAA,CAAQ4I,OAAO,CAAC,CAAC;EAC1B,CAAC;EAKD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEsD,OAAO,WAAPA,OAAOA,CAAA,EAAG;IAAA,IAAAC,MAAA;IACR,IAAI,CAAC3G,MAAM,CAACC,IAAI,CAAC,gCAAgC,CAAC;IAElD,IAAO1C,UAAU,GAAI,IAAI,CAAlBA,UAAU;IACjB,IAAMqJ,MAAM,GAAG,IAAAC,aAAK,EAAC,IAAI,CAAClK,UAAU,CAAC6J,MAAM,CAAC;;IAE5C;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,IAAI,CAAC/I,MAAM,CAACC,kBAAkB,EAAE;MAClC,OACE,IAAI,CAACD,MAAM,CACRC,kBAAkB,CAAC,IAAI,CAACkF,KAAK;MAC9B;MAAA,CACC0B,IAAI,CAAC,UAAChE,GAAG;QAAA,OAAKqG,MAAI,CAAC/D,KAAK,CAAC6C,aAAa,CAACqB,yBAAyB,CAAC;UAACxG,GAAG,EAAHA;QAAG,CAAC,CAAC;MAAA,EAAC;IAE/E;IAEA,IAAI,IAAI,CAACsC,KAAK,CAACC,QAAQ,CAACkE,QAAQ,EAAE;MAChC,IAAI,CAACnE,KAAK,CAACC,QAAQ,CAACkE,QAAQ,CAACC,uBAAuB,CAAC,CAAC;IACxD;IAEA,OAAOzJ,UAAU,CACdmJ,OAAO,CAAC,CAAC,CACTrE,KAAK,CAAC,UAACwC,KAAK,EAAK;MAChB,IAAIA,KAAK,YAAYoC,uBAAU,EAAE;QAC/B;QACA;QACAN,MAAI,CAACL,KAAK,CAAC,YAAY,CAAC;QACxB,OAAOK,MAAI,CAAChK,UAAU,CAAC6J,MAAM,CAAC7K,MAAM,EAAE;UACpC,IAAI;YACFgL,MAAI,CAAChK,UAAU,CAAC8J,MAAM,CAACE,MAAI,CAAChK,UAAU,CAAC6J,MAAM,CAAC,CAAC,CAAC,CAAC;UACnD,CAAC,CAAC,OAAOD,GAAG,EAAE;YACZI,MAAI,CAAC3G,MAAM,CAAC0C,IAAI,CAAC,0CAA0C,EAAE6D,GAAG,CAAC;UACnE;QACF;QACAI,MAAI,CAAC/D,KAAK,CAACsE,OAAO,CAAC,4BAA4B,CAAC;MAClD;MAEA,OAAO/D,QAAA,CAAA3I,OAAA,CAAQiK,MAAM,CAACI,KAAK,CAAC;IAC9B,CAAC,CAAC,CACDP,IAAI,CAAC,UAAC6C,EAAE,EAAK;MACZ;MACA,IAAIR,MAAI,CAAC/H,YAAY,EAAE;QACrByH,YAAY,CAACM,MAAI,CAAC/H,YAAY,CAAC;QAC/B+H,MAAI,CAACL,KAAK,CAAC,cAAc,CAAC;MAC5B;MACAK,MAAI,CAACpJ,UAAU,GAAG4J,EAAE;MAEpB,IAAMC,aAAa,GAAG,IAAAC,iBAAU,EAACV,MAAI,CAAClJ,MAAM,CAACnB,KAAK,EAAE6K,EAAE,CAAC7K,KAAK,CAAC;MAE7D,IAAI8K,aAAa,KAAK,EAAE,EAAE;QACxBT,MAAI,CAAC3G,MAAM,CAAC0C,IAAI,mBAAA/C,MAAA,CACGyH,aAAa,kHAChC,CAAC;QACDT,MAAI,CAAC/D,KAAK,CAACC,QAAQ,CAACC,OAAO,CAACC,mBAAmB,CAC7CC,kBAAO,CAACsE,+CAA+C,EACvD;UAAC9G,MAAM,EAAE;YAAC4G,aAAa,EAAbA;UAAa;QAAC,CAC1B,CAAC;MACH;MAEA,OAAOjE,QAAA,CAAA3I,OAAA,CAAQ+M,GAAG,CAChBX,MAAM,CAACY,GAAG,CAAC,UAAC1K,KAAK,EAAK;QACpB,IAAM2K,UAAU,GAAG,IAAAvC,kBAAW,EAAC,IAAAmC,iBAAU,EAACvK,KAAK,CAACR,KAAK,EAAE6K,EAAE,CAAC7K,KAAK,CAAC,EAAEQ,KAAK,CAACR,KAAK,CAAC;QAE9E,OACEqK,MAAI,CAACxE,SAAS,CAACsF,UAAU;QACvB;QAAA,CACCnD,IAAI,CAAC,UAACvK,CAAC,EAAK;UACX4M,MAAI,CAAC3G,MAAM,CAACC,IAAI,oCAAAN,MAAA,CAAoC7C,KAAK,CAACR,KAAK,CAAE,CAAC;UAElE,OAAOQ,KAAK,CACT4K,MAAM,CAAC,CAAC,CACRrF,KAAK,CAAC,UAACkE,GAAG,EAAK;YACdI,MAAI,CAAC3G,MAAM,CAAC0C,IAAI,CAAC,0CAA0C,EAAE6D,GAAG,CAAC;UACnE,CAAC,CAAC,CACDjC,IAAI,CAAC,YAAM;YACVqC,MAAI,CAAChK,UAAU,CAAC8J,MAAM,CAAC3J,KAAK,CAACR,KAAK,CAAC;YACnCqK,MAAI,CAAChK,UAAU,CAAC0I,GAAG,CAACtL,CAAC,CAAC;UACxB,CAAC,CAAC;QACN,CAAC,CAAC;MAER,CAAC,CACH,CAAC;IACH,CAAC,CAAC,CACDuK,IAAI,CAAC,YAAM;MACVqC,MAAI,CAAChB,eAAe,CAACgB,MAAI,CAACpJ,UAAU,CAACmI,OAAO,CAAC;IAC/C,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,eAAe,WAAfA,eAAeA,CAACD,OAAO,EAAE;IAAA,IAAAiC,MAAA;IACvB,IAAMC,SAAS,GAAGlC,OAAO,GAAG,IAAAmC,IAAA,CAAArN,OAAA,EAAS,CAAC;IAEtC,IAAIoN,SAAS,GAAG,CAAC,EAAE;MACjB,IAAME,aAAa,GAAG,IAAI,CAAC3G,kBAAkB,CAACyG,SAAS,CAAC;MAExD,IAAI,CAAChJ,YAAY,GAAG,IAAAmJ,4BAAc,EAAC;QAAA,OAAMJ,MAAI,CAACjB,OAAO,CAAC,CAAC;MAAA,GAAEoB,aAAa,CAAC;IACzE,CAAC,MAAM;MACL,IAAI,CAACpB,OAAO,CAAC,CAAC;IAChB;EACF,CAAC;EAAAsB,OAAA;AACH,CAAC,MAAAC,0BAAA,CAAAzN,OAAA,EAAAX,IAAA,mBAAAN,IAAA,EAAAC,KAAA,OAAA0O,yBAAA,CAAA1N,OAAA,EAAAX,IAAA,mBAAAA,IAAA,OAAAoO,0BAAA,CAAAzN,OAAA,EAAAX,IAAA,iBAAAJ,KAAA,OAAAyO,yBAAA,CAAA1N,OAAA,EAAAX,IAAA,iBAAAA,IAAA,OAAAoO,0BAAA,CAAAzN,OAAA,EAAAX,IAAA,iBArKEuC,iBAAS,EAAA1C,KAAA,OAAAwO,yBAAA,CAAA1N,OAAA,EAAAX,IAAA,iBAAAA,IAAA,OAAAoO,0BAAA,CAAAzN,OAAA,EAAAX,IAAA,cAyCTuC,iBAAS,EAAAzC,KAAA,EAAAC,KAAA,OAAAsO,yBAAA,CAAA1N,OAAA,EAAAX,IAAA,cAAAA,IAAA,GAAAA,IAAA,CA4HX,CAAC;AAAC,IAAAsO,QAAA,GAAAC,OAAA,CAAA5N,OAAA,GAEYyB,WAAW","ignoreList":[]}
package/dist/lib/credentials/token.js CHANGED
@@ -532,7 +532,7 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
532
532
  return res.body;
533
533
  });
534
534
  },
535
- version: "3.12.0-next.18"
535
+ version: "3.12.0-next.19"
536
536
  }, (0, _applyDecoratedDescriptor2.default)(_obj, "downscope", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "downscope"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "refresh", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "refresh"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "revoke", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "revoke"), _obj), _obj));
537
537
  var _default = exports.default = Token;
538
538
  //# sourceMappingURL=token.js.map
package/dist/lib/services/services.js CHANGED
@@ -1443,7 +1443,7 @@ var Services = _webexPlugin.default.extend({
1443
1443
  }, _callee4);
1444
1444
  })));
1445
1445
  },
1446
- version: "3.12.0-next.18"
1446
+ version: "3.12.0-next.19"
1447
1447
  });
1448
1448
  /* eslint-enable no-underscore-dangle */
1449
1449
  var _default = exports.default = Services;
package/dist/lib/services-v2/services-v2.js CHANGED
@@ -1373,7 +1373,7 @@ var Services = _webexPlugin.default.extend({
1373
1373
  }, _callee3);
1374
1374
  })));
1375
1375
  },
1376
- version: "3.12.0-next.18"
1376
+ version: "3.12.0-next.19"
1377
1377
  });
1378
1378
  /* eslint-enable no-underscore-dangle */
1379
1379
  var _default = exports.default = Services;
package/dist/plugins/logger.js CHANGED
@@ -57,7 +57,7 @@ var Logger = _webexPlugin.default.extend({
57
57
  info: wrapConsoleMethod('info'),
58
58
  debug: wrapConsoleMethod('debug'),
59
59
  trace: wrapConsoleMethod('trace'),
60
- version: "3.12.0-next.18"
60
+ version: "3.12.0-next.19"
61
61
  });
62
62
  (0, _webexCore.registerPlugin)('logger', Logger);
63
63
  var _default = exports.default = Logger;
package/dist/webex-core.js CHANGED
@@ -96,7 +96,7 @@ var MAX_FILE_SIZE_IN_MB = 2048;
96
96
  * @class
97
97
  */
98
98
  var WebexCore = _ampersandState.default.extend((_obj = {
99
- version: "3.12.0-next.18",
99
+ version: "3.12.0-next.19",
100
100
  children: {
101
101
  internal: _webexInternalCore.default
102
102
  },
@@ -634,7 +634,7 @@ var WebexCore = _ampersandState.default.extend((_obj = {
634
634
  });
635
635
  }
636
636
  }, (0, _applyDecoratedDescriptor2.default)(_obj, "_uploadPhaseUpload", [_common.retry], (0, _getOwnPropertyDescriptor.default)(_obj, "_uploadPhaseUpload"), _obj), _obj));
637
- WebexCore.version = "3.12.0-next.18";
637
+ WebexCore.version = "3.12.0-next.19";
638
638
  (0, _webexInternalCorePluginMixin.default)(_webexInternalCore.default, _config.default, interceptors);
639
639
  (0, _webexCorePluginMixin.default)(WebexCore, _config.default, interceptors);
640
640
  var _default = exports.default = WebexCore;
package/package.json CHANGED
@@ -33,16 +33,16 @@
33
33
  "@sinonjs/fake-timers": "^6.0.1",
34
34
  "@webex/babel-config-legacy": "0.0.0",
35
35
  "@webex/eslint-config-legacy": "0.0.0",
36
- "@webex/internal-plugin-device": "3.12.0-next.18",
36
+ "@webex/internal-plugin-device": "3.12.0-next.19",
37
37
  "@webex/jest-config-legacy": "0.0.0",
38
38
  "@webex/legacy-tools": "0.0.0",
39
- "@webex/plugin-logger": "3.12.0-next.18",
40
- "@webex/test-helper-chai": "3.12.0-next.2",
41
- "@webex/test-helper-make-local-url": "3.12.0-next.2",
42
- "@webex/test-helper-mocha": "3.12.0-next.2",
43
- "@webex/test-helper-mock-webex": "3.12.0-next.2",
44
- "@webex/test-helper-refresh-callback": "3.12.0-next.2",
45
- "@webex/test-helper-test-users": "3.12.0-next.2",
39
+ "@webex/plugin-logger": "3.12.0-next.19",
40
+ "@webex/test-helper-chai": "3.12.0-next.3",
41
+ "@webex/test-helper-make-local-url": "3.12.0-next.3",
42
+ "@webex/test-helper-mocha": "3.12.0-next.3",
43
+ "@webex/test-helper-mock-webex": "3.12.0-next.3",
44
+ "@webex/test-helper-refresh-callback": "3.12.0-next.3",
45
+ "@webex/test-helper-test-users": "3.12.0-next.3",
46
46
  "chai": "^4.3.4",
47
47
  "chai-as-promised": "^7.1.1",
48
48
  "eslint": "^8.24.0",
@@ -50,10 +50,10 @@
50
50
  "sinon": "^9.2.4"
51
51
  },
52
52
  "dependencies": {
53
- "@webex/common": "3.12.0-next.2",
54
- "@webex/common-timers": "3.12.0-next.2",
55
- "@webex/http-core": "3.12.0-next.2",
56
- "@webex/storage-adapter-spec": "3.12.0-next.2",
53
+ "@webex/common": "3.12.0-next.3",
54
+ "@webex/common-timers": "3.12.0-next.3",
55
+ "@webex/http-core": "3.12.0-next.3",
56
+ "@webex/storage-adapter-spec": "3.12.0-next.3",
57
57
  "ampersand-collection": "^2.0.2",
58
58
  "ampersand-events": "^2.0.2",
59
59
  "ampersand-state": "^5.0.3",
@@ -73,5 +73,5 @@
73
73
  "test:style": "eslint ./src/**/*.*",
74
74
  "test:unit": "webex-legacy-tools test --unit --runner jest"
75
75
  },
76
- "version": "3.12.0-next.18"
76
+ "version": "3.12.0-next.19"
77
77
  }
package/src/lib/credentials/credentials.js CHANGED
@@ -6,7 +6,7 @@ import querystring from 'querystring';
6
6
  import url from 'url';
7
7
 
8
8
  import jwt from 'jsonwebtoken';
9
- import {base64, makeStateDataType, oneFlight, tap, whileInFlight} from '@webex/common';
9
+ import {base64, encodeState, makeStateDataType, oneFlight, tap, whileInFlight} from '@webex/common';
10
10
  import {safeSetTimeout} from '@webex/common-timers';
11
11
  import {clone, cloneDeep, isObject, isEmpty} from 'lodash';
12
12
 
@@ -109,7 +109,7 @@ const Credentials = WebexPlugin.extend({
109
109
  */
110
110
  buildLoginUrl(options = {clientType: 'public'}) {
111
111
  /* eslint-disable camelcase */
112
- if (options.state && !isObject(options.state)) {
112
+ if (options.state !== undefined && !isObject(options.state)) {
113
113
  throw new Error('if specified, `options.state` must be an object');
114
114
  }
115
115
 
@@ -126,7 +126,7 @@ const Credentials = WebexPlugin.extend({
126
126
 
127
127
  if (options.state) {
128
128
  if (!isEmpty(options.state)) {
129
- options.state = base64.toBase64Url(JSON.stringify(options.state));
129
+ options.state = encodeState(options.state);
130
130
  } else {
131
131
  delete options.state;
132
132
  }
@@ -228,10 +228,14 @@ const Credentials = WebexPlugin.extend({
228
228
  * `microsoft`, `apple`, ...). Required.
229
229
  * @param {string} options.returnURL - URL IdBroker should send the user
230
230
  * back to after the third-party hand-off. Required.
231
+ * @param {Object} [options.state] - Optional state object. When non-empty
232
+ * it is JSON-stringified and base64url-encoded, then emitted as the
233
+ * top-level `state` query param so IdBroker can echo it back unchanged
234
+ * on the callback (mirrors `buildLoginUrl`).
231
235
  * @returns {string}
232
236
  */
233
237
  buildThirdPartyLoginUrl(options = {}) {
234
- const {oauth2provider, returnURL} = options;
238
+ const {oauth2provider, returnURL, state} = options;
235
239
 
236
240
  if (!oauth2provider) {
237
241
  throw new Error('`options.oauth2provider` is required');
@@ -239,11 +243,20 @@ const Credentials = WebexPlugin.extend({
239
243
  if (!returnURL) {
240
244
  throw new Error('`options.returnURL` is required');
241
245
  }
246
+ if (state !== undefined && !isObject(state)) {
247
+ throw new Error('if specified, `options.state` must be an object');
248
+ }
242
249
 
243
- return `${this.config.thirdPartyLoginUrl}?${querystring.stringify({
250
+ const query = {
244
251
  oauth2provider,
245
252
  returnURL,
246
- })}`;
253
+ };
254
+
255
+ if (state && !isEmpty(state)) {
256
+ query.state = encodeState(state);
257
+ }
258
+
259
+ return `${this.config.thirdPartyLoginUrl}?${querystring.stringify(query)}`;
247
260
  },
248
261
 
249
262
  /**
package/test/unit/spec/credentials/credentials.js CHANGED
@@ -183,6 +183,10 @@ describe('webex-core', () => {
183
183
  webex.credentials.buildLoginUrl({state: 'state'});
184
184
  }, /if specified, `options.state` must be an object/);
185
185
 
186
+ assert.throws(() => {
187
+ webex.credentials.buildLoginUrl({state: null});
188
+ }, /if specified, `options.state` must be an object/);
189
+
186
190
  assert.doesNotThrow(() => {
187
191
  webex.credentials.buildLoginUrl({state: {}});
188
192
  }, /if specified, `options.state` must be an object/);
@@ -299,6 +303,63 @@ describe('webex-core', () => {
299
303
  }/idb/ThirdPartyLogin?oauth2provider=apple&returnURL=https%3A%2F%2Fexample.com%2Fcallback`
300
304
  );
301
305
  });
306
+
307
+ it('throws if `state` is not an object', () => {
308
+ const webex = new MockWebex();
309
+ const credentials = new Credentials(undefined, {parent: webex});
310
+
311
+ webex.trigger('change:config');
312
+
313
+ assert.throws(() => {
314
+ credentials.buildThirdPartyLoginUrl({
315
+ oauth2provider: 'google',
316
+ returnURL: 'https://web.webex.com',
317
+ state: 'not-an-object',
318
+ });
319
+ }, /`options.state` must be an object/);
320
+ });
321
+
322
+ skipInBrowser(it)('omits `state` when an empty object is provided', () => {
323
+ const webex = new MockWebex();
324
+ const credentials = new Credentials(undefined, {parent: webex});
325
+
326
+ webex.trigger('change:config');
327
+
328
+ const result = credentials.buildThirdPartyLoginUrl({
329
+ oauth2provider: 'google',
330
+ returnURL: 'https://web.webex.com',
331
+ state: {},
332
+ });
333
+
334
+ const parsed = new URL(result);
335
+
336
+ assert.isFalse(parsed.searchParams.has('state'));
337
+ });
338
+
339
+ skipInBrowser(it)('base64url-encodes a non-empty `state` and emits it as a top-level query param', () => {
340
+ const webex = new MockWebex();
341
+ const credentials = new Credentials(undefined, {parent: webex});
342
+
343
+ webex.trigger('change:config');
344
+
345
+ const result = credentials.buildThirdPartyLoginUrl({
346
+ oauth2provider: 'google',
347
+ returnURL: 'https://web.webex.com',
348
+ state: {csrf_token: 'abc', popUpSignIn: true},
349
+ });
350
+
351
+ // Literal base64url of '{"csrf_token":"abc","popUpSignIn":true}'
352
+ const expectedState = 'eyJjc3JmX3Rva2VuIjoiYWJjIiwicG9wVXBTaWduSW4iOnRydWV9';
353
+
354
+ assert.equal(
355
+ result,
356
+ `${
357
+ process.env.IDBROKER_BASE_URL || 'https://idbroker.webex.com'
358
+ }/idb/ThirdPartyLogin?oauth2provider=google&returnURL=${encodeURIComponent(
359
+ 'https://web.webex.com'
360
+ )}&state=${expectedState}`
361
+ );
362
+ });
302
363
  });
303
364
 
304
365
  describe('#buildLogoutUrl()', () => {