Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@okta/okta-auth-js

Package Overview
Dependencies
Maintainers
1
Versions
157
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@okta/okta-auth-js - npm Package Compare versions

Comparing version 1.7.0 to 1.8.0

4

dist/okta-auth-js.min.js

@@ -18,3 +18,3 @@ /*!

*/
!function(e,t,n){"undefined"!=typeof module&&module.exports?module.exports=n():(__WEBPACK_AMD_DEFINE_FACTORY__=n,__WEBPACK_AMD_DEFINE_RESULT__="function"==typeof __WEBPACK_AMD_DEFINE_FACTORY__?__WEBPACK_AMD_DEFINE_FACTORY__.call(exports,__webpack_require__,exports,module):__WEBPACK_AMD_DEFINE_FACTORY__,!(void 0!==__WEBPACK_AMD_DEFINE_RESULT__&&(module.exports=__WEBPACK_AMD_DEFINE_RESULT__)))}("reqwest",this,function(){function succeed(e){var t=protocolRe.exec(e.url);return t=t&&t[1]||context.location.protocol,httpsRe.test(t)?twoHundo.test(e.request.status):!!e.request.response}function handleReadyState(e,t,n){return function(){return e._aborted?n(e.request):e._timedOut?n(e.request,"Request is aborted: timeout"):void(e.request&&4==e.request[readyState]&&(e.request.onreadystatechange=noop,succeed(e)?t(e.request):n(e.request)))}}function setHeaders(e,t){var n,r=t.headers||{};r.Accept=r.Accept||defaultHeaders.accept[t.type]||defaultHeaders.accept["*"];var o="undefined"!=typeof FormData&&t.data instanceof FormData;t.crossOrigin||r[requestedWith]||(r[requestedWith]=defaultHeaders.requestedWith),r[contentType]||o||(r[contentType]=t.contentType||defaultHeaders.contentType);for(n in r)r.hasOwnProperty(n)&&"setRequestHeader"in e&&e.setRequestHeader(n,r[n])}function setCredentials(e,t){"undefined"!=typeof t.withCredentials&&"undefined"!=typeof e.withCredentials&&(e.withCredentials=!!t.withCredentials)}function generalCallback(e){lastValue=e}function urlappend(e,t){return e+(/\?/.test(e)?"&":"?")+t}function handleJsonp(e,t,n,r){var o=uniqid++,i=e.jsonpCallback||"callback",s=e.jsonpCallbackName||reqwest.getcallbackPrefix(o),a=new RegExp("((^|\\?|&)"+i+")=([^&]+)"),u=r.match(a),c=doc.createElement("script"),f=0,p=navigator.userAgent.indexOf("MSIE 10.0")!==-1;return u?"?"===u[3]?r=r.replace(a,"$1="+s):s=u[3]:r=urlappend(r,i+"="+s),context[s]=generalCallback,c.type="text/javascript",c.src=r,c.async=!0,"undefined"==typeof c.onreadystatechange||p||(c.htmlFor=c.id="_reqwest_"+o),c.onload=c.onreadystatechange=function(){return!(c[readyState]&&"complete"!==c[readyState]&&"loaded"!==c[readyState]||f)&&(c.onload=c.onreadystatechange=null,c.onclick&&c.onclick(),t(lastValue),lastValue=void 0,head.removeChild(c),void(f=1))},head.appendChild(c),{abort:function(){c.onload=c.onreadystatechange=null,n({},"Request is aborted: timeout",{}),lastValue=void 0,head.removeChild(c),f=1}}}function getRequest(e,t){var n,r=this.o,o=(r.method||"GET").toUpperCase(),i="string"==typeof r?r:r.url,s=r.processData!==!1&&r.data&&"string"!=typeof r.data?reqwest.toQueryString(r.data):r.data||null,a=!1;return"jsonp"!=r.type&&"GET"!=o||!s||(i=urlappend(i,s),s=null),"jsonp"==r.type?handleJsonp(r,e,t,i):(n=r.xhr&&r.xhr(r)||xhr(r),n.open(o,i,r.async!==!1),setHeaders(n,r),setCredentials(n,r),context[xDomainRequest]&&n instanceof context[xDomainRequest]?(n.onload=e,n.onerror=t,n.onprogress=function(){},a=!0):n.onreadystatechange=handleReadyState(this,e,t),r.before&&r.before(n),a?setTimeout(function(){n.send(s)},200):n.send(s),n)}function Reqwest(e,t){this.o=e,this.fn=t,init.apply(this,arguments)}function setType(e){if(null!==e)return e.match("json")?"json":e.match("javascript")?"js":e.match("text")?"html":e.match("xml")?"xml":void 0}function init(o,fn){function complete(e){for(o.timeout&&clearTimeout(self.timeout),self.timeout=null;self._completeHandlers.length>0;)self._completeHandlers.shift()(e)}function success(resp){var type=o.type||resp&&setType(resp.getResponseHeader("Content-Type"));resp="jsonp"!==type?self.request:resp;var filteredResponse=globalSetupOptions.dataFilter(resp.responseText,type),r=filteredResponse;try{resp.responseText=r}catch(e){}if(r)switch(type){case"json":try{resp=context.JSON?context.JSON.parse(r):eval("("+r+")")}catch(err){return error(resp,"Could not parse JSON in response",err)}break;case"js":resp=eval(r);break;case"html":resp=r;break;case"xml":resp=resp.responseXML&&resp.responseXML.parseError&&resp.responseXML.parseError.errorCode&&resp.responseXML.parseError.reason?null:resp.responseXML}for(self._responseArgs.resp=resp,self._fulfilled=!0,fn(resp),self._successHandler(resp);self._fulfillmentHandlers.length>0;)resp=self._fulfillmentHandlers.shift()(resp);complete(resp)}function timedOut(){self._timedOut=!0,self.request.abort()}function error(e,t,n){for(e=self.request,self._responseArgs.resp=e,self._responseArgs.msg=t,self._responseArgs.t=n,self._erred=!0;self._errorHandlers.length>0;)self._errorHandlers.shift()(e,t,n);complete(e)}this.url="string"==typeof o?o:o.url,this.timeout=null,this._fulfilled=!1,this._successHandler=function(){},this._fulfillmentHandlers=[],this._errorHandlers=[],this._completeHandlers=[],this._erred=!1,this._responseArgs={};var self=this;fn=fn||function(){},o.timeout&&(this.timeout=setTimeout(function(){timedOut()},o.timeout)),o.success&&(this._successHandler=function(){o.success.apply(o,arguments)}),o.error&&this._errorHandlers.push(function(){o.error.apply(o,arguments)}),o.complete&&this._completeHandlers.push(function(){o.complete.apply(o,arguments)}),this.request=getRequest.call(this,success,error)}function reqwest(e,t){return new Reqwest(e,t)}function normalize(e){return e?e.replace(/\r?\n/g,"\r\n"):""}function serial(e,t){var n,r,o,i,s=e.name,a=e.tagName.toLowerCase(),u=function(e){e&&!e.disabled&&t(s,normalize(e.attributes.value&&e.attributes.value.specified?e.value:e.text))};if(!e.disabled&&s)switch(a){case"input":/reset|button|image|file/i.test(e.type)||(n=/checkbox/i.test(e.type),r=/radio/i.test(e.type),o=e.value,(!(n||r)||e.checked)&&t(s,normalize(n&&""===o?"on":o)));break;case"textarea":t(s,normalize(e.value));break;case"select":if("select-one"===e.type.toLowerCase())u(e.selectedIndex>=0?e.options[e.selectedIndex]:null);else for(i=0;e.length&&i<e.length;i++)e.options[i].selected&&u(e.options[i])}}function eachFormElement(){var e,t,n=this,r=function(e,t){var r,o,i;for(r=0;r<t.length;r++)for(i=e[byTag](t[r]),o=0;o<i.length;o++)serial(i[o],n)};for(t=0;t<arguments.length;t++)e=arguments[t],/input|select|textarea/i.test(e.tagName)&&serial(e,n),r(e,["input","select","textarea"])}function serializeQueryString(){return reqwest.toQueryString(reqwest.serializeArray.apply(null,arguments))}function serializeHash(){var e={};return eachFormElement.apply(function(t,n){t in e?(e[t]&&!isArray(e[t])&&(e[t]=[e[t]]),e[t].push(n)):e[t]=n},arguments),e}function buildParams(e,t,n,r){var o,i,s,a=/\[\]$/;if(isArray(t))for(i=0;t&&i<t.length;i++)s=t[i],n||a.test(e)?r(e,s):buildParams(e+"["+("object"==typeof s?i:"")+"]",s,n,r);else if(t&&"[object Object]"===t.toString())for(o in t)buildParams(e+"["+o+"]",t[o],n,r);else r(e,t)}var context=this;if("window"in context)var doc=document,byTag="getElementsByTagName",head=doc[byTag]("head")[0];else{var XHR2;try{XHR2=__webpack_require__(4)}catch(ex){throw new Error("Peer dependency `xhr2` required! Please npm install xhr2")}}var httpsRe=/^http/,protocolRe=/(^\w+):\/\//,twoHundo=/^(20\d|1223)$/,readyState="readyState",contentType="Content-Type",requestedWith="X-Requested-With",uniqid=0,callbackPrefix="reqwest_"+ +new Date,lastValue,xmlHttpRequest="XMLHttpRequest",xDomainRequest="XDomainRequest",noop=function(){},isArray="function"==typeof Array.isArray?Array.isArray:function(e){return e instanceof Array},defaultHeaders={contentType:"application/x-www-form-urlencoded",requestedWith:xmlHttpRequest,accept:{"*":"text/javascript, text/html, application/xml, text/xml, */*",xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript",js:"application/javascript, text/javascript"}},xhr=function(e){if(e.crossOrigin===!0){var t=context[xmlHttpRequest]?new XMLHttpRequest:null;if(t&&"withCredentials"in t)return t;if(context[xDomainRequest])return new XDomainRequest;throw new Error("Browser does not support cross-origin requests")}return context[xmlHttpRequest]?new XMLHttpRequest:XHR2?new XHR2:new ActiveXObject("Microsoft.XMLHTTP")},globalSetupOptions={dataFilter:function(e){return e}};return Reqwest.prototype={abort:function(){this._aborted=!0,this.request.abort()},retry:function(){init.call(this,this.o,this.fn)},then:function(e,t){return e=e||function(){},t=t||function(){},this._fulfilled?this._responseArgs.resp=e(this._responseArgs.resp):this._erred?t(this._responseArgs.resp,this._responseArgs.msg,this._responseArgs.t):(this._fulfillmentHandlers.push(e),this._errorHandlers.push(t)),this},always:function(e){return this._fulfilled||this._erred?e(this._responseArgs.resp):this._completeHandlers.push(e),this},fail:function(e){return this._erred?e(this._responseArgs.resp,this._responseArgs.msg,this._responseArgs.t):this._errorHandlers.push(e),this},"catch":function(e){return this.fail(e)}},reqwest.serializeArray=function(){var e=[];return eachFormElement.apply(function(t,n){e.push({name:t,value:n})},arguments),e},reqwest.serialize=function(){if(0===arguments.length)return"";var e,t,n=Array.prototype.slice.call(arguments,0);return e=n.pop(),e&&e.nodeType&&n.push(e)&&(e=null),e&&(e=e.type),t="map"==e?serializeHash:"array"==e?reqwest.serializeArray:serializeQueryString,t.apply(null,n)},reqwest.toQueryString=function(e,t){var n,r,o=t||!1,i=[],s=encodeURIComponent,a=function(e,t){t="function"==typeof t?t():null==t?"":t,i[i.length]=s(e)+"="+s(t)};if(isArray(e))for(r=0;e&&r<e.length;r++)a(e[r].name,e[r].value);else for(n in e)e.hasOwnProperty(n)&&buildParams(n,e[n],o,a);return i.join("&").replace(/%20/g,"+")},reqwest.getcallbackPrefix=function(){return callbackPrefix},reqwest.compat=function(e,t){return e&&(e.type&&(e.method=e.type)&&delete e.type,e.dataType&&(e.type=e.dataType),e.jsonpCallback&&(e.jsonpCallbackName=e.jsonpCallback)&&delete e.jsonpCallback,e.jsonp&&(e.jsonpCallback=e.jsonp)),new Reqwest(e,t)},reqwest.ajaxSetup=function(e){e=e||{};for(var t in e)globalSetupOptions[t]=e[t]},reqwest})},function(e,t){},function(e,t,n){function r(e){var t=this;if(!e)throw new c("No arguments passed to constructor. Required usage: new OktaAuth(args)");if(!e.url)throw new c('No url passed to constructor. Required usage: new OktaAuth({url: "https://sample.okta.com"})');this.options={url:o.removeTrailingSlash(e.url),clientId:e.clientId,issuer:o.removeTrailingSlash(e.issuer),authorizeUrl:o.removeTrailingSlash(e.authorizeUrl),userinfoUrl:o.removeTrailingSlash(e.userinfoUrl),redirectUri:e.redirectUri,ajaxRequest:e.ajaxRequest,transformErrorXHR:e.transformErrorXHR,headers:e.headers},e.maxClockSkew||0===e.maxClockSkew?this.options.maxClockSkew=e.maxClockSkew:this.options.maxClockSkew=f.DEFAULT_MAX_CLOCK_SKEW,t.session={close:o.bind(s.closeSession,null,t),exists:o.bind(s.sessionExists,null,t),get:o.bind(s.getSession,null,t),refresh:o.bind(s.refreshSession,null,t),setCookieAndRedirect:o.bind(s.setCookieAndRedirect,null,t)},t.tx={status:o.bind(i.transactionStatus,null,t),resume:o.bind(i.resumeTransaction,null,t),exists:o.bind(i.transactionExists,null,t)},t.tx.exists._getCookie=function(e){return a.getCookie(e)},t.idToken={authorize:o.deprecateWrap("Use token.getWithoutPrompt, token.getWithPopup, or token.getWithRedirect instead of idToken.authorize.",o.bind(u.getToken,null,t)),verify:o.deprecateWrap("Use token.verify instead of idToken.verify",o.bind(u.verifyIdToken,null,t)),refresh:o.deprecateWrap("Use token.refresh instead of idToken.refresh",o.bind(u.refreshIdToken,null,t)),decode:o.deprecateWrap("Use token.decode instead of idToken.decode",u.decodeToken)},t.idToken.authorize._getLocationHref=function(){return window.location.href},t.token={getWithoutPrompt:o.bind(u.getWithoutPrompt,null,t),getWithPopup:o.bind(u.getWithPopup,null,t),getWithRedirect:o.bind(u.getWithRedirect,null,t),parseFromUrl:o.bind(u.parseFromUrl,null,t),decode:u.decodeToken,refresh:o.bind(u.refreshToken,null,t),getUserInfo:o.bind(u.getUserInfo,null,t),verify:o.bind(u.verifyToken,null,t)},t.token.getWithRedirect._setLocation=function(e){window.location=e},t.token.parseFromUrl._getLocationHash=function(e){return window.location.hash},t.tokenManager=new p(t,e.tokenManager)}n(6);var o=n(8),i=n(9),s=n(21),a=n(11),u=n(22),c=n(14),f=n(15),p=n(26),l=r.prototype;l.features={},l.features.isPopupPostMessageSupported=function(){var e=document.documentMode&&document.documentMode<10;return!(!window.postMessage||e)},l.features.isTokenVerifySupported=function(){return"undefined"!=typeof crypto&&crypto.subtle&&"undefined"!=typeof Uint8Array},l.signIn=function(e){return i.postToTransaction(this,"/api/v1/authn",e)},l.signOut=function(){return this.session.close()},l.forgotPassword=function(e){return i.postToTransaction(this,"/api/v1/authn/recovery/password",e)},l.unlockAccount=function(e){return i.postToTransaction(this,"/api/v1/authn/recovery/unlock",e)},l.verifyRecoveryToken=function(e){return i.postToTransaction(this,"/api/v1/authn/recovery/token",e)},e.exports=function(e){function t(n){return this instanceof t?(n&&!n.ajaxRequest&&(n.ajaxRequest=e),void o.bind(r,this)(n)):new t(n)}return t.prototype=r.prototype,t.prototype.constructor=t,t}},function(e,t,n){n(7),Array.prototype.indexOf||(Array.prototype.indexOf=function(e,t){var n;if(null==this)throw new TypeError('"this" is null or not defined');var r=Object(this),o=r.length>>>0;if(0===o)return-1;var i=+t||0;if(Math.abs(i)===1/0&&(i=0),i>=o)return-1;for(n=Math.max(i>=0?i:o-Math.abs(i),0);n<o;){if(n in r&&r[n]===e)return n;n++}return-1}),Array.isArray||(Array.isArray=function(e){return"[object Array]"===Object.prototype.toString.call(e)})},function(e,t,n){!function(){function e(e){this.message=e}var n=t,r="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";e.prototype=new Error,e.prototype.name="InvalidCharacterError",n.btoa||(n.btoa=function(t){for(var n,o,i=String(t),s=0,a=r,u="";i.charAt(0|s)||(a="=",s%1);u+=a.charAt(63&n>>8-s%1*8)){if(o=i.charCodeAt(s+=.75),o>255)throw new e("'btoa' failed: The string to be encoded contains characters outside of the Latin1 range.");n=n<<8|o}return u}),n.atob||(n.atob=function(t){var n=String(t).replace(/=+$/,"");if(n.length%4==1)throw new e("'atob' failed: The string to be decoded is not correctly encoded.");for(var o,i,s=0,a=0,u="";i=n.charAt(a++);~i&&(o=s%4?64*o+i:i,s++%4)?u+=String.fromCharCode(255&o>>(-2*s&6)):0)i=r.indexOf(i);return u})}()},function(e,t){function n(e){return e.replace(/\-/g,"+").replace(/_/g,"/")}function r(e){var t=n(e);switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw"Not a valid Base64Url"}var r=atob(t);try{return decodeURIComponent(escape(r))}catch(o){return r}}function o(e){for(var t=new Uint8Array(e.length),n=0;n<e.length;n++)t[n]=e.charCodeAt(n);return t}function i(e){return atob(n(e))}function s(e,t){var n=Array.prototype.slice.call(arguments,2);return function(){var r=Array.prototype.slice.call(arguments);return r=n.concat(r),e.apply(t,r)}}function a(e){return/^(?:[a-z]+:)?\/\//i.test(e)}function u(e){return"[object String]"===Object.prototype.toString.call(e)}function c(e){return"[object Object]"===Object.prototype.toString.call(e)}function f(e){return"[object Number]"===Object.prototype.toString.call(e)}function p(e){return"[object Array]"===Object.prototype.toString.call(e)}function l(e){var t=e.match(/\d+/g),n=Date.UTC(t[0],t[1]-1,t[2],t[3],t[4],t[5]),r=new Date(n);return r.toUTCString()}function d(e){var t=[];if(null!==e)for(var n in e)e.hasOwnProperty(n)&&void 0!==e[n]&&null!==e[n]&&t.push(n+"="+encodeURIComponent(e[n]));return t.length?"?"+t.join("&"):""}function h(e){for(var t="abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",n="",r=0,o=t.length;r<e;++r)n+=t[Math.floor(Math.random()*o)];return n}function y(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])}function m(e){var t={};for(var n in e)if(e.hasOwnProperty(n)){var r=e[n];null!==r&&void 0!==r&&(t[n]=r)}return t}function v(e){if(e){var t=JSON.stringify(e);if(t)return JSON.parse(t)}return e}function g(e){var t=Array.prototype.slice.call(arguments,1),n={};for(var r in e)e.hasOwnProperty(r)&&t.indexOf(r)==-1&&(n[r]=e[r]);return v(n)}function w(e,t){for(var n=e.length;n--;){var r=e[n],o=!0;for(var i in t)if(t.hasOwnProperty(i)&&r[i]!==t[i]){o=!1;break}if(o)return r}}function T(e,t,n){if(e&&e._links){var r=v(e._links[t]);return r&&r.name&&n?r.name===n?r:void 0:r}}function k(e){console.log("[okta-auth-sdk] WARN: "+e)}function _(e){console.log("[okta-auth-sdk] DEPRECATION: "+e)}function A(e,t){return function(){return _(e),t.apply(null,arguments)}}function x(e){if(e)return"/"===e.slice(-1)?e.slice(0,-1):e}e.exports={base64UrlToBase64:n,base64UrlToString:r,stringToBuffer:o,base64UrlDecode:i,bind:s,isAbsoluteUrl:a,isString:u,isObject:c,isNumber:f,isArray:p,isoToUTCString:l,toQueryParams:d,genRandomString:h,extend:y,removeNils:m,clone:v,omit:g,find:w,getLink:T,warn:k,deprecate:_,deprecateWrap:A,removeTrailingSlash:x}},function(e,t,n){function r(e,t){var n=y.clone(t)||{};return!n.stateToken&&e.stateToken&&(n.stateToken=e.stateToken),n}function o(e){return r(e)}function i(e,t){return t=r(e,t),h.post(e,e.options.url+"/api/v1/authn",t)}function s(e,t){if(!t||!t.stateToken){var n=e.tx.exists._getCookie(w.STATE_TOKEN_COOKIE_NAME);if(!n)return m.reject(new v("No transaction to resume"));t={stateToken:n}}return e.tx.status(t).then(function(t){return new d(e,t)})}function a(e){return!!e.tx.exists._getCookie(w.STATE_TOKEN_COOKIE_NAME)}function u(e,t,n){return h.post(e,t,n).then(function(t){return new d(e,t)})}function c(e,t,n){return function(r){function i(){var n=u.href;return a&&(n+="?rememberDevice=true"),h.post(e,n,o(t),{saveAuthnState:!1})}var s,a;y.isNumber(r)?s=r:y.isObject(r)&&(s=r.delay,a=r.rememberDevice),s||0===s||(s=w.DEFAULT_POLLING_DELAY);var u=y.getLink(t,"next","poll");n.isPolling=!0;var c=0,f=function(){return n.isPolling?i().then(function(t){if(c=0,t.factorResult&&"WAITING"===t.factorResult){if(!n.isPolling)throw new g;return m.delay(s).then(f)}return n.isPolling=!1,new d(e,t)}).fail(function(e){if(e.xhr&&(0===e.xhr.status||429===e.xhr.status)&&c<=4){var t=1e3*Math.pow(2,c);return c++,m.delay(t).then(f)}throw e}):m.reject(new g)};return f().fail(function(e){throw n.isPolling=!1,e})}}function f(e,t,n,o,i){if(Array.isArray(o))return function(r,s){if(!r)throw new v("Must provide a link name");var a=y.find(o,{name:r});if(!a)throw new v("No link found for that name");return f(e,t,n,a,i)(s)};if(o.hints&&o.hints.allow&&1===o.hints.allow.length){var s=o.hints.allow[0];switch(s){case"GET":return function(){return h.get(e,o.href)};case"POST":return function(s){i&&i.isPolling&&(i.isPolling=!1);var a=r(t,s);"MFA_ENROLL"===t.status&&y.extend(a,{factorType:n.factorType,provider:n.provider});var c=o.href;return void 0!==a.rememberDevice?(a.rememberDevice&&(c+="?rememberDevice=true"),a=y.omit(a,"rememberDevice")):a.profile&&void 0!==a.profile.updatePhone&&(a.profile.updatePhone&&(c+="?updatePhone=true"),a.profile=y.omit(a.profile,"updatePhone")),u(e,c,a)}}}}function p(e,t,n,r){var o={};for(var i in n._links)if(n._links.hasOwnProperty(i)){var s=n._links[i];if("next"===i&&(i=s.name),s.type)o[i]=s;else switch(i){case"poll":o.poll=c(e,t,r);break;default:var a=f(e,t,n,s,r);a&&(o[i]=a)}}return o}function l(e,t,n,r){if(n=n||t,n=y.clone(n),Array.isArray(n)){for(var o=[],i=0,s=n.length;i<s;i++)o.push(l(e,t,n[i],r));return o}var a=n._embedded||{};for(var u in a)a.hasOwnProperty(u)&&(y.isObject(a[u])||Array.isArray(a[u]))&&(a[u]=l(e,t,a[u],r));var c=p(e,t,n,r);return y.extend(a,c),n=y.omit(n,"_embedded","_links"),y.extend(n,a),n}function d(e,t){t&&(this.data=t,y.extend(this,l(e,t,t,{})),delete this.stateToken,"RECOVERY_CHALLENGE"!==t.status||t._links||(this.cancel=function(){return new m(new d(e))}))}var h=n(10),y=n(8),m=n(16),v=n(14),g=n(20),w=n(15);e.exports={transactionStatus:i,resumeTransaction:s,transactionExists:a,postToTransaction:u}},function(e,t,n){function r(e,t){t=t||{};var n=t.url,r=t.method,o=t.args,i=t.saveAuthnState,l=t.accessToken,d=u.getHttpCache();if(t.cacheResponse){var h=d.getStorage(),y=h[n];if(y&&Date.now()/1e3<y.expiresAt)return c.resolve(y.response)}var m={Accept:"application/json","Content-Type":"application/json","X-Okta-User-Agent-Extended":"okta-auth-js-"+p.SDK_VERSION};s.extend(m,e.options.headers||{}),l&&s.isString(l)&&(m.Authorization="Bearer "+l);var v,g,w={headers:m,data:o||void 0};return new c(e.options.ajaxRequest(r,n,w)).then(function(e){return g=e.responseText,g&&s.isString(g)&&(g=JSON.parse(g)),i&&(g.stateToken||a.deleteCookie(p.STATE_TOKEN_COOKIE_NAME)),g&&g.stateToken&&g.expiresAt&&a.setCookie(p.STATE_TOKEN_COOKIE_NAME,g.stateToken,g.expiresAt),g&&t.cacheResponse&&d.updateStorage(n,{expiresAt:Math.floor(Date.now()/1e3)+p.DEFAULT_CACHE_DURATION,response:g}),g}).fail(function(t){var n=t.responseText||{};if(s.isString(n))try{n=JSON.parse(n)}catch(r){n={errorSummary:"Unknown error"}}throw t.status>=500&&(n.errorSummary="Unknown error"),e.options.transformErrorXHR&&(t=e.options.transformErrorXHR(s.clone(t))),v=new f(n,t),"E0000011"===v.errorCode&&a.deleteCookie(p.STATE_TOKEN_COOKIE_NAME),v})}function o(e,t,n){t=s.isAbsoluteUrl(t)?t:e.options.url+t;var o={url:t,method:"GET"};return s.extend(o,n),r(e,o)}function i(e,t,n,o){t=s.isAbsoluteUrl(t)?t:e.options.url+t;var i={url:t,method:"POST",args:n,saveAuthnState:!0};return s.extend(i,o),r(e,i)}var s=n(8),a=n(11),u=n(12),c=n(16),f=n(19),p=n(15);e.exports={get:o,post:i,httpRequest:r}},function(e,t,n){function r(e,t,n){var o="";n&&(o=" expires="+s.isoToUTCString(n)+";");var i=e+"="+t+"; path=/;"+o;return r._setDocumentCookie(i),i}function o(e){var t=new RegExp(e+"=([^;]*)"),n=o._getDocumentCookie().match(t);if(n){var r=n[1];return r}}function i(e){r(e,"","1970-01-01T00:00:00Z")}var s=n(8);r._setDocumentCookie=function(e){document.cookie=e},o._getDocumentCookie=function(){return document.cookie},e.exports={setCookie:r,getCookie:o,deleteCookie:i}},function(e,t,n){var r=n(11),o=n(13),i=n(15),s={};s.browserHasLocalStorage=function(){try{return!!s.getLocalStorage()}catch(e){return!1}},s.browserHasSessionStorage=function(){try{return!!s.getSessionStorage()}catch(e){return!1}},s.getHttpCache=function(){return s.browserHasLocalStorage()?o(s.getLocalStorage(),i.CACHE_STORAGE_NAME):s.browserHasSessionStorage()?o(s.getSessionStorage(),i.CACHE_STORAGE_NAME):o(s.getCookieStorage(),i.CACHE_STORAGE_NAME)},s.getLocalStorage=function(){return localStorage},s.getSessionStorage=function(){return sessionStorage},s.getCookieStorage=function(){return{getItem:r.getCookie,setItem:function(e,t){r.setCookie(e,t,"2038-01-19T03:14:07.000Z")}}},e.exports=s},function(e,t,n){function r(e,t){function n(){var n=e.getItem(t);n=n||"{}";try{return JSON.parse(n)}catch(r){throw new o("Unable to parse storage string: "+t)}}function r(n){try{var r=JSON.stringify(n);e.setItem(t,r)}catch(i){throw new o("Unable to set storage: "+t)}}function i(e){e||r({});var t=n();delete t[e],r(t)}function s(e,t){var o=n();o[e]=t,r(o)}return{getStorage:n,setStorage:r,clearStorage:i,updateStorage:s}}var o=n(14);e.exports=r},function(e,t){function n(e,t){this.name="AuthSdkError",this.message=e,this.errorCode="INTERNAL",this.errorSummary=e,this.errorLink="INTERNAL",this.errorId="INTERNAL",this.errorCauses=[],t&&(this.xhr=t)}n.prototype=new Error,e.exports=n},function(e,t){e.exports={STATE_TOKEN_COOKIE_NAME:"oktaStateToken",DEFAULT_POLLING_DELAY:500,DEFAULT_MAX_CLOCK_SKEW:300,DEFAULT_CACHE_DURATION:86400,FRAME_ID:"okta-oauth-helper-frame",REDIRECT_OAUTH_PARAMS_COOKIE_NAME:"okta-oauth-redirect-params",REDIRECT_STATE_COOKIE_NAME:"okta-oauth-state",REDIRECT_NONCE_COOKIE_NAME:"okta-oauth-nonce",TOKEN_STORAGE_NAME:"okta-token-storage",CACHE_STORAGE_NAME:"okta-cache-storage",SDK_VERSION:"1.7.0"}},function(e,t,n){(function(t,n){/*!
!function(e,t,n){"undefined"!=typeof module&&module.exports?module.exports=n():(__WEBPACK_AMD_DEFINE_FACTORY__=n,__WEBPACK_AMD_DEFINE_RESULT__="function"==typeof __WEBPACK_AMD_DEFINE_FACTORY__?__WEBPACK_AMD_DEFINE_FACTORY__.call(exports,__webpack_require__,exports,module):__WEBPACK_AMD_DEFINE_FACTORY__,!(void 0!==__WEBPACK_AMD_DEFINE_RESULT__&&(module.exports=__WEBPACK_AMD_DEFINE_RESULT__)))}("reqwest",this,function(){function succeed(e){var t=protocolRe.exec(e.url);return t=t&&t[1]||context.location.protocol,httpsRe.test(t)?twoHundo.test(e.request.status):!!e.request.response}function handleReadyState(e,t,n){return function(){return e._aborted?n(e.request):e._timedOut?n(e.request,"Request is aborted: timeout"):void(e.request&&4==e.request[readyState]&&(e.request.onreadystatechange=noop,succeed(e)?t(e.request):n(e.request)))}}function setHeaders(e,t){var n,r=t.headers||{};r.Accept=r.Accept||defaultHeaders.accept[t.type]||defaultHeaders.accept["*"];var o="undefined"!=typeof FormData&&t.data instanceof FormData;t.crossOrigin||r[requestedWith]||(r[requestedWith]=defaultHeaders.requestedWith),r[contentType]||o||(r[contentType]=t.contentType||defaultHeaders.contentType);for(n in r)r.hasOwnProperty(n)&&"setRequestHeader"in e&&e.setRequestHeader(n,r[n])}function setCredentials(e,t){"undefined"!=typeof t.withCredentials&&"undefined"!=typeof e.withCredentials&&(e.withCredentials=!!t.withCredentials)}function generalCallback(e){lastValue=e}function urlappend(e,t){return e+(/\?/.test(e)?"&":"?")+t}function handleJsonp(e,t,n,r){var o=uniqid++,i=e.jsonpCallback||"callback",s=e.jsonpCallbackName||reqwest.getcallbackPrefix(o),a=new RegExp("((^|\\?|&)"+i+")=([^&]+)"),u=r.match(a),c=doc.createElement("script"),f=0,p=navigator.userAgent.indexOf("MSIE 10.0")!==-1;return u?"?"===u[3]?r=r.replace(a,"$1="+s):s=u[3]:r=urlappend(r,i+"="+s),context[s]=generalCallback,c.type="text/javascript",c.src=r,c.async=!0,"undefined"==typeof c.onreadystatechange||p||(c.htmlFor=c.id="_reqwest_"+o),c.onload=c.onreadystatechange=function(){return!(c[readyState]&&"complete"!==c[readyState]&&"loaded"!==c[readyState]||f)&&(c.onload=c.onreadystatechange=null,c.onclick&&c.onclick(),t(lastValue),lastValue=void 0,head.removeChild(c),void(f=1))},head.appendChild(c),{abort:function(){c.onload=c.onreadystatechange=null,n({},"Request is aborted: timeout",{}),lastValue=void 0,head.removeChild(c),f=1}}}function getRequest(e,t){var n,r=this.o,o=(r.method||"GET").toUpperCase(),i="string"==typeof r?r:r.url,s=r.processData!==!1&&r.data&&"string"!=typeof r.data?reqwest.toQueryString(r.data):r.data||null,a=!1;return"jsonp"!=r.type&&"GET"!=o||!s||(i=urlappend(i,s),s=null),"jsonp"==r.type?handleJsonp(r,e,t,i):(n=r.xhr&&r.xhr(r)||xhr(r),n.open(o,i,r.async!==!1),setHeaders(n,r),setCredentials(n,r),context[xDomainRequest]&&n instanceof context[xDomainRequest]?(n.onload=e,n.onerror=t,n.onprogress=function(){},a=!0):n.onreadystatechange=handleReadyState(this,e,t),r.before&&r.before(n),a?setTimeout(function(){n.send(s)},200):n.send(s),n)}function Reqwest(e,t){this.o=e,this.fn=t,init.apply(this,arguments)}function setType(e){if(null!==e)return e.match("json")?"json":e.match("javascript")?"js":e.match("text")?"html":e.match("xml")?"xml":void 0}function init(o,fn){function complete(e){for(o.timeout&&clearTimeout(self.timeout),self.timeout=null;self._completeHandlers.length>0;)self._completeHandlers.shift()(e)}function success(resp){var type=o.type||resp&&setType(resp.getResponseHeader("Content-Type"));resp="jsonp"!==type?self.request:resp;var filteredResponse=globalSetupOptions.dataFilter(resp.responseText,type),r=filteredResponse;try{resp.responseText=r}catch(e){}if(r)switch(type){case"json":try{resp=context.JSON?context.JSON.parse(r):eval("("+r+")")}catch(err){return error(resp,"Could not parse JSON in response",err)}break;case"js":resp=eval(r);break;case"html":resp=r;break;case"xml":resp=resp.responseXML&&resp.responseXML.parseError&&resp.responseXML.parseError.errorCode&&resp.responseXML.parseError.reason?null:resp.responseXML}for(self._responseArgs.resp=resp,self._fulfilled=!0,fn(resp),self._successHandler(resp);self._fulfillmentHandlers.length>0;)resp=self._fulfillmentHandlers.shift()(resp);complete(resp)}function timedOut(){self._timedOut=!0,self.request.abort()}function error(e,t,n){for(e=self.request,self._responseArgs.resp=e,self._responseArgs.msg=t,self._responseArgs.t=n,self._erred=!0;self._errorHandlers.length>0;)self._errorHandlers.shift()(e,t,n);complete(e)}this.url="string"==typeof o?o:o.url,this.timeout=null,this._fulfilled=!1,this._successHandler=function(){},this._fulfillmentHandlers=[],this._errorHandlers=[],this._completeHandlers=[],this._erred=!1,this._responseArgs={};var self=this;fn=fn||function(){},o.timeout&&(this.timeout=setTimeout(function(){timedOut()},o.timeout)),o.success&&(this._successHandler=function(){o.success.apply(o,arguments)}),o.error&&this._errorHandlers.push(function(){o.error.apply(o,arguments)}),o.complete&&this._completeHandlers.push(function(){o.complete.apply(o,arguments)}),this.request=getRequest.call(this,success,error)}function reqwest(e,t){return new Reqwest(e,t)}function normalize(e){return e?e.replace(/\r?\n/g,"\r\n"):""}function serial(e,t){var n,r,o,i,s=e.name,a=e.tagName.toLowerCase(),u=function(e){e&&!e.disabled&&t(s,normalize(e.attributes.value&&e.attributes.value.specified?e.value:e.text))};if(!e.disabled&&s)switch(a){case"input":/reset|button|image|file/i.test(e.type)||(n=/checkbox/i.test(e.type),r=/radio/i.test(e.type),o=e.value,(!(n||r)||e.checked)&&t(s,normalize(n&&""===o?"on":o)));break;case"textarea":t(s,normalize(e.value));break;case"select":if("select-one"===e.type.toLowerCase())u(e.selectedIndex>=0?e.options[e.selectedIndex]:null);else for(i=0;e.length&&i<e.length;i++)e.options[i].selected&&u(e.options[i])}}function eachFormElement(){var e,t,n=this,r=function(e,t){var r,o,i;for(r=0;r<t.length;r++)for(i=e[byTag](t[r]),o=0;o<i.length;o++)serial(i[o],n)};for(t=0;t<arguments.length;t++)e=arguments[t],/input|select|textarea/i.test(e.tagName)&&serial(e,n),r(e,["input","select","textarea"])}function serializeQueryString(){return reqwest.toQueryString(reqwest.serializeArray.apply(null,arguments))}function serializeHash(){var e={};return eachFormElement.apply(function(t,n){t in e?(e[t]&&!isArray(e[t])&&(e[t]=[e[t]]),e[t].push(n)):e[t]=n},arguments),e}function buildParams(e,t,n,r){var o,i,s,a=/\[\]$/;if(isArray(t))for(i=0;t&&i<t.length;i++)s=t[i],n||a.test(e)?r(e,s):buildParams(e+"["+("object"==typeof s?i:"")+"]",s,n,r);else if(t&&"[object Object]"===t.toString())for(o in t)buildParams(e+"["+o+"]",t[o],n,r);else r(e,t)}var context=this;if("window"in context)var doc=document,byTag="getElementsByTagName",head=doc[byTag]("head")[0];else{var XHR2;try{XHR2=__webpack_require__(4)}catch(ex){throw new Error("Peer dependency `xhr2` required! Please npm install xhr2")}}var httpsRe=/^http/,protocolRe=/(^\w+):\/\//,twoHundo=/^(20\d|1223)$/,readyState="readyState",contentType="Content-Type",requestedWith="X-Requested-With",uniqid=0,callbackPrefix="reqwest_"+ +new Date,lastValue,xmlHttpRequest="XMLHttpRequest",xDomainRequest="XDomainRequest",noop=function(){},isArray="function"==typeof Array.isArray?Array.isArray:function(e){return e instanceof Array},defaultHeaders={contentType:"application/x-www-form-urlencoded",requestedWith:xmlHttpRequest,accept:{"*":"text/javascript, text/html, application/xml, text/xml, */*",xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript",js:"application/javascript, text/javascript"}},xhr=function(e){if(e.crossOrigin===!0){var t=context[xmlHttpRequest]?new XMLHttpRequest:null;if(t&&"withCredentials"in t)return t;if(context[xDomainRequest])return new XDomainRequest;throw new Error("Browser does not support cross-origin requests")}return context[xmlHttpRequest]?new XMLHttpRequest:XHR2?new XHR2:new ActiveXObject("Microsoft.XMLHTTP")},globalSetupOptions={dataFilter:function(e){return e}};return Reqwest.prototype={abort:function(){this._aborted=!0,this.request.abort()},retry:function(){init.call(this,this.o,this.fn)},then:function(e,t){return e=e||function(){},t=t||function(){},this._fulfilled?this._responseArgs.resp=e(this._responseArgs.resp):this._erred?t(this._responseArgs.resp,this._responseArgs.msg,this._responseArgs.t):(this._fulfillmentHandlers.push(e),this._errorHandlers.push(t)),this},always:function(e){return this._fulfilled||this._erred?e(this._responseArgs.resp):this._completeHandlers.push(e),this},fail:function(e){return this._erred?e(this._responseArgs.resp,this._responseArgs.msg,this._responseArgs.t):this._errorHandlers.push(e),this},"catch":function(e){return this.fail(e)}},reqwest.serializeArray=function(){var e=[];return eachFormElement.apply(function(t,n){e.push({name:t,value:n})},arguments),e},reqwest.serialize=function(){if(0===arguments.length)return"";var e,t,n=Array.prototype.slice.call(arguments,0);return e=n.pop(),e&&e.nodeType&&n.push(e)&&(e=null),e&&(e=e.type),t="map"==e?serializeHash:"array"==e?reqwest.serializeArray:serializeQueryString,t.apply(null,n)},reqwest.toQueryString=function(e,t){var n,r,o=t||!1,i=[],s=encodeURIComponent,a=function(e,t){t="function"==typeof t?t():null==t?"":t,i[i.length]=s(e)+"="+s(t)};if(isArray(e))for(r=0;e&&r<e.length;r++)a(e[r].name,e[r].value);else for(n in e)e.hasOwnProperty(n)&&buildParams(n,e[n],o,a);return i.join("&").replace(/%20/g,"+")},reqwest.getcallbackPrefix=function(){return callbackPrefix},reqwest.compat=function(e,t){return e&&(e.type&&(e.method=e.type)&&delete e.type,e.dataType&&(e.type=e.dataType),e.jsonpCallback&&(e.jsonpCallbackName=e.jsonpCallback)&&delete e.jsonpCallback,e.jsonp&&(e.jsonpCallback=e.jsonp)),new Reqwest(e,t)},reqwest.ajaxSetup=function(e){e=e||{};for(var t in e)globalSetupOptions[t]=e[t]},reqwest})},function(e,t){},function(e,t,n){function r(e){var t=this;if(!e)throw new c("No arguments passed to constructor. Required usage: new OktaAuth(args)");if(!e.url)throw new c('No url passed to constructor. Required usage: new OktaAuth({url: "https://sample.okta.com"})');this.options={url:o.removeTrailingSlash(e.url),clientId:e.clientId,issuer:o.removeTrailingSlash(e.issuer),authorizeUrl:o.removeTrailingSlash(e.authorizeUrl),userinfoUrl:o.removeTrailingSlash(e.userinfoUrl),redirectUri:e.redirectUri,ajaxRequest:e.ajaxRequest,transformErrorXHR:e.transformErrorXHR,headers:e.headers},e.maxClockSkew||0===e.maxClockSkew?this.options.maxClockSkew=e.maxClockSkew:this.options.maxClockSkew=f.DEFAULT_MAX_CLOCK_SKEW,t.session={close:o.bind(s.closeSession,null,t),exists:o.bind(s.sessionExists,null,t),get:o.bind(s.getSession,null,t),refresh:o.bind(s.refreshSession,null,t),setCookieAndRedirect:o.bind(s.setCookieAndRedirect,null,t)},t.tx={status:o.bind(i.transactionStatus,null,t),resume:o.bind(i.resumeTransaction,null,t),exists:o.bind(i.transactionExists,null,t)},t.tx.exists._getCookie=function(e){return a.getCookie(e)},t.idToken={authorize:o.deprecateWrap("Use token.getWithoutPrompt, token.getWithPopup, or token.getWithRedirect instead of idToken.authorize.",o.bind(u.getToken,null,t)),verify:o.deprecateWrap("Use token.verify instead of idToken.verify",o.bind(u.verifyIdToken,null,t)),refresh:o.deprecateWrap("Use token.refresh instead of idToken.refresh",o.bind(u.refreshIdToken,null,t)),decode:o.deprecateWrap("Use token.decode instead of idToken.decode",u.decodeToken)},t.idToken.authorize._getLocationHref=function(){return window.location.href},t.token={getWithoutPrompt:o.bind(u.getWithoutPrompt,null,t),getWithPopup:o.bind(u.getWithPopup,null,t),getWithRedirect:o.bind(u.getWithRedirect,null,t),parseFromUrl:o.bind(u.parseFromUrl,null,t),decode:u.decodeToken,refresh:o.bind(u.refreshToken,null,t),getUserInfo:o.bind(u.getUserInfo,null,t),verify:o.bind(u.verifyToken,null,t)},t.token.getWithRedirect._setLocation=function(e){window.location=e},t.token.parseFromUrl._getLocationHash=function(e){return window.location.hash},t.tokenManager=new p(t,e.tokenManager)}n(6);var o=n(8),i=n(9),s=n(21),a=n(11),u=n(22),c=n(14),f=n(15),p=n(26),l=r.prototype;l.features={},l.features.isPopupPostMessageSupported=function(){var e=document.documentMode&&document.documentMode<10;return!(!window.postMessage||e)},l.features.isTokenVerifySupported=function(){return"undefined"!=typeof crypto&&crypto.subtle&&"undefined"!=typeof Uint8Array},l.signIn=function(e){return i.postToTransaction(this,"/api/v1/authn",e)},l.signOut=function(){return this.session.close()},l.forgotPassword=function(e){return i.postToTransaction(this,"/api/v1/authn/recovery/password",e)},l.unlockAccount=function(e){return i.postToTransaction(this,"/api/v1/authn/recovery/unlock",e)},l.verifyRecoveryToken=function(e){return i.postToTransaction(this,"/api/v1/authn/recovery/token",e)},e.exports=function(e){function t(n){return this instanceof t?(n&&!n.ajaxRequest&&(n.ajaxRequest=e),void o.bind(r,this)(n)):new t(n)}return t.prototype=r.prototype,t.prototype.constructor=t,t}},function(e,t,n){n(7),Array.prototype.indexOf||(Array.prototype.indexOf=function(e,t){var n;if(null==this)throw new TypeError('"this" is null or not defined');var r=Object(this),o=r.length>>>0;if(0===o)return-1;var i=+t||0;if(Math.abs(i)===1/0&&(i=0),i>=o)return-1;for(n=Math.max(i>=0?i:o-Math.abs(i),0);n<o;){if(n in r&&r[n]===e)return n;n++}return-1}),Array.isArray||(Array.isArray=function(e){return"[object Array]"===Object.prototype.toString.call(e)})},function(e,t,n){!function(){function e(e){this.message=e}var n=t,r="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";e.prototype=new Error,e.prototype.name="InvalidCharacterError",n.btoa||(n.btoa=function(t){for(var n,o,i=String(t),s=0,a=r,u="";i.charAt(0|s)||(a="=",s%1);u+=a.charAt(63&n>>8-s%1*8)){if(o=i.charCodeAt(s+=.75),o>255)throw new e("'btoa' failed: The string to be encoded contains characters outside of the Latin1 range.");n=n<<8|o}return u}),n.atob||(n.atob=function(t){var n=String(t).replace(/=+$/,"");if(n.length%4==1)throw new e("'atob' failed: The string to be decoded is not correctly encoded.");for(var o,i,s=0,a=0,u="";i=n.charAt(a++);~i&&(o=s%4?64*o+i:i,s++%4)?u+=String.fromCharCode(255&o>>(-2*s&6)):0)i=r.indexOf(i);return u})}()},function(e,t){var n=e.exports;n.base64UrlToBase64=function(e){return e.replace(/\-/g,"+").replace(/_/g,"/")},n.base64UrlToString=function(e){var t=n.base64UrlToBase64(e);switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw"Not a valid Base64Url"}var r=atob(t);try{return decodeURIComponent(escape(r))}catch(o){return r}},n.stringToBuffer=function(e){for(var t=new Uint8Array(e.length),n=0;n<e.length;n++)t[n]=e.charCodeAt(n);return t},n.base64UrlDecode=function(e){return atob(n.base64UrlToBase64(e))},n.bind=function(e,t){var n=Array.prototype.slice.call(arguments,2);return function(){var r=Array.prototype.slice.call(arguments);return r=n.concat(r),e.apply(t,r)}},n.isAbsoluteUrl=function(e){return/^(?:[a-z]+:)?\/\//i.test(e)},n.isString=function(e){return"[object String]"===Object.prototype.toString.call(e)},n.isObject=function(e){return"[object Object]"===Object.prototype.toString.call(e)},n.isNumber=function(e){return"[object Number]"===Object.prototype.toString.call(e)},n.isArray=function(e){return"[object Array]"===Object.prototype.toString.call(e)},n.isoToUTCString=function(e){var t=e.match(/\d+/g),n=Date.UTC(t[0],t[1]-1,t[2],t[3],t[4],t[5]),r=new Date(n);return r.toUTCString()},n.toQueryParams=function(e){var t=[];if(null!==e)for(var n in e)e.hasOwnProperty(n)&&void 0!==e[n]&&null!==e[n]&&t.push(n+"="+encodeURIComponent(e[n]));return t.length?"?"+t.join("&"):""},n.genRandomString=function(e){for(var t="abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",n="",r=0,o=t.length;r<e;++r)n+=t[Math.floor(Math.random()*o)];return n},n.extend=function(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])},n.removeNils=function(e){var t={};for(var n in e)if(e.hasOwnProperty(n)){var r=e[n];null!==r&&void 0!==r&&(t[n]=r)}return t},n.clone=function(e){if(e){var t=JSON.stringify(e);if(t)return JSON.parse(t)}return e},n.omit=function(e){var t=Array.prototype.slice.call(arguments,1),r={};for(var o in e)e.hasOwnProperty(o)&&t.indexOf(o)==-1&&(r[o]=e[o]);return n.clone(r)},n.find=function(e,t){for(var n=e.length;n--;){var r=e[n],o=!0;for(var i in t)if(t.hasOwnProperty(i)&&r[i]!==t[i]){o=!1;break}if(o)return r}},n.getLink=function(e,t,r){if(e&&e._links){var o=n.clone(e._links[t]);return o&&o.name&&r?o.name===r?o:void 0:o}},n.getNativeConsole=function(){return window.console},n.getConsole=function(){var e=n.getNativeConsole();return e&&e.log?e:{log:function(){}}},n.warn=function(e){n.getConsole().log("[okta-auth-sdk] WARN: "+e)},n.deprecate=function(e){n.getConsole().log("[okta-auth-sdk] DEPRECATION: "+e)},n.deprecateWrap=function(e,t){return function(){return n.deprecate(e),t.apply(null,arguments)}},n.removeTrailingSlash=function(e){if(e)return"/"===e.slice(-1)?e.slice(0,-1):e}},function(e,t,n){function r(e,t){var n=y.clone(t)||{};return!n.stateToken&&e.stateToken&&(n.stateToken=e.stateToken),n}function o(e){return r(e)}function i(e,t){return t=r(e,t),h.post(e,e.options.url+"/api/v1/authn",t)}function s(e,t){if(!t||!t.stateToken){var n=e.tx.exists._getCookie(w.STATE_TOKEN_COOKIE_NAME);if(!n)return m.reject(new v("No transaction to resume"));t={stateToken:n}}return e.tx.status(t).then(function(t){return new d(e,t)})}function a(e){return!!e.tx.exists._getCookie(w.STATE_TOKEN_COOKIE_NAME)}function u(e,t,n){return h.post(e,t,n).then(function(t){return new d(e,t)})}function c(e,t,n){return function(r){function i(){var n=u.href;return a&&(n+="?rememberDevice=true"),h.post(e,n,o(t),{saveAuthnState:!1})}var s,a;y.isNumber(r)?s=r:y.isObject(r)&&(s=r.delay,a=r.rememberDevice),s||0===s||(s=w.DEFAULT_POLLING_DELAY);var u=y.getLink(t,"next","poll");n.isPolling=!0;var c=0,f=function(){return n.isPolling?i().then(function(t){if(c=0,t.factorResult&&"WAITING"===t.factorResult){if(!n.isPolling)throw new g;return m.delay(s).then(f)}return n.isPolling=!1,new d(e,t)}).fail(function(e){if(e.xhr&&(0===e.xhr.status||429===e.xhr.status)&&c<=4){var t=1e3*Math.pow(2,c);return c++,m.delay(t).then(f)}throw e}):m.reject(new g)};return f().fail(function(e){throw n.isPolling=!1,e})}}function f(e,t,n,o,i){if(Array.isArray(o))return function(r,s){if(!r)throw new v("Must provide a link name");var a=y.find(o,{name:r});if(!a)throw new v("No link found for that name");return f(e,t,n,a,i)(s)};if(o.hints&&o.hints.allow&&1===o.hints.allow.length){var s=o.hints.allow[0];switch(s){case"GET":return function(){return h.get(e,o.href)};case"POST":return function(s){i&&i.isPolling&&(i.isPolling=!1);var a=r(t,s);"MFA_ENROLL"===t.status&&y.extend(a,{factorType:n.factorType,provider:n.provider});var c=o.href;return void 0!==a.rememberDevice?(a.rememberDevice&&(c+="?rememberDevice=true"),a=y.omit(a,"rememberDevice")):a.profile&&void 0!==a.profile.updatePhone&&(a.profile.updatePhone&&(c+="?updatePhone=true"),a.profile=y.omit(a.profile,"updatePhone")),u(e,c,a)}}}}function p(e,t,n,r){var o={};for(var i in n._links)if(n._links.hasOwnProperty(i)){var s=n._links[i];if("next"===i&&(i=s.name),s.type)o[i]=s;else switch(i){case"poll":o.poll=c(e,t,r);break;default:var a=f(e,t,n,s,r);a&&(o[i]=a)}}return o}function l(e,t,n,r){if(n=n||t,n=y.clone(n),Array.isArray(n)){for(var o=[],i=0,s=n.length;i<s;i++)o.push(l(e,t,n[i],r));return o}var a=n._embedded||{};for(var u in a)a.hasOwnProperty(u)&&(y.isObject(a[u])||Array.isArray(a[u]))&&(a[u]=l(e,t,a[u],r));var c=p(e,t,n,r);return y.extend(a,c),n=y.omit(n,"_embedded","_links"),y.extend(n,a),n}function d(e,t){t&&(this.data=t,y.extend(this,l(e,t,t,{})),delete this.stateToken,"RECOVERY_CHALLENGE"!==t.status||t._links||(this.cancel=function(){return new m(new d(e))}))}var h=n(10),y=n(8),m=n(16),v=n(14),g=n(20),w=n(15);e.exports={transactionStatus:i,resumeTransaction:s,transactionExists:a,postToTransaction:u}},function(e,t,n){function r(e,t){t=t||{};var n=t.url,r=t.method,o=t.args,i=t.saveAuthnState,l=t.accessToken,d=u.getHttpCache();if(t.cacheResponse){var h=d.getStorage(),y=h[n];if(y&&Date.now()/1e3<y.expiresAt)return c.resolve(y.response)}var m={Accept:"application/json","Content-Type":"application/json","X-Okta-User-Agent-Extended":"okta-auth-js-"+p.SDK_VERSION};s.extend(m,e.options.headers||{}),l&&s.isString(l)&&(m.Authorization="Bearer "+l);var v,g,w={headers:m,data:o||void 0};return new c(e.options.ajaxRequest(r,n,w)).then(function(e){return g=e.responseText,g&&s.isString(g)&&(g=JSON.parse(g)),i&&(g.stateToken||a.deleteCookie(p.STATE_TOKEN_COOKIE_NAME)),g&&g.stateToken&&g.expiresAt&&a.setCookie(p.STATE_TOKEN_COOKIE_NAME,g.stateToken,g.expiresAt),g&&t.cacheResponse&&d.updateStorage(n,{expiresAt:Math.floor(Date.now()/1e3)+p.DEFAULT_CACHE_DURATION,response:g}),g}).fail(function(t){var n=t.responseText||{};if(s.isString(n))try{n=JSON.parse(n)}catch(r){n={errorSummary:"Unknown error"}}throw t.status>=500&&(n.errorSummary="Unknown error"),e.options.transformErrorXHR&&(t=e.options.transformErrorXHR(s.clone(t))),v=new f(n,t),"E0000011"===v.errorCode&&a.deleteCookie(p.STATE_TOKEN_COOKIE_NAME),v})}function o(e,t,n){t=s.isAbsoluteUrl(t)?t:e.options.url+t;var o={url:t,method:"GET"};return s.extend(o,n),r(e,o)}function i(e,t,n,o){t=s.isAbsoluteUrl(t)?t:e.options.url+t;var i={url:t,method:"POST",args:n,saveAuthnState:!0};return s.extend(i,o),r(e,i)}var s=n(8),a=n(11),u=n(12),c=n(16),f=n(19),p=n(15);e.exports={get:o,post:i,httpRequest:r}},function(e,t,n){function r(e,t,n){var o="";n&&(o=" expires="+s.isoToUTCString(n)+";");var i=e+"="+t+"; path=/;"+o;return r._setDocumentCookie(i),i}function o(e){var t=new RegExp(e+"=([^;]*)"),n=o._getDocumentCookie().match(t);if(n){var r=n[1];return r}}function i(e){r(e,"","1970-01-01T00:00:00Z")}var s=n(8);r._setDocumentCookie=function(e){document.cookie=e},o._getDocumentCookie=function(){return document.cookie},e.exports={setCookie:r,getCookie:o,deleteCookie:i}},function(e,t,n){var r=n(11),o=n(13),i=n(15),s={};s.browserHasLocalStorage=function(){try{return!!s.getLocalStorage()}catch(e){return!1}},s.browserHasSessionStorage=function(){try{return!!s.getSessionStorage()}catch(e){return!1}},s.getHttpCache=function(){return s.browserHasLocalStorage()?o(s.getLocalStorage(),i.CACHE_STORAGE_NAME):s.browserHasSessionStorage()?o(s.getSessionStorage(),i.CACHE_STORAGE_NAME):o(s.getCookieStorage(),i.CACHE_STORAGE_NAME)},s.getLocalStorage=function(){return localStorage},s.getSessionStorage=function(){return sessionStorage},s.getCookieStorage=function(){return{getItem:r.getCookie,setItem:function(e,t){r.setCookie(e,t,"2038-01-19T03:14:07.000Z")}}},e.exports=s},function(e,t,n){function r(e,t){function n(){var n=e.getItem(t);n=n||"{}";try{return JSON.parse(n)}catch(r){throw new o("Unable to parse storage string: "+t)}}function r(n){try{var r=JSON.stringify(n);e.setItem(t,r)}catch(i){throw new o("Unable to set storage: "+t)}}function i(e){e||r({});var t=n();delete t[e],r(t)}function s(e,t){var o=n();o[e]=t,r(o)}return{getStorage:n,setStorage:r,clearStorage:i,updateStorage:s}}var o=n(14);e.exports=r},function(e,t){function n(e,t){this.name="AuthSdkError",this.message=e,this.errorCode="INTERNAL",this.errorSummary=e,this.errorLink="INTERNAL",this.errorId="INTERNAL",this.errorCauses=[],t&&(this.xhr=t)}n.prototype=new Error,e.exports=n},function(e,t){e.exports={STATE_TOKEN_COOKIE_NAME:"oktaStateToken",DEFAULT_POLLING_DELAY:500,DEFAULT_MAX_CLOCK_SKEW:300,DEFAULT_CACHE_DURATION:86400,FRAME_ID:"okta-oauth-helper-frame",REDIRECT_OAUTH_PARAMS_COOKIE_NAME:"okta-oauth-redirect-params",REDIRECT_STATE_COOKIE_NAME:"okta-oauth-state",REDIRECT_NONCE_COOKIE_NAME:"okta-oauth-nonce",TOKEN_STORAGE_NAME:"okta-token-storage",CACHE_STORAGE_NAME:"okta-cache-storage",SDK_VERSION:"1.8.0"}},function(e,t,n){(function(t,n){/*!
*

@@ -45,4 +45,4 @@ * Copyright 2009-2012 Kris Kowal under the terms of the MIT

*/
!function(t){"use strict";if("function"==typeof bootstrap)bootstrap("promise",t);else{e.exports=t()}}(function(){"use strict";function e(e){return function(){return Q.apply(e,arguments)}}function r(e){return e===Object(e)}function o(e){return"[object StopIteration]"===oe(e)||e instanceof B}function i(e,t){if(K&&t.stack&&"object"==typeof e&&null!==e&&e.stack&&e.stack.indexOf(ie)===-1){for(var n=[],r=t;r;r=r.source)r.stack&&n.unshift(r.stack);n.unshift(e.stack);var o=n.join("\n"+ie+"\n");e.stack=s(o)}}function s(e){for(var t=e.split("\n"),n=[],r=0;r<t.length;++r){var o=t[r];c(o)||a(o)||!o||n.push(o)}return n.join("\n")}function a(e){return e.indexOf("(module.js:")!==-1||e.indexOf("(node.js:")!==-1}function u(e){var t=/at .+ \((.+):(\d+):(?:\d+)\)$/.exec(e);if(t)return[t[1],Number(t[2])];var n=/at ([^ ]+):(\d+):(?:\d+)$/.exec(e);if(n)return[n[1],Number(n[2])];var r=/.*@(.+):(\d+)$/.exec(e);return r?[r[1],Number(r[2])]:void 0}function c(e){var t=u(e);if(!t)return!1;var n=t[0],r=t[1];return n===X&&r>=J&&r<=fe}function f(){if(K)try{throw new Error}catch(e){var t=e.stack.split("\n"),n=t[0].indexOf("@")>0?t[1]:t[2],r=u(n);if(!r)return;return X=r[0],r[1]}}function p(e,t,n){return function(){return"undefined"!=typeof console&&"function"==typeof console.warn&&console.warn(t+" is deprecated, use "+n+" instead.",new Error("").stack),e.apply(e,arguments)}}function l(e){return e instanceof m?e:T(e)?R(e):O(e)}function d(){function e(e){t=e,i.source=e,$(n,function(t,n){l.nextTick(function(){e.promiseDispatch.apply(e,n)})},void 0),n=void 0,r=void 0}var t,n=[],r=[],o=te(d.prototype),i=te(m.prototype);if(i.promiseDispatch=function(e,o,i){var s=Y(arguments);n?(n.push(s),"when"===o&&i[1]&&r.push(i[1])):l.nextTick(function(){t.promiseDispatch.apply(t,s)})},i.valueOf=function(){if(n)return i;var e=g(t);return w(e)&&(t=e),e},i.inspect=function(){return t?t.inspect():{state:"pending"}},l.longStackSupport&&K)try{throw new Error}catch(s){i.stack=s.stack.substring(s.stack.indexOf("\n")+1)}return o.promise=i,o.resolve=function(n){t||e(l(n))},o.fulfill=function(n){t||e(O(n))},o.reject=function(n){t||e(S(n))},o.notify=function(e){t||$(r,function(t,n){l.nextTick(function(){n(e)})},void 0)},o}function h(e){if("function"!=typeof e)throw new TypeError("resolver must be a function.");var t=d();try{e(t.resolve,t.reject,t.notify)}catch(n){t.reject(n)}return t.promise}function y(e){return h(function(t,n){for(var r=0,o=e.length;r<o;r++)l(e[r]).then(t,n)})}function m(e,t,n){void 0===t&&(t=function(e){return S(new Error("Promise does not support operation: "+e))}),void 0===n&&(n=function(){return{state:"unknown"}});var r=te(m.prototype);if(r.promiseDispatch=function(n,o,i){var s;try{s=e[o]?e[o].apply(r,i):t.call(r,o,i)}catch(a){s=S(a)}n&&n(s)},r.inspect=n,n){var o=n();"rejected"===o.state&&(r.exception=o.reason),r.valueOf=function(){var e=n();return"pending"===e.state||"rejected"===e.state?r:e.value}}return r}function v(e,t,n,r){return l(e).then(t,n,r)}function g(e){if(w(e)){var t=e.inspect();if("fulfilled"===t.state)return t.value}return e}function w(e){return e instanceof m}function T(e){return r(e)&&"function"==typeof e.then}function k(e){return w(e)&&"pending"===e.inspect().state}function _(e){return!w(e)||"fulfilled"===e.inspect().state}function A(e){return w(e)&&"rejected"===e.inspect().state}function x(){se.length=0,ae.length=0,ce||(ce=!0)}function b(e,n){ce&&("object"==typeof t&&"function"==typeof t.emit&&l.nextTick.runAfter(function(){Z(ae,e)!==-1&&(t.emit("unhandledRejection",n,e),ue.push(e))}),ae.push(e),n&&"undefined"!=typeof n.stack?se.push(n.stack):se.push("(no stack) "+n))}function E(e){if(ce){var n=Z(ae,e);n!==-1&&("object"==typeof t&&"function"==typeof t.emit&&l.nextTick.runAfter(function(){var r=Z(ue,e);r!==-1&&(t.emit("rejectionHandled",se[n],e),ue.splice(r,1))}),ae.splice(n,1),se.splice(n,1))}}function S(e){var t=m({when:function(t){return t&&E(this),t?t(e):this}},function(){return this},function(){return{state:"rejected",reason:e}});return b(t,e),t}function O(e){return m({when:function(){return e},get:function(t){return e[t]},set:function(t,n){e[t]=n},"delete":function(t){delete e[t]},post:function(t,n){return null===t||void 0===t?e.apply(void 0,n):e[t].apply(e,n)},apply:function(t,n){return e.apply(t,n)},keys:function(){return re(e)}},void 0,function(){return{state:"fulfilled",value:e}})}function R(e){var t=d();return l.nextTick(function(){try{e.then(t.resolve,t.reject,t.notify)}catch(n){t.reject(n)}}),t.promise}function C(e){return m({isDef:function(){}},function(t,n){return P(e,t,n)},function(){return l(e).inspect()})}function j(e,t,n){return l(e).spread(t,n)}function U(e){return function(){function t(e,t){var s;if("undefined"==typeof StopIteration){try{s=n[e](t)}catch(a){return S(a)}return s.done?l(s.value):v(s.value,r,i)}try{s=n[e](t)}catch(a){return o(a)?l(a.value):S(a)}return v(s,r,i)}var n=e.apply(this,arguments),r=t.bind(t,"next"),i=t.bind(t,"throw");return r()}}function I(e){l.done(l.async(e)())}function N(e){throw new B(e)}function M(e){return function(){return j([this,q(arguments)],function(t,n){return e.apply(t,n)})}}function P(e,t,n){return l(e).dispatch(t,n)}function q(e){return v(e,function(e){var t=0,n=d();return $(e,function(r,o,i){var s;w(o)&&"fulfilled"===(s=o.inspect()).state?e[i]=s.value:(++t,v(o,function(r){e[i]=r,0===--t&&n.resolve(e)},n.reject,function(e){n.notify({index:i,value:e})}))},void 0),0===t&&n.resolve(e),n.promise})}function D(e){if(0===e.length)return l.resolve();var t=l.defer(),n=0;return $(e,function(r,o,i){function s(e){t.resolve(e)}function a(){n--,0===n&&t.reject(new Error("Can't get fulfillment value from any promise, all promises were rejected."))}function u(e){t.notify({index:i,value:e})}var c=e[i];n++,v(c,s,a,u)},void 0),t.promise}function H(e){return v(e,function(e){return e=ee(e,l),v(q(ee(e,function(e){return v(e,G,G)})),function(){return e})})}function L(e){return l(e).allSettled()}function W(e,t){return l(e).then(void 0,void 0,t)}function F(e,t){return l(e).nodeify(t)}var K=!1;try{throw new Error}catch(z){K=!!z.stack}var X,B,J=f(),G=function(){},V=function(){function e(){for(var e,t;o.next;)o=o.next,e=o.task,o.task=void 0,t=o.domain,t&&(o.domain=void 0,t.enter()),r(e,t);for(;c.length;)e=c.pop(),r(e);s=!1}function r(t,n){try{t()}catch(r){if(u)throw n&&n.exit(),setTimeout(e,0),n&&n.enter(),r;setTimeout(function(){throw r},0)}n&&n.exit()}var o={task:void 0,next:null},i=o,s=!1,a=void 0,u=!1,c=[];if(V=function(e){i=i.next={task:e,domain:u&&t.domain,next:null},s||(s=!0,a())},"object"==typeof t&&"[object process]"===t.toString()&&t.nextTick)u=!0,a=function(){t.nextTick(e)};else if("function"==typeof n)a="undefined"!=typeof window?n.bind(window,e):function(){n(e)};else if("undefined"!=typeof MessageChannel){var f=new MessageChannel;f.port1.onmessage=function(){a=p,f.port1.onmessage=e,e()};var p=function(){f.port2.postMessage(0)};a=function(){setTimeout(e,0),p()}}else a=function(){setTimeout(e,0)};return V.runAfter=function(e){c.push(e),s||(s=!0,a())},V}(),Q=Function.call,Y=e(Array.prototype.slice),$=e(Array.prototype.reduce||function(e,t){var n=0,r=this.length;if(1===arguments.length)for(;;){if(n in this){t=this[n++];break}if(++n>=r)throw new TypeError}for(;n<r;n++)n in this&&(t=e(t,this[n],n));return t}),Z=e(Array.prototype.indexOf||function(e){for(var t=0;t<this.length;t++)if(this[t]===e)return t;return-1}),ee=e(Array.prototype.map||function(e,t){var n=this,r=[];return $(n,function(o,i,s){r.push(e.call(t,i,s,n))},void 0),r}),te=Object.create||function(e){function t(){}return t.prototype=e,new t},ne=e(Object.prototype.hasOwnProperty),re=Object.keys||function(e){var t=[];for(var n in e)ne(e,n)&&t.push(n);return t},oe=e(Object.prototype.toString);B="undefined"!=typeof ReturnValue?ReturnValue:function(e){this.value=e};var ie="From previous event:";l.resolve=l,l.nextTick=V,l.longStackSupport=!1,"object"==typeof t&&t&&t.env&&t.env.Q_DEBUG&&(l.longStackSupport=!0),l.defer=d,d.prototype.makeNodeResolver=function(){var e=this;return function(t,n){t?e.reject(t):arguments.length>2?e.resolve(Y(arguments,1)):e.resolve(n)}},l.Promise=h,l.promise=h,h.race=y,h.all=q,h.reject=S,h.resolve=l,l.passByCopy=function(e){return e},m.prototype.passByCopy=function(){return this},l.join=function(e,t){return l(e).join(t)},m.prototype.join=function(e){return l([this,e]).spread(function(e,t){if(e===t)return e;throw new Error("Can't join: not the same: "+e+" "+t)})},l.race=y,m.prototype.race=function(){return this.then(l.race)},l.makePromise=m,m.prototype.toString=function(){return"[object Promise]"},m.prototype.then=function(e,t,n){function r(t){try{return"function"==typeof e?e(t):t}catch(n){return S(n)}}function o(e){if("function"==typeof t){i(e,a);try{return t(e)}catch(n){return S(n)}}return S(e)}function s(e){return"function"==typeof n?n(e):e}var a=this,u=d(),c=!1;return l.nextTick(function(){a.promiseDispatch(function(e){c||(c=!0,u.resolve(r(e)))},"when",[function(e){c||(c=!0,u.resolve(o(e)))}])}),a.promiseDispatch(void 0,"when",[void 0,function(e){var t,n=!1;try{t=s(e)}catch(r){if(n=!0,!l.onerror)throw r;l.onerror(r)}n||u.notify(t)}]),u.promise},l.tap=function(e,t){return l(e).tap(t)},m.prototype.tap=function(e){return e=l(e),this.then(function(t){return e.fcall(t).thenResolve(t)})},l.when=v,m.prototype.thenResolve=function(e){return this.then(function(){return e})},l.thenResolve=function(e,t){return l(e).thenResolve(t)},m.prototype.thenReject=function(e){return this.then(function(){throw e})},l.thenReject=function(e,t){return l(e).thenReject(t)},l.nearer=g,l.isPromise=w,l.isPromiseAlike=T,l.isPending=k,m.prototype.isPending=function(){return"pending"===this.inspect().state},l.isFulfilled=_,m.prototype.isFulfilled=function(){return"fulfilled"===this.inspect().state},l.isRejected=A,m.prototype.isRejected=function(){return"rejected"===this.inspect().state};var se=[],ae=[],ue=[],ce=!0;l.resetUnhandledRejections=x,l.getUnhandledReasons=function(){return se.slice()},l.stopUnhandledRejectionTracking=function(){x(),ce=!1},x(),l.reject=S,l.fulfill=O,l.master=C,l.spread=j,m.prototype.spread=function(e,t){return this.all().then(function(t){return e.apply(void 0,t)},t)},l.async=U,l.spawn=I,l["return"]=N,l.promised=M,l.dispatch=P,m.prototype.dispatch=function(e,t){var n=this,r=d();return l.nextTick(function(){n.promiseDispatch(r.resolve,e,t)}),r.promise},l.get=function(e,t){return l(e).dispatch("get",[t])},m.prototype.get=function(e){return this.dispatch("get",[e])},l.set=function(e,t,n){return l(e).dispatch("set",[t,n])},m.prototype.set=function(e,t){return this.dispatch("set",[e,t])},l.del=l["delete"]=function(e,t){return l(e).dispatch("delete",[t])},m.prototype.del=m.prototype["delete"]=function(e){return this.dispatch("delete",[e])},l.mapply=l.post=function(e,t,n){return l(e).dispatch("post",[t,n])},m.prototype.mapply=m.prototype.post=function(e,t){return this.dispatch("post",[e,t])},l.send=l.mcall=l.invoke=function(e,t){return l(e).dispatch("post",[t,Y(arguments,2)])},m.prototype.send=m.prototype.mcall=m.prototype.invoke=function(e){return this.dispatch("post",[e,Y(arguments,1)])},l.fapply=function(e,t){return l(e).dispatch("apply",[void 0,t])},m.prototype.fapply=function(e){return this.dispatch("apply",[void 0,e])},l["try"]=l.fcall=function(e){return l(e).dispatch("apply",[void 0,Y(arguments,1)])},m.prototype.fcall=function(){return this.dispatch("apply",[void 0,Y(arguments)])},l.fbind=function(e){var t=l(e),n=Y(arguments,1);return function(){return t.dispatch("apply",[this,n.concat(Y(arguments))])}},m.prototype.fbind=function(){var e=this,t=Y(arguments);return function(){return e.dispatch("apply",[this,t.concat(Y(arguments))])}},l.keys=function(e){return l(e).dispatch("keys",[])},m.prototype.keys=function(){return this.dispatch("keys",[])},l.all=q,m.prototype.all=function(){return q(this)},l.any=D,m.prototype.any=function(){return D(this)},l.allResolved=p(H,"allResolved","allSettled"),m.prototype.allResolved=function(){return H(this)},l.allSettled=L,m.prototype.allSettled=function(){return this.then(function(e){return q(ee(e,function(e){function t(){return e.inspect()}return e=l(e),e.then(t,t)}))})},l.fail=l["catch"]=function(e,t){return l(e).then(void 0,t)},m.prototype.fail=m.prototype["catch"]=function(e){return this.then(void 0,e)},l.progress=W,m.prototype.progress=function(e){return this.then(void 0,void 0,e)},l.fin=l["finally"]=function(e,t){return l(e)["finally"](t)},m.prototype.fin=m.prototype["finally"]=function(e){return e=l(e),this.then(function(t){return e.fcall().then(function(){return t})},function(t){return e.fcall().then(function(){throw t})})},l.done=function(e,t,n,r){return l(e).done(t,n,r)},m.prototype.done=function(e,n,r){var o=function(e){l.nextTick(function(){if(i(e,s),!l.onerror)throw e;l.onerror(e)})},s=e||n||r?this.then(e,n,r):this;"object"==typeof t&&t&&t.domain&&(o=t.domain.bind(o)),s.then(void 0,o)},l.timeout=function(e,t,n){return l(e).timeout(t,n)},m.prototype.timeout=function(e,t){var n=d(),r=setTimeout(function(){t&&"string"!=typeof t||(t=new Error(t||"Timed out after "+e+" ms"),t.code="ETIMEDOUT"),n.reject(t)},e);return this.then(function(e){clearTimeout(r),n.resolve(e)},function(e){clearTimeout(r),n.reject(e)},n.notify),n.promise},l.delay=function(e,t){return void 0===t&&(t=e,e=void 0),l(e).delay(t)},m.prototype.delay=function(e){return this.then(function(t){var n=d();return setTimeout(function(){n.resolve(t)},e),n.promise})},l.nfapply=function(e,t){return l(e).nfapply(t)},m.prototype.nfapply=function(e){var t=d(),n=Y(e);return n.push(t.makeNodeResolver()),this.fapply(n).fail(t.reject),t.promise},l.nfcall=function(e){var t=Y(arguments,1);return l(e).nfapply(t)},m.prototype.nfcall=function(){var e=Y(arguments),t=d();return e.push(t.makeNodeResolver()),this.fapply(e).fail(t.reject),t.promise},l.nfbind=l.denodeify=function(e){var t=Y(arguments,1);return function(){var n=t.concat(Y(arguments)),r=d();return n.push(r.makeNodeResolver()),l(e).fapply(n).fail(r.reject),r.promise}},m.prototype.nfbind=m.prototype.denodeify=function(){var e=Y(arguments);return e.unshift(this),l.denodeify.apply(void 0,e)},l.nbind=function(e,t){var n=Y(arguments,2);return function(){function r(){return e.apply(t,arguments)}var o=n.concat(Y(arguments)),i=d();return o.push(i.makeNodeResolver()),l(r).fapply(o).fail(i.reject),i.promise}},m.prototype.nbind=function(){var e=Y(arguments,0);return e.unshift(this),l.nbind.apply(void 0,e)},l.nmapply=l.npost=function(e,t,n){return l(e).npost(t,n)},m.prototype.nmapply=m.prototype.npost=function(e,t){var n=Y(t||[]),r=d();return n.push(r.makeNodeResolver()),this.dispatch("post",[e,n]).fail(r.reject),r.promise},l.nsend=l.nmcall=l.ninvoke=function(e,t){var n=Y(arguments,2),r=d();return n.push(r.makeNodeResolver()),l(e).dispatch("post",[t,n]).fail(r.reject),r.promise},m.prototype.nsend=m.prototype.nmcall=m.prototype.ninvoke=function(e){var t=Y(arguments,1),n=d();return t.push(n.makeNodeResolver()),this.dispatch("post",[e,t]).fail(n.reject),n.promise},l.nodeify=F,m.prototype.nodeify=function(e){return e?void this.then(function(t){l.nextTick(function(){e(null,t)})},function(t){l.nextTick(function(){e(t)})}):this},l.noConflict=function(){throw new Error("Q.noConflict only works when Q is used as a global")};var fe=f();return l})}).call(t,n(17),n(18).setImmediate)},function(e,t){function n(){throw new Error("setTimeout has not been defined")}function r(){throw new Error("clearTimeout has not been defined")}function o(e){if(f===setTimeout)return setTimeout(e,0);if((f===n||!f)&&setTimeout)return f=setTimeout,setTimeout(e,0);try{return f(e,0)}catch(t){try{return f.call(null,e,0)}catch(t){return f.call(this,e,0)}}}function i(e){if(p===clearTimeout)return clearTimeout(e);if((p===r||!p)&&clearTimeout)return p=clearTimeout,clearTimeout(e);try{return p(e)}catch(t){try{return p.call(null,e)}catch(t){return p.call(this,e)}}}function s(){y&&d&&(y=!1,d.length?h=d.concat(h):m=-1,h.length&&a())}function a(){if(!y){var e=o(s);y=!0;for(var t=h.length;t;){for(d=h,h=[];++m<t;)d&&d[m].run();m=-1,t=h.length}d=null,y=!1,i(e)}}function u(e,t){this.fun=e,this.array=t}function c(){}var f,p,l=e.exports={};!function(){try{f="function"==typeof setTimeout?setTimeout:n}catch(e){f=n}try{p="function"==typeof clearTimeout?clearTimeout:r}catch(e){p=r}}();var d,h=[],y=!1,m=-1;l.nextTick=function(e){var t=new Array(arguments.length-1);if(arguments.length>1)for(var n=1;n<arguments.length;n++)t[n-1]=arguments[n];h.push(new u(e,t)),1!==h.length||y||o(a)},u.prototype.run=function(){this.fun.apply(null,this.array)},l.title="browser",l.browser=!0,l.env={},l.argv=[],l.version="",l.versions={},l.on=c,l.addListener=c,l.once=c,l.off=c,l.removeListener=c,l.removeAllListeners=c,l.emit=c,l.binding=function(e){throw new Error("process.binding is not supported")},l.cwd=function(){return"/"},l.chdir=function(e){throw new Error("process.chdir is not supported")},l.umask=function(){return 0}},function(e,t,n){(function(e,r){function o(e,t){this._id=e,this._clearFn=t}var i=n(17).nextTick,s=Function.prototype.apply,a=Array.prototype.slice,u={},c=0;t.setTimeout=function(){return new o(s.call(setTimeout,window,arguments),clearTimeout)},t.setInterval=function(){return new o(s.call(setInterval,window,arguments),clearInterval)},t.clearTimeout=t.clearInterval=function(e){e.close()},o.prototype.unref=o.prototype.ref=function(){},o.prototype.close=function(){this._clearFn.call(window,this._id)},t.enroll=function(e,t){clearTimeout(e._idleTimeoutId),e._idleTimeout=t},t.unenroll=function(e){clearTimeout(e._idleTimeoutId),e._idleTimeout=-1},t._unrefActive=t.active=function(e){clearTimeout(e._idleTimeoutId);var t=e._idleTimeout;t>=0&&(e._idleTimeoutId=setTimeout(function(){e._onTimeout&&e._onTimeout()},t))},t.setImmediate="function"==typeof e?e:function(e){var n=c++,r=!(arguments.length<2)&&a.call(arguments,1);return u[n]=!0,i(function(){u[n]&&(r?e.apply(null,r):e.call(null),t.clearImmediate(n))}),n},t.clearImmediate="function"==typeof r?r:function(e){delete u[e]}}).call(t,n(18).setImmediate,n(18).clearImmediate)},function(e,t){function n(e,t){this.name="AuthApiError",this.message=e.errorSummary,this.errorSummary=e.errorSummary,this.errorCode=e.errorCode,this.errorLink=e.errorLink,this.errorId=e.errorId,this.errorCauses=e.errorCauses,t&&(this.xhr=t)}n.prototype=new Error,e.exports=n},function(e,t){function n(){this.name="AuthPollStopError",this.message="The poll was stopped by the sdk"}n.prototype=new Error,e.exports=n},function(e,t,n){function r(e){return e.session.get().then(function(e){return"ACTIVE"===e.status}).fail(function(){return!1})}function o(e){return c.get(e,"/api/v1/sessions/me").then(function(t){var n=u.omit(t,"_links");return n.refresh=function(){return c.post(e,u.getLink(t,"refresh").href)},n.user=function(){return c.get(e,u.getLink(t,"user").href)},n}).fail(function(){return{status:"INACTIVE"}})}function i(e){return c.httpRequest(e,{url:e.options.url+"/api/v1/sessions/me",method:"DELETE"})}function s(e){return c.post(e,"/api/v1/sessions/me/lifecycle/refresh")}function a(e,t,n){n=n||window.location.href,window.location=e.options.url+"/login/sessionCookieRedirect"+u.toQueryParams({checkAccountSetupComplete:!0,token:t,redirectUrl:n})}var u=n(8),c=n(10);e.exports={sessionExists:r,getSession:o,closeSession:i,refreshSession:s,setCookieAndRedirect:a}},function(e,t,n){function r(e){var t,n=e.split(".");try{t={header:JSON.parse(k.base64UrlToString(n[0])),payload:JSON.parse(k.base64UrlToString(n[1])),signature:n[2]}}catch(r){throw new b("Malformed token")}return t}function o(e,t,n){function r(e){var t;if(t=n.expirationTime||0===n.expirationTime?n.expirationTime:Math.floor(Date.now()/1e3),e&&e>t)return!0}function o(e){if(!n.audience)return!0;for(var t=Array.isArray(n.audience)?n.audience:[n.audience],r=Array.isArray(e)?e:[e],o=t.length;o--;){var i=t[o];if(r.indexOf(i)!==-1)return!0}}return n=n||{},e.features.isTokenVerifySupported()?_.getWellKnown(e).then(function(t){return T.get(e,t.jwks_uri)}).then(function(e){var n=e.keys[0];return x.verifyToken(t,n)}).then(function(i){if(!i)return!1;var s=e.token.decode(t);return!r(s.payload.exp)&&(!!o(s.payload.aud)&&(!n.issuer||n.issuer===s.payload.iss))}):A.reject(new b("This browser doesn't support crypto.subtle"))}function i(e,t,n,o){return(new A).then(function(){if(!t||!t.idToken)throw new b("Only idTokens may be verified");var i=r(t.idToken);return _.validateClaims(e,i.payload,t.clientId,t.issuer,n),o||!e.features.isTokenVerifySupported()?t:_.getKey(e,t.issuer,i.header.kid).then(function(e){return x.verifyToken(t.idToken,e)}).then(function(e){if(!e)throw new b("The token signature is not valid");return t})})}function s(e,t){return t=t||{},t.display=null,t.prompt="none",d(e,t)}function a(e,t,n){function r(t){!t.data||t.origin!==e.options.url||t.data&&k.isString(n)&&t.data.state!==n||o.resolve(t.data)}var o=A.defer();return _.addListener(window,"message",r),o.promise.timeout(t||12e4,new b("OAuth flow timed out")).fin(function(){_.removeListener(window,"message",r)})}function u(e,t,n){function r(){try{t&&t.location&&t.location.hash?o.resolve(_.hashToObject(t.location.hash)):t&&!t.closed&&setTimeout(r,500)}catch(e){setTimeout(r,500)}}var o=A.defer();return r(),o.promise.timeout(n||12e4,new b("OAuth flow timed out"))}function c(e,t,n,r){r=r||{};var o=t.responseType,s=k.clone(t.scopes),a=t.clientId||e.options.clientId;return(new A).then(function(){if(n.error||n.error_description)throw new E(n.error,n.error_description);if(n.state!==t.state)throw new b("OAuth flow response state doesn't match request state");var o={};if(n.access_token&&(o.token={accessToken:n.access_token,expiresAt:Number(n.expires_in)+Math.floor(Date.now()/1e3),tokenType:n.token_type,scopes:s,authorizeUrl:r.authorizeUrl,userinfoUrl:r.userinfoUrl}),n.code&&(o.code={authorizationCode:n.code}),n.id_token){var u=e.token.decode(n.id_token),c={idToken:n.id_token,claims:u.payload,expiresAt:u.payload.exp,scopes:s,authorizeUrl:r.authorizeUrl,issuer:r.issuer,clientId:a};return i(e,c,t.nonce,!0).then(function(e){return o.id_token=c,o})}return o}).then(function(e){if(!Array.isArray(o))return e[o];if(!e.token&&!e.id_token)throw new b("Unable to parse OAuth flow response");return o.map(function(t){return e[t]})})}function f(e,t){t=k.clone(t)||{},t.scope&&(k.deprecate('The param "scope" is equivalent to "scopes". Use "scopes" instead.'),t.scopes=t.scope,delete t.scope);var n={clientId:e.options.clientId,redirectUri:e.options.redirectUri||window.location.href,responseType:"id_token",responseMode:"okta_post_message",state:k.genRandomString(64),nonce:k.genRandomString(64),scopes:["openid","email"]};return k.extend(n,t),n}function p(e){if(!e.clientId)throw new b("A clientId must be specified in the OktaAuth constructor to get a token");if(k.isString(e.responseType)&&e.responseType.indexOf(" ")!==-1)throw new b("Multiple OAuth responseTypes must be defined as an array");var t=k.removeNils({client_id:e.clientId,redirect_uri:e.redirectUri,response_type:e.responseType,response_mode:e.responseMode,state:e.state,nonce:e.nonce,prompt:e.prompt,display:e.display,sessionToken:e.sessionToken,idp:e.idp,max_age:e.maxAge});if(Array.isArray(t.response_type)&&(t.response_type=t.response_type.join(" ")),e.responseType.indexOf("id_token")!==-1&&e.scopes.indexOf("openid")===-1)throw new b("openid scope must be specified in the scopes argument when requesting an id_token");return t.scope=e.scopes.join(" "),t}function l(e){var t=p(e);return k.toQueryParams(t)}function d(e,t,n){function r(e){var t=/^(https?\:\/\/)?([^:\/?#]*(?:\:[0-9]+)?)/;return t.exec(e)[0]}function o(e){e.closed&&O.reject(new b("Unable to parse OAuth flow response"))}t=t||{},n=n||{};var i=f(e,t),s={prompt:"none",responseMode:"okta_post_message",display:null},p={display:"popup"};t.sessionToken?k.extend(i,s):t.idp&&k.extend(i,p);var d,h;try{h=_.getOAuthUrls(e,i,n),d=h.authorizeUrl+l(i)}catch(y){return A.reject(y)}var m;switch(m=i.sessionToken||null===i.display?"IFRAME":"popup"===i.display?"POPUP":"IMPLICIT"){case"IFRAME":var v=a(e,n.timeout,i.state),g=_.loadFrame(d);return v.then(function(t){return c(e,i,t,h)}).fin(function(){document.body.contains(g)&&g.parentElement.removeChild(g)});case"POPUP":var w;if("okta_post_message"===i.responseMode){if(!e.features.isPopupPostMessageSupported())return A.reject(new b("This browser doesn't have full postMessage support"));w=a(e,n.timeout,i.state)}var T={popupTitle:n.popupTitle},x=_.loadPopup(d,T);if("fragment"===i.responseMode){var E=r(e.idToken.authorize._getLocationHref()),S=r(i.redirectUri);if(E!==S)return A.reject(new b("Using fragment, the redirectUri origin ("+S+") must match the origin of this page ("+E+")"));w=u(e,x,n.timeout)}var O=A.defer(),R=setInterval(function(){o(x)},500);return w.then(function(e){O.resolve(e)}).fail(function(e){O.reject(e)}),O.promise.then(function(t){return c(e,i,t,h)}).fin(function(){x.closed||(clearInterval(R),x.close())});default:return A.reject(new b("The full page redirect flow is not supported"))}}function h(e,t,n){var r=k.clone(t)||{};return k.extend(r,{prompt:"none",responseMode:"okta_post_message",display:null}),d(e,r,n)}function y(e,t,n){var r=k.clone(t)||{};return k.extend(r,{display:"popup"}),d(e,r,n)}function m(e,t,n){t=k.clone(t)||{};var r=f(e,t);if(!t.responseMode){var o=r.responseType;o.indexOf("code")!==-1&&(k.isString(o)||Array.isArray(o)&&1===o.length)?k.extend(r,{responseMode:"query"}):k.extend(r,{responseMode:"fragment"})}var i=_.getOAuthUrls(e,r,n),s=i.authorizeUrl+l(r);O.setCookie(S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME,JSON.stringify({responseType:r.responseType,state:r.state,nonce:r.nonce,scopes:r.scopes,urls:i})),O.setCookie(S.REDIRECT_NONCE_COOKIE_NAME,r.nonce),O.setCookie(S.REDIRECT_STATE_COOKIE_NAME,r.state),e.token.getWithRedirect._setLocation(s)}function v(e,t){if(!_.isToken(t))return A.reject(new b("Refresh must be passed a token with an array of scopes and an accessToken or idToken"));var n;return n=t.accessToken?"token":"id_token",e.token.getWithoutPrompt({responseType:n,scopes:t.scopes},{authorizeUrl:t.authorizeUrl,userinfoUrl:t.userinfoUrl,issuer:t.issuer})}function g(e,t){var n=e.token.parseFromUrl._getLocationHash();t&&(n=t.substring(t.indexOf("#")));var r=O.getCookie(S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME);if(!n||!r)return A.reject(new b("Unable to parse a token from the url"));try{var o=JSON.parse(r),i=o.urls;delete o.urls,O.deleteCookie(S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME)}catch(s){return A.reject(new b("Unable to parse the "+S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME+" cookie: "+s.message))}return A.resolve(_.hashToObject(n)).then(function(t){return c(e,o,t,i)})}function w(e,t){return t&&(_.isToken(t)||t.accessToken||t.userinfoUrl)?T.httpRequest(e,{url:t.userinfoUrl,method:"GET",accessToken:t.accessToken}).fail(function(e){if(e.xhr&&(401===e.xhr.status||403===e.xhr.status)){var t=e.xhr.getResponseHeader("WWW-Authenticate");if(t){var n=t.match(/error="(.*?)"/)||[],r=t.match(/error_description="(.*?)"/)||[],o=n[1],i=r[1];o&&i&&(e=new E(o,i))}}throw e}):A.reject(new b("getUserInfo requires an access token object"))}var T=n(10),k=n(8),_=n(23),A=n(16),x=n(24),b=n(14),E=n(25),S=n(15),O=n(11);e.exports={getToken:d,getWithoutPrompt:h,getWithPopup:y,getWithRedirect:m,parseFromUrl:g,refreshIdToken:s,decodeToken:r,verifyIdToken:o,refreshToken:v,getUserInfo:w,verifyToken:i}},function(e,t,n){function r(e){return!(!e||!e.accessToken&&!e.idToken||!Array.isArray(e.scopes))}function o(e,t,n){e.addEventListener?e.addEventListener(t,n):e.attachEvent("on"+t,n)}function i(e,t,n){e.removeEventListener?e.removeEventListener(t,n):e.detachEvent("on"+t,n)}function s(e){var t=document.createElement("iframe");return t.style.display="none",t.src=e,document.body.appendChild(t)}function a(e,t){var n=t.popupTitle||"External Identity Provider User Authentication",r="toolbar=no, scrollbars=yes, resizable=yes, top=100, left=500, width=600, height=600";return window.open(e,n,r)}function u(e,t){return d.get(e,(t||e.options.url)+"/.well-known/openid-configuration",{cacheResponse:!0})}function c(e,t,n){return u(e,t).then(function(t){var r=t.jwks_uri,o=v.getStorage(),i=o[r];if(i&&Date.now()/1e3<i.expiresAt){var s=h.find(i.response.keys,{kid:n});if(s)return s}return v.clearStorage(r),d.get(e,r,{cacheResponse:!0}).then(function(e){var t=h.find(e.keys,{kid:n});if(t)return t;throw new m("The key id, "+n+", was not found in the server's keys")})})}function f(e,t,n,r,o){if(!t||!r||!n)throw new m("The jwt, iss, and aud arguments are all required");if(o&&t.nonce!==o)throw new m("OAuth flow response nonce doesn't match request nonce");var i=Math.floor((new Date).getTime()/1e3);if(t.iss!==r)throw new m("The issuer ["+t.iss+"] does not match ["+r+"]");if(t.aud!==n)throw new m("The audience ["+t.aud+"] does not match ["+n+"]");if(t.iat>t.exp)throw new m("The JWT expired before it was issued");if(i-e.options.maxClockSkew>t.exp)throw new m("The JWT expired and is no longer valid");if(t.iat>i+e.options.maxClockSkew)throw new m("The JWT was issued in the future")}function p(e,t,n){n=n||{};var r=h.removeTrailingSlash(n.authorizeUrl)||e.options.authorizeUrl,o=h.removeTrailingSlash(n.issuer)||e.options.issuer,i=h.removeTrailingSlash(n.userinfoUrl)||e.options.userinfoUrl;if(o&&!/^https?:/.test(o)&&(o=e.options.url+"/oauth2/"+o),!o&&r&&t.responseType.indexOf("id_token")!==-1)throw new m("Cannot request idToken with an authorizeUrl without an issuer");if(!o&&t.responseType.indexOf("token")!==-1){if(r&&!i)throw new m("Cannot request accessToken with an authorizeUrl without an issuer or userinfoUrl");if(i&&!r)throw new m("Cannot request token with an userinfoUrl without an issuer or authorizeUrl")}var s=new RegExp("^https?://.*?/oauth2/.+");return o=o||e.options.url,s.test(o)?(r=r||o+"/v1/authorize",i=i||o+"/v1/userinfo"):(r=r||o+"/oauth2/v1/authorize",i=i||o+"/oauth2/v1/userinfo"),{issuer:o,authorizeUrl:r,userinfoUrl:i}}function l(e){for(var t,n=/\+/g,r=/([^&=]+)=?([^&]*)/g,o=e.substring(1),i={};;){if(t=r.exec(o),!t)break;var s=t[1],a=t[2];"id_token"===s||"access_token"===s||"code"===s?i[s]=a:i[s]=decodeURIComponent(a.replace(n," "))}return i}var d=n(10),h=n(8),y=n(12),m=n(14),v=y.getHttpCache();e.exports={getWellKnown:u,getKey:c,validateClaims:f,getOAuthUrls:p,loadFrame:s,loadPopup:a,hashToObject:l,isToken:r,addListener:o,removeListener:i}},function(e,t,n){function r(e,t){t=o.clone(t);var n="jwk",r={name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}},i=!0,s=["verify"];return delete t.use,crypto.subtle.importKey(n,t,r,i,s).then(function(t){var n=e.split("."),i=o.stringToBuffer(n[0]+"."+n[1]),s=o.base64UrlDecode(n[2]),a=o.stringToBuffer(s);return crypto.subtle.verify(r,t,a,i)})}var o=n(8);e.exports={verifyToken:r}},function(e,t){function n(e,t){this.name="OAuthError",this.message=t,this.errorCode=e,this.errorSummary=t}n.prototype=new Error,e.exports=n},function(e,t,n){function r(e,t,n){e.emitter.emit("expired",t,n)}function o(e,t){clearTimeout(e.refreshTimeouts[t]),delete e.refreshTimeouts[t]}function i(e){var t=e.refreshTimeouts;for(var n in t)t.hasOwnProperty(n)&&o(e,n);e.refreshTimeouts={}}function s(e,t,n,i,s){var a=1e3*s.expiresAt-Date.now();a<0&&(a=0);var u=setTimeout(function(){return t.autoRefresh?p(e,t,n,i):void(1e3*s.expiresAt<=Date.now()&&(f(t,n,i),r(t,i,s)))},a);o(t,i),t.refreshTimeouts[i]=u}function a(e,t,n){try{var r=n.getStorage()}catch(o){return void t.emitter.emit("error",o)}for(var i in r)if(r.hasOwnProperty(i)){var a=r[i];s(e,t,n,i,a)}}function u(e,t,n,r,o){var i=n.getStorage();if(!h.isObject(o)||!o.scopes||!o.expiresAt&&0!==o.expiresAt||!o.idToken&&!o.accessToken)throw new y("Token must be an Object with scopes, expiresAt, and an idToken or accessToken properties");i[r]=o,n.setStorage(i),s(e,t,n,r,o)}function c(e,t){var n=e.getStorage();return n[t]}function f(e,t,n){o(e,n);var r=t.getStorage();delete r[n],t.setStorage(r)}function p(e,t,n,i){try{var s=c(n,i);if(!s)throw new y("The tokenManager has no token for the key: "+i)}catch(a){return v.reject(a)}return o(t,i),e.token.refresh(s).then(function(r){return u(e,t,n,i,r),t.emitter.emit("refreshed",i,r,s),
!function(t){"use strict";if("function"==typeof bootstrap)bootstrap("promise",t);else{e.exports=t()}}(function(){"use strict";function e(e){return function(){return Q.apply(e,arguments)}}function r(e){return e===Object(e)}function o(e){return"[object StopIteration]"===oe(e)||e instanceof B}function i(e,t){if(K&&t.stack&&"object"==typeof e&&null!==e&&e.stack&&e.stack.indexOf(ie)===-1){for(var n=[],r=t;r;r=r.source)r.stack&&n.unshift(r.stack);n.unshift(e.stack);var o=n.join("\n"+ie+"\n");e.stack=s(o)}}function s(e){for(var t=e.split("\n"),n=[],r=0;r<t.length;++r){var o=t[r];c(o)||a(o)||!o||n.push(o)}return n.join("\n")}function a(e){return e.indexOf("(module.js:")!==-1||e.indexOf("(node.js:")!==-1}function u(e){var t=/at .+ \((.+):(\d+):(?:\d+)\)$/.exec(e);if(t)return[t[1],Number(t[2])];var n=/at ([^ ]+):(\d+):(?:\d+)$/.exec(e);if(n)return[n[1],Number(n[2])];var r=/.*@(.+):(\d+)$/.exec(e);return r?[r[1],Number(r[2])]:void 0}function c(e){var t=u(e);if(!t)return!1;var n=t[0],r=t[1];return n===X&&r>=J&&r<=fe}function f(){if(K)try{throw new Error}catch(e){var t=e.stack.split("\n"),n=t[0].indexOf("@")>0?t[1]:t[2],r=u(n);if(!r)return;return X=r[0],r[1]}}function p(e,t,n){return function(){return"undefined"!=typeof console&&"function"==typeof console.warn&&console.warn(t+" is deprecated, use "+n+" instead.",new Error("").stack),e.apply(e,arguments)}}function l(e){return e instanceof m?e:T(e)?C(e):O(e)}function d(){function e(e){t=e,i.source=e,$(n,function(t,n){l.nextTick(function(){e.promiseDispatch.apply(e,n)})},void 0),n=void 0,r=void 0}var t,n=[],r=[],o=te(d.prototype),i=te(m.prototype);if(i.promiseDispatch=function(e,o,i){var s=Y(arguments);n?(n.push(s),"when"===o&&i[1]&&r.push(i[1])):l.nextTick(function(){t.promiseDispatch.apply(t,s)})},i.valueOf=function(){if(n)return i;var e=g(t);return w(e)&&(t=e),e},i.inspect=function(){return t?t.inspect():{state:"pending"}},l.longStackSupport&&K)try{throw new Error}catch(s){i.stack=s.stack.substring(s.stack.indexOf("\n")+1)}return o.promise=i,o.resolve=function(n){t||e(l(n))},o.fulfill=function(n){t||e(O(n))},o.reject=function(n){t||e(S(n))},o.notify=function(e){t||$(r,function(t,n){l.nextTick(function(){n(e)})},void 0)},o}function h(e){if("function"!=typeof e)throw new TypeError("resolver must be a function.");var t=d();try{e(t.resolve,t.reject,t.notify)}catch(n){t.reject(n)}return t.promise}function y(e){return h(function(t,n){for(var r=0,o=e.length;r<o;r++)l(e[r]).then(t,n)})}function m(e,t,n){void 0===t&&(t=function(e){return S(new Error("Promise does not support operation: "+e))}),void 0===n&&(n=function(){return{state:"unknown"}});var r=te(m.prototype);if(r.promiseDispatch=function(n,o,i){var s;try{s=e[o]?e[o].apply(r,i):t.call(r,o,i)}catch(a){s=S(a)}n&&n(s)},r.inspect=n,n){var o=n();"rejected"===o.state&&(r.exception=o.reason),r.valueOf=function(){var e=n();return"pending"===e.state||"rejected"===e.state?r:e.value}}return r}function v(e,t,n,r){return l(e).then(t,n,r)}function g(e){if(w(e)){var t=e.inspect();if("fulfilled"===t.state)return t.value}return e}function w(e){return e instanceof m}function T(e){return r(e)&&"function"==typeof e.then}function k(e){return w(e)&&"pending"===e.inspect().state}function _(e){return!w(e)||"fulfilled"===e.inspect().state}function A(e){return w(e)&&"rejected"===e.inspect().state}function x(){se.length=0,ae.length=0,ce||(ce=!0)}function b(e,n){ce&&("object"==typeof t&&"function"==typeof t.emit&&l.nextTick.runAfter(function(){Z(ae,e)!==-1&&(t.emit("unhandledRejection",n,e),ue.push(e))}),ae.push(e),n&&"undefined"!=typeof n.stack?se.push(n.stack):se.push("(no stack) "+n))}function E(e){if(ce){var n=Z(ae,e);n!==-1&&("object"==typeof t&&"function"==typeof t.emit&&l.nextTick.runAfter(function(){var r=Z(ue,e);r!==-1&&(t.emit("rejectionHandled",se[n],e),ue.splice(r,1))}),ae.splice(n,1),se.splice(n,1))}}function S(e){var t=m({when:function(t){return t&&E(this),t?t(e):this}},function(){return this},function(){return{state:"rejected",reason:e}});return b(t,e),t}function O(e){return m({when:function(){return e},get:function(t){return e[t]},set:function(t,n){e[t]=n},"delete":function(t){delete e[t]},post:function(t,n){return null===t||void 0===t?e.apply(void 0,n):e[t].apply(e,n)},apply:function(t,n){return e.apply(t,n)},keys:function(){return re(e)}},void 0,function(){return{state:"fulfilled",value:e}})}function C(e){var t=d();return l.nextTick(function(){try{e.then(t.resolve,t.reject,t.notify)}catch(n){t.reject(n)}}),t.promise}function R(e){return m({isDef:function(){}},function(t,n){return P(e,t,n)},function(){return l(e).inspect()})}function j(e,t,n){return l(e).spread(t,n)}function U(e){return function(){function t(e,t){var s;if("undefined"==typeof StopIteration){try{s=n[e](t)}catch(a){return S(a)}return s.done?l(s.value):v(s.value,r,i)}try{s=n[e](t)}catch(a){return o(a)?l(a.value):S(a)}return v(s,r,i)}var n=e.apply(this,arguments),r=t.bind(t,"next"),i=t.bind(t,"throw");return r()}}function I(e){l.done(l.async(e)())}function N(e){throw new B(e)}function M(e){return function(){return j([this,q(arguments)],function(t,n){return e.apply(t,n)})}}function P(e,t,n){return l(e).dispatch(t,n)}function q(e){return v(e,function(e){var t=0,n=d();return $(e,function(r,o,i){var s;w(o)&&"fulfilled"===(s=o.inspect()).state?e[i]=s.value:(++t,v(o,function(r){e[i]=r,0===--t&&n.resolve(e)},n.reject,function(e){n.notify({index:i,value:e})}))},void 0),0===t&&n.resolve(e),n.promise})}function D(e){if(0===e.length)return l.resolve();var t=l.defer(),n=0;return $(e,function(r,o,i){function s(e){t.resolve(e)}function a(){n--,0===n&&t.reject(new Error("Can't get fulfillment value from any promise, all promises were rejected."))}function u(e){t.notify({index:i,value:e})}var c=e[i];n++,v(c,s,a,u)},void 0),t.promise}function H(e){return v(e,function(e){return e=ee(e,l),v(q(ee(e,function(e){return v(e,G,G)})),function(){return e})})}function L(e){return l(e).allSettled()}function W(e,t){return l(e).then(void 0,void 0,t)}function F(e,t){return l(e).nodeify(t)}var K=!1;try{throw new Error}catch(z){K=!!z.stack}var X,B,J=f(),G=function(){},V=function(){function e(){for(var e,t;o.next;)o=o.next,e=o.task,o.task=void 0,t=o.domain,t&&(o.domain=void 0,t.enter()),r(e,t);for(;c.length;)e=c.pop(),r(e);s=!1}function r(t,n){try{t()}catch(r){if(u)throw n&&n.exit(),setTimeout(e,0),n&&n.enter(),r;setTimeout(function(){throw r},0)}n&&n.exit()}var o={task:void 0,next:null},i=o,s=!1,a=void 0,u=!1,c=[];if(V=function(e){i=i.next={task:e,domain:u&&t.domain,next:null},s||(s=!0,a())},"object"==typeof t&&"[object process]"===t.toString()&&t.nextTick)u=!0,a=function(){t.nextTick(e)};else if("function"==typeof n)a="undefined"!=typeof window?n.bind(window,e):function(){n(e)};else if("undefined"!=typeof MessageChannel){var f=new MessageChannel;f.port1.onmessage=function(){a=p,f.port1.onmessage=e,e()};var p=function(){f.port2.postMessage(0)};a=function(){setTimeout(e,0),p()}}else a=function(){setTimeout(e,0)};return V.runAfter=function(e){c.push(e),s||(s=!0,a())},V}(),Q=Function.call,Y=e(Array.prototype.slice),$=e(Array.prototype.reduce||function(e,t){var n=0,r=this.length;if(1===arguments.length)for(;;){if(n in this){t=this[n++];break}if(++n>=r)throw new TypeError}for(;n<r;n++)n in this&&(t=e(t,this[n],n));return t}),Z=e(Array.prototype.indexOf||function(e){for(var t=0;t<this.length;t++)if(this[t]===e)return t;return-1}),ee=e(Array.prototype.map||function(e,t){var n=this,r=[];return $(n,function(o,i,s){r.push(e.call(t,i,s,n))},void 0),r}),te=Object.create||function(e){function t(){}return t.prototype=e,new t},ne=e(Object.prototype.hasOwnProperty),re=Object.keys||function(e){var t=[];for(var n in e)ne(e,n)&&t.push(n);return t},oe=e(Object.prototype.toString);B="undefined"!=typeof ReturnValue?ReturnValue:function(e){this.value=e};var ie="From previous event:";l.resolve=l,l.nextTick=V,l.longStackSupport=!1,"object"==typeof t&&t&&t.env&&t.env.Q_DEBUG&&(l.longStackSupport=!0),l.defer=d,d.prototype.makeNodeResolver=function(){var e=this;return function(t,n){t?e.reject(t):arguments.length>2?e.resolve(Y(arguments,1)):e.resolve(n)}},l.Promise=h,l.promise=h,h.race=y,h.all=q,h.reject=S,h.resolve=l,l.passByCopy=function(e){return e},m.prototype.passByCopy=function(){return this},l.join=function(e,t){return l(e).join(t)},m.prototype.join=function(e){return l([this,e]).spread(function(e,t){if(e===t)return e;throw new Error("Can't join: not the same: "+e+" "+t)})},l.race=y,m.prototype.race=function(){return this.then(l.race)},l.makePromise=m,m.prototype.toString=function(){return"[object Promise]"},m.prototype.then=function(e,t,n){function r(t){try{return"function"==typeof e?e(t):t}catch(n){return S(n)}}function o(e){if("function"==typeof t){i(e,a);try{return t(e)}catch(n){return S(n)}}return S(e)}function s(e){return"function"==typeof n?n(e):e}var a=this,u=d(),c=!1;return l.nextTick(function(){a.promiseDispatch(function(e){c||(c=!0,u.resolve(r(e)))},"when",[function(e){c||(c=!0,u.resolve(o(e)))}])}),a.promiseDispatch(void 0,"when",[void 0,function(e){var t,n=!1;try{t=s(e)}catch(r){if(n=!0,!l.onerror)throw r;l.onerror(r)}n||u.notify(t)}]),u.promise},l.tap=function(e,t){return l(e).tap(t)},m.prototype.tap=function(e){return e=l(e),this.then(function(t){return e.fcall(t).thenResolve(t)})},l.when=v,m.prototype.thenResolve=function(e){return this.then(function(){return e})},l.thenResolve=function(e,t){return l(e).thenResolve(t)},m.prototype.thenReject=function(e){return this.then(function(){throw e})},l.thenReject=function(e,t){return l(e).thenReject(t)},l.nearer=g,l.isPromise=w,l.isPromiseAlike=T,l.isPending=k,m.prototype.isPending=function(){return"pending"===this.inspect().state},l.isFulfilled=_,m.prototype.isFulfilled=function(){return"fulfilled"===this.inspect().state},l.isRejected=A,m.prototype.isRejected=function(){return"rejected"===this.inspect().state};var se=[],ae=[],ue=[],ce=!0;l.resetUnhandledRejections=x,l.getUnhandledReasons=function(){return se.slice()},l.stopUnhandledRejectionTracking=function(){x(),ce=!1},x(),l.reject=S,l.fulfill=O,l.master=R,l.spread=j,m.prototype.spread=function(e,t){return this.all().then(function(t){return e.apply(void 0,t)},t)},l.async=U,l.spawn=I,l["return"]=N,l.promised=M,l.dispatch=P,m.prototype.dispatch=function(e,t){var n=this,r=d();return l.nextTick(function(){n.promiseDispatch(r.resolve,e,t)}),r.promise},l.get=function(e,t){return l(e).dispatch("get",[t])},m.prototype.get=function(e){return this.dispatch("get",[e])},l.set=function(e,t,n){return l(e).dispatch("set",[t,n])},m.prototype.set=function(e,t){return this.dispatch("set",[e,t])},l.del=l["delete"]=function(e,t){return l(e).dispatch("delete",[t])},m.prototype.del=m.prototype["delete"]=function(e){return this.dispatch("delete",[e])},l.mapply=l.post=function(e,t,n){return l(e).dispatch("post",[t,n])},m.prototype.mapply=m.prototype.post=function(e,t){return this.dispatch("post",[e,t])},l.send=l.mcall=l.invoke=function(e,t){return l(e).dispatch("post",[t,Y(arguments,2)])},m.prototype.send=m.prototype.mcall=m.prototype.invoke=function(e){return this.dispatch("post",[e,Y(arguments,1)])},l.fapply=function(e,t){return l(e).dispatch("apply",[void 0,t])},m.prototype.fapply=function(e){return this.dispatch("apply",[void 0,e])},l["try"]=l.fcall=function(e){return l(e).dispatch("apply",[void 0,Y(arguments,1)])},m.prototype.fcall=function(){return this.dispatch("apply",[void 0,Y(arguments)])},l.fbind=function(e){var t=l(e),n=Y(arguments,1);return function(){return t.dispatch("apply",[this,n.concat(Y(arguments))])}},m.prototype.fbind=function(){var e=this,t=Y(arguments);return function(){return e.dispatch("apply",[this,t.concat(Y(arguments))])}},l.keys=function(e){return l(e).dispatch("keys",[])},m.prototype.keys=function(){return this.dispatch("keys",[])},l.all=q,m.prototype.all=function(){return q(this)},l.any=D,m.prototype.any=function(){return D(this)},l.allResolved=p(H,"allResolved","allSettled"),m.prototype.allResolved=function(){return H(this)},l.allSettled=L,m.prototype.allSettled=function(){return this.then(function(e){return q(ee(e,function(e){function t(){return e.inspect()}return e=l(e),e.then(t,t)}))})},l.fail=l["catch"]=function(e,t){return l(e).then(void 0,t)},m.prototype.fail=m.prototype["catch"]=function(e){return this.then(void 0,e)},l.progress=W,m.prototype.progress=function(e){return this.then(void 0,void 0,e)},l.fin=l["finally"]=function(e,t){return l(e)["finally"](t)},m.prototype.fin=m.prototype["finally"]=function(e){return e=l(e),this.then(function(t){return e.fcall().then(function(){return t})},function(t){return e.fcall().then(function(){throw t})})},l.done=function(e,t,n,r){return l(e).done(t,n,r)},m.prototype.done=function(e,n,r){var o=function(e){l.nextTick(function(){if(i(e,s),!l.onerror)throw e;l.onerror(e)})},s=e||n||r?this.then(e,n,r):this;"object"==typeof t&&t&&t.domain&&(o=t.domain.bind(o)),s.then(void 0,o)},l.timeout=function(e,t,n){return l(e).timeout(t,n)},m.prototype.timeout=function(e,t){var n=d(),r=setTimeout(function(){t&&"string"!=typeof t||(t=new Error(t||"Timed out after "+e+" ms"),t.code="ETIMEDOUT"),n.reject(t)},e);return this.then(function(e){clearTimeout(r),n.resolve(e)},function(e){clearTimeout(r),n.reject(e)},n.notify),n.promise},l.delay=function(e,t){return void 0===t&&(t=e,e=void 0),l(e).delay(t)},m.prototype.delay=function(e){return this.then(function(t){var n=d();return setTimeout(function(){n.resolve(t)},e),n.promise})},l.nfapply=function(e,t){return l(e).nfapply(t)},m.prototype.nfapply=function(e){var t=d(),n=Y(e);return n.push(t.makeNodeResolver()),this.fapply(n).fail(t.reject),t.promise},l.nfcall=function(e){var t=Y(arguments,1);return l(e).nfapply(t)},m.prototype.nfcall=function(){var e=Y(arguments),t=d();return e.push(t.makeNodeResolver()),this.fapply(e).fail(t.reject),t.promise},l.nfbind=l.denodeify=function(e){var t=Y(arguments,1);return function(){var n=t.concat(Y(arguments)),r=d();return n.push(r.makeNodeResolver()),l(e).fapply(n).fail(r.reject),r.promise}},m.prototype.nfbind=m.prototype.denodeify=function(){var e=Y(arguments);return e.unshift(this),l.denodeify.apply(void 0,e)},l.nbind=function(e,t){var n=Y(arguments,2);return function(){function r(){return e.apply(t,arguments)}var o=n.concat(Y(arguments)),i=d();return o.push(i.makeNodeResolver()),l(r).fapply(o).fail(i.reject),i.promise}},m.prototype.nbind=function(){var e=Y(arguments,0);return e.unshift(this),l.nbind.apply(void 0,e)},l.nmapply=l.npost=function(e,t,n){return l(e).npost(t,n)},m.prototype.nmapply=m.prototype.npost=function(e,t){var n=Y(t||[]),r=d();return n.push(r.makeNodeResolver()),this.dispatch("post",[e,n]).fail(r.reject),r.promise},l.nsend=l.nmcall=l.ninvoke=function(e,t){var n=Y(arguments,2),r=d();return n.push(r.makeNodeResolver()),l(e).dispatch("post",[t,n]).fail(r.reject),r.promise},m.prototype.nsend=m.prototype.nmcall=m.prototype.ninvoke=function(e){var t=Y(arguments,1),n=d();return t.push(n.makeNodeResolver()),this.dispatch("post",[e,t]).fail(n.reject),n.promise},l.nodeify=F,m.prototype.nodeify=function(e){return e?void this.then(function(t){l.nextTick(function(){e(null,t)})},function(t){l.nextTick(function(){e(t)})}):this},l.noConflict=function(){throw new Error("Q.noConflict only works when Q is used as a global")};var fe=f();return l})}).call(t,n(17),n(18).setImmediate)},function(e,t){function n(){throw new Error("setTimeout has not been defined")}function r(){throw new Error("clearTimeout has not been defined")}function o(e){if(f===setTimeout)return setTimeout(e,0);if((f===n||!f)&&setTimeout)return f=setTimeout,setTimeout(e,0);try{return f(e,0)}catch(t){try{return f.call(null,e,0)}catch(t){return f.call(this,e,0)}}}function i(e){if(p===clearTimeout)return clearTimeout(e);if((p===r||!p)&&clearTimeout)return p=clearTimeout,clearTimeout(e);try{return p(e)}catch(t){try{return p.call(null,e)}catch(t){return p.call(this,e)}}}function s(){y&&d&&(y=!1,d.length?h=d.concat(h):m=-1,h.length&&a())}function a(){if(!y){var e=o(s);y=!0;for(var t=h.length;t;){for(d=h,h=[];++m<t;)d&&d[m].run();m=-1,t=h.length}d=null,y=!1,i(e)}}function u(e,t){this.fun=e,this.array=t}function c(){}var f,p,l=e.exports={};!function(){try{f="function"==typeof setTimeout?setTimeout:n}catch(e){f=n}try{p="function"==typeof clearTimeout?clearTimeout:r}catch(e){p=r}}();var d,h=[],y=!1,m=-1;l.nextTick=function(e){var t=new Array(arguments.length-1);if(arguments.length>1)for(var n=1;n<arguments.length;n++)t[n-1]=arguments[n];h.push(new u(e,t)),1!==h.length||y||o(a)},u.prototype.run=function(){this.fun.apply(null,this.array)},l.title="browser",l.browser=!0,l.env={},l.argv=[],l.version="",l.versions={},l.on=c,l.addListener=c,l.once=c,l.off=c,l.removeListener=c,l.removeAllListeners=c,l.emit=c,l.binding=function(e){throw new Error("process.binding is not supported")},l.cwd=function(){return"/"},l.chdir=function(e){throw new Error("process.chdir is not supported")},l.umask=function(){return 0}},function(e,t,n){(function(e,r){function o(e,t){this._id=e,this._clearFn=t}var i=n(17).nextTick,s=Function.prototype.apply,a=Array.prototype.slice,u={},c=0;t.setTimeout=function(){return new o(s.call(setTimeout,window,arguments),clearTimeout)},t.setInterval=function(){return new o(s.call(setInterval,window,arguments),clearInterval)},t.clearTimeout=t.clearInterval=function(e){e.close()},o.prototype.unref=o.prototype.ref=function(){},o.prototype.close=function(){this._clearFn.call(window,this._id)},t.enroll=function(e,t){clearTimeout(e._idleTimeoutId),e._idleTimeout=t},t.unenroll=function(e){clearTimeout(e._idleTimeoutId),e._idleTimeout=-1},t._unrefActive=t.active=function(e){clearTimeout(e._idleTimeoutId);var t=e._idleTimeout;t>=0&&(e._idleTimeoutId=setTimeout(function(){e._onTimeout&&e._onTimeout()},t))},t.setImmediate="function"==typeof e?e:function(e){var n=c++,r=!(arguments.length<2)&&a.call(arguments,1);return u[n]=!0,i(function(){u[n]&&(r?e.apply(null,r):e.call(null),t.clearImmediate(n))}),n},t.clearImmediate="function"==typeof r?r:function(e){delete u[e]}}).call(t,n(18).setImmediate,n(18).clearImmediate)},function(e,t){function n(e,t){this.name="AuthApiError",this.message=e.errorSummary,this.errorSummary=e.errorSummary,this.errorCode=e.errorCode,this.errorLink=e.errorLink,this.errorId=e.errorId,this.errorCauses=e.errorCauses,t&&(this.xhr=t)}n.prototype=new Error,e.exports=n},function(e,t){function n(){this.name="AuthPollStopError",this.message="The poll was stopped by the sdk"}n.prototype=new Error,e.exports=n},function(e,t,n){function r(e){return e.session.get().then(function(e){return"ACTIVE"===e.status}).fail(function(){return!1})}function o(e){return c.get(e,"/api/v1/sessions/me").then(function(t){var n=u.omit(t,"_links");return n.refresh=function(){return c.post(e,u.getLink(t,"refresh").href)},n.user=function(){return c.get(e,u.getLink(t,"user").href)},n}).fail(function(){return{status:"INACTIVE"}})}function i(e){return c.httpRequest(e,{url:e.options.url+"/api/v1/sessions/me",method:"DELETE"})}function s(e){return c.post(e,"/api/v1/sessions/me/lifecycle/refresh")}function a(e,t,n){n=n||window.location.href,window.location=e.options.url+"/login/sessionCookieRedirect"+u.toQueryParams({checkAccountSetupComplete:!0,token:t,redirectUrl:n})}var u=n(8),c=n(10);e.exports={sessionExists:r,getSession:o,closeSession:i,refreshSession:s,setCookieAndRedirect:a}},function(e,t,n){function r(e){var t,n=e.split(".");try{t={header:JSON.parse(k.base64UrlToString(n[0])),payload:JSON.parse(k.base64UrlToString(n[1])),signature:n[2]}}catch(r){throw new b("Malformed token")}return t}function o(e,t,n){function r(e){var t;if(t=n.expirationTime||0===n.expirationTime?n.expirationTime:Math.floor(Date.now()/1e3),e&&e>t)return!0}function o(e){if(!n.audience)return!0;for(var t=Array.isArray(n.audience)?n.audience:[n.audience],r=Array.isArray(e)?e:[e],o=t.length;o--;){var i=t[o];if(r.indexOf(i)!==-1)return!0}}return n=n||{},e.features.isTokenVerifySupported()?_.getWellKnown(e).then(function(t){return T.get(e,t.jwks_uri)}).then(function(e){var n=e.keys[0];return x.verifyToken(t,n)}).then(function(i){if(!i)return!1;var s=e.token.decode(t);return!r(s.payload.exp)&&(!!o(s.payload.aud)&&(!n.issuer||n.issuer===s.payload.iss))}):A.reject(new b("This browser doesn't support crypto.subtle"))}function i(e,t,n,o){return(new A).then(function(){if(!t||!t.idToken)throw new b("Only idTokens may be verified");var i=r(t.idToken);return _.validateClaims(e,i.payload,t.clientId,t.issuer,n),o||!e.features.isTokenVerifySupported()?t:_.getKey(e,t.issuer,i.header.kid).then(function(e){return x.verifyToken(t.idToken,e)}).then(function(e){if(!e)throw new b("The token signature is not valid");return t})})}function s(e,t){return t=t||{},t.display=null,t.prompt="none",d(e,t)}function a(e,t,n){function r(t){!t.data||t.origin!==e.options.url||t.data&&k.isString(n)&&t.data.state!==n||o.resolve(t.data)}var o=A.defer();return _.addListener(window,"message",r),o.promise.timeout(t||12e4,new b("OAuth flow timed out")).fin(function(){_.removeListener(window,"message",r)})}function u(e,t,n){function r(){try{t&&t.location&&t.location.hash?o.resolve(_.hashToObject(t.location.hash)):t&&!t.closed&&setTimeout(r,500)}catch(e){setTimeout(r,500)}}var o=A.defer();return r(),o.promise.timeout(n||12e4,new b("OAuth flow timed out"))}function c(e,t,n,r){r=r||{};var o=t.responseType,s=k.clone(t.scopes),a=t.clientId||e.options.clientId;return(new A).then(function(){if(n.error||n.error_description)throw new E(n.error,n.error_description);if(n.state!==t.state)throw new b("OAuth flow response state doesn't match request state");var o={};if(n.access_token&&(o.token={accessToken:n.access_token,expiresAt:Number(n.expires_in)+Math.floor(Date.now()/1e3),tokenType:n.token_type,scopes:s,authorizeUrl:r.authorizeUrl,userinfoUrl:r.userinfoUrl}),n.code&&(o.code={authorizationCode:n.code}),n.id_token){var u=e.token.decode(n.id_token),c={idToken:n.id_token,claims:u.payload,expiresAt:u.payload.exp,scopes:s,authorizeUrl:r.authorizeUrl,issuer:r.issuer,clientId:a};return i(e,c,t.nonce,!0).then(function(e){return o.id_token=c,o})}return o}).then(function(e){if(!Array.isArray(o))return e[o];if(!e.token&&!e.id_token)throw new b("Unable to parse OAuth flow response");return o.map(function(t){return e[t]})})}function f(e,t){t=k.clone(t)||{},t.scope&&(k.deprecate('The param "scope" is equivalent to "scopes". Use "scopes" instead.'),t.scopes=t.scope,delete t.scope);var n={clientId:e.options.clientId,redirectUri:e.options.redirectUri||window.location.href,responseType:"id_token",responseMode:"okta_post_message",state:k.genRandomString(64),nonce:k.genRandomString(64),scopes:["openid","email"]};return k.extend(n,t),n}function p(e){if(!e.clientId)throw new b("A clientId must be specified in the OktaAuth constructor to get a token");if(k.isString(e.responseType)&&e.responseType.indexOf(" ")!==-1)throw new b("Multiple OAuth responseTypes must be defined as an array");var t=k.removeNils({client_id:e.clientId,redirect_uri:e.redirectUri,response_type:e.responseType,response_mode:e.responseMode,state:e.state,nonce:e.nonce,prompt:e.prompt,display:e.display,sessionToken:e.sessionToken,idp:e.idp,max_age:e.maxAge});if(Array.isArray(t.response_type)&&(t.response_type=t.response_type.join(" ")),e.responseType.indexOf("id_token")!==-1&&e.scopes.indexOf("openid")===-1)throw new b("openid scope must be specified in the scopes argument when requesting an id_token");return t.scope=e.scopes.join(" "),t}function l(e){var t=p(e);return k.toQueryParams(t)}function d(e,t,n){function r(e){var t=/^(https?\:\/\/)?([^:\/?#]*(?:\:[0-9]+)?)/;return t.exec(e)[0]}function o(e){e.closed&&O.reject(new b("Unable to parse OAuth flow response"))}t=t||{},n=n||{};var i=f(e,t),s={prompt:"none",responseMode:"okta_post_message",display:null},p={display:"popup"};t.sessionToken?k.extend(i,s):t.idp&&k.extend(i,p);var d,h;try{h=_.getOAuthUrls(e,i,n),d=h.authorizeUrl+l(i)}catch(y){return A.reject(y)}var m;switch(m=i.sessionToken||null===i.display?"IFRAME":"popup"===i.display?"POPUP":"IMPLICIT"){case"IFRAME":var v=a(e,n.timeout,i.state),g=_.loadFrame(d);return v.then(function(t){return c(e,i,t,h)}).fin(function(){document.body.contains(g)&&g.parentElement.removeChild(g)});case"POPUP":var w;if("okta_post_message"===i.responseMode){if(!e.features.isPopupPostMessageSupported())return A.reject(new b("This browser doesn't have full postMessage support"));w=a(e,n.timeout,i.state)}var T={popupTitle:n.popupTitle},x=_.loadPopup(d,T);if("fragment"===i.responseMode){var E=r(e.idToken.authorize._getLocationHref()),S=r(i.redirectUri);if(E!==S)return A.reject(new b("Using fragment, the redirectUri origin ("+S+") must match the origin of this page ("+E+")"));w=u(e,x,n.timeout)}var O=A.defer(),C=setInterval(function(){o(x)},500);return w.then(function(e){O.resolve(e)}).fail(function(e){O.reject(e)}),O.promise.then(function(t){return c(e,i,t,h)}).fin(function(){x.closed||(clearInterval(C),x.close())});default:return A.reject(new b("The full page redirect flow is not supported"))}}function h(e,t,n){var r=k.clone(t)||{};return k.extend(r,{prompt:"none",responseMode:"okta_post_message",display:null}),d(e,r,n)}function y(e,t,n){var r=k.clone(t)||{};return k.extend(r,{display:"popup"}),d(e,r,n)}function m(e,t,n){t=k.clone(t)||{};var r=f(e,t);if(!t.responseMode){var o=r.responseType;o.indexOf("code")!==-1&&(k.isString(o)||Array.isArray(o)&&1===o.length)?k.extend(r,{responseMode:"query"}):k.extend(r,{responseMode:"fragment"})}var i=_.getOAuthUrls(e,r,n),s=i.authorizeUrl+l(r);O.setCookie(S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME,JSON.stringify({responseType:r.responseType,state:r.state,nonce:r.nonce,scopes:r.scopes,urls:i})),O.setCookie(S.REDIRECT_NONCE_COOKIE_NAME,r.nonce),O.setCookie(S.REDIRECT_STATE_COOKIE_NAME,r.state),e.token.getWithRedirect._setLocation(s)}function v(e,t){if(!_.isToken(t))return A.reject(new b("Refresh must be passed a token with an array of scopes and an accessToken or idToken"));var n;return n=t.accessToken?"token":"id_token",e.token.getWithoutPrompt({responseType:n,scopes:t.scopes},{authorizeUrl:t.authorizeUrl,userinfoUrl:t.userinfoUrl,issuer:t.issuer})}function g(e,t){var n=e.token.parseFromUrl._getLocationHash();t&&(n=t.substring(t.indexOf("#")));var r=O.getCookie(S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME);if(!n||!r)return A.reject(new b("Unable to parse a token from the url"));try{var o=JSON.parse(r),i=o.urls;delete o.urls,O.deleteCookie(S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME)}catch(s){return A.reject(new b("Unable to parse the "+S.REDIRECT_OAUTH_PARAMS_COOKIE_NAME+" cookie: "+s.message))}return A.resolve(_.hashToObject(n)).then(function(t){return c(e,o,t,i)})}function w(e,t){return t&&(_.isToken(t)||t.accessToken||t.userinfoUrl)?T.httpRequest(e,{url:t.userinfoUrl,method:"GET",accessToken:t.accessToken}).fail(function(e){if(e.xhr&&(401===e.xhr.status||403===e.xhr.status)){var t=e.xhr.getResponseHeader("WWW-Authenticate");if(t){var n=t.match(/error="(.*?)"/)||[],r=t.match(/error_description="(.*?)"/)||[],o=n[1],i=r[1];o&&i&&(e=new E(o,i))}}throw e}):A.reject(new b("getUserInfo requires an access token object"))}var T=n(10),k=n(8),_=n(23),A=n(16),x=n(24),b=n(14),E=n(25),S=n(15),O=n(11);e.exports={getToken:d,getWithoutPrompt:h,getWithPopup:y,getWithRedirect:m,parseFromUrl:g,refreshIdToken:s,decodeToken:r,verifyIdToken:o,refreshToken:v,getUserInfo:w,verifyToken:i}},function(e,t,n){function r(e){return!(!e||!e.accessToken&&!e.idToken||!Array.isArray(e.scopes))}function o(e,t,n){e.addEventListener?e.addEventListener(t,n):e.attachEvent("on"+t,n)}function i(e,t,n){e.removeEventListener?e.removeEventListener(t,n):e.detachEvent("on"+t,n)}function s(e){var t=document.createElement("iframe");return t.style.display="none",t.src=e,document.body.appendChild(t)}function a(e,t){var n=t.popupTitle||"External Identity Provider User Authentication",r="toolbar=no, scrollbars=yes, resizable=yes, top=100, left=500, width=600, height=600";return window.open(e,n,r)}function u(e,t){return d.get(e,(t||e.options.url)+"/.well-known/openid-configuration",{cacheResponse:!0})}function c(e,t,n){return u(e,t).then(function(t){var r=t.jwks_uri,o=v.getStorage(),i=o[r];if(i&&Date.now()/1e3<i.expiresAt){var s=h.find(i.response.keys,{kid:n});if(s)return s}return v.clearStorage(r),d.get(e,r,{cacheResponse:!0}).then(function(e){var t=h.find(e.keys,{kid:n});if(t)return t;throw new m("The key id, "+n+", was not found in the server's keys")})})}function f(e,t,n,r,o){if(!t||!r||!n)throw new m("The jwt, iss, and aud arguments are all required");if(o&&t.nonce!==o)throw new m("OAuth flow response nonce doesn't match request nonce");var i=Math.floor((new Date).getTime()/1e3);if(t.iss!==r)throw new m("The issuer ["+t.iss+"] does not match ["+r+"]");if(t.aud!==n)throw new m("The audience ["+t.aud+"] does not match ["+n+"]");if(t.iat>t.exp)throw new m("The JWT expired before it was issued");if(i-e.options.maxClockSkew>t.exp)throw new m("The JWT expired and is no longer valid");if(t.iat>i+e.options.maxClockSkew)throw new m("The JWT was issued in the future")}function p(e,t,n){n=n||{};var r=h.removeTrailingSlash(n.authorizeUrl)||e.options.authorizeUrl,o=h.removeTrailingSlash(n.issuer)||e.options.issuer,i=h.removeTrailingSlash(n.userinfoUrl)||e.options.userinfoUrl;if(o&&!/^https?:/.test(o)&&(o=e.options.url+"/oauth2/"+o),!o&&r&&t.responseType.indexOf("id_token")!==-1)throw new m("Cannot request idToken with an authorizeUrl without an issuer");if(!o&&t.responseType.indexOf("token")!==-1){if(r&&!i)throw new m("Cannot request accessToken with an authorizeUrl without an issuer or userinfoUrl");if(i&&!r)throw new m("Cannot request token with an userinfoUrl without an issuer or authorizeUrl")}var s=new RegExp("^https?://.*?/oauth2/.+");return o=o||e.options.url,s.test(o)?(r=r||o+"/v1/authorize",i=i||o+"/v1/userinfo"):(r=r||o+"/oauth2/v1/authorize",i=i||o+"/oauth2/v1/userinfo"),{issuer:o,authorizeUrl:r,userinfoUrl:i}}function l(e){for(var t,n=/\+/g,r=/([^&=]+)=?([^&]*)/g,o=e.substring(1),i={};;){if(t=r.exec(o),!t)break;var s=t[1],a=t[2];"id_token"===s||"access_token"===s||"code"===s?i[s]=a:i[s]=decodeURIComponent(a.replace(n," "))}return i}var d=n(10),h=n(8),y=n(12),m=n(14),v=y.getHttpCache();e.exports={getWellKnown:u,getKey:c,validateClaims:f,getOAuthUrls:p,loadFrame:s,loadPopup:a,hashToObject:l,isToken:r,addListener:o,removeListener:i}},function(e,t,n){function r(e,t){t=o.clone(t);var n="jwk",r={name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}},i=!0,s=["verify"];return delete t.use,crypto.subtle.importKey(n,t,r,i,s).then(function(t){var n=e.split("."),i=o.stringToBuffer(n[0]+"."+n[1]),s=o.base64UrlDecode(n[2]),a=o.stringToBuffer(s);return crypto.subtle.verify(r,t,a,i)})}var o=n(8);e.exports={verifyToken:r}},function(e,t){function n(e,t){this.name="OAuthError",this.message=t,this.errorCode=e,this.errorSummary=t}n.prototype=new Error,e.exports=n},function(e,t,n){function r(e,t,n){e.emitter.emit("expired",t,n)}function o(e,t){clearTimeout(e.refreshTimeouts[t]),delete e.refreshTimeouts[t]}function i(e){var t=e.refreshTimeouts;for(var n in t)t.hasOwnProperty(n)&&o(e,n);e.refreshTimeouts={}}function s(e,t,n,i,s){var a=1e3*s.expiresAt-Date.now();a<0&&(a=0);var u=setTimeout(function(){return t.autoRefresh?p(e,t,n,i):void(1e3*s.expiresAt<=Date.now()&&(f(t,n,i),r(t,i,s)))},a);o(t,i),t.refreshTimeouts[i]=u}function a(e,t,n){try{var r=n.getStorage()}catch(o){return void t.emitter.emit("error",o)}for(var i in r)if(r.hasOwnProperty(i)){var a=r[i];s(e,t,n,i,a)}}function u(e,t,n,r,o){var i=n.getStorage();if(!h.isObject(o)||!o.scopes||!o.expiresAt&&0!==o.expiresAt||!o.idToken&&!o.accessToken)throw new y("Token must be an Object with scopes, expiresAt, and an idToken or accessToken properties");i[r]=o,n.setStorage(i),s(e,t,n,r,o)}function c(e,t){var n=e.getStorage();return n[t]}function f(e,t,n){o(e,n);var r=t.getStorage();delete r[n],t.setStorage(r)}function p(e,t,n,i){try{var s=c(n,i);if(!s)throw new y("The tokenManager has no token for the key: "+i)}catch(a){return v.reject(a)}return o(t,i),e.token.refresh(s).then(function(r){return u(e,t,n,i,r),t.emitter.emit("refreshed",i,r,s),
r}).fail(function(e){throw"OAuthError"===e.name&&(f(t,n,i),r(t,i,s)),e})}function l(e,t){i(e),t.clearStorage()}function d(e,t){t=t||{},t.storage=t.storage||"localStorage",t.autoRefresh||t.autoRefresh===!1||(t.autoRefresh=!0),"localStorage"!==t.storage||m.browserHasLocalStorage()||(h.warn("This browser doesn't support localStorage. Switching to sessionStorage."),t.storage="sessionStorage"),"sessionStorage"!==t.storage||m.browserHasSessionStorage()||(h.warn("This browser doesn't support sessionStorage. Switching to cookie-based storage."),t.storage="cookie");var n;switch(t.storage){case"localStorage":n=T(localStorage,w.TOKEN_STORAGE_NAME);break;case"sessionStorage":n=T(sessionStorage,w.TOKEN_STORAGE_NAME);break;case"cookie":n=T(m.getCookieStorage(),w.TOKEN_STORAGE_NAME);break;default:throw new y("Unrecognized storage option")}var r={emitter:new g,autoRefresh:t.autoRefresh,refreshTimeouts:{}};this.add=h.bind(u,this,e,r,n),this.get=h.bind(c,this,n),this.remove=h.bind(f,this,r,n),this.clear=h.bind(l,this,r,n),this.refresh=h.bind(p,this,e,r,n),this.on=h.bind(r.emitter.on,r.emitter),this.off=h.bind(r.emitter.off,r.emitter),a(e,r,n)}var h=n(8),y=n(14),m=n(12),v=n(16),g=n(27),w=n(15),T=n(13);e.exports=d},function(e,t){function n(){}n.prototype={on:function(e,t,n){var r=this.e||(this.e={});return(r[e]||(r[e]=[])).push({fn:t,ctx:n}),this},once:function(e,t,n){function r(){o.off(e,r),t.apply(n,arguments)}var o=this;return r._=t,this.on(e,r,n)},emit:function(e){var t=[].slice.call(arguments,1),n=((this.e||(this.e={}))[e]||[]).slice(),r=0,o=n.length;for(r;r<o;r++)n[r].fn.apply(n[r].ctx,t);return this},off:function(e,t){var n=this.e||(this.e={}),r=n[e],o=[];if(r&&t)for(var i=0,s=r.length;i<s;i++)r[i].fn!==t&&r[i].fn._!==t&&o.push(r[i]);return o.length?n[e]=o:delete n[e],this}},e.exports=n}])});
//# sourceMappingURL=okta-auth-js.min.js.map

2

lib/config.js

@@ -12,3 +12,3 @@ module.exports = {

"CACHE_STORAGE_NAME": "okta-cache-storage",
"SDK_VERSION": "1.7.0"
"SDK_VERSION": "1.8.0"
};

147

lib/util.js

@@ -13,8 +13,10 @@ /*!

/* eslint-env es6 */
function base64UrlToBase64(b64u) {
var util = module.exports;
util.base64UrlToBase64 = function(b64u) {
return b64u.replace(/\-/g, '+').replace(/_/g, '/');
}
};
function base64UrlToString(b64u) {
var b64 = base64UrlToBase64(b64u);
util.base64UrlToString = function(b64u) {
var b64 = util.base64UrlToBase64(b64u);
switch (b64.length % 4) {

@@ -38,5 +40,5 @@ case 0:

}
}
};
function stringToBuffer(str) {
util.stringToBuffer = function(str) {
var buffer = new Uint8Array(str.length);

@@ -47,10 +49,9 @@ for (var i = 0; i < str.length; i++) {

return buffer;
}
};
function base64UrlDecode(str) {
return atob(base64UrlToBase64(str));
}
util.base64UrlDecode = function(str) {
return atob(util.base64UrlToBase64(str));
};
function bind(fn, ctx) {
util.bind = function(fn, ctx) {
var additionalArgs = Array.prototype.slice.call(arguments, 2);

@@ -62,25 +63,25 @@ return function() {

};
}
};
function isAbsoluteUrl(url) {
util.isAbsoluteUrl = function(url) {
return /^(?:[a-z]+:)?\/\//i.test(url);
}
};
function isString(obj) {
util.isString = function(obj) {
return Object.prototype.toString.call(obj) === '[object String]';
}
};
function isObject(obj) {
util.isObject = function(obj) {
return Object.prototype.toString.call(obj) === '[object Object]';
}
};
function isNumber(obj) {
util.isNumber = function(obj) {
return Object.prototype.toString.call(obj) === '[object Number]';
}
};
function isArray(obj) {
util.isArray = function(obj) {
return Object.prototype.toString.call(obj) === '[object Array]';
}
};
function isoToUTCString(str) {
util.isoToUTCString = function(str) {
var parts = str.match(/\d+/g),

@@ -91,5 +92,5 @@ isoTime = Date.UTC(parts[0], parts[1] - 1, parts[2], parts[3], parts[4], parts[5]),

return isoDate.toUTCString();
}
};
function toQueryParams(obj) {
util.toQueryParams = function(obj) {
var str = [];

@@ -110,5 +111,5 @@ if (obj !== null) {

}
}
};
function genRandomString(length) {
util.genRandomString = function(length) {
var randomCharset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';

@@ -120,5 +121,5 @@ var random = '';

return random;
}
};
function extend(obj1, obj2) {
util.extend = function(obj1, obj2) {
for (var prop in obj2) {

@@ -129,5 +130,5 @@ if (obj2.hasOwnProperty(prop)) {

}
}
};
function removeNils(obj) {
util.removeNils = function(obj) {
var cleaned = {};

@@ -143,5 +144,5 @@ for (var prop in obj) {

return cleaned;
}
};
function clone(obj) {
util.clone = function(obj) {
if (obj) {

@@ -154,6 +155,6 @@ var str = JSON.stringify(obj);

return obj;
}
};
// Analogous to _.omit
function omit(obj) {
util.omit = function(obj) {
var props = Array.prototype.slice.call(arguments, 1);

@@ -166,6 +167,6 @@ var newobj = {};

}
return clone(newobj);
}
return util.clone(newobj);
};
function find(collection, searchParams) {
util.find = function(collection, searchParams) {
var c = collection.length;

@@ -188,5 +189,5 @@ while (c--) {

}
}
};
function getLink(obj, linkName, altName) {
util.getLink = function(obj, linkName, altName) {
if (!obj || !obj._links) {

@@ -196,3 +197,3 @@ return;

var link = clone(obj._links[linkName]);
var link = util.clone(obj._links[linkName]);

@@ -207,24 +208,38 @@ // If a link has a name and we have an altName, return if they match

}
}
};
function warn(text) {
util.getNativeConsole = function() {
return window.console;
};
util.getConsole = function() {
var nativeConsole = util.getNativeConsole();
if (nativeConsole && nativeConsole.log) {
return nativeConsole;
}
return {
log: function() {}
};
};
util.warn = function(text) {
/* eslint-disable no-console */
console.log('[okta-auth-sdk] WARN: ' + text);
util.getConsole().log('[okta-auth-sdk] WARN: ' + text);
/* eslint-enable */
}
};
function deprecate(text) {
util.deprecate = function(text) {
/* eslint-disable no-console */
console.log('[okta-auth-sdk] DEPRECATION: ' + text);
util.getConsole().log('[okta-auth-sdk] DEPRECATION: ' + text);
/* eslint-enable */
}
};
function deprecateWrap(text, fn) {
util.deprecateWrap = function(text, fn) {
return function() {
deprecate(text);
util.deprecate(text);
return fn.apply(null, arguments);
};
}
};
function removeTrailingSlash(path) {
util.removeTrailingSlash = function(path) {
if (!path) {

@@ -237,28 +252,2 @@ return;

return path;
}
module.exports = {
base64UrlToBase64: base64UrlToBase64,
base64UrlToString: base64UrlToString,
stringToBuffer: stringToBuffer,
base64UrlDecode: base64UrlDecode,
bind: bind,
isAbsoluteUrl: isAbsoluteUrl,
isString: isString,
isObject: isObject,
isNumber: isNumber,
isArray: isArray,
isoToUTCString: isoToUTCString,
toQueryParams: toQueryParams,
genRandomString: genRandomString,
extend: extend,
removeNils: removeNils,
clone: clone,
omit: omit,
find: find,
getLink: getLink,
warn: warn,
deprecate: deprecate,
deprecateWrap: deprecateWrap,
removeTrailingSlash: removeTrailingSlash
};

2

package.json
{
"name": "@okta/okta-auth-js",
"description": "The Okta Auth SDK",
"version": "1.7.0",
"version": "1.8.0",
"homepage": "https://github.com/okta/okta-auth-js",

@@ -6,0 +6,0 @@ "license": "Apache-2.0",

1521

README.md

@@ -0,39 +1,1518 @@

<!-- START GITHUB ONLY -->
[![Build Status](https://travis-ci.org/okta/okta-auth-js.svg?branch=master)](https://travis-ci.org/okta/okta-auth-js)
<!-- END GITHUB ONLY -->
# Okta Auth JS
Introduction
============
Okta Auth JS is a wrapper around [Okta's authentication API](http://developer.okta.com/docs/api/resources/authn.html). It can be used to get an Okta session cookie or an ID token.
The Okta Auth SDK builds on top of our [Authentication API](http://developer.okta.com/docs/api/resources/authn.html) and [OAuth 2.0 API](http://developer.okta.com/docs/api/resources/oidc.html) to enable you to create a fully branded sign-in experience using JavaScript.
If you want to use the SDK, see the instructions on [the Okta Auth SDK developer page](http://developer.okta.com/docs/guides/okta_auth_sdk.html).
<!-- START GITHUB ONLY -->
For an overview of the client's features and authentication flows, check out [our developer docs](http://developer.okta.com/docs/guides/okta_auth_sdk.html).
If you wish to contribute to okta-auth-js, please read the following [contributing guidelines](./CONTRIBUTING.md)
Read our [contributing guidelines](./CONTRIBUTING.md) if you wish to contribute.
If you want to modify the SDK, use the following instructions.
# Table of Contents
## Building the SDK
* [Install](#install)
* [Using the Okta CDN](#using-the-okta-cdn)
* [Using the npm module](#using-the-npm-module)
* [API](#api)
* [OktaAuth](#new-oktaauthconfig)
* [signIn](#signinoptions)
* [signOut](#signout)
* [forgotPassword](#forgotpasswordoptions)
* [unlockAccount](#unlockaccountoptions)
* [verifyRecoveryToken](#verifyrecoverytokenoptions)
* [tx.resume](#txresume)
* [tx.exists](#txexists)
* [transaction.status](#transactionstatus)
* [LOCKED_OUT](#locked_out)
* [PASSWORD_EXPIRED](#password_expired)
* [PASSWORD_RESET](#password_reset)
* [PASSWORD_WARN](#password_warn)
* [RECOVERY](#recovery)
* [RECOVERY_CHALLENGE](#recovery_challenge)
* [MFA_ENROLL](#mfa_enroll)
* [Enroll Factor](#enroll-factor)
* [MFA_ENROLL_ACTIVATE](#mfa_enroll_activate)
* [MFA_REQUIRED](#mfa_required)
* [MFA_CHALLENGE](#mfa_challenge)
* [SUCCESS](#success)
* [session.setCookieAndRedirect](#sessionsetcookieandredirectsessiontoken-redirecturi)
* [session.exists](#sessionexists)
* [session.get](#sessionget)
* [session.refresh](#sessionrefresh)
* [token.getWithoutPrompt](#tokengetwithoutpromptoauthoptions)
* [token.getWithPopup](#tokengetwithpopupoauthoptions)
* [token.getWithRedirect](#tokengetwithredirectoptions)
* [token.parseFromUrl](#tokenparsefromurloptions)
* [token.decode](#tokendecodeidtokenstring)
* [token.refresh](#tokenrefreshtokentorefresh)
* [token.getUserInfo](#tokengetuserinfoaccesstokenobject)
* [token.verify](#tokenverifyidtokenobject)
* [tokenManager.add](#tokenmanageraddkey-token)
* [tokenManager.get](#tokenmanagergetkey)
* [tokenManager.remove](#tokenmanagerremovekey)
* [tokenManager.clear](#tokenmanagerclear)
* [tokenManager.refresh](#tokenmanagerrefreshkey)
* [tokenManager.on](#tokenmanagerontokenevent-callback-context)
* [tokenManager.off](#tokenmanageroffevent-callback)
* [OpenId Connect Options](#openid-connect-options)
* [Client Configuration](#client-configuration)
* [Developing the Okta Auth Client](#developing-the-okta-auth-client)
* [Building the Client](#building-the-client)
* [Build and Test Commands](#build-and-test-commands)
<!-- END GITHUB ONLY -->
1. Clone the SDK repo.
# Install
```bash
[path]$ git clone git@github.com:okta/okta-auth-js.git
```
You can include Okta Auth JS in your project either directly from the Okta CDN, or by packaging it with your app via our npm package, [@okta/okta-auth-js](https://www.npmjs.com/package/@okta/okta-auth-js).
## Using the Okta CDN
Loading our assets directly from the CDN is a good choice if you want an easy way to get started with okta-auth-js, and don't already have an existing build process that leverages [npm](https://www.npmjs.com/) for external dependencies.
To use the CDN, include links to the JS and CSS files in your HTML:
```html
<!-- Latest CDN production Javascript: 1.6.0 -->
<script
src="https://ok1static.oktacdn.com/assets/js/sdk/okta-auth-js/1.6.0/okta-auth-js.min.js"
type="text/javascript"></script>
```
The `okta-auth-js.min.js` file will expose a global `OktaAuth` object. Use it to bootstrap the client:
```javascript
var authClient = new OktaAuth({/* configOptions */});
```
## Using the npm module
Using our npm module is a good choice if:
- You have a build system in place where you manage dependencies with npm.
- You do not want to load scripts directly from third party sites.
To install [@okta/okta-auth-js](https://www.npmjs.com/package/@okta/okta-auth-js):
```bash
# Run this command in your project root folder.
[project-root-folder]$ npm install @okta/okta-auth-js --save
```
After running `npm install`:
The minified auth client will be installed to `node_modules/@okta/okta-auth-js/dist`. You can copy the `dist` contents to a publicly hosted directory. However, if you're using a bundler like [Webpack](https://webpack.github.io/) or [Browserify](http://browserify.org/), you can simply import the module using CommonJS.
```javascript
var OktaAuth = require('@okta/okta-auth-js');
var authClient = new OktaAuth(/* configOptions */);
```
# API
## new OktaAuth(config)
Creates a new instance of the Okta Auth Client with the provided options. The client has many [config options](#configuration). The only required option to get started is `url`, the base url for your Okta domain.
- `config` - Options that are used to configure the client
```javascript
var authClient = new OktaAuth({url: 'https://acme.okta.com'});
```
## signIn(options)
The goal of an authentication flow is to [set an Okta session cookie on the user's browser](http://developer.okta.com/use_cases/authentication/session_cookie#retrieving-a-session-cookie-by-visiting-a-session-redirect-link) or [retrieve an `id_token` or `access_token`](http://developer.okta.com/use_cases/authentication/session_cookie#retrieving-a-session-cookie-via-openid-connect-authorization-endpoint). The flow is started using `signIn`.
- `username` - User’s non-qualified short-name (e.g. dade.murphy) or unique fully-qualified login (e.g dade.murphy@example.com)
- `password` - The password of the user
```javascript
authClient.signIn({
username: 'some-username',
password: 'some-password'
})
.then(function(transaction) {
if (transaction.status === 'SUCCESS') {
authClient.session.setCookieAndRedirect(transaction.sessionToken); // Sets a cookie on redirect
} else {
throw 'We cannot handle the ' + transaction.status + ' status';
}
})
.fail(function(err) {
console.error(err);
});
```
## signOut()
Signs the user out of their current Okta [session](http://developer.okta.com/docs/api/resources/sessions.html#example).
```javascript
authClient.signOut()
.then(function() {
console.log('successfully logged out');
})
.fail(function(err) {
console.error(err);
});
```
## [forgotPassword(options)](http://developer.okta.com/docs/api/resources/authn.html#forgot-password)
Starts a new password recovery transaction for a given user and issues a recovery token that can be used to reset a user’s password.
- `username` - User’s non-qualified short-name (e.g. dade.murphy) or unique fully-qualified login (e.g dade.murphy@example.com)
- `factorType` - Recovery factor to use for primary authentication. Supported options are `SMS`, `EMAIL`, or `CALL`
- `relayState` - Optional state value that is persisted for the lifetime of the recovery transaction
```javascript
authClient.forgotPassword({
username: 'dade.murphy@example.com',
factorType: 'SMS',
})
.then(function(transaction) {
return transaction.verify({
passCode: '123456' // The passCode from the SMS or CALL
});
})
.then(function(transaction) {
if (transaction.status === 'SUCCESS') {
authClient.session.setCookieAndRedirect(transaction.sessionToken);
} else {
throw 'We cannot handle the ' + transaction.status + ' status';
}
})
.fail(function(err) {
console.error(err);
});
```
## [unlockAccount(options)](http://developer.okta.com/docs/api/resources/authn.html#unlock-account)
Starts a new unlock recovery transaction for a given user and issues a recovery token that can be used to unlock a user’s account.
- `username` - User’s non-qualified short-name (e.g. dade.murphy) or unique fully-qualified login (e.g dade.murphy@example.com)
- `factorType` - Recovery factor to use for primary authentication. Supported options are `SMS`, `EMAIL`, or `CALL`
- `relayState` - Optional state value that is persisted for the lifetime of the recovery transaction
```javascript
authClient.unlockAccount({
username: 'dade.murphy@example.com',
factorType: 'SMS',
})
.then(function(transaction) {
return transaction.verify({
passCode: '123456' // The passCode from the SMS
});
})
.then(function(transaction) {
if (transaction.status === 'SUCCESS') {
authClient.session.setCookieAndRedirect(transaction.sessionToken);
} else {
throw 'We cannot handle the ' + transaction.status + ' status';
}
})
.fail(function(err) {
console.error(err);
});
```
## [verifyRecoveryToken(options)](http://developer.okta.com/docs/api/resources/authn.html#verify-recovery-token)
Validates a recovery token that was distributed to the end-user to continue the recovery transaction.
- `recoveryToken` - Recovery token that was distributed to end-user via an out-of-band mechanism such as email
```javascript
authClient.verifyRecoveryToken({
recoveryToken: '00xdqXOE5qDZX8-PBR1bYv8AESqIFinDy3yul01tyh'
})
.then(function(transaction) {
if (transaction.status === 'SUCCESS') {
authClient.session.setCookieAndRedirect(transaction.sessionToken);
} else {
throw 'We cannot handle the ' + transaction.status + ' status';
}
})
.fail(function(err) {
console.error(err);
});
```
## tx.resume()
Resumes an in-progress **transaction**. This is useful if a user navigates away from the login page before authentication is complete.
```javascript
authClient.tx.exists()
.then(function(exists) {
if (exists) {
return authClient.tx.resume();
}
throw new Error('a session does not exist');
})
.then(function(transaction) {
console.log('current status:', transaction.status);
})
.fail(function(err) {
console.error(err);
});
```
## tx.exists()
Check for a **transaction** to be resumed. This is synchronous and returns `true` or `false`.
```javascript
var exists = authClient.tx.exists()
if (exists) {
console.log('a session exists');
} else {
console.log('a session does not exist');
}
```
## transaction.status
When Auth Client methods resolve, they return a **transaction** object that encapsulates [the new state in the authentication flow](http://developer.okta.com/docs/api/resources/authn.html#transaction-model). This **transaction** contains metadata about the current state, and methods that can be used to progress to the next state.
![State Model Diagram](http://developer.okta.com/assets/img/auth-state-model.png "State Model Diagram")
Sample transactions and their methods:
### Common methods
#### cancel()
Terminates the current auth flow.
```javascript
transaction.cancel()
.then(function() {
// transaction canceled. You can now start another with authClient.signIn
});
```
### [LOCKED_OUT](http://developer.okta.com/docs/api/resources/authn.html#show-lockout-failures)
The user account is locked; self-service unlock or admin unlock is required.
```javascript
{
status: 'LOCKED_OUT',
unlock: function(options) { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [unlock(options)](http://developer.okta.com/docs/api/resources/authn.html#unlock-account)
- `username` - User’s non-qualified short-name (e.g. dade.murphy) or unique fully-qualified login (e.g dade.murphy@example.com)
- `factorType` - Recovery factor to use for primary authentication. Supported options are `SMS`, `EMAIL`, or `CALL`
- `relayState` - Optional state value that is persisted for the lifetime of the recovery transaction
```javascript
transaction.unlock({
username: 'dade.murphy@example.com',
factorType: 'EMAIL'
});
```
#### [cancel()](#cancel)
### [PASSWORD_EXPIRED](http://developer.okta.com/docs/api/resources/authn.html#response-example-expired-password)
The user’s password was successfully validated but is expired.
```javascript
{
status: 'PASSWORD_EXPIRED',
expiresAt: '2014-11-02T23:39:03.319Z',
user: {
id: '00ub0oNGTSWTBKOLGLNR',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
}
},
changePassword: function(options) { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [changePassword(options)](http://developer.okta.com/docs/api/resources/authn.html#reset-password)
- `oldPassword` - User’s current password that is expired
- `newPassword` - New password for user
```javascript
transaction.changePassword({
oldPassword: '0ldP4ssw0rd',
newPassword: 'N3wP4ssw0rd'
});
```
#### [cancel()](#cancel)
### PASSWORD_RESET
The user successfully answered their recovery question and can set a new password.
```javascript
{
status: 'PASSWORD_EXPIRED',
expiresAt: '2014-11-02T23:39:03.319Z',
user: {
id: '00ub0oNGTSWTBKOLGLNR',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
}
},
resetPassword: function(options) { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [resetPassword(options)](http://developer.okta.com/docs/api/resources/authn.html#reset-password)
- `newPassword` - New password for user
```javascript
transaction.resetPassword({
newPassword: 'N3wP4ssw0rd'
});
```
#### [cancel()](#cancel)
### PASSWORD_WARN
The user’s password was successfully validated but is about to expire and should be changed.
```javascript
{
status: 'PASSWORD_WARN',
expiresAt: '2014-11-02T23:39:03.319Z',
user: {
id: '00ub0oNGTSWTBKOLGLNR',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
}
},
policy: {
expiration:{
passwordExpireDays: 0
},
complexity: {
minLength: 8,
minLowerCase: 1,
minUpperCase: 1,
minNumber: 1,
minSymbol: 0,
excludeUsername: true
},
age:{
minAgeMinutes:0,
historyCount:0
}
},
changePassword: function(options) { /* returns another transaction */ },
skip: function() { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [changePassword(options)](http://developer.okta.com/docs/api/resources/authn.html#change-password)
- `oldPassword` - User’s current password that is about to expire
- `newPassword` - New password for user
```javascript
transaction.changePassword({
oldPassword: '0ldP4ssw0rd',
newPassword: 'N3wP4ssw0rd'
});
```
#### skip()
Ignore the warning and continue.
```javascript
transaction.skip();
```
#### [cancel()](#cancel)
### RECOVERY
The user has requested a recovery token to reset their password or unlock their account.
```javascript
{
status: 'RECOVERY',
expiresAt: '2014-11-02T23:39:03.319Z',
recoveryType: 'PASSWORD', // or 'UNLOCK'
user: {
id: '00ub0oNGTSWTBKOLGLNR',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
},
recovery_question: {
question: "Who's a major player in the cowboy scene?"
}
},
answer: function(options) { /* returns another transaction */ },
recovery: function(options) { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [answer(options)](http://developer.okta.com/docs/api/resources/authn.html#answer-recovery-question)
- `answer` - Answer to user’s recovery question
```javascript
transaction.answer({
answer: 'My favorite recovery question answer'
});
```
#### [recovery(options)](http://developer.okta.com/docs/api/resources/authn.html#verify-recovery-token)
- `recoveryToken` - Recovery token that was distributed to end-user via out-of-band mechanism such as email
```javascript
transaction.recovery({
recoveryToken: '00xdqXOE5qDZX8-PBR1bYv8AESqIFinDy3yul01tyh'
});
```
#### [cancel()](#cancel)
### RECOVERY_CHALLENGE
The user must verify the factor-specific recovery challenge.
```javascript
{
status: 'RECOVERY_CHALLENGE',
expiresAt: '2014-11-02T23:39:03.319Z',
recoveryType: 'PASSWORD', // or 'UNLOCK',
factorType: 'EMAIL', // or 'SMS'
user: {
id: '00ub0oNGTSWTBKOLGLNR',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
}
},
verify: function(options) { /* returns another transaction */ },
resend: function() { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [verify(options)](http://developer.okta.com/docs/api/resources/authn.html#verify-sms-recovery-factor)
- `passCode` - OTP sent to device
```javascript
transaction.verify({
passCode: '615243'
});
```
#### [resend()](http://developer.okta.com/docs/api/resources/authn.html#resend-sms-recovery-challenge)
Resend the recovery email or text.
```javascript
transaction.resend();
```
#### [cancel()](#cancel)
### MFA_ENROLL
When MFA is required, but a user isn’t enrolled in MFA, they must enroll in at least one factor.
```javascript
{
status: 'MFA_ENROLL',
expiresAt: '2014-11-02T23:39:03.319Z',
user: {
id: '00ub0oNGTSWTBKOLGLNR',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
}
},
factors: [{
provider: 'OKTA',
factorType: 'question',
questions: function() { /* returns an array of possible questions */ },
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'OKTA',
factorType: 'sms',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'OKTA',
factorType: 'call',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'OKTA',
factorType: 'push',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'OKTA',
factorType: 'token:software:totp',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'GOOGLE',
factorType: 'token:software:totp',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'YUBICO',
factorType: 'token:hardware',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'RSA',
factorType: 'token',
enroll: function(options) { /* returns another transaction */ }
}, {
provider: 'SYMANTEC',
factorType: 'token',
enroll: function(options) { /* returns another transaction */ }
}],
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [cancel()](#cancel)
#### Enroll Factor
To enroll in a factor, select one from the factors array, then use the following methods.
```javascript
var factor = transaction.factors[/* index of the desired factor */];
```
##### [questions()](http://developer.okta.com/docs/api/resources/factors.html#list-security-questions)
List the available questions for the question factorType.
```javascript
var questionFactor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'question';
});
questionFactor.questions()
.then(function(questions) {
// Display questions for the user to select from
});
```
##### enroll(options)
The enroll options depend on the desired factor.
###### [OKTA question](http://developer.okta.com/docs/api/resources/factors.html#enroll-okta-security-question-factor)
```javascript
var questionFactor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'question';
});
questionFactor.enroll({
profile: {
question: 'disliked_food', // all questions available using questionFactor.questions()
answer: 'mayonnaise'
}
});
```
###### [OKTA sms](http://developer.okta.com/docs/api/resources/factors.html#enroll-okta-sms-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'sms';
});
factor.enroll({
profile: {
phoneNumber: '+1-555-415-1337',
updatePhone: true
}
});
// The passCode sent to the phone is verified in MFA_ENROLL_ACTIVATE
```
###### [OKTA call](http://developer.okta.com/docs/api/resources/factors.html#enroll-okta-call-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'call';
});
factor.enroll({
profile: {
phoneNumber: '+1-555-415-1337',
updatePhone: true
}
});
// The passCode from the call is verified in MFA_ENROLL_ACTIVATE
```
###### [OKTA push](http://developer.okta.com/docs/api/resources/factors.html#enroll-okta-verify-push-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'push';
});
factor.enroll();
// The phone will need to scan a QR Code in MFA_ENROLL_ACTIVATE
```
###### [OKTA token:software:totp](http://developer.okta.com/docs/api/resources/factors.html#enroll-okta-verify-totp-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'token:software:totp';
});
factor.enroll();
// The phone will need to scan a QR Code in MFA_ENROLL_ACTIVATE
```
###### [GOOGLE token:software:totp](http://developer.okta.com/docs/api/resources/factors.html#enroll-google-authenticator-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'GOOGLE' && factor.factorType === 'token:software:totp';
});
factor.enroll();
// The phone will need to scan a QR Code in MFA_ENROLL_ACTIVATE
```
###### [YUBICO token:hardware](http://developer.okta.com/docs/api/resources/factors.html#enroll-yubikey-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'YUBICO' && factor.factorType === 'token:hardware';
});
factor.enroll({
passCode: 'cccccceukngdfgkukfctkcvfidnetljjiknckkcjulji'
});
```
###### [RSA token](http://developer.okta.com/docs/api/resources/factors.html#enroll-rsa-securid-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'RSA' && factor.factorType === 'token';
});
factor.enroll({
passCode: '5275875498',
profile: {
credentialId: 'dade.murphy@example.com'
}
});
```
###### [SYMANTEC token](http://developer.okta.com/docs/api/resources/factors.html#enroll-symantec-vip-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'SYMANTEC' && factor.factorType === 'token';
});
factor.enroll({
passCode: '875498',
nextPassCode: '678195',
profile: {
credentialId: 'VSMT14393584'
}
});
```
### MFA_ENROLL_ACTIVATE
The user must activate the factor to complete enrollment.
```javascript
{
status: 'MFA_ENROLL_ACTIVATE',
expiresAt: '2014-11-02T23:39:03.319Z',
factorResult: 'WAITING', // or 'TIMEOUT',
user: {
id: '00ugti3kwafWJBRIY0g3',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
},
},
factor: {
id: 'opfh52xcuft3J4uZc0g3',
provider: 'OKTA',
factorType: 'push',
profile: {},
activation: {
expiresAt: '2015-04-01T15:57:32.000Z',
qrcode: {
href: 'https://acme.okta.com/api/v1/users/00ugti3kwafWJBRIY0g3/factors/opfh52xcuft3J4uZc0g3/qr/00fukNElRS_Tz6k-CFhg3pH4KO2dj2guhmaapXWbc4',
type: 'image/png'
}
}
},
resend: function() { /* returns another transaction */ },
activate: function(options) { /* returns another transaction */ },
poll: function() { /* returns another transaction */ },
prev: function() { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### resend()
Send another OTP if user doesn’t receive the original activation SMS OTP.
```javascript
transaction.resend();
```
#### [activate(options)](http://developer.okta.com/docs/api/resources/authn.html#activate-sms-factor)
- `passCode` - OTP sent to device
```javascript
transaction.activate({
passCode: '615243'
});
```
#### [poll()](http://developer.okta.com/docs/api/resources/authn.html#activate-push-factor)
Poll until factorResult is not WAITING. Throws AuthPollStopError if prev, resend, or cancel is called.
```javascript
transaction.poll();
```
#### [prev()](http://developer.okta.com/docs/api/resources/authn.html#previous-transaction-state)
End current factor enrollment and return to `MFA_ENROLL`.
```javascript
transaction.prev();
```
#### [cancel()](#cancel)
### MFA_REQUIRED
The user must provide additional verification with a previously enrolled factor.
```javascript
{
status: 'MFA_REQUIRED',
expiresAt: '2014-11-02T23:39:03.319Z',
user: {
id: '00ugti3kwafWJBRIY0g3',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
},
},
factors: [{
id: 'ufsigasO4dVUPM5O40g3',
provider: 'OKTA',
factorType: 'question',
profile: {
question: 'disliked_food',
questionText: 'What is the food you least liked as a child?'
},
verify: function(options) { /* returns another transaction */ }
}, {
id: 'opfhw7v2OnxKpftO40g3',
provider: 'OKTA',
factorType: 'push',
profile: {
credentialId: 'isaac@example.org',
deviceType: 'SmartPhone_IPhone',
keys: [
{
kty: 'PKIX',
use: 'sig',
kid: 'default',
x5c: [
'MIIBIjANBgkqhkiG9w0BAQEFBAOCAQ8AMIIBCgKCAQEAs4LfXaaQW6uIpkjoiKn2g9B6nNQDraLyC3XgHP5cvX/qaqry43SwyqjbQtwRkScosDHl59r0DX1V/3xBtBYwdo8rAdX3I5h6z8lW12xGjOkmb20TuAiy8wSmzchdm52kWodUb7OkMk6CgRJRSDVbC97eNcfKk0wmpxnCJWhC+AiSzRVmgkpgp8NanuMcpI/X+W5qeqWO0w3DGzv43FkrYtfSkvpDdO4EvDL8bWX1Ad7mBoNVLWErcNf/uI+r/jFpKHgjvx3iqs2Q7vcfY706Py1m91vT0vs4SWXwzVV6pAVjD/kumL+nXfzfzAHw+A2vb6J2w06Rj71bqUkC2b8TpQIDAQAB'
]
}
],
name: 'Isaac\'s iPhone',
platform: 'IOS',
version: '8.1.3'
},
verify: function() { /* returns another transaction */ }
}, {
id: 'smsigwDlH85L9FyQK0g3',
provider: 'OKTA',
factorType: 'sms',
profile: {
phoneNumber: '+1 XXX-XXX-3355'
},
verify: function() { /* returns another transaction */ }
}, {
id: 'ostigevBq2NObXmTh0g3',
provider: 'OKTA',
factorType: 'token:software:totp',
profile: {
credentialId: 'isaac@example.org'
},
verify: function() { /* returns another transaction */ }
}, {
id: 'uftigiEmYTPOmvqTS0g3',
provider: 'GOOGLE',
factorType: 'token:software:totp',
profile: {
credentialId: 'isaac@example.org'
},
verify: function() { /* returns another transaction */ }
}],
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [cancel()](#cancel)
#### [Verify Factor](http://developer.okta.com/docs/api/resources/authn.html#verify-factor)
To verify a factor, select one from the factors array, then use the following methods.
```javascript
var factor = transaction.factors[/* index of the desired factor */];
```
###### [OKTA question](http://developer.okta.com/docs/api/resources/authn.html#verify-security-question-factor)
```javascript
var questionFactor = transaction.factors.find(function(factor) {
return factor.provider === 'OKTA' && factor.factorType === 'question';
});
questionFactor.verify({
answer: 'mayonnaise'
});
```
###### [All other factors](http://developer.okta.com/docs/api/resources/authn.html#verify-factor)
```javascript
var factor = transaction.factors.find(function(factor) {
return factor.provider === 'YOUR_PROVIDER' && factor.factorType === 'yourFactorType';
});
factor.verify();
```
### MFA_CHALLENGE
The user must verify the factor-specific challenge.
```javascript
{
status: 'MFA_CHALLENGE',
expiresAt: '2014-11-02T23:39:03.319Z',
factorResult: 'WAITING', // or CANCELLED, TIMEOUT, or ERROR
user: {
id: '00ugti3kwafWJBRIY0g3',
profile: {
login: 'isaac@example.org',
firstName: 'Isaac',
lastName: 'Brock',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
},
},
factor: {
id: 'smsigwDlH85L9FyQK0g3',
factorType: 'sms',
provider: 'OKTA',
profile: {
phoneNumber: '+1 XXX-XXX-6688'
}
},
verify: function(options) { /* returns another transaction */ },
poll: function() { /* returns another transaction */ },
prev: function() { /* returns another transaction */ },
cancel: function() { /* terminates the auth flow */ },
data: { /* the parsed json response */ }
}
```
#### [verify(options)](http://developer.okta.com/docs/api/resources/authn.html#verify-factor)
- `passCode` - OTP sent to device
```javascript
transaction.verify({
passCode: '615243'
});
```
#### [poll()](http://developer.okta.com/docs/api/resources/authn.html#activate-push-factor)
Poll until factorResult is not WAITING. Throws AuthPollStopError if prev or cancel is called.
```javascript
transaction.poll();
```
#### [prev()](http://developer.okta.com/docs/api/resources/authn.html#previous-transaction-state)
End current factor verification and return to `MFA_REQUIRED`.
```javascript
transaction.prev();
```
#### [cancel()](#cancel)
### SUCCESS
The end of the authentication flow! This transaction contains a sessionToken you can exchange for an Okta cookie, an `id_token`, or `access_token`.
```javascript
{
expiresAt: '2015-06-08T23:34:34.000Z',
status: 'SUCCESS',
sessionToken: '00p8RhRDCh_8NxIin-wtF5M6ofFtRhfKWGBAbd2WmE',
user: {
id: '00uhm5QzwyZZxjrfp0g3',
profile: {
login: 'exampleUser@example.com',
firstName: 'Test',
lastName: 'User',
locale: 'en_US',
timeZone: 'America/Los_Angeles'
}
}
}
```
## session.setCookieAndRedirect(sessionToken, redirectUri)
This allows you to create a session using a sessionToken.
- `sessionToken` - Ephemeral one-time token used to bootstrap an Okta session.
- `redirectUri` - After setting a cookie, Okta redirects to the specified URI. The default is the current URI.
```javascript
authClient.session.setCookieAndRedirect(transaction.sessionToken);
```
## session.exists()
Returns a promise that resolves with `true` if there is an existing Okta [session](http://developer.okta.com/docs/api/resources/sessions.html#example), or `false` if not.
```javascript
authClient.session.exists()
.then(function(exists) {
if (exists) {
// logged in
} else {
// not logged in
}
});
```
## session.get()
Gets the active [session](http://developer.okta.com/docs/api/resources/sessions.html#example).
```javascript
authClient.session.get()
.then(function(session) {
// logged in
})
.catch(function(err) {
// not logged in
});
```
## session.refresh()
Refresh the current session by extending its lifetime. This can be used as a keep-alive operation.
```javascript
authClient.session.get()
.then(function(session) {
// existing session is now refreshed
})
.catch(function(err) {
// there was a problem refreshing (the user may not have an existing session)
});
```
## token.getWithoutPrompt(oauthOptions)
When you've obtained a sessionToken from the authorization flows, or a session already exists, you can obtain a token or tokens without prompting the user to log in.
- `oauthOptions` - See [OIDC Configuration](#openid-connect-options)
```javascript
authClient.token.getWithoutPrompt({
responseType: 'id_token', // or array of types
sessionToken: 'testSessionToken' // optional if the user has an existing Okta session
})
.then(function(tokenOrTokens) {
// manage token or tokens
})
.catch(function(err) {
// handle OAuthError
});
```
## token.getWithPopup(oauthOptions)
Create token with a popup.
- `oauthOptions` - See [OIDC Configuration](#openid-connect-options)
```javascript
authClient.token.getWithPopup(oauthOptions)
.then(function(tokenOrTokens) {
// manage token or tokens
})
.catch(function(err) {
// handle OAuthError
});
```
## token.getWithRedirect(options)
Create token using a redirect.
- `oauthOptions` - See [OIDC Configuration](#openid-connect-options)
```javascript
authClient.token.getWithRedirect(oauthOptions);
```
## token.parseFromUrl(options)
Parses the access or ID Tokens from the url after a successful authentication redirect.
```javascript
authClient.token.parseFromUrl()
.then(function(tokenOrTokens) {
// manage token or tokens
})
.catch(function(err) {
// handle OAuthError
});
```
## token.decode(idTokenString)
Decode a raw ID Token
- `idTokenString` - an id_token JWT
```javascript
authClient.token.decode('YOUR_ID_TOKEN_JWT');
```
## token.refresh(tokenToRefresh)
Returns a new token if the Okta [session](http://developer.okta.com/docs/api/resources/sessions.html#example) is still valid.
- `tokenToRefresh` - an access token or ID token previously provided by Okta. note: this is not the raw JWT
```javascript
// this token is provided by Okta via getWithoutPrompt, getWithPopup, and parseFromUrl
var tokenToRefresh = {
idToken: 'YOUR_ID_TOKEN_JWT',
claims: { /* token claims */ },
expiresAt: 1449699930,
scopes: ['openid', 'email'],
authorizeUrl: 'https://example.okta.com/oauth2/v1/authorize',
issuer: 'https://example.okta.com',
clientId: 'NPSfOkH5eZrTy8PMDlvx'
};
authClient.token.refresh(tokenToRefresh)
.then(function(freshToken) {
// manage freshToken
})
.catch(function(err) {
// handle OAuthError
});
```
## token.getUserInfo(accessTokenObject)
Retrieve the [details about a user](http://developer.okta.com/docs/api/resources/oidc.html#response-example-success).
- `accessTokenObject` - an access token returned by this library. note: this is not the raw access token
```javascript
authClient.token.getUserInfo(accessTokenObject)
.then(function(user) {
// user has details about the user
});
```
## token.verify(idTokenObject)
Verify the validity of an ID token's claims and check the signature on browsers that support web cryptography.
- `idTokenObject` - an ID token returned by this library. note: this is not the raw ID token JWT
```javascript
authClient.token.verify(idTokenObject)
.then(function() {
// the idToken is valid
})
.catch(function(err) {
// handle AuthSdkError
});
```
## tokenManager.add(key, token)
After receiving an `access_token` or `id_token`, add it to the `tokenManager` to manage token expiration and refresh operations. When a token is added to the `tokenManager`, it is automatically refreshed when it expires.
- `key` - Unique key to store the token in the `tokenManager`. This is used later when you want to get, delete, or refresh the token.
- `token` - Token object that will be added
```javascript
authClient.token.getWithPopup()
.then(function(idToken) {
authClient.tokenManager.add('my_id_token', idToken);
});
```
## tokenManager.get(key)
Get a token that you have previously added to the `tokenManager` with the given `key`.
- `key` - Key for the token you want to get
```javascript
var token = authClient.tokenManager.get('my_id_token');
```
## tokenManager.remove(key)
Remove a token from the `tokenManager` with the given `key`.
- `key` - Key for the token you want to remove
```javascript
authClient.tokenManager.remove('my_id_token');
```
## tokenManager.clear()
Remove all tokens from the `tokenManager`.
```javascript
authClient.tokenManager.clear();
```
## tokenManager.refresh(key)
Manually refresh a token before it expires.
- `key` - Key for the token you want to refresh
```javascript
// Because the refresh() method is async, you can wait for it to complete
// by using the returned Promise:
authClient.tokenManager.refresh('my_id_token')
.then(function (newToken) {
// doSomethingWith(newToken);
});
// Alternatively, you can subscribe to the 'refreshed' event:
authClient.tokenManager.on('refreshed', function (key, newToken, oldToken) {
// doSomethingWith(newToken);
});
authClient.tokenManager.refresh('my_id_token');
```
## tokenManager.on(event, callback[, context])
Subscribe to an event published by the `tokenManager`.
- `event` - Event to subscribe to. Possible events are `expired`, `error`, and `refreshed`.
- `callback` - Function to call when the event is triggered
- `context` - Optional context to bind the callback to
```javascript
authClient.tokenManager.on('expired', function (key, expiredToken) {
console.log('Token with key', key, ' has expired:');
console.log(expiredToken);
});
authClient.tokenManager.on('error', function (err) {
console.log('TokenManager error:', err);
});
authClient.tokenManager.on('refreshed', function (key, newToken, oldToken) {
console.log('Token with key', key, 'has been refreshed');
console.log('Old token:', oldToken);
console.log('New token:', newToken);
});
```
## tokenManager.off(event[, callback])
Unsubscribe from `tokenManager` events. If no callback is provided, unsubscribes all listeners from the event.
- `event` - Event to unsubscribe from
- `callback` - Optional callback that was used to subscribe to the event
```javascript
authClient.tokenManager.off('refreshed');
authClient.tokenManager.off('refreshed', myRefreshedCallback);
```
# Client Configuration
The only required configuration option is `url`. All others are optional.
```javascript
var config = {
url: 'https://your-org.okta.com',
clientId: 'your-client-id',
redirectUri: 'https://your.redirect.uri/redirect'
};
var authClient = new OktaAuth(config);
```
- **url:** The URL for your Okta organization
```javascript
// Production org with subdomain "acme"
url: 'https://acme.okta.com'
// Can also target oktapreview and okta-emea, i.e.
url: 'https://acme.oktapreview.com'
```
- **ajaxRequest** The ajax request implementation. By default, this is implemented using [reqwest](https://github.com/ded/reqwest). To provide your own request library, implement the following interface:
1. Must accept:
- method (http method)
- url (target url)
- args (object containing headers and data)
2. Must return a Promise that resolves with a raw XMLHttpRequest response
```javascript
ajaxRequest: function(method, url, args) {
/*
args is in the form:
{
headers: {
headerName: headerValue
},
data: postBodyData
}
*/
return Promise.resolve(/* a raw XMLHttpRequest response */);
}
```
If you're using a bundler like webpack or browserify, we have implementations for jquery and reqwest included. To use them, import the SDK like this:
```javascript
// reqwest
var OktaAuth = require('@okta/okta-auth-js/reqwest');
// jquery
var OktaAuth = require('@okta/okta-auth-js/jquery');
```
# OpenId Connect Options
Options for the [OpenId Connect](http://developer.okta.com/docs/api/resources/oidc.html) authentication flow. This flow is required for social authentication, and requires OAuth client registration with Okta. For instructions, see [Social Authentication](http://developer.okta.com/docs/api/resources/social_authentication.html).
## Can be in Client Configuration
These configuration options can be included when instantiating Okta Auth JS (`new OktaAuth(config)`) or in `token.getWithoutPrompt`, `token.getWithPopup`, or `token.getWithRedirect`. If included in both, the value passed in the method takes priority.
- **clientId:** Client Id pre-registered with Okta for the OIDC authentication flow.
```javascript
clientId: 'GHtf9iJdr60A9IYrR0jw'
```
- **redirectUri:** The url that is redirected to when using `token.getWithRedirect`. This must be pre-registered as part of client registration. If no `redirectUri` is provided, defaults to the current origin.
```javascript
redirectUri: 'https://acme.com/oauth2/callback/home'
```
- **issuer:** Specify a custom issuer to perform the OIDC flow. Defaults to the baseUrl.
```javascript
issuer: 'https://your-org.okta.com/oauth2/aus8aus76q8iphupD0h7'
```
- **authorizeUrl:** Specify a custom authorizeUrl to perform the OIDC flow. Defaults to the issuer plus "/v1/authorize".
```javascript
issuer: 'https://your-org.okta.com/oauth2/aus8aus76q8iphupD0h7',
authorizeUrl: 'https://your-org.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize'
```
- **userinfoUrl:** Specify a custom authorizeUrl to perform the OIDC flow. Defaults to the issuer plus "/v1/userinfo".
```javascript
issuer: 'https://your-org.okta.com/oauth2/aus8aus76q8iphupD0h7',
userinfoUrl: 'https://your-org.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo'
```
## Cannot be in Client Configuration
- **sessionToken** Specify an Okta sessionToken to skip reauthentication when the user already authenticated using the Authentication Flow.
```javascript
sessionToken: '00p8RhRDCh_8NxIin-wtF5M6ofFtRhfKWGBAbd2WmE'
```
- **responseMode:** Specify how the authorization response should be returned. You will generally not need to set this unless you want to override the default values for `token.getWithRedirect`.
- `okta_post_message` - Used with `token.getWithPopup` and `token.getWithoutPrompt`. Uses [postMessage](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) to send the response from the popup or iframe to the origin window.
- `fragment` - Default value when using `token.getWithRedirect` and `responseType != 'code'`. Returns the authorization response in the hash fragment of the URL after the authorization redirect.
- `query` - Default value when using `token.getWithRedirect` and `responseType = 'code'`. Returns the authorization response in the query string of the URL after the authorization redirect.
- `form_post` - Returns the authorization response as a form POST after the authorization redirect. Use this when using `token.getWithRedirect` and you do not want the response returned in the URL.
```javascript
// Use form_post instead of query in the Authorization Code flow
responseType: 'code',
responseMode: 'form_post'
```
- **responseType:** Specify the response type for OIDC authentication. Defaults to `id_token`.
Valid response types are `id_token`, `access_token`, and `code`. Note that `code` goes through the Authorization Code flow, which requires the server to exchange the Authorization Code for tokens.
```javascript
// Specifying a single responseType
responseType: 'token'
// Use an array if specifying multiple response types - in this case,
// the response will contain both an ID Token and an Access Token.
responseType: ['id_token', 'token']
```
- **scopes:** Specify what information to make available in the returned `id_token` or `access_token`. For OIDC, you must include `openid` as one of the scopes. Defaults to `['openid', 'email']`.
Valid OIDC scopes: `openid`, `email`, `profile`, `address`, `phone`
```javascript
scopes: ['openid', 'email', 'profile', 'address', 'phone']
```
- **state:** Specify a state that will be validated in an OAuth response. This is usually only provided during redirect flows to obtain an authorization code. Defaults to a random string.
```javascript
state: '8rFzn3MH5q'
```
- **nonce:** Specify a nonce that will be validated in an `id_token`. This is usually only provided during redirect flows to obtain an authorization code that will be exchanged for an `id_token`. Defaults to a random string.
```javascript
nonce: '51GePTswrm'
```
# Developing the Okta Auth Client
## Building the Client
1. Clone the repo.
```bash
[path]$ git clone git@github.com:okta/okta-auth-js.git
```
2. Navigate to the new `okta-auth-js` folder, and install the Okta node dependencies.
```bash
[path/okta-auth-js]$ npm install
```
```bash
[path/okta-auth-js]$ npm install
```
3. Build the SDK. The output will be under `dist/browser/`. The standalone version is `OktaAuthReqwest.min.js`.
3. Build the SDK. The output will be under `dist/browser/`. The standalone version is `okta-auth-js.min.js`.
```bash
[path/okta-auth-js]$ npm run build
```
```bash
[path/okta-auth-js]$ npm run build
```
## Build and test commands
## Build and Test Commands
| Command | Description |
| --- | --- |
| `npm run build` | Build the SDK |
| `npm test` | Run unit tests |
| `npm run lint:report` | Run linting tests |
| `npm run build` | Build the SDK with a sourcemap |
| `npm test` | Run unit tests using PhantomJS |
| `npm run lint:report` | Run eslint linting tests |
dist/okta-auth-js.min.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc