UNPKG

@okta-dfuhriman/okta-auth-js

Version:
91 lines (87 loc) 3.61 kB
"use strict"; exports.addListener = addListener; exports.addPostMessageListener = addPostMessageListener; exports.loadFrame = loadFrame; exports.loadPopup = loadPopup; exports.removeListener = removeListener; var _errors = require("../../errors"); /*! * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. * */ /* global window, document */ /* eslint-disable complexity, max-statements */ function addListener(eventTarget, name, fn) { if (eventTarget.addEventListener) { eventTarget.addEventListener(name, fn); } else { eventTarget.attachEvent('on' + name, fn); } } function removeListener(eventTarget, name, fn) { if (eventTarget.removeEventListener) { eventTarget.removeEventListener(name, fn); } else { eventTarget.detachEvent('on' + name, fn); } } function loadFrame(src) { var iframe = document.createElement('iframe'); iframe.style.display = 'none'; iframe.src = src; return document.body.appendChild(iframe); } function loadPopup(src, options) { var title = options.popupTitle || 'External Identity Provider User Authentication'; var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600'; return window.open(src, title, appearance); } function addPostMessageListener(sdk, timeout, state) { var responseHandler; var timeoutId; var msgReceivedOrTimeout = new Promise(function (resolve, reject) { responseHandler = function responseHandler({ data, origin }) { const oauthResponse = sdk?.options?.provider === 'okta-cic' && data?.type === 'authorization_response' && data?.response ? data.response : data?.code && data?.state ? data : undefined; if (oauthResponse?.error) { return reject(new _errors.AuthSdkError(oauthResponse.error)); } if (oauthResponse?.code && oauthResponse?.state === state) { // Message is for us! // Configuration mismatch between saved token and current app instance // This may happen if apps with different issuers are running on the same host url // If they share the same storage key, they may read and write tokens in the same location. // Common when developing against http://localhost // Added option to allow a list of trusted origins to account for more complex use cases. const { allowedOrigins = [] } = sdk?.options || {}; if (![...allowedOrigins, sdk.getIssuerOrigin()].includes(origin)) { return reject(new _errors.AuthSdkError('The request does not match client configuration')); } resolve(oauthResponse); } // Message not meant for us return; }; addListener(window, 'message', responseHandler); timeoutId = setTimeout(function () { reject(new _errors.AuthSdkError('OAuth flow timed out')); }, timeout || 120000); }); return msgReceivedOrTimeout.finally(function () { clearTimeout(timeoutId); removeListener(window, 'message', responseHandler); }); } //# sourceMappingURL=browser.js.map