UNPKG

@okta-dfuhriman/okta-auth-js

Version:
95 lines (91 loc) 3.9 kB
/*! * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. */ import AuthSdkError from '../../errors/AuthSdkError.js'; import { removeNils } from '../../util/object.js'; import { toQueryString } from '../../util/url.js'; import { httpRequest } from '../../http/request.js'; import 'tiny-emitter'; import 'js-cookie'; import 'cross-fetch'; function validateOptions(sdk, options) { var _a, _b; if (!options.clientId) { throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token'); } if (!((_a = sdk.options) === null || _a === void 0 ? void 0 : _a.pushAuthorizationRequest) && !options.codeVerifier) { throw new AuthSdkError('The "codeVerifier" (generated and saved by your app) must be passed to /token'); } if (((_b = sdk.options) === null || _b === void 0 ? void 0 : _b.pushAuthorizationRequest) && !(options === null || options === void 0 ? void 0 : options.clientAssertion)) { throw new AuthSdkError('The `client_assertion` provided by the PAR endpoint must be present'); } if (!options.redirectUri) { throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token'); } if (!options.authorizationCode && !options.interactionCode) { throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token'); } } function getPostData(sdk, options) { let params = removeNils({ 'client_id': options.clientId, 'redirect_uri': options.redirectUri, 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code', 'code_verifier': options.codeVerifier }); if (options.interactionCode) { params['interaction_code'] = options.interactionCode; } else if (options.authorizationCode) { params.code = options.authorizationCode; } const { clientSecret } = sdk.options; if (options === null || options === void 0 ? void 0 : options.clientAssertion) { params['client_assertion'] = options.clientAssertion; params['client_assertion_type'] = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'; } else if (clientSecret) { params['client_secret'] = clientSecret; } return toQueryString(params).slice(1); } function postToTokenEndpoint(sdk, options, urls) { validateOptions(sdk, options); let data = getPostData(sdk, options); const headers = { 'Content-Type': 'application/x-www-form-urlencoded' }; return httpRequest(sdk, { url: urls.tokenUrl, method: 'POST', args: data, headers }); } function postRefreshToken(sdk, options, refreshToken) { return httpRequest(sdk, { url: refreshToken.tokenUrl, method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, args: Object.entries({ client_id: options.clientId, grant_type: 'refresh_token', scope: refreshToken.scopes.join(' '), refresh_token: refreshToken.refreshToken, }).map(function ([name, value]) { return name + '=' + encodeURIComponent(value); }).join('&'), }); } export { postRefreshToken, postToTokenEndpoint }; //# sourceMappingURL=token.js.map