UNPKG

@okta-dfuhriman/okta-auth-js

Version:
101 lines (84 loc) 3.66 kB
/*! * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. * */ /* global window, document */ /* eslint-disable complexity, max-statements */ import { AuthSdkError } from '../../errors'; import { OAuthResponse, OktaAuthOAuthInterface, TokenParams } from '../types'; export function addListener(eventTarget, name, fn) { if (eventTarget.addEventListener) { eventTarget.addEventListener(name, fn); } else { eventTarget.attachEvent('on' + name, fn); } } export function removeListener(eventTarget, name, fn) { if (eventTarget.removeEventListener) { eventTarget.removeEventListener(name, fn); } else { eventTarget.detachEvent('on' + name, fn); } } export function loadFrame(src) { var iframe = document.createElement('iframe'); iframe.style.display = 'none'; iframe.src = src; return document.body.appendChild(iframe); } export function loadPopup(src: string, options: TokenParams) { var title = options.popupTitle || 'External Identity Provider User Authentication'; var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600'; return window.open(src, title, appearance); } export function addPostMessageListener(sdk: OktaAuthOAuthInterface, timeout, state) { var responseHandler: (e: MessageEvent<any>) => void; var timeoutId; var msgReceivedOrTimeout = new Promise<OAuthResponse | undefined>(function (resolve, reject) { responseHandler = function responseHandler({ data, origin }) { const oauthResponse = sdk?.options?.provider === 'okta-cic' && data?.type === 'authorization_response' && data?.response ? (data as { response: OAuthResponse, type: string }).response : data?.code && data?.state ? data as OAuthResponse : undefined; if (oauthResponse?.error) { return reject(new AuthSdkError(oauthResponse.error)); } if (oauthResponse?.code && oauthResponse?.state === state) { // Message is for us! // Configuration mismatch between saved token and current app instance // This may happen if apps with different issuers are running on the same host url // If they share the same storage key, they may read and write tokens in the same location. // Common when developing against http://localhost // Added option to allow a list of trusted origins to account for more complex use cases. const { allowedOrigins = [] } = sdk?.options || {}; if (![...allowedOrigins, sdk.getIssuerOrigin()].includes(origin)) { return reject(new AuthSdkError('The request does not match client configuration')); } resolve(oauthResponse); } // Message not meant for us return; }; addListener(window, 'message', responseHandler); timeoutId = setTimeout(function () { reject(new AuthSdkError('OAuth flow timed out')); }, timeout || 120000); }); return msgReceivedOrTimeout .finally(function () { clearTimeout(timeoutId); removeListener(window, 'message', responseHandler); }); }