@okta-dfuhriman/okta-auth-js
Version:
The Okta Auth SDK
101 lines (84 loc) • 3.66 kB
text/typescript
/*!
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
*
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*
* See the License for the specific language governing permissions and limitations under the License.
*
*/
/* global window, document */
/* eslint-disable complexity, max-statements */
import { AuthSdkError } from '../../errors';
import { OAuthResponse, OktaAuthOAuthInterface, TokenParams } from '../types';
export function addListener(eventTarget, name, fn) {
if (eventTarget.addEventListener) {
eventTarget.addEventListener(name, fn);
} else {
eventTarget.attachEvent('on' + name, fn);
}
}
export function removeListener(eventTarget, name, fn) {
if (eventTarget.removeEventListener) {
eventTarget.removeEventListener(name, fn);
} else {
eventTarget.detachEvent('on' + name, fn);
}
}
export function loadFrame(src) {
var iframe = document.createElement('iframe');
iframe.style.display = 'none';
iframe.src = src;
return document.body.appendChild(iframe);
}
export function loadPopup(src: string, options: TokenParams) {
var title = options.popupTitle || 'External Identity Provider User Authentication';
var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +
'top=100, left=500, width=600, height=600';
return window.open(src, title, appearance);
}
export function addPostMessageListener(sdk: OktaAuthOAuthInterface, timeout, state) {
var responseHandler: (e: MessageEvent<any>) => void;
var timeoutId;
var msgReceivedOrTimeout = new Promise<OAuthResponse | undefined>(function (resolve, reject) {
responseHandler = function responseHandler({ data, origin }) {
const oauthResponse = sdk?.options?.provider === 'okta-cic'
&& data?.type === 'authorization_response'
&& data?.response
? (data as { response: OAuthResponse, type: string }).response
: data?.code && data?.state
? data as OAuthResponse
: undefined;
if (oauthResponse?.error) {
return reject(new AuthSdkError(oauthResponse.error));
}
if (oauthResponse?.code && oauthResponse?.state === state) {
// Message is for us!
// Configuration mismatch between saved token and current app instance
// This may happen if apps with different issuers are running on the same host url
// If they share the same storage key, they may read and write tokens in the same location.
// Common when developing against http://localhost
// Added option to allow a list of trusted origins to account for more complex use cases.
const { allowedOrigins = [] } = sdk?.options || {};
if (![...allowedOrigins, sdk.getIssuerOrigin()].includes(origin)) {
return reject(new AuthSdkError('The request does not match client configuration'));
}
resolve(oauthResponse);
}
// Message not meant for us
return;
};
addListener(window, 'message', responseHandler);
timeoutId = setTimeout(function () {
reject(new AuthSdkError('OAuth flow timed out'));
}, timeout || 120000);
});
return msgReceivedOrTimeout
.finally(function () {
clearTimeout(timeoutId);
removeListener(window, 'message', responseHandler);
});
}