├── .watchmanconfig ├── samples ├── .eslintignore ├── generated │ ├── static-spa │ │ ├── .npmrc │ │ ├── .eslintrc.js │ │ └── package.json │ ├── webpack-spa │ │ ├── .eslintignore │ │ ├── .npmrc │ │ ├── .gitignore │ │ ├── .eslintrc.js │ │ └── package.json │ ├── express-web-no-oidc │ │ ├── .npmrc │ │ ├── .eslintrc.js │ │ └── package.json │ ├── express-web-with-oidc │ │ ├── .npmrc │ │ ├── .eslintrc.js │ │ └── package.json │ ├── express-embedded-auth-with-sdk │ │ ├── .npmrc │ │ ├── web-server │ │ │ ├── views │ │ │ │ ├── nav.mustache │ │ │ │ ├── cancel.mustache │ │ │ │ ├── formMessages.mustache │ │ │ │ ├── head.mustache │ │ │ │ ├── errors.mustache │ │ │ │ ├── terminal.mustache │ │ │ │ ├── menu.mustache │ │ │ │ ├── error.mustache │ │ │ │ └── unlock-account.mustache │ │ │ ├── assets │ │ │ │ └── js │ │ │ │ │ └── poll.js │ │ │ └── utils │ │ │ │ ├── sendJson.js │ │ │ │ └── appendTransactionIdToPath.js │ │ ├── .eslintrc.js │ │ └── package.json │ ├── express-embedded-sign-in-widget │ │ ├── .npmrc │ │ ├── web-server │ │ │ ├── views │ │ │ │ ├── nav.mustache │ │ │ │ ├── head.mustache │ │ │ │ ├── errors.mustache │ │ │ │ ├── error.mustache │ │ │ │ └── menu.mustache │ │ │ ├── utils │ │ │ │ ├── getTransactionMeta.js │ │ │ │ └── index.js │ │ │ └── middlewares │ │ │ │ ├── oidcConfig.js │ │ │ │ └── index.js │ │ ├── .eslintrc.js │ │ └── package.json │ └── react-embedded-auth-with-sdk │ │ ├── src │ │ ├── main.css │ │ ├── components │ │ │ ├── TopNav │ │ │ │ ├── TopNav.module.css │ │ │ │ └── index.jsx │ │ │ ├── Profile │ │ │ │ └── index.jsx │ │ │ ├── FlowPage │ │ │ │ ├── index.jsx │ │ │ │ └── FlowPage.module.css │ │ │ ├── HomePage │ │ │ │ ├── index.jsx │ │ │ │ └── HomePage.module.css │ │ │ ├── InfoBox │ │ │ │ ├── index.jsx │ │ │ │ ├── InfoBox.module.css │ │ │ │ └── InfoBox.jsx │ │ │ ├── LinkButton │ │ │ │ ├── index.jsx │ │ │ │ ├── LinkButton.module.css │ │ │ │ └── LinkButton.jsx │ │ │ ├── TransactionModalButton │ │ │ │ └── index.jsx │ │ │ ├── ErrorPage.jsx │ │ │ ├── Spinner.jsx │ │ │ ├── TerminalPage.jsx │ │ │ ├── IdpForm.jsx │ │ │ └── CanceledPage.jsx │ │ ├── main.jsx │ │ ├── contexts.js │ │ ├── util.js │ │ ├── .eslintrc.js │ │ └── config.js │ │ ├── .gitignore │ │ └── index.html ├── templates │ ├── static-spa │ │ ├── .npmrc │ │ ├── README.md │ │ ├── .eslintrc.js │ │ ├── package.json │ │ └── public │ │ │ └── app.js │ ├── webpack-spa │ │ ├── .eslintignore │ │ ├── .npmrc │ │ ├── README.md │ │ ├── .gitignore │ │ ├── public │ │ │ └── index.html │ │ ├── .eslintrc.js │ │ ├── package.json │ │ └── src │ │ │ └── index.js │ ├── express-web │ │ ├── .npmrc │ │ ├── README.md │ │ ├── .eslintrc.js │ │ └── package.json │ ├── partials │ │ ├── identity-engine │ │ │ ├── links.md │ │ │ └── custom-storage-provider.md │ │ ├── env.js │ │ └── spa │ │ │ ├── util.js │ │ │ └── authMethod │ │ │ └── direct │ │ │ └── factors │ │ │ ├── okta_verify.js │ │ │ └── email.js │ ├── react-embedded-auth-with-sdk │ │ └── env │ │ │ └── index.js │ ├── express-embedded-auth-with-sdk │ │ └── env │ │ │ └── index.js │ └── express-embedded-sign-in-widget │ │ ├── env │ │ └── index.js │ │ └── package.json ├── test │ ├── support │ │ ├── selectors │ │ │ ├── maps │ │ │ │ ├── links.ts │ │ │ │ ├── inputs.ts │ │ │ │ ├── buttons.ts │ │ │ │ └── authenticators.ts │ │ │ ├── types.ts │ │ │ ├── Page.ts │ │ │ ├── Nav.ts │ │ │ ├── Unauth.ts │ │ │ ├── VerifyEmail.ts │ │ │ ├── PasswordSetup.ts │ │ │ ├── EnrollEmailAuthenticator.ts │ │ │ ├── ChallengeSecurityQuestion.ts │ │ │ ├── ChallengeEmailAuthenticator.ts │ │ │ ├── ChallengePasswordAuthenticator.ts │ │ │ ├── ChallengePhoneAuthenticator.ts │ │ │ └── ChallengeGoogleAuthenticator.ts │ │ ├── action │ │ │ ├── noop.ts │ │ │ ├── clickButton.ts │ │ │ ├── clickLoginWithFacebookInWidget.ts │ │ │ ├── clickLoginWithOktaOIDCIdPInWidget.ts │ │ │ ├── clickLink.ts │ │ │ ├── enterValidPassword.ts │ │ │ ├── confirmValidPassword.ts │ │ │ ├── pressButton.ts │ │ │ ├── skipForm.ts │ │ │ ├── deleteCookies.ts │ │ │ ├── enterIncorrectCredential.ts │ │ │ ├── clickFacebookButton.ts │ │ │ ├── clickOIDCIdPButton.ts │ │ │ ├── context-enabled │ │ │ │ └── live-user │ │ │ │ │ ├── enterValidPassword.ts │ │ │ │ │ ├── confirmValidPassword.ts │ │ │ │ │ └── openEmailMagicLink.ts │ │ │ ├── enterQuestionAnswer.ts │ │ │ ├── inputInvalidEmailFormat.ts │ │ │ ├── enterIncorrectPhoneNumberFormat.ts │ │ │ ├── enterCustomQuestion.ts │ │ │ ├── scroll.ts │ │ │ ├── inputInvalidEmail.ts │ │ │ ├── selectAuthenticator.ts │ │ │ ├── clearInputField.ts │ │ │ ├── getText.ts │ │ │ ├── selectAuthenticatorMethod.ts │ │ │ ├── selectSecurityQuestion.ts │ │ │ └── getSecretFromSharedSecret.ts │ │ ├── check │ │ │ ├── checkLink.ts │ │ │ ├── checkNoProfile.ts │ │ │ ├── checkNoWidget.ts │ │ │ ├── checkQuestionAnswerDisplayed.ts │ │ │ ├── checkCustomSecurityQuestion.ts │ │ │ └── checkSocialLoginButton.ts │ │ ├── management-api │ │ │ ├── createGroup.ts │ │ │ ├── grantConsentToScope.ts │ │ │ ├── fetchUser.ts │ │ │ ├── fetchGroup.ts │ │ │ ├── fetchPolicy.ts │ │ │ ├── addAppToPolicy.ts │ │ │ ├── addAppToGroup.ts │ │ │ ├── util │ │ │ │ └── getOktaClient.ts │ │ │ ├── updateAppOAuthClient.ts │ │ │ └── deleteUser.ts │ │ └── wait │ │ │ ├── waitForOneSecond.ts │ │ │ └── waitForURLPath.ts │ ├── .gitignore │ ├── .babelrc │ ├── util │ │ ├── random.js │ │ ├── selectorUtils.ts │ │ ├── camelize.js │ │ └── getTotp.js │ ├── scripts │ │ └── run.sh │ ├── features │ │ ├── federated-auth.feature │ │ ├── self-service-registration-activation-token.feature │ │ ├── social-idp-with-widget.feature │ │ ├── social-login-mfa.feature │ │ ├── social-idp.feature │ │ └── self-service-registration-custom-attribute.feature │ ├── pageobjects │ │ └── EmbeddedAuthWithSDKApp.js │ └── specs │ │ └── express-embedded-auth-with-sdk.js └── package.json ├── test ├── support │ ├── .eslintignore │ ├── disableFetch.js │ ├── .eslintrc.json │ ├── package.json │ ├── jest │ │ └── jest.config.unit.js │ ├── idx │ │ ├── index.ts │ │ └── factories │ │ │ └── index.ts │ ├── xhr │ │ ├── empty.js │ │ ├── error-network.js │ │ ├── cancel.js │ │ ├── userinfo.js │ │ ├── pkce-token-success.js │ │ ├── error-userinfo-invalid-token.js │ │ └── recovery-challenge-email.js │ └── nodeExceptions.js ├── apps │ ├── tree-shaking │ │ ├── .gitignore │ │ ├── src │ │ │ ├── myaccount.js │ │ │ ├── full.js │ │ │ ├── core.js │ │ │ └── authn.js │ │ ├── package.json │ │ └── README.md │ ├── app │ │ ├── .eslintignore │ │ ├── .gitignore │ │ ├── server │ │ │ └── proxyMiddleware.js │ │ ├── public │ │ │ ├── renew │ │ │ │ └── index.html │ │ │ ├── protected │ │ │ │ └── index.html │ │ │ ├── login │ │ │ │ └── callback │ │ │ │ │ └── index.html │ │ │ └── popup │ │ │ │ └── callback │ │ │ │ └── index.html │ │ ├── tsconfig.json │ │ └── src │ │ │ ├── constants.ts │ │ │ └── webpackEntry.ts │ ├── verify-entries │ │ ├── src │ │ │ ├── vite-env.d.ts │ │ │ ├── default.ts │ │ │ ├── idx.ts │ │ │ └── authn.ts │ │ ├── idx.html │ │ ├── authn.html │ │ ├── default.html │ │ ├── .gitignore │ │ ├── tsconfig.json │ │ ├── README.md │ │ └── package.json │ ├── react-mfa-v1 │ │ ├── README.md │ │ ├── src │ │ │ ├── OktaContext.js │ │ │ ├── main.jsx │ │ │ └── config.js │ │ ├── .eslintrc.js │ │ ├── index.html │ │ └── .gitignore │ └── node-esm │ │ ├── index.js │ │ └── package.json ├── e2e │ ├── .gitignore │ ├── .babelrc │ ├── features │ │ ├── login.feature │ │ ├── .eslintrc.json │ │ └── step-definitions │ │ │ └── before.ts │ ├── tsconfig.json │ ├── specs │ │ └── mfa.js │ └── config.js ├── integration │ ├── util │ │ ├── sleep.ts │ │ └── index.ts │ └── spec │ │ └── myaccount │ │ └── __snapshots__ │ │ ├── sendRequest.ts.snap │ │ └── profile.ts.snap ├── spec │ ├── idx │ │ └── idxState │ │ │ └── mocks │ │ │ ├── interact-response.json │ │ │ ├── terminal-return-email.json │ │ │ └── success.json │ ├── tsconfig.spec.json │ └── base │ │ └── options.ts ├── types │ ├── tstyche.config.json │ ├── package.json │ ├── README.md │ ├── tsconfig.json │ └── http.test-d.ts ├── .eslintrc.json └── tsconfig.json ├── docs ├── .gitattributes └── myaccount │ └── enums │ ├── Status.md │ ├── EmailRole.md │ └── PasswordStatus.md ├── lib ├── oidc │ ├── options │ │ ├── browser.ts │ │ ├── index.ts │ │ └── node.ts │ ├── factory │ │ └── index.ts │ ├── util │ │ ├── refreshToken.ts │ │ ├── enrollAuthenticatorMeta.ts │ │ └── validateToken.ts │ ├── endpoints │ │ └── index.ts │ └── types │ │ ├── TransactionManager.ts │ │ └── endpoints.ts ├── browser │ └── .eslintrc.json ├── idx │ ├── remediators │ │ ├── GenericRemediator │ │ │ └── index.ts │ │ ├── ReEnrollAuthenticatorWarning.ts │ │ └── ChallengePoll.ts │ ├── factory │ │ └── index.ts │ ├── types │ │ ├── FlowSpecification.ts │ │ └── FlowIdentifier.ts │ ├── authenticator │ │ ├── OktaVerifyTotp.ts │ │ └── Authenticator.ts │ ├── idxState │ │ └── v1 │ │ │ └── parsers.ts │ └── flow │ │ ├── RemediationFlow.ts │ │ └── index.ts ├── authn │ └── index.ts ├── base │ └── index.ts ├── core │ ├── types │ │ └── index.ts │ ├── index.ts │ ├── storage.ts │ └── ServiceManager │ │ └── index.ts ├── exports │ ├── cdn │ │ ├── core.ts │ │ ├── idx.ts │ │ ├── authn.ts │ │ ├── default.ts │ │ └── myaccount.ts │ └── common.ts ├── session │ ├── index.ts │ ├── factory.ts │ └── types.ts ├── crypto │ ├── types.ts │ ├── webcrypto.ts │ ├── index.ts │ └── browser.ts ├── http │ ├── index.ts │ └── headers.ts ├── storage │ └── index.ts ├── myaccount │ ├── transactions │ │ ├── ProfileSchemaTransaction.ts │ │ ├── ProfileTransaction.ts │ │ ├── index.ts │ │ └── EmailStatusTransaction.ts │ ├── index.ts │ └── api.ts ├── errors │ ├── types.ts │ └── AuthPollStopError.ts ├── types │ └── global.d.ts ├── license-header.txt ├── .eslintrc.js ├── services │ └── index.ts └── util │ ├── index.ts │ └── jsonpath.ts ├── .npmignore ├── scripts ├── travis.sh ├── samples │ ├── e2e-static-spa.sh │ ├── e2e-webpack-spa.sh │ ├── e2e-express-web-no-oidc.sh │ ├── e2e-express-web-with-oidc.sh │ ├── e2e-react-embedded-auth-with-sdk.sh │ ├── e2e-express-embedded-sign-in-widget.sh │ ├── e2e-express-embedded-auth-with-sdk-features.sh │ └── e2e-express-embedded-auth-with-sdk-spec.sh ├── e2e │ ├── e2e-cucumber.sh │ ├── e2e-dpop.sh │ ├── e2e.sh │ ├── e2e-saucelabs.sh │ └── e2e-mfa.sh ├── buildtools │ ├── license-template │ └── maintain-banners.js ├── verify-package.js └── downstream │ └── create-downstream-for-widget.sh ├── env └── package.json ├── .github ├── ISSUE_TEMPLATE │ └── config.yml └── SECURITY.md ├── .travis.yml ├── .gitignore ├── .eslintignore ├── babel.config.js ├── _testenv.yml ├── jest.browser.js ├── babel.cjs.js ├── typedoc.js └── webpack.polyfill.config.js /.watchmanconfig: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /samples/.eslintignore: -------------------------------------------------------------------------------- 1 | /templates -------------------------------------------------------------------------------- /test/support/.eslintignore: -------------------------------------------------------------------------------- 1 | xhr 2 | -------------------------------------------------------------------------------- /test/apps/tree-shaking/.gitignore: -------------------------------------------------------------------------------- 1 | dist 2 | -------------------------------------------------------------------------------- /test/apps/app/.eslintignore: -------------------------------------------------------------------------------- 1 | /public 2 | /target -------------------------------------------------------------------------------- /samples/generated/static-spa/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/generated/webpack-spa/.eslintignore: -------------------------------------------------------------------------------- 1 | /public -------------------------------------------------------------------------------- /samples/templates/static-spa/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/templates/webpack-spa/.eslintignore: -------------------------------------------------------------------------------- 1 | /public -------------------------------------------------------------------------------- /test/e2e/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | .yalc 3 | *.log -------------------------------------------------------------------------------- /docs/.gitattributes: -------------------------------------------------------------------------------- 1 | myaccount/**/* linguist-generated=true -------------------------------------------------------------------------------- /samples/generated/webpack-spa/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/templates/express-web/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/templates/webpack-spa/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/generated/express-web-no-oidc/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/templates/static-spa/README.md: -------------------------------------------------------------------------------- 1 | {{> spa/README.md }} 2 | -------------------------------------------------------------------------------- /samples/generated/express-web-with-oidc/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/templates/express-web/README.md: -------------------------------------------------------------------------------- 1 | {{> web/README.md }} 2 | -------------------------------------------------------------------------------- /samples/templates/webpack-spa/README.md: -------------------------------------------------------------------------------- 1 | {{> spa/README.md }} 2 | -------------------------------------------------------------------------------- /samples/test/support/selectors/maps/links.ts: -------------------------------------------------------------------------------- 1 | export default {}; 2 | -------------------------------------------------------------------------------- /lib/oidc/options/browser.ts: -------------------------------------------------------------------------------- 1 | export const enableSharedStorage = true; 2 | -------------------------------------------------------------------------------- /lib/oidc/options/index.ts: -------------------------------------------------------------------------------- 1 | export * from './OAuthOptionsConstructor'; 2 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /samples/test/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | .yalc 3 | *.log 4 | reports 5 | -------------------------------------------------------------------------------- /lib/oidc/options/node.ts: -------------------------------------------------------------------------------- 1 | 2 | export const enableSharedStorage = false; 3 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/.npmrc: -------------------------------------------------------------------------------- 1 | engine-strict=true -------------------------------------------------------------------------------- /lib/browser/.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "env": { 3 | "browser": true 4 | } 5 | } -------------------------------------------------------------------------------- /lib/idx/remediators/GenericRemediator/index.ts: -------------------------------------------------------------------------------- 1 | export * from './GenericRemediator'; -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/main.css: -------------------------------------------------------------------------------- 1 | body { 2 | margin: 0; 3 | } -------------------------------------------------------------------------------- /test/apps/verify-entries/src/vite-env.d.ts: -------------------------------------------------------------------------------- 1 | /// 2 | -------------------------------------------------------------------------------- /lib/oidc/factory/index.ts: -------------------------------------------------------------------------------- 1 | export * from './api'; 2 | export * from './OktaAuthOAuth'; 3 | -------------------------------------------------------------------------------- /samples/generated/webpack-spa/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | public/*.js 3 | public/*.map 4 | -------------------------------------------------------------------------------- /samples/templates/webpack-spa/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | public/*.js 3 | public/*.map 4 | -------------------------------------------------------------------------------- /lib/authn/index.ts: -------------------------------------------------------------------------------- 1 | export * from './factory'; 2 | export * from './mixin'; 3 | export * from './types'; 4 | -------------------------------------------------------------------------------- /lib/base/index.ts: -------------------------------------------------------------------------------- 1 | export * from './factory'; 2 | export * from './options'; 3 | export * from './types'; 4 | -------------------------------------------------------------------------------- /test/apps/app/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | .yalc 3 | *.log 4 | public/*.js 5 | public/*.map 6 | public/dist/* 7 | -------------------------------------------------------------------------------- /test/apps/react-mfa-v1/README.md: -------------------------------------------------------------------------------- 1 | # React AuthN MFA Test app 2 | 3 | SPA test app to verify AuthN MFA flows 4 | -------------------------------------------------------------------------------- /test/integration/util/sleep.ts: -------------------------------------------------------------------------------- 1 | export const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms)); 2 | -------------------------------------------------------------------------------- /lib/core/types/index.ts: -------------------------------------------------------------------------------- 1 | export * from './api'; 2 | export * from './AuthState'; 3 | export * from './Service'; 4 | -------------------------------------------------------------------------------- /test/spec/idx/idxState/mocks/interact-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "interaction_handle": "ZZZZZZZINTERACTZZZZZZZZ" 3 | } 4 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/nav.mustache: -------------------------------------------------------------------------------- 1 |
2 | Home 3 |
-------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/views/nav.mustache: -------------------------------------------------------------------------------- 1 |
2 | Home 3 |
-------------------------------------------------------------------------------- /test/apps/react-mfa-v1/src/OktaContext.js: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | 3 | export default React.createContext(null); 4 | -------------------------------------------------------------------------------- /test/integration/util/index.ts: -------------------------------------------------------------------------------- 1 | export * from './createClient'; 2 | export * from './getTokens'; 3 | export * from './sleep'; -------------------------------------------------------------------------------- /lib/idx/factory/index.ts: -------------------------------------------------------------------------------- 1 | export * from './api'; 2 | export * from './OktaAuthIdx'; 3 | export * from './MinimalOktaAuthIdx'; 4 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/TopNav/TopNav.module.css: -------------------------------------------------------------------------------- 1 | .container { 2 | height: 4em; 3 | } 4 | -------------------------------------------------------------------------------- /samples/test/support/action/noop.ts: -------------------------------------------------------------------------------- 1 | /* eslint-disable @typescript-eslint/no-empty-function */ 2 | export default () => {}; 3 | -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | test 2 | build2 3 | .eslintrc.json 4 | .eslintignore 5 | .travis.yml 6 | ci-scripts 7 | webpack*config.js 8 | scripts 9 | -------------------------------------------------------------------------------- /lib/exports/cdn/core.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '../core'; 2 | 3 | // Export only a single object 4 | export default OktaAuth; 5 | -------------------------------------------------------------------------------- /lib/exports/cdn/idx.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '../idx'; 2 | 3 | // Export only a single object 4 | export default OktaAuth; 5 | -------------------------------------------------------------------------------- /test/apps/react-mfa-v1/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | root: true, 3 | ignorePatterns: ['**/*.js', '**/*.jsx'], 4 | }; 5 | -------------------------------------------------------------------------------- /test/e2e/.babelrc: -------------------------------------------------------------------------------- 1 | { 2 | "presets": ["@babel/preset-env"], 3 | "plugins": ["@babel/plugin-transform-async-to-generator"] 4 | } 5 | -------------------------------------------------------------------------------- /test/spec/tsconfig.spec.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../tsconfig.json", 3 | "compilerOptions": { 4 | "noEmit": true 5 | } 6 | } -------------------------------------------------------------------------------- /test/types/tstyche.config.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://tstyche.org/schemas/config.json", 3 | "testFileMatch": ["./*-d.ts"] 4 | } -------------------------------------------------------------------------------- /lib/exports/cdn/authn.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '../authn'; 2 | 3 | // Export only a single object 4 | export default OktaAuth; 5 | -------------------------------------------------------------------------------- /lib/exports/cdn/default.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '../default'; 2 | 3 | // Export only a single object 4 | export default OktaAuth; 5 | -------------------------------------------------------------------------------- /lib/session/index.ts: -------------------------------------------------------------------------------- 1 | export * from './api'; 2 | export * from './factory'; 3 | export * from './mixin'; 4 | export * from './types'; 5 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/Profile/index.jsx: -------------------------------------------------------------------------------- 1 | import Main from './Main'; 2 | export default Main; 3 | -------------------------------------------------------------------------------- /samples/test/.babelrc: -------------------------------------------------------------------------------- 1 | { 2 | "presets": ["@babel/preset-env"], 3 | "plugins": ["@babel/plugin-transform-async-to-generator"] 4 | } 5 | -------------------------------------------------------------------------------- /lib/exports/cdn/myaccount.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '../myaccount'; 2 | 3 | // Export only a single object 4 | export default OktaAuth; 5 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/TopNav/index.jsx: -------------------------------------------------------------------------------- 1 | import TopNav from './TopNav'; 2 | export default TopNav; 3 | -------------------------------------------------------------------------------- /samples/test/util/random.js: -------------------------------------------------------------------------------- 1 | import crypto from 'crypto'; 2 | 3 | export const randomStr = len => crypto.randomBytes(len).toString('hex'); 4 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/FlowPage/index.jsx: -------------------------------------------------------------------------------- 1 | import FlowPage from './FlowPage'; 2 | export default FlowPage; 3 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/HomePage/index.jsx: -------------------------------------------------------------------------------- 1 | import HomePage from './HomePage'; 2 | export default HomePage; 3 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/InfoBox/index.jsx: -------------------------------------------------------------------------------- 1 | import InfoBox from './InfoBox'; 2 | export default InfoBox; 3 | -------------------------------------------------------------------------------- /samples/test/support/selectors/types.ts: -------------------------------------------------------------------------------- 1 | export interface Selectors { 2 | username: string; 3 | password: string; 4 | submit: string; 5 | } 6 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/LinkButton/index.jsx: -------------------------------------------------------------------------------- 1 | import LinkButton from './LinkButton'; 2 | export default LinkButton; 3 | -------------------------------------------------------------------------------- /scripts/travis.sh: -------------------------------------------------------------------------------- 1 | set -e 2 | 3 | # run the validate and unit tests 4 | # validate will run lint and typescript build 5 | yarn validate 6 | yarn test:unit 7 | -------------------------------------------------------------------------------- /lib/crypto/types.ts: -------------------------------------------------------------------------------- 1 | export interface CryptoAPI { 2 | base64UrlToBuffer(b64u: string): Uint8Array; 3 | bufferToBase64Url(bin: Uint8Array): string; 4 | } 5 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/HomePage/HomePage.module.css: -------------------------------------------------------------------------------- 1 | .homePageContainer aside[role="status"] { 2 | max-width: none; 3 | } -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/LinkButton/LinkButton.module.css: -------------------------------------------------------------------------------- 1 | .container a { 2 | font-weight: 600; 3 | cursor: default; 4 | } 5 | -------------------------------------------------------------------------------- /samples/test/support/selectors/maps/inputs.ts: -------------------------------------------------------------------------------- 1 | export default { 2 | username: ['username', 'identifier'], 3 | password: ['password', 'credentials.passcode'], 4 | }; 5 | -------------------------------------------------------------------------------- /test/apps/tree-shaking/src/myaccount.js: -------------------------------------------------------------------------------- 1 | /* eslint-disable */ 2 | import * as myaccount from '@okta/okta-auth-js/myaccount'; 3 | 4 | console.log(Object.keys(myaccount)); 5 | -------------------------------------------------------------------------------- /samples/test/support/selectors/maps/buttons.ts: -------------------------------------------------------------------------------- 1 | export default { 2 | login: ['signin', 'login'], 3 | register: ['signup', 'register'], 4 | logout: ['signout', 'logout'] 5 | }; 6 | -------------------------------------------------------------------------------- /test/types/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/test.types", 3 | "version": "1.0.0", 4 | "description": "test type declarations", 5 | "scripts": { 6 | "test": "tstyche" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /env/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/env", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "private": true, 6 | "dependencies": { 7 | "dotenv": "^8.2.0" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/TransactionModalButton/index.jsx: -------------------------------------------------------------------------------- 1 | import TransactionModalButton from './TransactionModalButton'; 2 | export default TransactionModalButton; 3 | -------------------------------------------------------------------------------- /lib/http/index.ts: -------------------------------------------------------------------------------- 1 | export * from './headers'; 2 | export * from './OktaUserAgent'; 3 | export * from './request'; 4 | export * from './types'; 5 | export * from './mixin'; 6 | export * from './options'; 7 | 8 | -------------------------------------------------------------------------------- /lib/storage/index.ts: -------------------------------------------------------------------------------- 1 | export * from './options/StorageOptionsConstructor'; 2 | export * from './BaseStorageManager'; 3 | export * from './mixin'; 4 | export * from './SavedObject'; 5 | export * from './types'; 6 | -------------------------------------------------------------------------------- /test/support/disableFetch.js: -------------------------------------------------------------------------------- 1 | // Throw an error if any test tries to make a live network request 2 | global.fetch = function(url) { 3 | throw new Error(`Attempt to make a live network request: ${url}`); 4 | }; 5 | -------------------------------------------------------------------------------- /samples/generated/static-spa/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: true, 4 | node: false 5 | }, 6 | rules: { 7 | 'node/no-unsupported-features/node-builtins': 0 8 | } 9 | }; 10 | -------------------------------------------------------------------------------- /samples/templates/static-spa/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: true, 4 | node: false 5 | }, 6 | rules: { 7 | 'node/no-unsupported-features/node-builtins': 0 8 | } 9 | }; 10 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | contact_links: 2 | - name: Developer Forum 3 | url: https://devforum.okta.com/ 4 | about: Get help with building your applicaiton on the Okta Platform. 5 | blank_issues_enabled: false 6 | -------------------------------------------------------------------------------- /scripts/samples/e2e-static-spa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export SAMPLE_NAME=@okta/samples.static-spa 8 | 9 | run_sample_tests 10 | -------------------------------------------------------------------------------- /scripts/samples/e2e-webpack-spa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export SAMPLE_NAME=@okta/samples.webpack-spa 8 | 9 | run_sample_tests 10 | -------------------------------------------------------------------------------- /test/apps/node-esm/index.js: -------------------------------------------------------------------------------- 1 | /* eslint-disable */ 2 | import { OktaAuth } from "@okta/okta-auth-js"; 3 | 4 | const oktaAuth = new OktaAuth({ 5 | issuer: 'https://xxx.okta.com', 6 | clientId: '0oal89rzfrHjIVqQw5d6' 7 | }); 8 | -------------------------------------------------------------------------------- /test/apps/tree-shaking/src/full.js: -------------------------------------------------------------------------------- 1 | /* eslint-disable */ 2 | import { OktaAuth } from '@okta/okta-auth-js'; 3 | 4 | const oktaAuth = new OktaAuth({ 5 | issuer: 'https://xxx.okta.com', 6 | clientId: '0oal89rzfrHjIVqQw5d6' 7 | }); 8 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/FlowPage/FlowPage.module.css: -------------------------------------------------------------------------------- 1 | .container { 2 | height: 100vh; 3 | } 4 | 5 | .nav { 6 | height: 4em; 7 | } 8 | 9 | .formContainer { 10 | width: 400px; 11 | } 12 | -------------------------------------------------------------------------------- /test/apps/tree-shaking/src/core.js: -------------------------------------------------------------------------------- 1 | /* eslint-disable */ 2 | import { OktaAuth } from '@okta/okta-auth-js/core'; 3 | 4 | const oktaAuth = new OktaAuth({ 5 | issuer: 'https://xxx.okta.com', 6 | clientId: '0oal89rzfrHjIVqQw5d6' 7 | }); 8 | -------------------------------------------------------------------------------- /lib/core/index.ts: -------------------------------------------------------------------------------- 1 | export * from './AuthStateManager'; 2 | export * from './options'; 3 | export * from './factory'; 4 | export * from './mixin'; 5 | export * from './storage'; 6 | export * from './types'; 7 | export * from './ServiceManager'; 8 | -------------------------------------------------------------------------------- /scripts/samples/e2e-express-web-no-oidc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export SAMPLE_NAME=@okta/samples.express-web-no-oidc 8 | 9 | run_sample_tests 10 | -------------------------------------------------------------------------------- /test/apps/verify-entries/src/default.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '@okta/okta-auth-js'; 2 | 3 | const authClient = new OktaAuth({ 4 | issuer: process.env.ISSUER, 5 | clientId: process.env.SPA_CLIENT_ID, 6 | }); 7 | console.log(authClient); 8 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/cancel.mustache: -------------------------------------------------------------------------------- 1 |
2 | 5 |
6 | -------------------------------------------------------------------------------- /scripts/samples/e2e-express-web-with-oidc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export SAMPLE_NAME=@okta/samples.express-web-with-oidc 8 | 9 | run_sample_tests 10 | -------------------------------------------------------------------------------- /scripts/e2e/e2e-cucumber.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export TEST_NAME=e2e 8 | 9 | export ORG_OIE_ENABLED=true 10 | 11 | export RUN_CUCUMBER=1 12 | 13 | run_e2e 14 | -------------------------------------------------------------------------------- /samples/test/util/selectorUtils.ts: -------------------------------------------------------------------------------- 1 | import { OktaSignInV1, OktaSignInOIE } from '../support/selectors'; 2 | 3 | function getOktaSignInForm() { 4 | return process.env.ORG_OIE_ENABLED ? OktaSignInOIE : OktaSignInV1; 5 | } 6 | 7 | export { getOktaSignInForm }; 8 | -------------------------------------------------------------------------------- /scripts/samples/e2e-react-embedded-auth-with-sdk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export SAMPLE_NAME=@okta/samples.react-embedded-auth-with-sdk 8 | 9 | run_sample_tests 10 | -------------------------------------------------------------------------------- /test/apps/verify-entries/src/idx.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '@okta/okta-auth-js/idx'; 2 | 3 | const authClient = new OktaAuth({ 4 | issuer: process.env.ISSUER, 5 | clientId: process.env.SPA_CLIENT_ID, 6 | }); 7 | authClient.idx.start().then(console.log); 8 | -------------------------------------------------------------------------------- /scripts/samples/e2e-express-embedded-sign-in-widget.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_sample_tests 6 | 7 | export SAMPLE_NAME=@okta/samples.express-embedded-sign-in-widget 8 | 9 | run_sample_tests 10 | -------------------------------------------------------------------------------- /.github/SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Report a Vulnerability 4 | At Okta we take the protection of our customers’ data very seriously. If you need to report a vulnerability, please visit https://www.okta.com/vulnerability-reporting-policy/ for more information. 5 | -------------------------------------------------------------------------------- /samples/test/support/action/clickButton.ts: -------------------------------------------------------------------------------- 1 | import checkButton from '../check/checkButton'; 2 | 3 | export default async (buttonName: string, containerSelector?: string) => { 4 | const el = await checkButton(buttonName, containerSelector); 5 | await el.click(); 6 | }; 7 | -------------------------------------------------------------------------------- /samples/templates/partials/identity-engine/links.md: -------------------------------------------------------------------------------- 1 | [Okta's Identity Engine]: https://developer.okta.com/docs/concepts/ie-intro/ 2 | [Okta Auth JS]: https://github.com/okta/okta-auth-js 3 | {{! [ExpressJS guides for Embedded Authentication]: // TODO link to DevDoc SBS guide }} 4 | -------------------------------------------------------------------------------- /test/apps/node-esm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "private": true, 3 | "name": "@okta/test.app.node-esm", 4 | "version": "1.0.0", 5 | "type": "module", 6 | "scripts": { 7 | "start": "node index.js" 8 | }, 9 | "dependencies": { 10 | "@okta/okta-auth-js": "*" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /lib/core/storage.ts: -------------------------------------------------------------------------------- 1 | import { createOAuthStorageManager } from '../oidc/storage'; 2 | import { PKCETransactionMeta } from '../oidc/types'; 3 | 4 | export function createCoreStorageManager() { 5 | return createOAuthStorageManager(); 6 | } 7 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/InfoBox/InfoBox.module.css: -------------------------------------------------------------------------------- 1 | .container { 2 | overflow: hidden; 3 | word-wrap: break-word; 4 | border-style: dashed; 5 | color: #8d6e97; 6 | } 7 | 8 | .container h1, 9 | .container span{ 10 | color: #8d6e97; 11 | } 12 | -------------------------------------------------------------------------------- /test/types/README.md: -------------------------------------------------------------------------------- 1 | **Note:** All tests in this directory are running against types within 'build' folder, types should be generated before running test here. 2 | 3 | Script to generate types: 4 | 5 | ```bash 6 | yarn build 7 | ``` 8 | 9 | or 10 | 11 | ```bash 12 | yarn build:types 13 | ``` 14 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/formMessages.mustache: -------------------------------------------------------------------------------- 1 | {{#hasMessages}} 2 |
3 |
    4 | {{#messages}} 5 |
  • {{message}}
    • 6 | {{/messages}} 7 |
8 |
9 | {{/hasMessages}} -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/head.mustache: -------------------------------------------------------------------------------- 1 | 2 | Express Sample App 3 | 4 | 5 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/views/head.mustache: -------------------------------------------------------------------------------- 1 | 2 | Express Sample App 3 | 4 | 5 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/errors.mustache: -------------------------------------------------------------------------------- 1 | {{#hasError}} 2 |
3 |
Errors:
4 |
    5 | {{#errors}} 6 |
  • {{.}}
    • 7 | {{/errors}} 8 |
9 |
10 | {{/hasError}} -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/views/errors.mustache: -------------------------------------------------------------------------------- 1 | {{#hasError}} 2 |
3 |
Errors:
4 |
    5 | {{#errors}} 6 |
  • {{.}}
    • 7 | {{/errors}} 8 |
9 |
10 | {{/hasError}} -------------------------------------------------------------------------------- /samples/test/support/action/clickLoginWithFacebookInWidget.ts: -------------------------------------------------------------------------------- 1 | import clickElement from './clickElement'; 2 | import { getOktaSignInForm } from '../../util'; 3 | 4 | export default async () => { 5 | const OktaSignIn = getOktaSignInForm(); 6 | await clickElement('click', 'selector', OktaSignIn.signinWithFacebookBtn); 7 | }; 8 | -------------------------------------------------------------------------------- /samples/test/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # Test specs/* 4 | if ! yarn test:specs; then 5 | echo "Specs tests failed! Exiting..." 6 | exit ${TEST_FAILURE} 7 | fi 8 | 9 | # Test features/* 10 | if ! yarn test:features; then 11 | echo "Features tests failed! Exiting..." 12 | exit ${TEST_FAILURE} 13 | fi 14 | -------------------------------------------------------------------------------- /lib/idx/types/FlowSpecification.ts: -------------------------------------------------------------------------------- 1 | import { FlowIdentifier } from './FlowIdentifier'; 2 | import type { RemediationFlow } from '../flow/RemediationFlow'; 3 | 4 | export interface FlowSpecification { 5 | flow: FlowIdentifier; 6 | remediators: RemediationFlow; 7 | actions?: string[]; 8 | withCredentials?: boolean; 9 | } 10 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/main.jsx: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | import ReactDOM from 'react-dom'; 3 | import App from './App'; 4 | 5 | import './main.css'; 6 | 7 | ReactDOM.render( 8 | 9 | 10 | , 11 | document.getElementById('root') 12 | ); 13 | -------------------------------------------------------------------------------- /samples/test/support/action/clickLoginWithOktaOIDCIdPInWidget.ts: -------------------------------------------------------------------------------- 1 | import clickElement from './clickElement'; 2 | import { getOktaSignInForm } from '../../util'; 3 | 4 | export default async () => { 5 | const OktaSignIn = getOktaSignInForm(); 6 | await clickElement('click', 'selector', OktaSignIn.signinWithOktaOIDCIdPBtn); 7 | }; 8 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | 3 | node_js: 4 | - '14' 5 | 6 | install: 7 | - yarn install --frozen-lockfile 8 | - npm install -g codecov 9 | 10 | script: 11 | - ./scripts/travis.sh 12 | 13 | after_success: 14 | - bash <(curl -s https://codecov.io/bash) 15 | 16 | cache: false 17 | 18 | addons: 19 | chrome: stable 20 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/ErrorPage.jsx: -------------------------------------------------------------------------------- 1 | import { useIdxTransaction } from '../contexts'; 2 | 3 | export default function ErroPage() { 4 | const { 5 | transaction: { error } 6 | } = useIdxTransaction(); 7 | 8 | return (
{error.message || JSON.stringify(error, null, 4)}
); 9 | } 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | build 3 | target 4 | node_modules 5 | build2/reports/* 6 | !build2/reports/e2e 7 | build2/reports/e2e/* 8 | !build2/reports/e2e/.gitkeep 9 | test/SpecRunner.html 10 | npm-debug.log 11 | testenv 12 | testenv.yml 13 | junit.xml 14 | junit-results.xml 15 | yarn-error.* 16 | coverage 17 | dist 18 | .bacon.env 19 | 20 | !.gitkeep 21 | -------------------------------------------------------------------------------- /test/apps/verify-entries/src/authn.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuth } from '@okta/okta-auth-js/authn'; 2 | 3 | const authClient = new OktaAuth({ 4 | issuer: process.env.ISSUER, 5 | clientId: process.env.SPA_CLIENT_ID, 6 | }); 7 | authClient.signInWithCredentials({ 8 | username: 'fake-username', 9 | password: 'fake-password', 10 | }).then(console.log); 11 | -------------------------------------------------------------------------------- /samples/templates/express-web/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: false, 4 | node: true 5 | }, 6 | overrides: [{ 7 | files: ['public/*.js'], 8 | rules: { 9 | 'node/no-unsupported-features/node-builtins': 0 10 | }, 11 | env: { 12 | browser: true, 13 | node: false 14 | } 15 | }] 16 | }; 17 | -------------------------------------------------------------------------------- /samples/test/support/selectors/maps/authenticators.ts: -------------------------------------------------------------------------------- 1 | export default { 2 | 'Email': 'okta_email', 3 | 'Password': 'okta_password', 4 | 'Phone': 'phone_number', 5 | 'Google Authenticator': 'google_otp', 6 | 'Security Question': 'security_question', 7 | 'Okta Verify': 'okta_verify', 8 | 'WebAuthn': 'webauthn', 9 | } as Record; 10 | -------------------------------------------------------------------------------- /test/apps/tree-shaking/src/authn.js: -------------------------------------------------------------------------------- 1 | /* eslint-disable */ 2 | import { OktaAuth } from '@okta/okta-auth-js/core'; 3 | import { useAuthnTransactionAPI } from '@okta/okta-auth-js/authn'; 4 | 5 | let oktaAuth = new OktaAuth({ 6 | issuer: 'https://xxx.okta.com', 7 | clientId: '0oal89rzfrHjIVqQw5d6' 8 | }); 9 | oktaAuth = useAuthnTransactionAPI(oktaAuth); 10 | -------------------------------------------------------------------------------- /lib/exports/common.ts: -------------------------------------------------------------------------------- 1 | import * as crypto from '../crypto'; 2 | 3 | export { crypto }; 4 | export * from '../base'; 5 | export * from '../constants'; 6 | export * from '../core'; 7 | export * from '../errors'; 8 | export * from '../http'; 9 | export * from '../oidc'; 10 | export * from '../session'; 11 | export * from '../storage'; 12 | export * from '../util'; 13 | -------------------------------------------------------------------------------- /lib/myaccount/transactions/ProfileSchemaTransaction.ts: -------------------------------------------------------------------------------- 1 | import BaseTransaction from './Base'; 2 | 3 | export default class ProfileSchemaTransaction extends BaseTransaction { 4 | properties: Record; 5 | 6 | constructor(oktaAuth, options) { 7 | super(oktaAuth, options); 8 | 9 | this.properties = options.res.properties; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /samples/generated/express-web-no-oidc/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: false, 4 | node: true 5 | }, 6 | overrides: [{ 7 | files: ['public/*.js'], 8 | rules: { 9 | 'node/no-unsupported-features/node-builtins': 0 10 | }, 11 | env: { 12 | browser: true, 13 | node: false 14 | } 15 | }] 16 | }; 17 | -------------------------------------------------------------------------------- /samples/generated/express-web-with-oidc/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: false, 4 | node: true 5 | }, 6 | overrides: [{ 7 | files: ['public/*.js'], 8 | rules: { 9 | 'node/no-unsupported-features/node-builtins': 0 10 | }, 11 | env: { 12 | browser: true, 13 | node: false 14 | } 15 | }] 16 | }; 17 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/contexts.js: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | 3 | export const IdxTransaction = React.createContext({}); 4 | export const useIdxTransaction = () => React.useContext(IdxTransaction); 5 | 6 | export const MyAccountContext = React.createContext({}); 7 | export const useMyAccountContext = () => React.useContext(MyAccountContext); 8 | -------------------------------------------------------------------------------- /test/apps/react-mfa-v1/src/main.jsx: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | import ReactDOM from 'react-dom'; 3 | import { BrowserRouter as Router } from 'react-router-dom'; 4 | import App from './App'; 5 | 6 | ReactDOM.render( 7 | 8 | 9 | 10 | 11 | , 12 | document.getElementById('root') 13 | ); 14 | -------------------------------------------------------------------------------- /test/apps/verify-entries/idx.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Vite + TS 7 | 8 | 9 |
10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /lib/errors/types.ts: -------------------------------------------------------------------------------- 1 | export interface FieldError { 2 | errorSummary: string; 3 | reason?: string; 4 | location?: string; 5 | locationType?: string; 6 | domain?: string; 7 | } 8 | 9 | export interface APIError { 10 | errorSummary: string; 11 | errorCode?: string; 12 | errorLink?: string; 13 | errorId?: string; 14 | errorCauses?: Array; 15 | } 16 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: false, 4 | node: true 5 | }, 6 | overrides: [{ 7 | files: ['public/*.js'], 8 | rules: { 9 | 'node/no-unsupported-features/node-builtins': 0 10 | }, 11 | env: { 12 | browser: true, 13 | node: false 14 | } 15 | }] 16 | }; 17 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/Spinner.jsx: -------------------------------------------------------------------------------- 1 | import { Box, CircularLoadIndicator } from '@okta/odyssey-react'; 2 | 3 | const Spinner = () => ( 4 | 5 | 6 | 7 | ); 8 | 9 | export default Spinner; 10 | -------------------------------------------------------------------------------- /test/apps/react-mfa-v1/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | React App 7 | 8 | 9 |
10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /test/apps/verify-entries/authn.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Vite + TS 7 | 8 | 9 |
10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /lib/idx/types/FlowIdentifier.ts: -------------------------------------------------------------------------------- 1 | export type FlowIdentifier = 'default' 2 | | 'proceed' 3 | // idx.authenticate 4 | | 'authenticate' 5 | | 'login' 6 | | 'signin' 7 | // idx.register 8 | | 'register' 9 | | 'signup' 10 | | 'enrollProfile' 11 | // idx.recoverPassword 12 | | 'recoverPassword' 13 | | 'resetPassword' 14 | // idx.unlockAccount 15 | | 'unlockAccount'; 16 | -------------------------------------------------------------------------------- /test/apps/app/server/proxyMiddleware.js: -------------------------------------------------------------------------------- 1 | const { createProxyMiddleware } = require('http-proxy-middleware'); 2 | 3 | module.exports = function proxyMiddlewareFactory(options) { 4 | const { origin } = new URL(process.env.ISSUER); 5 | return createProxyMiddleware(Object.assign({ 6 | target: origin, 7 | secure: false, 8 | changeOrigin: true, 9 | }, options)); 10 | }; 11 | -------------------------------------------------------------------------------- /test/apps/verify-entries/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Vite + TS 7 | 8 | 9 |
10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /samples/test/util/camelize.js: -------------------------------------------------------------------------------- 1 | // from https://stackoverflow.com/a/2970667 2 | export default function camelize(str) { 3 | return str.replace(/(?:^\w|[A-Z]|\b\w|\s+)/g, function(match, index) { 4 | if (+match === 0) { 5 | return ''; // or if (/\s+/.test(match)) for white spaces 6 | } 7 | return index === 0 ? match.toLowerCase() : match.toUpperCase(); 8 | }); 9 | } 10 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/LinkButton/LinkButton.jsx: -------------------------------------------------------------------------------- 1 | import { Box, Link } from '@okta/odyssey-react'; 2 | 3 | import classes from './LinkButton.module.css'; 4 | 5 | const LinkButton = (props) => { 6 | return ( 7 | 8 | 9 | 10 | ); 11 | }; 12 | 13 | export default LinkButton; 14 | -------------------------------------------------------------------------------- /samples/templates/partials/env.js: -------------------------------------------------------------------------------- 1 | module.exports = function () { 2 | let oktaEnv; 3 | try { 4 | oktaEnv = require('@okta/env'); 5 | } catch (err) { 6 | if (err.code === 'MODULE_NOT_FOUND') { 7 | // try local env module 8 | oktaEnv = require('./okta-env'); 9 | return oktaEnv; 10 | } 11 | 12 | throw err; 13 | } 14 | 15 | return oktaEnv; 16 | }; 17 | -------------------------------------------------------------------------------- /test/apps/verify-entries/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | pnpm-debug.log* 8 | lerna-debug.log* 9 | 10 | node_modules 11 | dist 12 | dist-ssr 13 | *.local 14 | 15 | # Editor directories and files 16 | .vscode/* 17 | !.vscode/extensions.json 18 | .idea 19 | .DS_Store 20 | *.suo 21 | *.ntvs* 22 | *.njsproj 23 | *.sln 24 | *.sw? 25 | -------------------------------------------------------------------------------- /test/support/.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "parserOptions": { 3 | "sourceType": "module" 4 | }, 5 | "globals": { 6 | "it": "readonly", 7 | "jest": "readonly", 8 | "expect": "readonly" 9 | }, 10 | "rules": { 11 | "max-len": 0, 12 | "node/no-extraneous-import": ["error", { 13 | "allowModules": [ 14 | "@okta/okta-auth-js" 15 | ] 16 | }] 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /samples/test/support/check/checkLink.ts: -------------------------------------------------------------------------------- 1 | import waitForDisplayed from '../wait/waitForDisplayed'; 2 | import links from '../selectors/maps/links'; 3 | 4 | export default async function checkLink(linkName: string) { 5 | const link = (links as any)[linkName]; 6 | if (!link) { 7 | throw new Error(`No link can match name ${linkName}`); 8 | } 9 | await waitForDisplayed(`a[href="${link}"]`); 10 | } 11 | -------------------------------------------------------------------------------- /scripts/e2e/e2e-dpop.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_e2e 6 | 7 | export TEST_NAME=e2e-dpop 8 | 9 | export ISSUER=https://oie-signin-widget.okta.com 10 | export CLIENT_ID=0oact2w7c2FiHEeoi697 11 | export SPA_CLIENT_ID=0oact2w7c2FiHEeoi697 12 | export ORG_OIE_ENABLED=true 13 | 14 | run_e2e 15 | 16 | export REFRESH_TOKEN=true 17 | 18 | run_e2e 19 | -------------------------------------------------------------------------------- /samples/generated/express-web-no-oidc/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples.express-web-no-oidc", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "dependencies": { 11 | "express": "^4.17.1", 12 | "@okta/okta-auth-js": "*" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /scripts/e2e/e2e.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_e2e 6 | 7 | # overrides 8 | export ISSUER=https://oie-signin-widget.okta.com/oauth2/default 9 | 10 | export TEST_NAME=e2e 11 | 12 | # This client has refresh token enabled 13 | export CLIENT_ID=0oa8lrg7ojTsbJgRQ696 14 | export REFRESH_TOKEN=true 15 | export ORG_OIE_ENABLED=true 16 | 17 | run_e2e 18 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | pnpm-debug.log* 8 | lerna-debug.log* 9 | 10 | node_modules 11 | dist 12 | dist-ssr 13 | *.local 14 | 15 | # Editor directories and files 16 | .vscode/* 17 | !.vscode/extensions.json 18 | .idea 19 | .DS_Store 20 | *.suo 21 | *.ntvs* 22 | *.njsproj 23 | *.sln 24 | *.sw? 25 | -------------------------------------------------------------------------------- /samples/templates/static-spa/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "{{ name }}", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "dependencies": { 11 | "@okta/okta-auth-js": "*" 12 | }, 13 | "devDependencies": { 14 | "express": "^4.17.1" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | browser: false, 4 | node: true 5 | }, 6 | ignorePatterns: ['assets/js/*.js'], 7 | overrides: [{ 8 | files: ['public/*.js'], 9 | rules: { 10 | 'node/no-unsupported-features/node-builtins': 0 11 | }, 12 | env: { 13 | browser: true, 14 | node: false 15 | } 16 | }] 17 | }; 18 | -------------------------------------------------------------------------------- /samples/generated/static-spa/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples.static-spa", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "dependencies": { 11 | "@okta/okta-auth-js": "*" 12 | }, 13 | "devDependencies": { 14 | "express": "^4.17.1" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /test/apps/app/public/renew/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 13 | 14 | -------------------------------------------------------------------------------- /test/apps/app/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "outDir": "./public/dist", 4 | "noImplicitAny": true, 5 | "noEmit": false, 6 | "module": "es6", 7 | "target": "es5", 8 | "allowJs": true, 9 | "sourceMap": true, 10 | "moduleResolution": "node", 11 | "baseUrl": "./", 12 | "skipLibCheck": true 13 | }, 14 | "include": [ 15 | "src/**/*.ts", 16 | "src/**/*.js" 17 | ] 18 | } -------------------------------------------------------------------------------- /samples/test/support/management-api/createGroup.ts: -------------------------------------------------------------------------------- 1 | import { randomStr } from '../../util'; 2 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 3 | 4 | export default async (config: OktaClientConfig) => { 5 | const oktaClient = getOktaClient(config); 6 | const group = await oktaClient.createGroup({ 7 | profile: { 8 | name: `TestGroup-${randomStr(6)}` 9 | } 10 | }); 11 | return group; 12 | }; 13 | -------------------------------------------------------------------------------- /samples/test/util/getTotp.js: -------------------------------------------------------------------------------- 1 | const totp = require('totp-generator'); 2 | 3 | export const TOTP_TYPES = { 4 | ENROLL: 'enrollment', 5 | AUTH: 'authentication' 6 | }; 7 | 8 | export function getTotp(sharedSecret, type = TOTP_TYPES.AUTH) { 9 | // avoid using same passcode for enroll and auth 10 | const timestamp = type === TOTP_TYPES.ENROLL ? Date.now() - 30 * 3000 : Date.now(); 11 | return totp(sharedSecret, { timestamp }); 12 | } 13 | -------------------------------------------------------------------------------- /samples/templates/webpack-spa/public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | {{> styles.html }} 8 | 9 | 10 | {{> spa/ui.html }} 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /samples/test/support/selectors/Page.ts: -------------------------------------------------------------------------------- 1 | export interface Page { 2 | isDisplayedElementSelector: string; 3 | isDisplayedElementText?: string | string[]; 4 | } 5 | 6 | export abstract class PageWithTitle implements Page { 7 | title: string | string[] = ''; 8 | 9 | get pageTitle() { return '#page-title-header'; } 10 | get isDisplayedElementSelector() { return this.pageTitle; } 11 | get isDisplayedElementText() { return this.title; } 12 | } 13 | -------------------------------------------------------------------------------- /test/apps/react-mfa-v1/src/config.js: -------------------------------------------------------------------------------- 1 | const CLIENT_ID = process.env.SPA_CLIENT_ID || process.env.CLIENT_ID || '{clientId}'; 2 | const ISSUER = process.env.ISSUER || 'https://{yourOktaDomain}.com/oauth2/default'; 3 | const REDIRECT_URI = `${window.location.origin}/login/callback`; 4 | 5 | export default { 6 | clientId: CLIENT_ID, 7 | issuer: ISSUER, 8 | redirectUri: REDIRECT_URI, 9 | scopes: ['openid', 'profile', 'email'], 10 | pkce: true 11 | }; 12 | -------------------------------------------------------------------------------- /samples/generated/express-web-with-oidc/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples.express-web-with-oidc", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "dependencies": { 11 | "btoa": "^1.2.1", 12 | "express": "^4.17.1", 13 | "uuid": "^8.3.0", 14 | "@okta/okta-auth-js": "*" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /samples/test/features/federated-auth.feature: -------------------------------------------------------------------------------- 1 | Feature: Federated Authentication 2 | 3 | Scenario: Redirect to Okta for authentictaion 4 | Given Login button is displayed 5 | When User clicks the login button 6 | Then Browser is redirected to the Okta-hosted login page 7 | When User enters usernaame 8 | And User enters password 9 | And User clicks login 10 | Then Browser is redirected to the app 11 | And User can verify their profile data -------------------------------------------------------------------------------- /test/apps/tree-shaking/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/tree-shaking", 3 | "version": "0.0.1", 4 | "private": true, 5 | "scripts": { 6 | "clean": "rimraf target", 7 | "build": "webpack" 8 | }, 9 | "main": "index.js", 10 | "dependencies": { 11 | "@okta/okta-auth-js": "*" 12 | }, 13 | "devDependencies": { 14 | "webpack": "^5.78.0", 15 | "webpack-bundle-analyzer": "^4.5.0", 16 | "terser-webpack-plugin": "^5.3.6" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /test/integration/spec/myaccount/__snapshots__/sendRequest.ts.snap: -------------------------------------------------------------------------------- 1 | // Jest Snapshot v1, https://goo.gl/fbAQLP 2 | 3 | exports[`lower level sendRequest function against "/idp/myaccount/emails" endpoint can get emails with "okta.myAccount.email.read" token scope 1`] = ` 4 | Object { 5 | "headers": Any, 6 | "id": Any, 7 | "profile": Object { 8 | "email": Any, 9 | }, 10 | "roles": Any, 11 | "status": Any, 12 | } 13 | `; 14 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/TerminalPage.jsx: -------------------------------------------------------------------------------- 1 | import { useIdxTransaction } from '../contexts'; 2 | 3 | export default function TerminalPage() { 4 | const { transaction } = useIdxTransaction(); 5 | const messages = transaction ? transaction.messages : 'Transaction could not be loaded'; 6 | return ( 7 | <> 8 |
{JSON.stringify(messages, null, 4)}
9 | Back to Signin 10 | 11 | ); 12 | } 13 | -------------------------------------------------------------------------------- /scripts/e2e/e2e-saucelabs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_e2e 6 | 7 | # overrides 8 | export TEST_RESULT_FILE_DIR="${REPO}/build2/reports/e2e-saucelabs" 9 | 10 | # run e2e tests with test/e2e/sauce.wdio.conf.js config 11 | export CLIENT_ID=0oa1xyzajgPFGWlLP4x7 12 | get_terminus_secret "/" accessKey SAUCE_ACCESS_KEY 13 | 14 | export RUN_SAUCE_TESTS=true 15 | export SAUCE_USERNAME=OktaSignInWidget 16 | 17 | run_e2e -------------------------------------------------------------------------------- /.eslintignore: -------------------------------------------------------------------------------- 1 | /test/support/xhr 2 | /test/app/public 3 | /test/apps/app/public 4 | node_modules 5 | /build/dist 6 | /build/lib 7 | /build/types 8 | /build/cjs 9 | /build/esm 10 | /build/umd 11 | /samples/templates 12 | /samples/generated/webpack-spa/public/*-bundle.* 13 | /samples/generated/express-direct-auth-dynamic 14 | .eslintrc.js 15 | dist 16 | target 17 | /test/apps/app/public/oidc-app.js 18 | /test/apps/app/target 19 | /test/apps/tree-shaking/target 20 | /scripts/dockolith 21 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/utils/getTransactionMeta.js: -------------------------------------------------------------------------------- 1 | const getAuthClient = require('./getAuthClient'); 2 | 3 | module.exports = async function getTransactionMeta(req, options = {}) { 4 | const state = req.transactionId; 5 | const authClient = getAuthClient(req); 6 | const meta = await authClient.idx.getTransactionMeta({ 7 | state, 8 | ...options 9 | }); 10 | authClient.idx.saveTransactionMeta(meta); 11 | return meta; 12 | }; 13 | -------------------------------------------------------------------------------- /samples/test/support/action/clickLink.ts: -------------------------------------------------------------------------------- 1 | import clickElement from './clickElement'; 2 | import links from '../selectors/maps/links'; 3 | import { camelize } from '../../util'; 4 | 5 | export default async (linkName: string) => { 6 | linkName = camelize(linkName); 7 | const name = (links as any)[linkName] || linkName; 8 | if (!name) { 9 | throw new Error(`No link can match name ${linkName}`); 10 | } 11 | await clickElement('click', 'selector', `a[name=${name}]`); 12 | }; 13 | -------------------------------------------------------------------------------- /test/.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "rules": { 3 | "node/no-missing-import": ["error", { 4 | "allowModules": [ 5 | "@okta/okta-auth-js" 6 | ], 7 | "tryExtensions": [".js", ".ts"] 8 | }], 9 | "node/no-missing-require": ["error", { 10 | "allowModules": [ 11 | "@okta/okta-auth-js" 12 | ], 13 | "tryExtensions": [".js", ".ts"] 14 | }], 15 | "node/no-unsupported-features/es-syntax": 0, 16 | "compat/compat": 0 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /samples/templates/express-web/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "{{ name }}", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "dependencies": { 11 | {{#if oidc}} 12 | "btoa": "^1.2.1", 13 | {{/if}} 14 | "express": "^4.17.1", 15 | {{#if oidc}} 16 | "uuid": "^8.3.0", 17 | {{/if}} 18 | "@okta/okta-auth-js": "*" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /samples/test/pageobjects/EmbeddedAuthWithSDKApp.js: -------------------------------------------------------------------------------- 1 | import assert from 'assert'; 2 | 3 | class EmbeddedAuthWithSDKApp { 4 | get formMessages() { return $('#form-messages .list'); } 5 | 6 | async open() { 7 | await browser.url(''); 8 | } 9 | 10 | async assertLoginCallbackFailure(errorMessage) { 11 | await this.formMessages.then(el => el.getText()).then(txt => { 12 | assert(txt.trim() === errorMessage); 13 | }); 14 | } 15 | } 16 | 17 | export default new EmbeddedAuthWithSDKApp(); 18 | -------------------------------------------------------------------------------- /samples/test/support/management-api/grantConsentToScope.ts: -------------------------------------------------------------------------------- 1 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 2 | 3 | type Options = { 4 | appId: string; 5 | scopeId: string; 6 | } 7 | 8 | export default async function(config: OktaClientConfig, options: Options) { 9 | const { issuer } = config; 10 | const oktaClient = getOktaClient(config); 11 | 12 | const { appId, scopeId } = options; 13 | await oktaClient.grantConsentToScope(appId, { 14 | issuer, scopeId 15 | }); 16 | } 17 | -------------------------------------------------------------------------------- /samples/test/specs/express-embedded-auth-with-sdk.js: -------------------------------------------------------------------------------- 1 | import EmbeddedAuthWithSDKApp from '../pageobjects/EmbeddedAuthWithSDKApp'; 2 | import { startApp } from '../util'; 3 | 4 | describe('express-embedded-auth-with-sdk', () => { 5 | 6 | it('can handle general login callback error', async () => { 7 | await startApp(EmbeddedAuthWithSDKApp); 8 | await browser.url('/login/callback?error=X&error_description=Y'); 9 | await EmbeddedAuthWithSDKApp.assertLoginCallbackFailure('X: Y'); 10 | }); 11 | 12 | }); 13 | -------------------------------------------------------------------------------- /test/e2e/features/login.feature: -------------------------------------------------------------------------------- 1 | Feature: Direct Auth 2 | 3 | Scenario Outline: As a user, I can authenticate by providing my username and password 4 | 5 | Given Mary is on the default view in an UNAUTHENTICATED state 6 | When she logins with and 7 | Then she should see an error message saying 8 | 9 | Examples: 10 | | username | password | message | 11 | | foobar | barfoo | Your username is invalid! | 12 | -------------------------------------------------------------------------------- /lib/myaccount/transactions/ProfileTransaction.ts: -------------------------------------------------------------------------------- 1 | import BaseTransaction from './Base'; 2 | 3 | export default class ProfileTransaction extends BaseTransaction { 4 | createdAt: string; 5 | modifiedAt: string; 6 | profile: Record; 7 | 8 | constructor(oktaAuth, options) { 9 | super(oktaAuth, options); 10 | 11 | const { createdAt, modifiedAt, profile } = options.res; 12 | this.createdAt = createdAt; 13 | this.modifiedAt = modifiedAt; 14 | this.profile = profile; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /babel.config.js: -------------------------------------------------------------------------------- 1 | const presets = ['@babel/preset-env']; 2 | const plugins = []; 3 | 4 | // Do not include async generator in development bundle (debug on modern browser) 5 | if (process.env.NODE_ENV !== 'development') { 6 | plugins.unshift('@babel/plugin-transform-runtime'); 7 | } 8 | 9 | // Process typescript when running in jest 10 | if (process.env.NODE_ENV === 'test') { 11 | presets.unshift('@babel/preset-typescript'); 12 | plugins.unshift('@babel/plugin-transform-typescript'); 13 | } 14 | 15 | module.exports = { presets, plugins }; -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/views/error.mustache: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{>head}} 5 | 6 | 7 | 8 | {{>menu}} 9 | 10 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/terminal.mustache: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{>head}} 5 | 6 | 7 | 8 | {{>menu}} 9 | 10 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /lib/idx/authenticator/OktaVerifyTotp.ts: -------------------------------------------------------------------------------- 1 | import { Credentials } from './Authenticator'; 2 | import { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator'; 3 | 4 | interface TotpCredentials extends Credentials { 5 | totp: string; 6 | } 7 | 8 | export class OktaVerifyTotp extends VerificationCodeAuthenticator { 9 | mapCredentials(values): TotpCredentials | undefined { 10 | const { verificationCode } = values; 11 | if (!verificationCode) { 12 | return; 13 | } 14 | return { totp: verificationCode }; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/menu.mustache: -------------------------------------------------------------------------------- 1 |
2 | Home 3 |
4 |
5 | {{#isLoggedIn}} 6 |
7 | 10 |
11 | {{/isLoggedIn}} 12 |
13 |
14 |
15 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/IdpForm.jsx: -------------------------------------------------------------------------------- 1 | import { Link, Box } from '@okta/odyssey-react'; 2 | import { useIdxTransaction } from '../contexts'; 3 | 4 | const IdpForm = () => { 5 | const { transaction: { availableSteps } } = useIdxTransaction(); 6 | const idpMeta = availableSteps?.find(step => step.name === 'redirect-idp'); 7 | 8 | return ( 9 | 10 | Type: {idpMeta.type} 11 | Login With Google 12 | 13 | ); 14 | }; 15 | 16 | export default IdpForm; 17 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/error.mustache: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{>head}} 5 | 6 | 7 | 8 | {{>menu}} 9 | 10 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/views/menu.mustache: -------------------------------------------------------------------------------- 1 |
2 | Home 3 |
4 |
5 | {{#isLoggedIn}} 6 |
7 | 10 |
11 | {{/isLoggedIn}} 12 |
13 |
14 |
15 | -------------------------------------------------------------------------------- /test/e2e/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "moduleResolution": "node", 4 | "allowJs": true, 5 | "types": [ 6 | "node", 7 | "webdriverio/async", 8 | "@wdio/cucumber-framework", 9 | "expect-webdriverio" 10 | ], 11 | "esModuleInterop": true, 12 | "target": "es2019", 13 | "paths": { 14 | "support/*": ["../../samples/test/support/*"], 15 | "management-api/*": ["../../samples/test/support/management-api/*"], 16 | } 17 | } 18 | } -------------------------------------------------------------------------------- /samples/test/support/management-api/fetchUser.ts: -------------------------------------------------------------------------------- 1 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 2 | 3 | type Options = { 4 | username: string; 5 | } 6 | 7 | export default async function(config: OktaClientConfig, options: Options) { 8 | const oktaClient = getOktaClient(config); 9 | 10 | const { username } = options; 11 | const { value: user } = await oktaClient.listUsers({ 12 | q: username 13 | }).next(); 14 | if (!user) { 15 | throw new Error(`Group cannot be found with ${username}`); 16 | } 17 | 18 | return user; 19 | } 20 | -------------------------------------------------------------------------------- /samples/test/support/management-api/fetchGroup.ts: -------------------------------------------------------------------------------- 1 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 2 | 3 | type Options = { 4 | groupName: string; 5 | } 6 | 7 | export default async function(config: OktaClientConfig, options: Options) { 8 | const oktaClient = getOktaClient(config); 9 | 10 | const { groupName } = options; 11 | const { value: group } = await oktaClient.listGroups({ 12 | q: groupName 13 | }).next(); 14 | if (!group) { 15 | throw new Error(`Group cannot be found with ${groupName}`); 16 | } 17 | 18 | return group; 19 | } 20 | -------------------------------------------------------------------------------- /test/apps/verify-entries/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "ESNext", 4 | "useDefineForClassFields": true, 5 | "module": "ESNext", 6 | "lib": ["ESNext", "DOM"], 7 | "moduleResolution": "nodenext", 8 | "strict": true, 9 | "sourceMap": true, 10 | "resolveJsonModule": true, 11 | "isolatedModules": true, 12 | "esModuleInterop": true, 13 | "noEmit": true, 14 | "noUnusedLocals": true, 15 | "noUnusedParameters": true, 16 | "noImplicitReturns": true, 17 | "skipLibCheck": true 18 | }, 19 | "include": ["src"] 20 | } 21 | -------------------------------------------------------------------------------- /lib/types/global.d.ts: -------------------------------------------------------------------------------- 1 | // This file contains ambient declarations. Do not export anything from this file, neither try to import it 2 | 3 | declare const SDK_VERSION: string; 4 | 5 | declare interface PromiseConstructor { 6 | // eslint-disable-next-line max-len, @typescript-eslint/member-delimiter-style 7 | allSettled(promises: Array>): Promise>; 8 | } 9 | 10 | declare interface Node { 11 | tagName: string; 12 | src: string; 13 | } 14 | 15 | declare interface Document { 16 | documentMode: number; 17 | } 18 | -------------------------------------------------------------------------------- /scripts/e2e/e2e-mfa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | setup_e2e 6 | 7 | # overrides 8 | export USERNAME=email-login@email.ghostinspector.com 9 | # NOTE: uses same password as george 10 | 11 | export TEST_NAME=e2e-mfa 12 | 13 | # This client has MFA (security question) enabled 14 | export CLIENT_ID=0oa41zpqqxar7OFl84x7 15 | export SPA_CLIENT_ID=0oa41zpqqxar7OFl84x7 16 | export MFA_ENABLED=true 17 | 18 | get_terminus_secret "/" security_question_answer SECURITY_QUESTION_ANSWER 19 | get_terminus_secret "/" a18n_api_key A18N_API_KEY 20 | 21 | run_e2e 22 | -------------------------------------------------------------------------------- /samples/templates/partials/identity-engine/custom-storage-provider.md: -------------------------------------------------------------------------------- 1 | ### Custom storage provider 2 | 3 | As this sample app is implemented to support multiple users scenario, a custom storage provide will be needed to inject to the [authClient][Okta Auth JS] to proper store the transaction meta and tokens. In this sample, it leverages [express-session](https://www.npmjs.com/package/express-session) to store data based on the transactionId. 4 | 5 | See implementation details in [getAuthClient.js](./web-server/utils/getAuthClient.js) and [Auth JS storageProvider](https://github.com/okta/okta-auth-js#storageprovider). 6 | -------------------------------------------------------------------------------- /samples/test/support/management-api/fetchPolicy.ts: -------------------------------------------------------------------------------- 1 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 2 | 3 | type Options = { 4 | policyName: string; 5 | policyType: string; 6 | } 7 | 8 | export default async function(config: OktaClientConfig, options: Options) { 9 | const oktaClient = getOktaClient(config); 10 | 11 | const { policyType, policyName } = options; 12 | let policy; 13 | for await (let p of oktaClient.listPolicies({type: policyType})) { 14 | if (p?.name === policyName) { 15 | policy = p; 16 | break; 17 | } 18 | } 19 | return policy; 20 | } 21 | -------------------------------------------------------------------------------- /test/integration/spec/myaccount/__snapshots__/profile.ts.snap: -------------------------------------------------------------------------------- 1 | // Jest Snapshot v1, https://goo.gl/fbAQLP 2 | 3 | exports[`MyAccount Profile API getProfile can get profile with "okta.myAccount.profile.read" in token scopes 1`] = ` 4 | Object { 5 | "createdAt": Any, 6 | "headers": Any, 7 | "modifiedAt": Any, 8 | "profile": Any, 9 | } 10 | `; 11 | 12 | exports[`MyAccount Profile API getProfileSchema can get profile schema with "okta.myAccount.profile.read" in token scopes 1`] = ` 13 | Object { 14 | "headers": Any, 15 | "properties": Any, 16 | } 17 | `; 18 | -------------------------------------------------------------------------------- /lib/myaccount/transactions/index.ts: -------------------------------------------------------------------------------- 1 | export { default as ProfileTransaction } from './ProfileTransaction'; 2 | export { default as ProfileSchemaTransaction } from './ProfileSchemaTransaction'; 3 | export { default as EmailTransaction } from './EmailTransaction'; 4 | export { default as EmailStatusTransaction } from './EmailStatusTransaction'; 5 | export { default as EmailChallengeTransaction } from './EmailChallengeTransaction'; 6 | export { default as PhoneTransaction } from './PhoneTransaction'; 7 | export { default as PasswordTransaction } from './PasswordTransaction'; 8 | export { default as BaseTransaction } from './Base'; 9 | -------------------------------------------------------------------------------- /lib/oidc/util/refreshToken.ts: -------------------------------------------------------------------------------- 1 | import { RefreshToken } from '../types'; 2 | import { isAuthApiError } from '../../errors'; 3 | 4 | export function isSameRefreshToken(a: RefreshToken, b: RefreshToken) { 5 | return (a.refreshToken === b.refreshToken); 6 | } 7 | 8 | export function isRefreshTokenError(err: Error) { 9 | if (!isAuthApiError(err)) { 10 | return false; 11 | } 12 | 13 | if (!err.xhr || !err.xhr.responseJSON) { 14 | return false; 15 | } 16 | 17 | const { responseJSON } = err.xhr; 18 | if (responseJSON.error === 'invalid_grant') { 19 | return true; 20 | } 21 | 22 | return false; 23 | } -------------------------------------------------------------------------------- /lib/session/factory.ts: -------------------------------------------------------------------------------- 1 | import { SessionAPI } from './types'; 2 | import { closeSession, getSession, refreshSession, sessionExists, setCookieAndRedirect } from './api'; 3 | import { OktaAuthBaseInterface } from '../base/types'; 4 | 5 | export function createSessionApi(sdk: OktaAuthBaseInterface): SessionAPI { 6 | const session = { 7 | close: closeSession.bind(null, sdk), 8 | exists: sessionExists.bind(null, sdk), 9 | get: getSession.bind(null, sdk), 10 | refresh: refreshSession.bind(null, sdk), 11 | setCookieAndRedirect: setCookieAndRedirect.bind(null, sdk) 12 | }; 13 | return session; 14 | } 15 | -------------------------------------------------------------------------------- /samples/templates/partials/spa/util.js: -------------------------------------------------------------------------------- 1 | // bind methods called from HTML to prevent navigation 2 | function bindClick(method, boundArgs) { 3 | return function(e) { 4 | e.preventDefault(); 5 | const runtimeArgs = Array.prototype.slice.call(arguments, 1); 6 | try { 7 | method.apply(null, runtimeArgs.concat(boundArgs)); 8 | } catch (err) { 9 | showError(err); 10 | } 11 | return false; 12 | }; 13 | } 14 | 15 | function stringify(obj) { 16 | // Convert false/undefined/null into "null" 17 | if (!obj) { 18 | return 'null'; 19 | } 20 | return JSON.stringify(obj, null, 2); 21 | } 22 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/assets/js/poll.js: -------------------------------------------------------------------------------- 1 | function poll(url, refresh) { 2 | setTimeout(function () { 3 | fetch(url, { 4 | method: 'POST' 5 | }).then(response => { 6 | if (response.ok) { 7 | return response.json(); 8 | } else { 9 | console.error('Poll request failed: ', response.statusText); 10 | } 11 | }) 12 | .then(nextStep => { 13 | if (nextStep.poll) { 14 | poll(url, nextStep.poll.refresh); 15 | } else { 16 | window.location.href = nextStep.nextRoute; 17 | } 18 | }); 19 | }, refresh); 20 | } 21 | -------------------------------------------------------------------------------- /test/apps/app/public/protected/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 | 11 | 14 | 15 | -------------------------------------------------------------------------------- /test/e2e/features/.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "plugins": [ 3 | "cucumber" 4 | ], 5 | "rules": { 6 | "cucumber/async-then": 2, 7 | "cucumber/expression-type": 0, 8 | "cucumber/no-restricted-tags": [2, "wip", "broken", "foo"], 9 | "cucumber/no-arrow-functions": 2, 10 | "new-cap": 0, 11 | "@typescript-eslint/no-unused-vars": [ 12 | 2, { 13 | "argsIgnorePattern": "^_", 14 | "varsIgnorePattern": "^_" 15 | } 16 | ], 17 | "no-unused-vars": [ 18 | 2, { 19 | "argsIgnorePattern": "^_", 20 | "varsIgnorePattern": "^_" 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /test/apps/app/public/login/callback/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 | 11 | 14 | 15 | -------------------------------------------------------------------------------- /test/support/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/test.support", 3 | "version": "1.0.0", 4 | "license": "Apache-2.0", 5 | "scripts": { 6 | "lint": "eslint ." 7 | }, 8 | "engines": { 9 | "node": ">=14.0", 10 | "yarn": "^1.7.0" 11 | }, 12 | "dependencies": { 13 | "@peculiar/webcrypto": "^1.1.4", 14 | "atob": "^2.1.2", 15 | "btoa": "^1.2.1", 16 | "cross-fetch": "^3.0.6", 17 | "lodash": "4.17.21", 18 | "promise.allsettled": "^1.0.1", 19 | "tiny-emitter": "1.1.0" 20 | }, 21 | "devDependencies": { 22 | "fishery": "~1.3.1", 23 | "leaked-handles": "^5.2.0" 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /test/apps/app/public/popup/callback/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 | 11 | 14 | 15 | -------------------------------------------------------------------------------- /lib/license-header.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 2 | The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 3 | 4 | You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 5 | Unless required by applicable law or agreed to in writing, software 6 | distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 7 | WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 8 | 9 | See the License for the specific language governing permissions and limitations under the License. 10 | -------------------------------------------------------------------------------- /lib/idx/authenticator/Authenticator.ts: -------------------------------------------------------------------------------- 1 | import { IdxAuthenticator, IdxRemediationValue } from '../types/idx-js'; 2 | 3 | 4 | export interface Credentials { 5 | [key: string]: string | boolean | number | undefined; 6 | } 7 | 8 | export abstract class Authenticator { 9 | meta: IdxAuthenticator; 10 | 11 | constructor(authenticator: IdxAuthenticator) { 12 | this.meta = authenticator; 13 | } 14 | 15 | abstract canVerify(values: Values): boolean; 16 | 17 | abstract mapCredentials(values: Values): Credentials | undefined; 18 | 19 | abstract getInputs(idxRemediationValue: IdxRemediationValue): any; // TODO: add type 20 | } 21 | -------------------------------------------------------------------------------- /test/support/jest/jest.config.unit.js: -------------------------------------------------------------------------------- 1 | const baseConfig = require('./jest.config'); 2 | const config = Object.assign({}, baseConfig, { 3 | 'roots': [ 4 | 'test/spec' 5 | ], 6 | 'testMatch': [ 7 | '**/test/spec/**/*.{js,ts}' 8 | ], 9 | 'setupFiles': [ 10 | '/test/support/nodeExceptions.js', 11 | '/test/support/disableFetch.js', 12 | '/test/support/jest/jest.setup.js' 13 | ], 14 | globals: Object.assign({}, baseConfig.globals, { 15 | 'ts-jest': { 16 | 'tsconfig': '/test/spec/tsconfig.spec.json' 17 | } 18 | }) 19 | }); 20 | 21 | 22 | 23 | module.exports = config; 24 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/util.js: -------------------------------------------------------------------------------- 1 | export function capitalizeFirstLetter(string) { 2 | return string.charAt(0).toUpperCase() + string.slice(1); 3 | } 4 | 5 | export function getMessageVariant(errorClass) { 6 | return { 7 | 'ERROR': 'danger' 8 | }[errorClass]; 9 | } 10 | 11 | // from https://stackoverflow.com/a/2970667 12 | export function camelize(str) { 13 | return str.replace(/(?:^\w|[A-Z]|\b\w|\s+)/g, function(match, index) { 14 | if (+match === 0) { 15 | return ''; // or if (/\s+/.test(match)) for white spaces 16 | } 17 | return index === 0 ? match.toLowerCase() : match.toUpperCase(); 18 | }); 19 | } 20 | -------------------------------------------------------------------------------- /lib/myaccount/transactions/EmailStatusTransaction.ts: -------------------------------------------------------------------------------- 1 | import { EmailProfile, Status } from '../types'; 2 | import BaseTransaction from './Base'; 3 | 4 | export default class EmailStatusTransaction extends BaseTransaction { 5 | id: string; 6 | expiresAt: string; 7 | profile: EmailProfile; 8 | status: Status; 9 | 10 | constructor(oktaAuth, options) { 11 | super(oktaAuth, options); 12 | 13 | const { res } = options; 14 | // assign required fields from res 15 | const { id, profile, expiresAt, status } = res; 16 | this.id = id; 17 | this.expiresAt = expiresAt; 18 | this.profile = profile; 19 | this.status = status; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /samples/test/features/self-service-registration-activation-token.feature: -------------------------------------------------------------------------------- 1 | Feature: Add another Required Attribute to the Profile Enrollment Policy 2 | 3 | Background: 4 | Given an App that assigned to a test group 5 | And a Policy that defines "Profile Enrollment" 6 | And with a Policy Rule that defines "collecting default attributes" 7 | And a user named "Mary" 8 | And she has an account with "staged" state in the org 9 | 10 | Scenario: Mary signs up for an account using activation token 11 | Given Mary opens the Self Service Registration View with activation token 12 | Then she is redirected to the "Select Authenticator" page 13 | -------------------------------------------------------------------------------- /_testenv.yml: -------------------------------------------------------------------------------- 1 | default: 2 | ISSUER: REPLACE_ISSUER 3 | CLIENT_ID: REPLACE_DEFAULT_CLIENT_ID 4 | CLIENT_SECRET: REPLACE_DEFAULT_CLIENT_SECRET 5 | USERNAME: REPLACE_USERNAME 6 | PASSWORD: REPLACE_PASSWORD 7 | A18N_API_KEY: REPLACE_A18N_API_KEY 8 | OKTA_API_KEY: REPLACE_OKTA_API_KEY 9 | Password + Another Factor: 10 | CLIENT_ID: REPLACE_MFA_CLIENT_ID 11 | CLIENT_SECRET: REPLACE_MFA_CLIENT_SECRET 12 | Custom Profile Enrolment Policy: 13 | CLIENT_ID: REPLACE_CUSTOM_CLIENT_ID 14 | CLIENT_SECRET: REPLACE_CUSTOM_CLIENT_SECRET 15 | Password and Google Authenticator Required: 16 | CLIENT_ID: REPLACE_TOTP_CLIENT_ID 17 | CLIENT_SECRET: REPLACE_TOTP_CLIENT_SECRET 18 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | OIE React Test App 10 | 11 | 12 |
13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/CanceledPage.jsx: -------------------------------------------------------------------------------- 1 | import { Heading, Button } from '@okta/odyssey-react'; 2 | import { useHistory } from 'react-router-dom'; 3 | import { useIdxTransaction } from '../contexts'; 4 | 5 | export default function CanceledPage() { 6 | const history = useHistory(); 7 | const { setTransaction } = useIdxTransaction(); 8 | 9 | const handleRestart = () => { 10 | setTransaction(null); 11 | history.replace('/'); 12 | }; 13 | 14 | return ( 15 | <> 16 | Transaction has been canceled! 17 | 18 | 19 | ); 20 | } 21 | -------------------------------------------------------------------------------- /test/apps/tree-shaking/README.md: -------------------------------------------------------------------------------- 1 | # Tree shaking test app 2 | 3 | This app leverages webpack + webpack bundle analyzer to help debug how ES module tree shaking can be supported in okta-auth-js SDK. 4 | 5 | ## Start debugging 6 | 7 | 1. Start the webpack bundle analyzer in watch mode. 8 | ```bash 9 | yarn workspace @okta/tree-shaking start 10 | ``` 11 | 12 | 2. Start `build:esm` task in another terminal session. 13 | ```bash 14 | yarn build:esm --watch 15 | ``` 16 | 17 | 3. Debug with `src/index.js` code change to import/use different SDK submodules, then check bundle analyzer graph. 18 | 19 | 4. Debug with SDK code change, then check bundle analyzer graph. 20 | -------------------------------------------------------------------------------- /test/e2e/specs/mfa.js: -------------------------------------------------------------------------------- 1 | import MFATestApp from '../pageobjects/MFATestApp'; 2 | 3 | const USERNAME = process.env.USERNAME; 4 | const PASSWORD = process.env.PASSWORD; 5 | const SECURITY_QUESTION_ANSWER = process.env.SECURITY_QUESTION_ANSWER; 6 | 7 | describe('MFA', () => { 8 | it('can login direct with password + security question', async () => { 9 | await MFATestApp.open(); 10 | await MFATestApp.startLoginForm(); 11 | await MFATestApp.login(USERNAME, PASSWORD); 12 | await MFATestApp.selectAuthenticator('question'); 13 | await MFATestApp.verifyAnswer(SECURITY_QUESTION_ANSWER); 14 | await MFATestApp.assertUserInfo(); 15 | await MFATestApp.logout(); 16 | }); 17 | }); -------------------------------------------------------------------------------- /scripts/buildtools/license-template: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | -------------------------------------------------------------------------------- /jest.browser.js: -------------------------------------------------------------------------------- 1 | const SDK_VERSION = require('./package.json').version; 2 | const USER_AGENT = 'okta-auth-js/' + SDK_VERSION; 3 | const baseConfig = require('./test/support/jest/jest.config.unit'); 4 | const config = Object.assign({}, baseConfig, { 5 | testEnvironment: 'jsdom', 6 | globals: Object.assign({}, baseConfig.globals, { 7 | USER_AGENT 8 | }), 9 | testPathIgnorePatterns: baseConfig.testPathIgnorePatterns.concat([ 10 | '/test/spec/serverStorage.js', 11 | '/test/spec/features/server' 12 | ]), 13 | moduleNameMapper: Object.assign({}, baseConfig.moduleNameMapper, { 14 | '^./node$': './browser' 15 | }) 16 | }); 17 | 18 | module.exports = config; 19 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | root: true, 3 | settings: { 4 | react: { 5 | pragma: 'React', 6 | version: '17.0.2' 7 | } 8 | }, 9 | env: { 10 | browser: true 11 | }, 12 | globals: { 13 | process: 'readonly' 14 | }, 15 | parserOptions: { 16 | sourceType: 'module', 17 | ecmaVersion: 2020 18 | }, 19 | plugins: [ 20 | 'react', 21 | 'react-hooks' 22 | ], 23 | extends: [ 24 | 'eslint:recommended', 25 | 'plugin:react/recommended', 26 | 'plugin:react-hooks/recommended' 27 | ], 28 | rules: { 29 | 'react/react-in-jsx-scope': 0, 30 | 'react/prop-types': 0 31 | } 32 | }; 33 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/components/InfoBox/InfoBox.jsx: -------------------------------------------------------------------------------- 1 | import { Box, Heading, Icon } from '@okta/odyssey-react'; 2 | 3 | import classes from './InfoBox.module.css'; 4 | 5 | const InfoBox = ({ heading, icon, renderInfo, ...rest }) => { 6 | 7 | return ( 8 | 17 | {heading} 18 | 19 | { renderInfo() } 20 | 21 | 22 | ); 23 | }; 24 | 25 | export default InfoBox; 26 | -------------------------------------------------------------------------------- /samples/templates/partials/spa/authMethod/direct/factors/okta_verify.js: -------------------------------------------------------------------------------- 1 | function showChallengeOktaVerify() { 2 | document.getElementById('mfa-challenge-okta-verify').style.display = 'block'; 3 | document.querySelector('#mfa .header').innerText = 'Okta Verify'; 4 | showSubmitMfa(); 5 | } 6 | 7 | function hideChallengeOktaVerify() { 8 | document.getElementById('mfa-challenge-okta-verify').style.display = 'none'; 9 | } 10 | 11 | {{#if authn}} 12 | function submitChallengeOktaVerify() { 13 | hideMfa(); 14 | const passCode = document.querySelector('#mfa-challenge-okta-verify input[name=passcode]').value; 15 | appState.transaction.verify({ passCode }) 16 | .then(handleTransaction) 17 | .catch(showError); 18 | } 19 | {{/if}} 20 | -------------------------------------------------------------------------------- /samples/templates/react-embedded-auth-with-sdk/env/index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | {{> env.js }} -------------------------------------------------------------------------------- /docs/myaccount/enums/Status.md: -------------------------------------------------------------------------------- 1 | [@okta/okta-auth-js/myaccount](../README.md) / [Exports](../modules.md) / Status 2 | 3 | # Enumeration: Status 4 | 5 | ## Table of contents 6 | 7 | ### Enumeration Members 8 | 9 | - [UNVERIFIED](Status.md#unverified) 10 | - [VERIFIED](Status.md#verified) 11 | 12 | ## Enumeration Members 13 | 14 | ### UNVERIFIED 15 | 16 | • **UNVERIFIED** = ``"UNVERIFIED"`` 17 | 18 | #### Defined in 19 | 20 | [myaccount/types.ts:27](https://github.com/okta/okta-auth-js/blob/master/lib/myaccount/types.ts#L27) 21 | 22 | ___ 23 | 24 | ### VERIFIED 25 | 26 | • **VERIFIED** = ``"VERIFIED"`` 27 | 28 | #### Defined in 29 | 30 | [myaccount/types.ts:26](https://github.com/okta/okta-auth-js/blob/master/lib/myaccount/types.ts#L26) 31 | -------------------------------------------------------------------------------- /samples/templates/express-embedded-auth-with-sdk/env/index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | {{> env.js }} -------------------------------------------------------------------------------- /samples/templates/express-embedded-sign-in-widget/env/index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | {{> env.js }} -------------------------------------------------------------------------------- /docs/myaccount/enums/EmailRole.md: -------------------------------------------------------------------------------- 1 | [@okta/okta-auth-js/myaccount](../README.md) / [Exports](../modules.md) / EmailRole 2 | 3 | # Enumeration: EmailRole 4 | 5 | ## Table of contents 6 | 7 | ### Enumeration Members 8 | 9 | - [PRIMARY](EmailRole.md#primary) 10 | - [SECONDARY](EmailRole.md#secondary) 11 | 12 | ## Enumeration Members 13 | 14 | ### PRIMARY 15 | 16 | • **PRIMARY** = ``"PRIMARY"`` 17 | 18 | #### Defined in 19 | 20 | [myaccount/types.ts:21](https://github.com/okta/okta-auth-js/blob/master/lib/myaccount/types.ts#L21) 21 | 22 | ___ 23 | 24 | ### SECONDARY 25 | 26 | • **SECONDARY** = ``"SECONDARY"`` 27 | 28 | #### Defined in 29 | 30 | [myaccount/types.ts:22](https://github.com/okta/okta-auth-js/blob/master/lib/myaccount/types.ts#L22) 31 | -------------------------------------------------------------------------------- /test/support/idx/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './factories'; 15 | export * from './util'; -------------------------------------------------------------------------------- /samples/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "private": true, 6 | "license": "Apache-2.0", 7 | "scripts": { 8 | "clean": "gulp clean", 9 | "build": "gulp", 10 | "dev": "gulp watch", 11 | "test": "yarn workspace @okta/test.e2e.samples start" 12 | }, 13 | "devDependencies": { 14 | "gulp": "^5.0.0", 15 | "gulp-clean": "^0.4.0", 16 | "gulp-cli": "^2.3.0", 17 | "gulp-compile-handlebars": "^0.6.1", 18 | "gulp-handlebars": "^5.0.2", 19 | "gulp-rename": "^2.0.0", 20 | "handlebars": "^4.7.6", 21 | "merge-stream": "^2.0.0", 22 | "shelljs": "0.8.5", 23 | "through2": "^4.0.2", 24 | "yargs": "^16.0.3" 25 | }, 26 | "dependencies": {} 27 | } 28 | -------------------------------------------------------------------------------- /test/apps/react-mfa-v1/.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files/ for more about ignoring files. 2 | 3 | # dependencies 4 | /node_modules 5 | /.pnp 6 | .pnp.js 7 | 8 | # testing 9 | /coverage 10 | 11 | # production 12 | /build 13 | /dist 14 | 15 | # misc 16 | .DS_Store 17 | .env.local 18 | .env.development.local 19 | .env.test.local 20 | .env.production.local 21 | 22 | # Logs 23 | logs 24 | *.log 25 | 26 | npm-debug.log* 27 | yarn-debug.log* 28 | yarn-error.log* 29 | pnpm-debug.log* 30 | lerna-debug.log* 31 | 32 | node_modules 33 | dist 34 | dist-ssr 35 | *.local 36 | 37 | # Editor directories and files 38 | .vscode/* 39 | !.vscode/extensions.json 40 | .idea 41 | .DS_Store 42 | *.suo 43 | *.ntvs* 44 | *.njsproj 45 | *.sln 46 | *.sw? 47 | -------------------------------------------------------------------------------- /test/spec/idx/idxState/mocks/terminal-return-email.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "1.0.0", 3 | "stateHandle": "01OCl7uyAUC4CUqHsObI9bvFiq01cRFgbnpJQ1bz82", 4 | "terminal" : { 5 | "type" : "object", 6 | "value" : { 7 | "name" : "terminal-return", 8 | "message" : { 9 | "message" : "To finish signing in, return to the screen where you requested the email link.", 10 | "i18n" : { 11 | "key" : "idx.session.expired", 12 | "params" : [] 13 | } 14 | } 15 | } 16 | }, 17 | "factor": { 18 | "type": "object", 19 | "value": { 20 | "factorType": "email", 21 | "provider": "okta", 22 | "profile": { 23 | "email": "o*****m@abbott.dev" 24 | } 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /lib/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | extends: ["plugin:compat/recommended"], 3 | env: { 4 | browser: false, 5 | node: false 6 | }, 7 | settings: { 8 | polyfills: [ 9 | "Promise", 10 | "Array.from", 11 | "TextEncoder", 12 | "Object.assign" 13 | ] 14 | }, 15 | parserOptions: { 16 | sourceType: "module", 17 | ecmaVersion: 2020 18 | }, 19 | rules: { 20 | "node/no-unsupported-features/es-syntax": 0, 21 | "@typescript-eslint/no-non-null-assertion": 0, 22 | "@typescript-eslint/no-unused-vars": [ 23 | "error", 24 | { 25 | argsIgnorePattern: "^_" 26 | } 27 | ], 28 | // duplicates with @typescript-eslint/no-unused-vars 29 | "no-unused-vars": "off" 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /samples/templates/partials/spa/authMethod/direct/factors/email.js: -------------------------------------------------------------------------------- 1 | function showChallengeEmail() { 2 | document.getElementById('mfa-challenge-email').style.display = 'block'; 3 | showSubmitMfa(); 4 | } 5 | 6 | function hideChallengeEmail() { 7 | document.getElementById('mfa-challenge-email').style.display = 'none'; 8 | document.querySelector('#mfa-challenge-email input[name=passcode]').value = ''; 9 | } 10 | 11 | function submitChallengeEmail() { 12 | const passCode = document.querySelector('#mfa-challenge-email input[name=passcode]').value; 13 | hideMfa(); 14 | 15 | // IDX 16 | // email can be used for authentication or recovery 17 | authClient.idx.proceed({ verificationCode: passCode }) 18 | .then(handleTransaction) 19 | .catch(showError); 20 | } 21 | -------------------------------------------------------------------------------- /samples/test/support/management-api/addAppToPolicy.ts: -------------------------------------------------------------------------------- 1 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 2 | 3 | type Options = { 4 | policyId: string; 5 | appId: string; 6 | } 7 | 8 | export default async function(config: OktaClientConfig, options: Options) { 9 | const oktaClient = getOktaClient(config); 10 | const { appId, policyId } = options; 11 | try { 12 | let policy = await oktaClient.getPolicy(policyId); 13 | let assignAppToPolicyUrl = `${oktaClient.baseUrl}/api/v1/apps/${appId}/policies/${policyId}`; 14 | await oktaClient.http.put(assignAppToPolicyUrl); 15 | return policy; 16 | } catch (err) { 17 | console.warn('Unable to create policy-to-app mapping.', policyId, appId); 18 | throw err; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /test/support/xhr/empty.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 204, 16 | "response": null 17 | }; 18 | -------------------------------------------------------------------------------- /lib/crypto/webcrypto.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | // ./node is swapped for ./browser in webpack config 15 | export * from './node'; -------------------------------------------------------------------------------- /samples/test/support/management-api/addAppToGroup.ts: -------------------------------------------------------------------------------- 1 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 2 | 3 | type Options = { 4 | appId: string; 5 | groupId?: string; 6 | groupName?: string ; 7 | }; 8 | 9 | export default async function(config: OktaClientConfig, { 10 | appId, 11 | groupId = '', 12 | groupName 13 | }: Options) { 14 | const oktaClient = getOktaClient(config); 15 | if (groupName) { 16 | const { value: group } = await oktaClient.listGroups({ 17 | q: groupName 18 | }).next(); 19 | if (!group) { 20 | throw new Error(`Group cannot be found with name ${groupName}`); 21 | } 22 | groupId = group.id; 23 | } 24 | 25 | await oktaClient.createApplicationGroupAssignment(appId, groupId); 26 | } 27 | -------------------------------------------------------------------------------- /lib/core/ServiceManager/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | // ./node is swapped for ./browser in webpack config 15 | export * from './node'; -------------------------------------------------------------------------------- /samples/test/features/social-idp-with-widget.feature: -------------------------------------------------------------------------------- 1 | Feature: Direct Auth with Self Hosted Sign In Widget Social Login with 1 Social IDP 2 | 3 | Background: 4 | Given an App that assigned to a test group 5 | And the app is assigned to "Everyone" group 6 | And a Policy that defines "Authentication" 7 | And with a Policy Rule that defines "Password as the only factor" 8 | And a predefined user named Mary with an account in the org 9 | 10 | Scenario: Mary Logs in with Okta OIDC IDP 11 | When she clicks the "login" button 12 | Then she is redirected to the "Embedded Widget" page 13 | When she clicks the "Login with Okta OIDC IDP" button in the embedded Sign In Widget 14 | And logs in to Okta OIDC IDP 15 | Then she is redirected to the "Root" page 16 | -------------------------------------------------------------------------------- /docs/myaccount/enums/PasswordStatus.md: -------------------------------------------------------------------------------- 1 | [@okta/okta-auth-js/myaccount](../README.md) / [Exports](../modules.md) / PasswordStatus 2 | 3 | # Enumeration: PasswordStatus 4 | 5 | ## Table of contents 6 | 7 | ### Enumeration Members 8 | 9 | - [ACTIVE](PasswordStatus.md#active) 10 | - [NOT\_ENROLLED](PasswordStatus.md#not_enrolled) 11 | 12 | ## Enumeration Members 13 | 14 | ### ACTIVE 15 | 16 | • **ACTIVE** = ``"ACTIVE"`` 17 | 18 | #### Defined in 19 | 20 | [myaccount/types.ts:32](https://github.com/okta/okta-auth-js/blob/master/lib/myaccount/types.ts#L32) 21 | 22 | ___ 23 | 24 | ### NOT\_ENROLLED 25 | 26 | • **NOT\_ENROLLED** = ``"NOT_ENROLLED"`` 27 | 28 | #### Defined in 29 | 30 | [myaccount/types.ts:31](https://github.com/okta/okta-auth-js/blob/master/lib/myaccount/types.ts#L31) 31 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples.express-embedded-auth-with-sdk", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "engines": { 7 | "node": ">=14.0.0" 8 | }, 9 | "scripts": { 10 | "start": "node ./web-server/server.js", 11 | "dev": "nodemon ./web-server/server.js --watch web-server ../../../build/cjs" 12 | }, 13 | "dependencies": { 14 | "express": "^4.17.1", 15 | "express-session": "^1.17.1", 16 | "mustache-express": "^1.3.0", 17 | "cors": "^2.8.5", 18 | "js-yaml": "^4.1.0", 19 | "dotenv": "^10.0.0", 20 | "@okta/okta-auth-js": "*" 21 | }, 22 | "devDependencies": { 23 | "nodemon": "^2.0.19", 24 | "concurrently": "^6.0.1" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /samples/test/support/management-api/util/getOktaClient.ts: -------------------------------------------------------------------------------- 1 | import { Client } from '@okta/okta-sdk-nodejs'; 2 | 3 | export type OktaClientConfig = { 4 | issuer?: string; 5 | oktaAPIKey?: string; 6 | scopes?: string[]; 7 | clientId?: string; 8 | } 9 | 10 | export default function getOktaClient(config: OktaClientConfig) { 11 | const { issuer, oktaAPIKey, ...rest } = config; 12 | if (!issuer || !oktaAPIKey) { 13 | throw new Error('Missing required env vars to initial OktaClient'); 14 | } 15 | 16 | const orgUrl = issuer.indexOf('/oauth2') > 0 17 | ? issuer.substring(0, issuer.indexOf('/oauth2')) 18 | : issuer; 19 | const oktaClient = new Client({ 20 | orgUrl, 21 | token: oktaAPIKey, 22 | ...rest 23 | }); 24 | 25 | return oktaClient; 26 | } 27 | -------------------------------------------------------------------------------- /lib/oidc/endpoints/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './authorize'; 15 | export * from './token'; 16 | export * from './well-known'; 17 | -------------------------------------------------------------------------------- /samples/generated/react-embedded-auth-with-sdk/src/config.js: -------------------------------------------------------------------------------- 1 | const CLIENT_ID = process.env.SPA_CLIENT_ID || process.env.CLIENT_ID || '{clientId}'; 2 | const ISSUER = process.env.ISSUER || 'https://{yourOktaDomain}.com/oauth2/default'; 3 | const REDIRECT_URI = `${window.location.origin}/login/callback`; 4 | 5 | export default { 6 | clientId: CLIENT_ID, 7 | issuer: ISSUER, 8 | redirectUri: REDIRECT_URI, 9 | scopes: [ 10 | 'openid', 11 | 'profile', 12 | 'email', 13 | 'offline_access', 14 | 'okta.myAccount.profile.read', 15 | 'okta.myAccount.profile.manage', 16 | 'okta.myAccount.email.manage', 17 | 'okta.myAccount.phone.manage', 18 | // 'okta.myAccount.password.read', 19 | // 'okta.myAccount.password.manage', 20 | ], 21 | pkce: true 22 | }; 23 | -------------------------------------------------------------------------------- /lib/idx/idxState/v1/parsers.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { makeIdxState } from './makeIdxState'; 14 | 15 | export default { 16 | makeIdxState, 17 | }; 18 | -------------------------------------------------------------------------------- /test/e2e/features/step-definitions/before.ts: -------------------------------------------------------------------------------- 1 | import { Before } from '@wdio/cucumber-framework'; 2 | import ActionContext from '../../../../samples/test/support/context'; 3 | 4 | Before('@smstest', function () { 5 | if (process.env.SKIP_SMS === 'true') { 6 | return 'skipped'; 7 | } 8 | }); 9 | 10 | Before(function (this: ActionContext, scenario: any) { 11 | this.featureName = scenario?.gherkinDocument?.feature?.name; 12 | this.scenarioName = scenario?.pickle?.name; 13 | }); 14 | 15 | // Extend the hook timeout to fight against org rate limit 16 | Before({ timeout: 3 * 60 * 10000 }, async function(this: ActionContext) { 17 | this.config = { 18 | a18nAPIKey: process.env.A18N_API_KEY, 19 | issuer: process.env.ISSUER, 20 | oktaAPIKey: process.env.OKTA_API_KEY 21 | }; 22 | }); 23 | -------------------------------------------------------------------------------- /babel.cjs.js: -------------------------------------------------------------------------------- 1 | const sdkVersion = require('./package.json').version; 2 | module.exports = { 3 | sourceMaps: true, 4 | 'presets': [ 5 | '@babel/typescript', 6 | [ 7 | '@babel/preset-env', { 8 | 'targets': { 9 | 'node': true 10 | }, 11 | 'modules': 'commonjs' 12 | } 13 | ]], 14 | 'plugins': [ 15 | '@babel/plugin-transform-typescript', 16 | '@babel/plugin-proposal-class-properties', 17 | // https://babeljs.io/docs/en/babel-plugin-transform-runtime#corejs 18 | '@babel/plugin-transform-runtime', 19 | ['@babel/plugin-transform-modules-commonjs', { 20 | 'strict': true, 21 | 'noInterop': false 22 | }], 23 | 'add-module-exports', 24 | ['inline-replace-variables', { 25 | 'SDK_VERSION': sdkVersion 26 | }] 27 | ] 28 | }; -------------------------------------------------------------------------------- /test/support/xhr/error-network.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 0, 16 | "responseType": "json", 17 | "response": '' 18 | }; 19 | -------------------------------------------------------------------------------- /lib/myaccount/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './api'; 15 | export * from './factory'; 16 | export * from './mixin'; 17 | export * from './types'; 18 | -------------------------------------------------------------------------------- /samples/test/support/action/enterValidPassword.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | export default async () => { 14 | await (await $('#password')).setValue('_H|/nt3r_2_'); 15 | }; 16 | -------------------------------------------------------------------------------- /samples/test/support/selectors/Nav.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | class Nav { 15 | get returnHome() { return $('#return-home'); } 16 | } 17 | 18 | export default new Nav(); 19 | -------------------------------------------------------------------------------- /samples/test/support/action/confirmValidPassword.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | export default async () => { 14 | await (await $('#confirm-password')).setValue(`_H|/nt3r_2_`); 15 | }; 16 | -------------------------------------------------------------------------------- /scripts/verify-package.js: -------------------------------------------------------------------------------- 1 | function verifyWidgetVersion() { 2 | if (/^d16t-okta-signin-widget-.*/.test(process.env.BRANCH)) { 3 | console.log('Skipping verification of okta-signin-widget version for downstream artifact build'); 4 | return; 5 | } 6 | 7 | const version = require('../node_modules/@okta/okta-signin-widget/package.json').version; 8 | const regex = /^(\d)+\.(\d)+\.(\d)+$/; 9 | if (regex.test(version) !== true) { 10 | throw new Error(`Invalid/beta version for okta-signin-widget: ${version}`); 11 | } 12 | console.log(`okta-signin-widget version is valid: ${version}`); 13 | } 14 | 15 | try { 16 | verifyWidgetVersion(); 17 | console.log('verify-package finished successfully'); 18 | } catch (e) { 19 | console.error(e); 20 | // eslint-disable-next-line no-process-exit 21 | process.exit(1); 22 | } 23 | -------------------------------------------------------------------------------- /test/support/xhr/cancel.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 200, 16 | "responseType": "json", 17 | "response": { 18 | "relayState": "" 19 | } 20 | }; 21 | -------------------------------------------------------------------------------- /lib/idx/flow/RemediationFlow.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { RemediatorConstructor } from '../remediators'; 15 | 16 | export type RemediationFlow = Record; 17 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/middlewares/oidcConfig.js: -------------------------------------------------------------------------------- 1 | const getConfig = require('../../config.js'); 2 | 3 | module.exports = function oidcConfig(req, res, next) { 4 | const { issuer, clientId, clientSecret } = req.query; 5 | const { oidc: defaultConfig } = getConfig().webServer; 6 | 7 | // store for auth client initialization 8 | req.session.oidcConfig = { 9 | ...(req.session.oidcConfig || defaultConfig), 10 | ...(issuer && { issuer }), 11 | ...(clientId && { clientId }), 12 | ...(clientSecret && { clientSecret }), 13 | }; 14 | 15 | // store for display purpose 16 | const cs = req.session.oidcConfig.clientSecret; 17 | req.app.locals.oidcConfig = { 18 | ...req.session.oidcConfig, 19 | clientSecret: '****' + cs.substr(cs.length - 4, 4) 20 | }; 21 | 22 | next(); 23 | }; 24 | -------------------------------------------------------------------------------- /lib/crypto/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './base64'; 15 | export * from './oidcHash'; 16 | export * from './types'; 17 | export * from './verifyToken'; 18 | export * from './webcrypto'; 19 | -------------------------------------------------------------------------------- /samples/templates/static-spa/public/app.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | // @ts-nocheck 15 | /* global OktaAuth {{#if signinWidget}}, OktaSignIn{{/if}} */ 16 | 17 | 'use strict'; 18 | 19 | {{> spa/app.js }} 20 | -------------------------------------------------------------------------------- /samples/test/support/management-api/updateAppOAuthClient.ts: -------------------------------------------------------------------------------- 1 | import { Application } from '@okta/okta-sdk-nodejs'; 2 | import getOktaClient, { OktaClientConfig } from './util/getOktaClient'; 3 | 4 | type Options = { 5 | app: Application; 6 | settings: Record; 7 | } 8 | 9 | export default async function(config: OktaClientConfig, options: Options) { 10 | const oktaClient = getOktaClient(config); 11 | 12 | const { app, settings } = options; 13 | const url = `${oktaClient.baseUrl}/api/v1/internal/apps/${app.id}/settings/oidc`; 14 | const body = { 15 | ...(app.settings as any).oauthClient, 16 | ...settings, 17 | label: app.label 18 | }; 19 | // eslint-disable-next-line @typescript-eslint/ban-ts-comment 20 | // @ts-ignore 21 | const res = await oktaClient.http.postJson(url, { body }); 22 | return res; 23 | } 24 | -------------------------------------------------------------------------------- /samples/test/support/wait/waitForOneSecond.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export default async () => 15 | await browser.waitUntil(() => new Promise(resolve => setTimeout(resolve.bind(this, true), 1000))); 16 | -------------------------------------------------------------------------------- /test/apps/verify-entries/README.md: -------------------------------------------------------------------------------- 1 | @okta/test.apps.verify-entries 2 | 3 | Test app to verify bundle size from different entries 4 | 5 | ## How it works 6 | 7 | The base of this app is generated with `vite` (vanilla ts) to provide a quick way to bundle SPA with different @okta/okta-auth-js entries, like idx, authn. 8 | 9 | Each entry is imported from a minimum `{entryName}.ts` file under `src` dir, which is included in `{entryName}.html` to build the SPA bundle. By running `yarn build:{entryName}` script, a `stats.{entry}.html` will be generated under `dist` dir to visualize and analyze your entry specific SPA bundle. 10 | 11 | ## Scripts 12 | 13 | ### Under root dir of monorepo 14 | 15 | ```sh 16 | yarn workspace @okta/test.apps.verify-entries build:{entry} 17 | ``` 18 | 19 | ### Under test app dir 20 | 21 | ```sh 22 | yarn build:{entry} 23 | ``` 24 | -------------------------------------------------------------------------------- /test/types/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "module": "esnext", 4 | "lib": [ 5 | "es6", "DOM" 6 | ], 7 | "noEmit": true, 8 | "strict": true, 9 | "alwaysStrict": true, 10 | "noUnusedParameters": false, 11 | "noImplicitReturns": true, 12 | "noFallthroughCasesInSwitch": true, 13 | "allowJs": false, 14 | "allowSyntheticDefaultImports": true, 15 | "esModuleInterop": true, 16 | "isolatedModules": false, 17 | "moduleResolution": "node", 18 | "target": "es2017", 19 | "baseUrl": ".", 20 | "paths": { 21 | "@okta/okta-auth-js": [ 22 | "../../build/types/lib/exports/default.d.ts" 23 | ], 24 | "@okta/okta-auth-js/*": [ 25 | "../../build/types/lib/exports/*.d.ts" 26 | ] 27 | } 28 | }, 29 | "include": [ 30 | "*.test-d.ts" 31 | ] 32 | } -------------------------------------------------------------------------------- /lib/services/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './AutoRenewService'; 15 | export * from './SyncStorageService'; 16 | export * from './LeaderElectionService'; 17 | export * from './RenewOnTabActivationService'; 18 | -------------------------------------------------------------------------------- /samples/generated/webpack-spa/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | 'extends': [ 3 | 'eslint:recommended' 4 | ], 5 | 'env': { 6 | 'browser': true, 7 | 'node': false 8 | }, 9 | 'parserOptions': { 10 | 'sourceType': 'module', 11 | 'ecmaVersion': 2020 12 | }, 13 | 'overrides': [ 14 | { 15 | 'files': [ 16 | '*.js' 17 | ], 18 | 'rules': { 19 | '@typescript-eslint/explicit-function-return-type': 0, 20 | '@typescript-eslint/no-var-requires': 0 21 | } 22 | } 23 | ], 24 | 'rules': { 25 | 'node/no-unsupported-features/es-syntax': 0, 26 | 'node/no-unsupported-features/node-builtins': 0, 27 | 'node/no-extraneous-require': ['error', { 28 | 'allowModules': [ 29 | '@okta/okta-auth-js' 30 | ] 31 | }], 32 | 'semi': 2, 33 | 'eol-last': 2 34 | } 35 | }; 36 | -------------------------------------------------------------------------------- /samples/templates/webpack-spa/.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | 'extends': [ 3 | 'eslint:recommended' 4 | ], 5 | 'env': { 6 | 'browser': true, 7 | 'node': false 8 | }, 9 | 'parserOptions': { 10 | 'sourceType': 'module', 11 | 'ecmaVersion': 2020 12 | }, 13 | 'overrides': [ 14 | { 15 | 'files': [ 16 | '*.js' 17 | ], 18 | 'rules': { 19 | '@typescript-eslint/explicit-function-return-type': 0, 20 | '@typescript-eslint/no-var-requires': 0 21 | } 22 | } 23 | ], 24 | 'rules': { 25 | 'node/no-unsupported-features/es-syntax': 0, 26 | 'node/no-unsupported-features/node-builtins': 0, 27 | 'node/no-extraneous-require': ['error', { 28 | 'allowModules': [ 29 | '@okta/okta-auth-js' 30 | ] 31 | }], 32 | 'semi': 2, 33 | 'eol-last': 2 34 | } 35 | }; 36 | -------------------------------------------------------------------------------- /samples/test/features/social-login-mfa.feature: -------------------------------------------------------------------------------- 1 | Feature: Direct Auth Social Login with MFA 2 | 3 | Background: 4 | Given an App that assigned to a test group 5 | And a Policy that defines "Authentication" 6 | And with a Policy Rule that defines "Password + Another Factor" 7 | And a user named "Mary" 8 | And she has an account with "active" state in the org 9 | 10 | Scenario: Mary logs in with a Okta OIDC IDP and gets an error message 11 | When she clicks the "login" button 12 | Then she is redirected to the "Login" page 13 | When she clicks the Login with Okta OIDC IDP button 14 | And logs in to Okta OIDC IDP 15 | # And the remediation returns "MFA_REQUIRED" 16 | # Then she should see an error message "Multifactor Authentication and Social Identity Providers is not currently supported, Authentication failed." 17 | -------------------------------------------------------------------------------- /lib/util/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './console'; 15 | export * from './misc'; 16 | export * from './object'; 17 | export * from './PromiseQueue'; 18 | export * from './types'; 19 | export * from './url'; 20 | -------------------------------------------------------------------------------- /samples/templates/webpack-spa/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "{{ name }}", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "prepare": "yarn build", 8 | "build": "webpack", 9 | "start": "webpack serve", 10 | "test": "echo \"Error: no test specified\" && exit 1" 11 | }, 12 | "dependencies": { 13 | "@okta/okta-auth-js": "*", 14 | "@okta/okta-signin-widget": "^{{ siwVersion }}" 15 | }, 16 | "devDependencies": { 17 | "@babel/core": "^7.8.0", 18 | "@babel/plugin-transform-runtime": "^7.8.3", 19 | "@babel/preset-env": "^7.8.2", 20 | "babel-loader": "^9.1.2", 21 | "express": "^4.17.1", 22 | "source-map-loader": "^4.0.1", 23 | "webpack": "^5.78.0", 24 | "webpack-cli": "^4.10.0", 25 | "webpack-dev-middleware": "^3.7.2", 26 | "webpack-dev-server": "^4.9.2" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /lib/myaccount/api.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | // exports all public methods from myaccount module 15 | 16 | export * from './profileApi'; 17 | export * from './emailApi'; 18 | export * from './phoneApi'; 19 | export * from './passwordApi'; -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples.express-embedded-sign-in-widget", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "engines": { 7 | "node": ">=14.0.0" 8 | }, 9 | "scripts": { 10 | "start": "SIW_VERSION=${SIW_VERSION-7.2.1} node ./web-server/server.js", 11 | "dev": "SIW_VERSION=${SIW_VERSION-7.2.1} nodemon ./web-server/server.js --watch ../../../build/cjs" 12 | }, 13 | "dependencies": { 14 | "express": "^4.17.1", 15 | "express-session": "^1.17.1", 16 | "mustache-express": "^1.3.0", 17 | "cors": "^2.8.5", 18 | "js-yaml": "^4.1.0", 19 | "dotenv": "^10.0.0", 20 | "@okta/okta-auth-js": "*", 21 | "@okta/okta-signin-widget": "^7.2.1" 22 | }, 23 | "devDependencies": { 24 | "nodemon": "^2.0.19", 25 | "concurrently": "^6.0.1" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /samples/generated/webpack-spa/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/samples.webpack-spa", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "prepare": "yarn build", 8 | "build": "webpack", 9 | "start": "webpack serve", 10 | "test": "echo \"Error: no test specified\" && exit 1" 11 | }, 12 | "dependencies": { 13 | "@okta/okta-auth-js": "*", 14 | "@okta/okta-signin-widget": "^7.2.1" 15 | }, 16 | "devDependencies": { 17 | "@babel/core": "^7.8.0", 18 | "@babel/plugin-transform-runtime": "^7.8.3", 19 | "@babel/preset-env": "^7.8.2", 20 | "babel-loader": "^9.1.2", 21 | "express": "^4.17.1", 22 | "source-map-loader": "^4.0.1", 23 | "webpack": "^5.78.0", 24 | "webpack-cli": "^4.10.0", 25 | "webpack-dev-middleware": "^3.7.2", 26 | "webpack-dev-server": "^4.9.2" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /samples/templates/webpack-spa/src/index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import '@okta/okta-auth-js/polyfill'; 15 | import { OktaAuth } from '@okta/okta-auth-js'; 16 | import OktaSignIn from '@okta/okta-signin-widget'; 17 | 18 | {{> spa/app.js }} -------------------------------------------------------------------------------- /samples/test/support/selectors/Unauth.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | 15 | class Unauth { 16 | get body() { return 'body.unauth'; } 17 | get loginRedirect() { return '#login-redirect'; } 18 | } 19 | 20 | export default new Unauth(); 21 | -------------------------------------------------------------------------------- /samples/test/support/action/pressButton.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | /** 15 | * Perform a key press 16 | * @param {String} key The key to press 17 | */ 18 | export default (key: string | string[]) => { 19 | browser.keys(key); 20 | }; 21 | -------------------------------------------------------------------------------- /samples/test/support/action/skipForm.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import SelectAuthenticator from '../selectors/SelectAuthenticator'; 15 | 16 | export default async function () { 17 | await (await $(SelectAuthenticator.skip)).click(); 18 | } -------------------------------------------------------------------------------- /test/apps/verify-entries/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@okta/test.apps.verify-entries", 3 | "private": true, 4 | "version": "0.0.0", 5 | "engines": { 6 | "node": ">=12.0" 7 | }, 8 | "scripts": { 9 | "build:idx": "tsc && vite build --config vite.idx.config.js", 10 | "dev:idx": "tsc && vite dev --config vite.idx.config.js", 11 | "build:authn": "tsc && vite build --config vite.authn.config.js", 12 | "dev:authn": "tsc && vite dev --config vite.authn.config.js", 13 | "build:default": "tsc && vite build --config vite.default.config.js", 14 | "dev:default": "tsc && vite dev --config vite.default.config.js" 15 | }, 16 | "dependencies": { 17 | "@okta/okta-auth-js": "*" 18 | }, 19 | "devDependencies": { 20 | "typescript": "^4.7.3", 21 | "vite": "^2.9.2", 22 | "rollup-plugin-visualizer": "~5.5.4", 23 | "@okta/env": "*" 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /scripts/buildtools/maintain-banners.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | const globby = require('globby'); 3 | const path = require('path'); 4 | 5 | const bannerSourcePath = path.join(__dirname, 'license-template'); 6 | // eslint-disable-next-line max-len 7 | const files = globby.sync(path.join(__dirname, '../..','{lib/**/*.{js,ts},polyfill/**/*.{js,ts},test/**/*.{js,ts},samples/generated/**/*.{js,ts},build/dist/*.js,env/**/*.{js,ts}}')); 8 | const bannerSource = fs.readFileSync(bannerSourcePath).toString(); 9 | const copyrightRegex = /(Copyright \(c\) )([0-9]+)-?([0-9]+)?/; 10 | 11 | files.forEach(file => { 12 | if (file.includes('node_modules')) { 13 | return; 14 | } 15 | 16 | const contents = fs.readFileSync(file).toString(); 17 | const match = contents.match(copyrightRegex); 18 | if (!match) { 19 | return fs.writeFileSync(file, bannerSource + '\n\n' + contents); 20 | } 21 | }); 22 | -------------------------------------------------------------------------------- /test/apps/app/src/constants.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | const MOUNT_PATH = '/'; 15 | const LOGIN_CALLBACK_PATH = '/login/callback'; 16 | const STORAGE_KEY = 'okta-auth-js-test-app'; 17 | 18 | export { MOUNT_PATH, LOGIN_CALLBACK_PATH, STORAGE_KEY }; 19 | -------------------------------------------------------------------------------- /test/apps/app/src/webpackEntry.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | /* entry point for SPA application */ 15 | 16 | // polyfill for IE 11 17 | import '@okta/okta-auth-js/polyfill'; 18 | 19 | // add testApp functions to global "window" 20 | import './window'; 21 | -------------------------------------------------------------------------------- /typedoc.js: -------------------------------------------------------------------------------- 1 | // https://typedoc.org/guides/installation/#node-module 2 | const TypeDoc = require('typedoc'); 3 | 4 | // This script currently only generate docs for myaccount module 5 | (async () => { 6 | const app = new TypeDoc.Application(); 7 | 8 | app.options.addReader(new TypeDoc.TSConfigReader()); 9 | 10 | app.bootstrap({ 11 | // typedoc options here 12 | entryPoints: [ 13 | 'lib/myaccount/index.ts', 14 | ], 15 | name: '@okta/okta-auth-js/myaccount', 16 | readme: 'lib/myaccount/README.md', 17 | githubPages: false, 18 | treatWarningsAsErrors: true, 19 | gitRevision: 'master' 20 | }); 21 | 22 | const project = app.convert(); 23 | if (project) { 24 | // Project may not have converted correctly 25 | const outputDir = 'docs/myaccount'; 26 | 27 | // Rendered docs 28 | await app.generateDocs(project, outputDir); 29 | } 30 | })(); 31 | -------------------------------------------------------------------------------- /lib/oidc/types/TransactionManager.ts: -------------------------------------------------------------------------------- 1 | import { OAuthTransactionMeta, TransactionMetaOptions } from './meta'; 2 | import { TransactionManagerOptions, TransactionMeta } from './Transaction'; 3 | 4 | export interface ClearTransactionMetaOptions extends TransactionMetaOptions { 5 | clearSharedStorage?: boolean; // true by default 6 | clearIdxResponse?: boolean; // true by default 7 | } 8 | 9 | export interface TransactionManagerInterface { 10 | clear(options?: ClearTransactionMetaOptions); 11 | save(meta: OAuthTransactionMeta, options?: TransactionMetaOptions); 12 | exists(options?: TransactionMetaOptions); 13 | load(options?: TransactionMetaOptions): TransactionMeta | null 14 | } 15 | 16 | 17 | export interface TransactionManagerConstructor 18 | < 19 | TM extends TransactionManagerInterface = TransactionManagerInterface 20 | > 21 | { 22 | new (options: TransactionManagerOptions): TM; 23 | } 24 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/utils/sendJson.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = function sendJson(_req, res, data) { 15 | res.header('Content-Type', 'application/json'); 16 | res.send(JSON.stringify(data)); 17 | }; 18 | -------------------------------------------------------------------------------- /lib/oidc/util/enrollAuthenticatorMeta.ts: -------------------------------------------------------------------------------- 1 | /* eslint-disable @typescript-eslint/no-non-null-assertion */ 2 | import { OAuthTransactionMeta, OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types'; 3 | import { getOAuthUrls } from './oauth'; 4 | 5 | export function createEnrollAuthenticatorMeta( 6 | sdk: OktaAuthOAuthInterface, 7 | params: EnrollAuthenticatorOptions 8 | ): OAuthTransactionMeta { 9 | const issuer = sdk.options.issuer!; 10 | const urls = getOAuthUrls(sdk, params); 11 | const oauthMeta: OAuthTransactionMeta = { 12 | issuer, 13 | urls, 14 | clientId: params.clientId!, 15 | redirectUri: params.redirectUri!, 16 | responseType: params.responseType!, 17 | responseMode: params.responseMode!, 18 | state: params.state!, 19 | acrValues: params.acrValues, 20 | enrollAmrValues: params.enrollAmrValues, 21 | }; 22 | 23 | return oauthMeta; 24 | } 25 | -------------------------------------------------------------------------------- /samples/templates/express-embedded-sign-in-widget/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "{{ name }}", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "engines": { 7 | "node": ">=14.0.0" 8 | }, 9 | "scripts": { 10 | "start": "SIW_VERSION=${SIW_VERSION-{{ siwVersion }}{{append '}'}} node ./web-server/server.js", 11 | "dev": "SIW_VERSION=${SIW_VERSION-{{ siwVersion }}{{append '}'}} nodemon ./web-server/server.js --watch ../../../build/cjs" 12 | }, 13 | "dependencies": { 14 | "express": "^4.17.1", 15 | "express-session": "^1.17.1", 16 | "mustache-express": "^1.3.0", 17 | "cors": "^2.8.5", 18 | "js-yaml": "^4.1.0", 19 | "dotenv": "^10.0.0", 20 | "@okta/okta-auth-js": "*", 21 | "@okta/okta-signin-widget": "^{{ siwVersion }}" 22 | }, 23 | "devDependencies": { 24 | "nodemon": "^2.0.19", 25 | "concurrently": "^6.0.1" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /samples/test/support/management-api/deleteUser.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | 15 | import { User } from '@okta/okta-sdk-nodejs'; 16 | 17 | export default async function(user: User): Promise { 18 | await user.deactivate(); 19 | await user.delete(); 20 | } 21 | -------------------------------------------------------------------------------- /samples/test/support/selectors/VerifyEmail.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { PageWithTitle } from './Page'; 14 | 15 | class VerifyEmail extends PageWithTitle { 16 | title = 'Verify using email authenticator'; 17 | } 18 | 19 | export default new VerifyEmail(); 20 | -------------------------------------------------------------------------------- /test/spec/idx/idxState/mocks/success.json: -------------------------------------------------------------------------------- 1 | { 2 | "stateHandle": "022FJBvS6bHS7OjQSOhtfghhJvO2a2TELaMZ94s69K", 3 | "version": "1.0.0", 4 | "expiresAt": "2019-08-27T16:57:50.000Z", 5 | "step": "SUCCESS", 6 | "intent": "LOGIN", 7 | "user": { 8 | "type": "object", 9 | "value": { 10 | "id": "00ub0ttoyz062NeVa0g4" 11 | } 12 | }, 13 | "cancel": { 14 | "rel": [ 15 | "create-form" 16 | ], 17 | "name": "cancel", 18 | "href": "http://localhost:3000/idp/idx/cancel", 19 | "method": "POST", 20 | "accepts": "application/vnd.okta.v1+json", 21 | "value": [ 22 | { 23 | "name": "stateHandle", 24 | "value": "022FJBvS6bHS7OjQSOhtfghhJvO2a2TELaMZ94s69K", 25 | "visible": false 26 | } 27 | ] 28 | }, 29 | "success": { 30 | "name": "success-redirect", 31 | "href": "https://httpbin.org?stateToken=abc123" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /samples/test/support/selectors/PasswordSetup.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { PasswordReset } from './PasswordReset'; 14 | 15 | 16 | class PasswordSetup extends PasswordReset { 17 | title = 'Set up password'; 18 | } 19 | 20 | export default new PasswordSetup(); 21 | -------------------------------------------------------------------------------- /scripts/downstream/create-downstream-for-widget.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # download okta-signin-widget artifact version if empty and assign to upstream_artifact_version 4 | if [[ -z "${upstream_artifact_version}" ]]; then 5 | pushd ${OKTA_HOME}/okta-signin-widget > /dev/null 6 | download_job_data global artifact_version upstream_artifact_version okta-signin-widget ${upstream_artifact_sha} 7 | popd > /dev/null 8 | echo "okta-signin-widget version that will be tested: ${upstream_artifact_version}" 9 | fi 10 | 11 | pushd ${OKTA_HOME}/okta-auth-js/scripts > /dev/null 12 | 13 | # Get the WIDGET_VERSION version to use 14 | WIDGET_VERSION="$(echo ${upstream_artifact_version} | cut -d'@' -f3)" 15 | 16 | # Update setup script 17 | echo "Update okta-signin-widget version in scripts/setup.sh to ${WIDGET_VERSION}" 18 | sed -i "s/\(WIDGET_VERSION\=\).*/\1\"${WIDGET_VERSION}\"/g" setup.sh 19 | 20 | popd > /dev/null 21 | -------------------------------------------------------------------------------- /lib/oidc/util/validateToken.ts: -------------------------------------------------------------------------------- 1 | /* eslint-disable complexity */ 2 | 3 | import { AuthSdkError } from '../../errors'; 4 | import { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../oidc/types'; 5 | 6 | export function validateToken(token: Token, type?: TokenType) { 7 | if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) { 8 | throw new AuthSdkError( 9 | 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property' 10 | ); 11 | } 12 | 13 | if (type === 'accessToken' && !isAccessToken(token)) { 14 | throw new AuthSdkError('invalid accessToken'); 15 | } 16 | if (type === 'idToken' && !isIDToken(token)) { 17 | throw new AuthSdkError('invalid idToken'); 18 | } 19 | 20 | if (type === 'refreshToken' && !isRefreshToken(token)) { 21 | throw new AuthSdkError('invalid refreshToken'); 22 | } 23 | } -------------------------------------------------------------------------------- /lib/session/types.ts: -------------------------------------------------------------------------------- 1 | import { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types'; 2 | import { StorageManagerInterface } from '../storage/types'; 3 | 4 | // Session API 5 | export interface SessionObject { 6 | status: string; 7 | refresh?: () => Promise; 8 | user?: () => Promise; 9 | } 10 | 11 | export interface SessionAPI { 12 | close: () => Promise; 13 | exists: () => Promise; 14 | get: () => Promise; 15 | refresh: () => Promise; 16 | setCookieAndRedirect: (sessionToken?: string, redirectUri?: string) => void; 17 | } 18 | 19 | export interface OktaAuthSessionInterface 20 | < 21 | S extends StorageManagerInterface = StorageManagerInterface, 22 | O extends OktaAuthHttpOptions = OktaAuthHttpOptions 23 | > 24 | extends OktaAuthHttpInterface 25 | { 26 | session: SessionAPI; 27 | closeSession(): Promise; 28 | } 29 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/views/unlock-account.mustache: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{>head}} 5 | 6 | 7 | 8 | {{>menu}} 9 | 10 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /samples/test/support/action/deleteCookies.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | /** 15 | * Delete a cookie 16 | * @param {String} name The name of the cookie to delete 17 | */ 18 | export default (name?: string | string[]) => { 19 | browser.deleteCookies(name); 20 | }; 21 | -------------------------------------------------------------------------------- /samples/test/support/action/enterIncorrectCredential.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | export default async function (credName: string) { 14 | const selector = `input[name="${credName}"]`; 15 | const value = '!incorrect!'; 16 | await (await $(selector)).setValue(value); 17 | } 18 | -------------------------------------------------------------------------------- /webpack.polyfill.config.js: -------------------------------------------------------------------------------- 1 | var path = require('path'); 2 | var _ = require('lodash'); 3 | var commonConfig = require('./webpack.common.config'); 4 | var webpack = require('webpack'); 5 | var fs = require('fs'); 6 | 7 | var license = fs.readFileSync('lib/license-header.txt', 'utf8'); 8 | 9 | module.exports = _.extend({}, _.cloneDeep(commonConfig), { 10 | mode: 'production', 11 | entry: './polyfill/', 12 | output: { 13 | path: path.join(__dirname, 'build', 'dist'), 14 | filename: 'okta-auth-js.polyfill.js', 15 | library: 'OktaAuthPolyfill', 16 | libraryTarget: 'umd' 17 | }, 18 | plugins: commonConfig.plugins.concat([ 19 | // Add a single Okta license after removing others 20 | new webpack.BannerPlugin(license) 21 | ]), 22 | devtool: 'source-map', 23 | performance: { 24 | maxAssetSize: 120000, 25 | maxEntrypointSize: 120000, 26 | hints: 'error' 27 | } 28 | }); 29 | -------------------------------------------------------------------------------- /test/support/xhr/userinfo.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 200, 16 | "responseType": "json", 17 | "response": { 18 | "sub":"00u15ozp26ACQTGHJEBH", 19 | "email":"samljackson@example.com", 20 | "email_verified":true 21 | } 22 | }; 23 | -------------------------------------------------------------------------------- /lib/errors/AuthPollStopError.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import CustomError from './CustomError'; 14 | 15 | export default class AuthPollStopError extends CustomError { 16 | constructor() { 17 | const message = 'The poll was stopped by the sdk'; 18 | super(message); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /lib/idx/flow/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | export * from './AuthenticationFlow'; 14 | export * from './FlowSpecification'; 15 | export * from './PasswordRecoveryFlow'; 16 | export * from './RegistrationFlow'; 17 | export * from './AccountUnlockFlow'; 18 | export * from './RemediationFlow'; 19 | -------------------------------------------------------------------------------- /samples/test/support/action/clickFacebookButton.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { LoginForm } from '../selectors'; 15 | import clickElement from './clickElement'; 16 | 17 | export default async () => { 18 | await clickElement('click', 'selector', LoginForm.facebookButton); 19 | }; 20 | -------------------------------------------------------------------------------- /samples/test/support/action/clickOIDCIdPButton.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { LoginForm } from '../selectors'; 15 | import clickElement from './clickElement'; 16 | 17 | export default async () => { 18 | await clickElement('click', 'selector', LoginForm.oidcIdPButton); 19 | }; 20 | -------------------------------------------------------------------------------- /samples/test/support/action/context-enabled/live-user/enterValidPassword.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import ActionContext from '../../../context'; 14 | 15 | export default async function (this: ActionContext) { 16 | await (await $('#password')).setValue(this.credentials.password); 17 | } 18 | -------------------------------------------------------------------------------- /samples/test/support/action/enterQuestionAnswer.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollSecurityQuestion from '../selectors/EnrollSecurityQuestion'; 15 | 16 | export default async function (answer: string) { 17 | await (await $(EnrollSecurityQuestion.answer)).setValue(answer); 18 | } 19 | -------------------------------------------------------------------------------- /test/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "module": "esnext", 4 | "target": "es6", 5 | "moduleResolution": "node", 6 | "allowJs": true, 7 | "checkJs": true, 8 | "alwaysStrict": true, 9 | "noImplicitAny": false, 10 | "strict": true, 11 | "noEmit": true, 12 | "outDir": "../build/test", 13 | "resolveJsonModule": true, 14 | "esModuleInterop": true, 15 | "allowSyntheticDefaultImports": false, 16 | "skipLibCheck": true, 17 | "rootDir": "../", 18 | "baseUrl": "../", 19 | "lib": [ 20 | "ES2020.Promise" 21 | ], 22 | "paths": { 23 | "@okta/okta-auth-js": [ 24 | "../lib/exports/default" 25 | ] 26 | } 27 | }, 28 | "include": [ 29 | "../types/global.d.ts", 30 | "spec/**/*.ts", 31 | "integration/**/*.ts", 32 | "support/**/*.ts", 33 | "types/**/*.ts" 34 | ], 35 | "exclude": [ 36 | "node_modules" 37 | ] 38 | } -------------------------------------------------------------------------------- /test/support/xhr/pkce-token-success.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 200, 16 | "responseType": "json", 17 | "response": { 18 | "scope": "<%= scope %>", 19 | "id_token": "<%= idToken %>", 20 | "access_token": "<%= accessToken %>" 21 | } 22 | }; 23 | -------------------------------------------------------------------------------- /samples/test/support/action/context-enabled/live-user/confirmValidPassword.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import ActionContext from '../../../context'; 14 | 15 | export default async function (this: ActionContext) { 16 | await (await $('#confirm-password')).setValue(this.credentials.password); 17 | } 18 | -------------------------------------------------------------------------------- /samples/test/support/action/inputInvalidEmailFormat.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import Registration from '../selectors/Registration'; 14 | 15 | export default async ( 16 | ) => { 17 | const invalidEmailFormat = '3.14e2'; 18 | await (await $(Registration.email)).setValue(invalidEmailFormat); 19 | }; 20 | -------------------------------------------------------------------------------- /lib/idx/remediators/ReEnrollAuthenticatorWarning.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { ReEnrollAuthenticator } from './ReEnrollAuthenticator'; 15 | 16 | export class ReEnrollAuthenticatorWarning extends ReEnrollAuthenticator { 17 | static remediationName = 'reenroll-authenticator-warning'; 18 | } 19 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/utils/index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | const getAuthClient = require('./getAuthClient'); 15 | const getTransactionMeta = require('./getTransactionMeta'); 16 | 17 | module.exports = { 18 | getAuthClient, 19 | getTransactionMeta 20 | }; 21 | -------------------------------------------------------------------------------- /samples/test/support/wait/waitForURLPath.ts: -------------------------------------------------------------------------------- 1 | import { getCurrentUrl } from '../../util'; 2 | 3 | /** 4 | * Wait for the current URL path matches the given path 5 | * @param {Boolean} falseCase Whether to check if the path matches the 6 | * expected value or not 7 | * @param {String} expectedPath The expected path to match against 8 | * @param {Boolean} removeHash Whether to strip hash before check 9 | */ 10 | export default async (falseCase: boolean, expectedPath: string, removeHash = false) => { 11 | /** 12 | * Maximum number of milliseconds to wait for 13 | * @type {Int} 14 | */ 15 | const ms = 10000; 16 | 17 | await browser.waitUntil(async () => { 18 | const currentUrl = await getCurrentUrl(removeHash); 19 | const isExpected = expectedPath === currentUrl; 20 | return isExpected !== Boolean(falseCase); 21 | }, { 22 | timeout: ms, 23 | }); 24 | }; -------------------------------------------------------------------------------- /lib/crypto/browser.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | /* global atob, btoa, crypto */ 15 | const a = function(str) { return atob(str); }; 16 | const b = function (str) { return btoa(str); }; 17 | const c = typeof crypto === 'undefined' ? null : crypto; 18 | 19 | export { a as atob, b as btoa, c as webcrypto }; 20 | -------------------------------------------------------------------------------- /samples/test/support/action/enterIncorrectPhoneNumberFormat.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollPhoneAuthenticator from '../selectors/EnrollPhoneAuthenticator'; 15 | 16 | export default async function () { 17 | await (await $(EnrollPhoneAuthenticator.phoneNumber)).setValue('incorrectnumber'); 18 | } 19 | -------------------------------------------------------------------------------- /test/e2e/config.js: -------------------------------------------------------------------------------- 1 | const config = [ 2 | { 3 | name: 'e2e', 4 | app: '@okta/test.app', 5 | spec: [ 6 | 'authRequired.js', 7 | 'concurrent.js', 8 | 'crossTabs.js', 9 | 'interactionFlow.js', 10 | 'login.js', 11 | 'logout.js', 12 | 'originalUri.js', 13 | 'proxy.js', 14 | 'refreshToken.js', 15 | 'server.js', 16 | 'sso.js', 17 | 'static.js', 18 | 'tokens.js', 19 | 'transactionStorage.js' 20 | ], 21 | features: [ 22 | 'login.feature', 23 | 'acr-values.feature', 24 | 'enroll-authenticator.feature', 25 | ] 26 | }, 27 | { 28 | name: 'e2e-mfa', 29 | app: '@okta/test.app.react-mfa-v1', 30 | spec: [ 31 | 'mfa.js' 32 | ] 33 | }, 34 | { 35 | name: 'e2e-dpop', 36 | app: '@okta/test.app', 37 | spec: [ 38 | 'dpop.js' 39 | ], 40 | }, 41 | ]; 42 | 43 | module.exports = { 44 | config 45 | }; 46 | -------------------------------------------------------------------------------- /samples/test/support/action/enterCustomQuestion.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollSecurityQuestion from '../selectors/EnrollSecurityQuestion'; 15 | 16 | export default async function (customQuestion: string) { 17 | await (await $(EnrollSecurityQuestion.customQuestion)).setValue(customQuestion); 18 | } 19 | -------------------------------------------------------------------------------- /scripts/samples/e2e-express-embedded-auth-with-sdk-features.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | # NOTE: this test suite runs against a separate test org on OK14 6 | export USE_OK_14=1 7 | setup_sample_tests 8 | 9 | export SAMPLE_NAME=@okta/samples.express-embedded-auth-with-sdk 10 | export MAX_INSTANCES=1 11 | 12 | # NOTE: the command below evaluates to the same PASSWORD retrieved in setup-e2e, leaving commented just in case 13 | # get_terminus_secret "/" password PASSWORD 14 | 15 | # based on run_sample_tests 16 | create_log_group "E2E Test Run" 17 | # Run the tests 18 | if ! yarn workspace @okta/test.e2e.samples test:features; then 19 | echo "tests failed! Exiting..." 20 | exit ${TEST_FAILURE} 21 | fi 22 | 23 | echo ${TEST_SUITE_TYPE} > ${TEST_SUITE_TYPE_FILE} 24 | echo ${TEST_RESULT_FILE_DIR} > ${TEST_RESULT_FILE_DIR_FILE} 25 | exit ${PUBLISH_TYPE_AND_RESULT_DIR} 26 | finish_log_group $? -------------------------------------------------------------------------------- /scripts/samples/e2e-express-embedded-auth-with-sdk-spec.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source $(dirname "${BASH_SOURCE[0]}")/../setup-e2e.sh 4 | 5 | # NOTE: this test suite runs against a separate test org on OK14 6 | export USE_OK_14=1 7 | setup_sample_tests 8 | 9 | export SAMPLE_NAME=@okta/samples.express-embedded-auth-with-sdk 10 | export MAX_INSTANCES=1 11 | 12 | # NOTE: the command below evaluates to the same PASSWORD retrieved in setup-e2e, leaving commented just in case 13 | # get_terminus_secret "/" password PASSWORD 14 | 15 | # based on run_sample_tests 16 | create_log_group "E2E Test Run" 17 | # Run the tests 18 | if ! yarn workspace @okta/test.e2e.samples test:specs; then 19 | echo "tests failed! Exiting..." 20 | exit ${TEST_FAILURE} 21 | fi 22 | 23 | echo ${TEST_SUITE_TYPE} > ${TEST_SUITE_TYPE_FILE} 24 | echo ${TEST_RESULT_FILE_DIR} > ${TEST_RESULT_FILE_DIR_FILE} 25 | exit ${PUBLISH_TYPE_AND_RESULT_DIR} 26 | finish_log_group $? 27 | -------------------------------------------------------------------------------- /samples/test/features/social-idp.feature: -------------------------------------------------------------------------------- 1 | Feature: Direct Auth with Self Hosted Sign In Widget Social Login with 1 Social IDP 2 | 3 | Background: 4 | Given an App that assigned to a test group 5 | And the app is assigned to "Everyone" group 6 | And a Policy that defines "Authentication" 7 | And with a Policy Rule that defines "Password as the only factor" 8 | # And a prefined user Mary with an active account 9 | # And Okta OIDC IdP predefined 10 | # And an IDP routing rule defined to allow users in the Sample App to use the IDP 11 | 12 | Scenario: Mary Logs in with Okta OIDC IDP 13 | When she clicks the "login" button 14 | Then she is redirected to the "Login" page 15 | When she clicks the Login with Okta OIDC IDP button 16 | And logs in to Okta OIDC IDP 17 | Then she is redirected to the "Root" page 18 | And she sees a table with her profile info 19 | And the cell for the value of "email" is shown and contains her "email" -------------------------------------------------------------------------------- /samples/test/support/action/scroll.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { Selector } from 'webdriverio'; 15 | 16 | /** 17 | * Scroll the page to the given element 18 | * @param {String} selector Element selector 19 | */ 20 | export default (selector: Selector) => { 21 | $(selector).scrollIntoView(); 22 | }; 23 | -------------------------------------------------------------------------------- /samples/test/support/check/checkNoProfile.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import checkElementExists from './checkElementExists'; 15 | import UserHome from '../selectors/UserHome'; 16 | 17 | export default async () => { 18 | // verify no profile info 19 | await checkElementExists('no', UserHome.primaryEmail); 20 | }; 21 | -------------------------------------------------------------------------------- /test/support/nodeExceptions.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | // Catch unhandled promise rejections. These should never happen. 15 | // If you see one of these, debug the test and set a breakpoint below. 16 | process.on('unhandledRejection', error => { 17 | console.log('FLAKEY TEST or CODE! unhandledRejection', error); 18 | }); -------------------------------------------------------------------------------- /test/support/xhr/error-userinfo-invalid-token.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 401, 16 | "responseType": "json", 17 | "headers": { 18 | "WWW-Authenticate": "Bearer error=\"invalid_token\", error_description=\"The access token is invalid.\"" 19 | }, 20 | "response": {} 21 | }; 22 | -------------------------------------------------------------------------------- /test/support/xhr/recovery-challenge-email.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | module.exports = { 15 | "status": 200, 16 | "responseType": "json", 17 | "response": { 18 | "status":"RECOVERY_CHALLENGE", 19 | "factorResult":"WAITING", 20 | "factorType":"EMAIL", 21 | "recoveryType":"PASSWORD" 22 | } 23 | }; 24 | -------------------------------------------------------------------------------- /lib/http/headers.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | * 12 | */ 13 | import { OktaAuthHttpInterface } from './types'; 14 | 15 | export function setRequestHeader(authClient: OktaAuthHttpInterface, headerName, headerValue) { 16 | authClient.options.headers = authClient.options.headers || {}; 17 | authClient.options.headers[headerName] = headerValue; 18 | } -------------------------------------------------------------------------------- /samples/test/features/self-service-registration-custom-attribute.feature: -------------------------------------------------------------------------------- 1 | Feature: Add another Required Attribute to the Profile Enrollment Policy 2 | 3 | Background: 4 | Given an App that assigned to a test group 5 | And a Policy that defines "Profile Enrollment" 6 | And with a Policy Rule that defines 'collecting default attributes and a required "customAttribute"' 7 | And a user named "Mary" 8 | And she does not have account in the org 9 | 10 | Scenario: Mary signs up for an account with a random property 11 | When she clicks the 'signup' button 12 | Then she is redirected to the "Self Service Registration" page 13 | When she fills out her First Name 14 | And she fills out her Last Name 15 | And she fills out her Email 16 | And she fills out another property 17 | And she submits the form 18 | # Then her user is created in the "Staged" state 19 | Then she is redirected to the "Select Authenticator" page 20 | -------------------------------------------------------------------------------- /test/types/http.test-d.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | * 12 | */ 13 | 14 | import { OktaAuth } from '@okta/okta-auth-js'; 15 | import { expect} from 'tstyche'; 16 | 17 | const authClient = new OktaAuth({issuer: 'https://{yourOktaDomain}/oauth2/default'}); 18 | expect(authClient.http.setRequestHeader('Authorization', 'SSWS')).type.toEqual(); 19 | -------------------------------------------------------------------------------- /samples/test/support/action/inputInvalidEmail.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import PasswordRecover from '../selectors/PasswordRecover'; 14 | 15 | export default async ( 16 | ) => { 17 | const invalidEmail = 'test_with_really_invalid_email@invalidemail.com'; 18 | await (await $(PasswordRecover.username)).setValue(invalidEmail); 19 | }; 20 | -------------------------------------------------------------------------------- /lib/idx/remediators/ChallengePoll.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { EnrollPoll } from './EnrollPoll'; 14 | 15 | export class ChallengePoll extends EnrollPoll{ 16 | static remediationName = 'challenge-poll'; 17 | 18 | canRemediate() { 19 | return !!this.values.startPolling || this.options.step === 'challenge-poll'; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /samples/test/support/selectors/EnrollEmailAuthenticator.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { ChallengeAuthenticator } from './ChallengeAuthenticator'; 14 | 15 | 16 | class EnrollEmailAuthenticator extends ChallengeAuthenticator { 17 | title = 'Enroll email authenticator'; 18 | } 19 | 20 | export default new EnrollEmailAuthenticator(); 21 | -------------------------------------------------------------------------------- /test/spec/base/options.ts: -------------------------------------------------------------------------------- 1 | import { createBaseOptionsConstructor } from '../../../lib/base'; 2 | 3 | describe('base/options', () => { 4 | 5 | describe('constructor', () => { 6 | it('is a constructor function', () => { 7 | const Options = createBaseOptionsConstructor(); 8 | expect(typeof Options).toBe('function'); 9 | expect(Options.prototype).toBeDefined(); 10 | expect(Options.prototype.constructor).toBeDefined(); 11 | }); 12 | 13 | it('can be instantiated with new()', () => { 14 | const Options = createBaseOptionsConstructor(); 15 | const options = new Options({}); 16 | expect(options).toBeDefined(); 17 | }); 18 | 19 | }); 20 | 21 | 22 | describe('instance', () => { 23 | it('implements the OktaAuthBaseOptions interface', () => { 24 | const Options = createBaseOptionsConstructor(); 25 | const options = new Options({}); 26 | expect(options.devMode).toBeDefined(); 27 | }); 28 | }); 29 | }); -------------------------------------------------------------------------------- /samples/test/support/check/checkNoWidget.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import checkElementExists from './checkElementExists'; 15 | import { getOktaSignInForm } from '../../util'; 16 | 17 | export default async () => { 18 | const OktaSignIn = getOktaSignInForm(); 19 | await checkElementExists('no', OktaSignIn.signinSubmitBtn); 20 | }; 21 | -------------------------------------------------------------------------------- /samples/test/support/selectors/ChallengeSecurityQuestion.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { ChallengeAuthenticator } from './ChallengeAuthenticator'; 14 | 15 | 16 | class ChallengeSecurityQuestion extends ChallengeAuthenticator { 17 | title = 'Challenge Security Question'; 18 | } 19 | 20 | export default new ChallengeSecurityQuestion(); 21 | -------------------------------------------------------------------------------- /lib/oidc/types/endpoints.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { 14 | EnrollAuthenticatorOptions 15 | } from './options'; 16 | 17 | export type EnrollAuthenticatorFunction = (params: EnrollAuthenticatorOptions) => void; 18 | 19 | export interface Endpoints { 20 | authorize: { 21 | enrollAuthenticator: EnrollAuthenticatorFunction; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /samples/test/support/action/selectAuthenticator.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import SelectAuthenticator from '../selectors/SelectAuthenticator'; 15 | import selectOption from './selectOption'; 16 | 17 | export default async (authenticatorKey: string) => { 18 | await selectOption('value', authenticatorKey, SelectAuthenticator.options); 19 | }; 20 | -------------------------------------------------------------------------------- /samples/test/support/selectors/ChallengeEmailAuthenticator.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { ChallengeAuthenticator } from './ChallengeAuthenticator'; 14 | 15 | 16 | class ChallengeEmailAuthenticator extends ChallengeAuthenticator { 17 | title = 'Challenge email authenticator'; 18 | } 19 | 20 | export default new ChallengeEmailAuthenticator(); 21 | -------------------------------------------------------------------------------- /samples/test/support/selectors/ChallengePasswordAuthenticator.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { ChallengeAuthenticator } from './ChallengeAuthenticator'; 14 | 15 | 16 | class ChallengePasswordAuthenticator extends ChallengeAuthenticator { 17 | title = 'Enter your password'; 18 | } 19 | 20 | export default new ChallengePasswordAuthenticator(); 21 | -------------------------------------------------------------------------------- /samples/test/support/selectors/ChallengePhoneAuthenticator.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { ChallengeAuthenticator } from './ChallengeAuthenticator'; 14 | 15 | 16 | class ChallengePhoneAuthenticator extends ChallengeAuthenticator { 17 | title = 'Challenge phone authenticator'; 18 | } 19 | 20 | export default new ChallengePhoneAuthenticator(); 21 | -------------------------------------------------------------------------------- /samples/test/support/action/clearInputField.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { Selector } from 'webdriverio'; 15 | 16 | /** 17 | * Clear a given input field (placeholder for WDIO's clearElement) 18 | * @param {String} selector Element selector 19 | */ 20 | export default (selector: Selector) => { 21 | $(selector).clearValue(); 22 | }; 23 | -------------------------------------------------------------------------------- /samples/test/support/action/context-enabled/live-user/openEmailMagicLink.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import ActionContext from '../../../context'; 14 | 15 | export default async function (this: ActionContext) { 16 | const emailMagicLink = await this.a18nClient.getEmailMagicLink(this.credentials.profileId); 17 | await browser.url(emailMagicLink); 18 | } 19 | -------------------------------------------------------------------------------- /samples/test/support/check/checkQuestionAnswerDisplayed.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollSecurityQuestion from '../selectors/EnrollSecurityQuestion'; 15 | import isDisplayed from './isDisplayed'; 16 | 17 | export default async () => { 18 | const selector = EnrollSecurityQuestion.answer; 19 | await isDisplayed(selector, false); 20 | }; 21 | -------------------------------------------------------------------------------- /samples/test/support/selectors/ChallengeGoogleAuthenticator.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | import { ChallengeAuthenticator } from './ChallengeAuthenticator'; 14 | 15 | 16 | class ChallengeGoogleAuthenticator extends ChallengeAuthenticator { 17 | title = 'Challenge Google Authenticator'; 18 | } 19 | 20 | export default new ChallengeGoogleAuthenticator(); 21 | -------------------------------------------------------------------------------- /samples/test/support/action/getText.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import { Selector } from 'webdriverio'; 15 | 16 | /** 17 | * Get element inner text 18 | * @param {String} selector Element selector 19 | */ 20 | export default async ( 21 | selector: Selector 22 | ) => { 23 | const el = await $(selector); 24 | return await el.getText(); 25 | }; 26 | -------------------------------------------------------------------------------- /samples/test/support/action/selectAuthenticatorMethod.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import SelectAuthenticatorMethod from '../selectors/SelectAuthenticatorMethod'; 15 | import selectOption from './selectOption'; 16 | 17 | export default async (methodType: string) => { 18 | await selectOption('value', methodType, SelectAuthenticatorMethod.options); 19 | }; 20 | -------------------------------------------------------------------------------- /samples/test/support/action/selectSecurityQuestion.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollSecurityQuestion from '../selectors/EnrollSecurityQuestion'; 15 | import selectOption from './selectOption'; 16 | 17 | export default async (question: string) => { 18 | await selectOption('text', question, EnrollSecurityQuestion.predefinedQuestions); 19 | }; 20 | -------------------------------------------------------------------------------- /samples/test/support/check/checkCustomSecurityQuestion.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollSecurityQuestion from '../selectors/EnrollSecurityQuestion'; 15 | import isDisplayed from './isDisplayed'; 16 | 17 | export default async () => { 18 | const selector = EnrollSecurityQuestion.customQuestion; 19 | await isDisplayed(selector, false); 20 | }; 21 | -------------------------------------------------------------------------------- /samples/test/support/check/checkSocialLoginButton.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import checkIfElementExists from '../lib/checkIfElementExists'; 15 | 16 | export default async ( 17 | className: string, 18 | idpId: string 19 | ) => { 20 | const selector = `.${className}[href*="/sso/idps/${idpId}"]`; 21 | await checkIfElementExists(selector); 22 | }; 23 | -------------------------------------------------------------------------------- /test/support/idx/factories/index.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | export * from './authenticators'; 15 | export * from './errors'; 16 | export * from './forms'; 17 | export * from './messages'; 18 | export * from './methods'; 19 | export * from './options'; 20 | export * from './remediations'; 21 | export * from './responses'; 22 | export * from './values'; 23 | -------------------------------------------------------------------------------- /lib/util/jsonpath.ts: -------------------------------------------------------------------------------- 1 | const jsonpathRegex = /\$?(?\w+)|(?:\[(?\d+)\])/g; 2 | 3 | /* eslint complexity:[0,8] */ 4 | export function jsonpath({ path, json }) { 5 | const steps: string[] = []; 6 | let match: RegExpExecArray | null; 7 | while ((match = jsonpathRegex.exec(path)) !== null) { 8 | const step = match?.groups?.step ?? match?.groups?.index; 9 | if (step) { 10 | steps.push(step); 11 | } 12 | } 13 | 14 | if (steps.length < 1) { 15 | return undefined; 16 | } 17 | 18 | // array length check above guarantees .pop() will return a value 19 | // eslint-disable-next-line @typescript-eslint/no-non-null-assertion 20 | const lastStep = steps.pop()!; 21 | let curr = json; 22 | for (const step of steps) { 23 | if (Object.prototype.hasOwnProperty.call(curr, step)) { 24 | if (typeof curr[step] !== 'object') { 25 | return undefined; 26 | } 27 | 28 | curr = curr[step]; 29 | } 30 | } 31 | 32 | return curr[lastStep]; 33 | } 34 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-auth-with-sdk/web-server/utils/appendTransactionIdToPath.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | module.exports = function appendTransactionIdToPath(path, transactionId) { 14 | const url = new URL(path, 'relative:///'); 15 | url.searchParams.set('state', transactionId); 16 | 17 | return`${url.pathname}${url.search}${url.hash}`; 18 | }; 19 | -------------------------------------------------------------------------------- /samples/generated/express-embedded-sign-in-widget/web-server/middlewares/index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | const userContext = require('./userContext'); 15 | const authTransaction = require('./authTransaction'); 16 | const oidcConfig = require('./oidcConfig'); 17 | 18 | module.exports = { 19 | userContext, 20 | authTransaction, 21 | oidcConfig 22 | }; 23 | -------------------------------------------------------------------------------- /samples/test/support/action/getSecretFromSharedSecret.ts: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. 3 | * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") 4 | * 5 | * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. 6 | * Unless required by applicable law or agreed to in writing, software 7 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 8 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9 | * 10 | * See the License for the specific language governing permissions and limitations under the License. 11 | */ 12 | 13 | 14 | import EnrollGoogleAuthenticator from '../selectors/EnrollGoogleAuthenticator'; 15 | import getText from './getText'; 16 | 17 | export default async function() { 18 | const sharedSecret = await getText(EnrollGoogleAuthenticator.sharedSecret); 19 | return sharedSecret; 20 | } 21 | --------------------------------------------------------------------------------