Merge branch '6.4' into ag-backport-6-4-3

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 6.4.3
+
+### Fixes
+
+- [#1182](https://github.com/okta/okta-auth-js/pull/1182) Fixes security question verification to accept `credentials.answer`
+- [#1184](https://github.com/okta/okta-auth-js/pull/1184) Fixes type declarations: `ApiError`, `responseType`, `responseMode`
+- [#1185](https://github.com/okta/okta-auth-js/pull/1185) Fixes "cancel" and "skip" action called after receiving a terminal or error response
+
 ## 6.4.2
 
 ### Fixes

lib/OktaAuth.ts

@@ -51,6 +51,7 @@ import {
   GetWithRedirectFunction,
   RequestOptions,
   IsAuthenticatedOptions,
+  OAuthResponseType,
 } from './types';
 import {
   transactionStatus,
@@ -729,7 +730,7 @@ class OktaAuth implements OktaAuthInterface, SigninAPI, SignoutAPI {
     return !!this.options.pkce;
   }
 
-  hasResponseType(responseType: string): boolean {
+  hasResponseType(responseType: OAuthResponseType): boolean {
     let hasResponseType = false;
     if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
       hasResponseType = this.options.responseType.indexOf(responseType) >= 0;

lib/TransactionManager.ts

@@ -24,7 +24,8 @@ import {
   TransactionMetaOptions,
   TransactionManagerOptions,
   CookieStorage,
-  SavedIdxResponse
+  SavedIdxResponse,
+  IntrospectOptions
 } from './types';
 import { isRawIdxResponse } from './idx/types/idx-js';
 import { warn } from './util';
@@ -36,7 +37,8 @@ import {
 } from './util/sharedStorage';
 
 export interface ClearTransactionMetaOptions extends TransactionMetaOptions {
-  clearSharedStorage?: boolean;
+  clearSharedStorage?: boolean; // true by default
+  clearIdxResponse?: boolean; // true by default
 }
 export default class TransactionManager {
   options: TransactionManagerOptions;
@@ -68,17 +70,18 @@ export default class TransactionManager {
     // Clear primary storage (by default, sessionStorage on browser)
     transactionStorage.clearStorage();
 
-    // clear IDX response storage
-    this.clearIdxResponse();
-
     // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow
     if (this.enableSharedStorage && options.clearSharedStorage !== false) {
       const state = options.state || meta?.state;
       if (state) {
         clearTransactionFromSharedStorage(this.storageManager, state);
       }
     }
-
+
+    if (options.clearIdxResponse !== false) {
+      this.clearIdxResponse();
+    }
+
     if (!this.legacyWidgetSupport) {
       return;
     }
@@ -307,18 +310,19 @@ export default class TransactionManager {
     // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');
   }
 
-  saveIdxResponse({ rawIdxResponse, requestDidSucceed }: SavedIdxResponse): void {
+  saveIdxResponse(data: SavedIdxResponse): void {
     if (!this.saveLastResponse) {
       return;
     }
     const storage = this.storageManager.getIdxResponseStorage();
     if (!storage) {
       return;
     }
-    storage.setStorage({ rawIdxResponse, requestDidSucceed });
+    storage.setStorage(data);
   }
 
-  loadIdxResponse(): SavedIdxResponse | null {
+  // eslint-disable-next-line complexity
+  loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {
     if (!this.saveLastResponse) {
       return null;
     }
@@ -330,6 +334,17 @@ export default class TransactionManager {
     if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {
       return null;
     }
+
+    if (options) {
+      const { stateHandle, interactionHandle } = options;
+      if (stateHandle && storedValue.stateHandle !== stateHandle) {
+        return null;
+      }
+      if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {
+        return null;
+      }
+    }
+
     return storedValue;
   }
 

lib/errors/AuthApiError.ts

@@ -11,14 +11,14 @@
  */
 
 import CustomError from './CustomError';
-import { APIError, HttpResponse } from '../types';
+import { APIError, FieldError, HttpResponse } from '../types';
 
 export default class AuthApiError extends CustomError implements APIError {
   errorSummary: string;
   errorCode?: string;
   errorLink?: string;
   errorId?: string;
-  errorCauses?: string[];
+  errorCauses?: Array<FieldError>;
   xhr?: HttpResponse;
 
   constructor(err: APIError, xhr?: HttpResponse) {

lib/errors/AuthSdkError.ts

@@ -11,14 +11,14 @@
  */
 
 import CustomError from './CustomError';
-import { APIError } from '../types';
+import { APIError, FieldError } from '../types';
 
 export default class AuthSdkError extends CustomError implements APIError {
   errorSummary: string;
   errorCode: string;
   errorLink: string;
   errorId: string;
-  errorCauses: string[];
+  errorCauses: Array<FieldError>;
   xhr?: XMLHttpRequest;
 
   constructor(msg: string, xhr?: XMLHttpRequest) {

lib/idx/authenticate.ts

@@ -13,29 +13,11 @@
 
 import { 
   OktaAuthInterface,
-  IdxOptions,
   IdxTransaction,
-  AuthenticatorKey
+  AuthenticatorKey,
+  AuthenticationOptions
 } from '../types';
 import { run } from './run';
-import { 
-  IdentifyValues,
-  SelectAuthenticatorAuthenticateValues,
-  ChallengeAuthenticatorValues,
-  ReEnrollAuthenticatorValues,
-  AuthenticatorEnrollmentDataValues,
-  SelectAuthenticatorEnrollValues,
-  EnrollAuthenticatorValues,
-} from './remediators';
-
-export type AuthenticationOptions = IdxOptions 
-  & IdentifyValues 
-  & SelectAuthenticatorAuthenticateValues 
-  & SelectAuthenticatorEnrollValues
-  & ChallengeAuthenticatorValues 
-  & ReEnrollAuthenticatorValues
-  & AuthenticatorEnrollmentDataValues
-  & EnrollAuthenticatorValues;
 
 export async function authenticate(
   authClient: OktaAuthInterface, options: AuthenticationOptions = {}

lib/idx/authenticator/SecurityQuestionEnrollment.ts

@@ -19,7 +19,7 @@ export class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEn
 
   mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {
     const { questionKey, question, answer } = values;
-    if (!questionKey && !question && !answer) {
+    if (!answer || (!questionKey && !question)) {
       return;
     }
     return {

lib/idx/authenticator/SecurityQuestionVerification.ts

@@ -3,11 +3,17 @@ import { Authenticator, Credentials } from './Authenticator';
 
 export interface SecurityQuestionVerificationValues {
   answer?: string;
+  credentials?: Credentials;
 }
 
 export class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {
   canVerify(values: SecurityQuestionVerificationValues) {
-    return !!values.answer;
+    const { credentials } = values;
+    if (credentials && credentials.answer) {
+      return true;
+    }
+    const { answer } = values;
+    return !!answer;
   }
 
   mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {

lib/idx/cancel.ts

@@ -10,12 +10,10 @@
  * See the License for the specific language governing permissions and limitations under the License.
  */
 
-import { OktaAuthInterface, IdxOptions, IdxTransactionMeta } from '../types';
+import { OktaAuthInterface, CancelOptions, IdxTransactionMeta } from '../types';
 import { run } from './run';
 import { getFlowSpecification } from './flow';
 
-export type CancelOptions = IdxOptions;
-
 export async function cancel (authClient: OktaAuthInterface, options?: CancelOptions) {
   const meta = authClient.transactionManager.load() as IdxTransactionMeta;
   const flowSpec = getFlowSpecification(authClient, meta.flow);

lib/idx/idxState/v1/generateIdxAction.ts

@@ -11,11 +11,9 @@
  */
 
 /* eslint-disable max-len, complexity */
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-// @ts-nocheck
 import { httpRequest } from '../../../http';
 import { OktaAuthInterface } from '../../../types';    // auth-js/types
-import { IdxActionParams } from '../../types/idx-js';
+import { IdxActionFunction, IdxActionParams, IdxResponse, IdxToPersist } from '../../types/idx-js';
 import { divideActionParamsByMutability } from './actionParser';
 import { makeIdxState } from './makeIdxState';
 import AuthApiError from '../../../errors/AuthApiError';
@@ -24,8 +22,8 @@ const generateDirectFetch = function generateDirectFetch(authClient: OktaAuthInt
   actionDefinition, 
   defaultParamsForAction = {}, 
   immutableParamsForAction = {}, 
-  toPersist = {}
-}) {
+  toPersist = {} as IdxToPersist
+}): IdxActionFunction {
   const target = actionDefinition.href;
   return async function(params: IdxActionParams = {}): Promise<IdxResponse> {
     const headers = {
@@ -90,7 +88,7 @@ const generateDirectFetch = function generateDirectFetch(authClient: OktaAuthInt
 //   };
 // };
 
-const generateIdxAction = function generateIdxAction( authClient: OktaAuthInterface, actionDefinition, toPersist ) {
+const generateIdxAction = function generateIdxAction( authClient: OktaAuthInterface, actionDefinition, toPersist ): IdxActionFunction {
   // TODO: leaving this here to see where the polling is EXPECTED to drop into the code, but removing any accidental trigger of incomplete code
   // const generator =  actionDefinition.refresh ? generatePollingFetch : generateDirectFetch;
   const generator = generateDirectFetch;

lib/idx/interact.ts

@@ -11,29 +11,13 @@
  * See the License for the specific language governing permissions and limitations under the License.
  */
 /* eslint complexity:[0,8] */
-import { OktaAuthInterface, IdxTransactionMeta } from '../types';
+import { OktaAuthInterface, IdxTransactionMeta, InteractOptions, InteractResponse } from '../types';
 import { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';
 import { getOAuthBaseUrl } from '../oidc';
 import { createTransactionMeta } from '.';
 import { removeNils } from '../util';
 import { httpRequest } from '../http';
 
-export interface InteractOptions {
-  withCredentials?: boolean;
-  state?: string;
-  scopes?: string[];
-  codeChallenge?: string;
-  codeChallengeMethod?: string;
-  activationToken?: string;
-  recoveryToken?: string;
-  clientSecret?: string;
-}
-
-export interface InteractResponse {
-  state?: string;
-  interactionHandle: string;
-  meta: IdxTransactionMeta;
-}
 
 /* eslint-disable camelcase */
 export interface InteractParams {
@@ -92,7 +76,7 @@ export async function interact (
   const url = `${baseUrl}/v1/interact`;
   const params = {
     client_id: clientId,
-    scope: scopes.join(' '),
+    scope: scopes!.join(' '),
     redirect_uri: redirectUri,
     code_challenge: codeChallenge,
     code_challenge_method: codeChallengeMethod,

lib/idx/introspect.ts

@@ -12,20 +12,13 @@
  */
 
 import { makeIdxState, validateVersionConfig } from './idxState';
-import { OktaAuthInterface } from '../types';
+import { IntrospectOptions, OktaAuthInterface } from '../types';
 import { IdxResponse, isRawIdxResponse } from './types/idx-js';
 import { getOAuthDomain } from '../oidc';
 import { IDX_API_VERSION } from '../constants';
 import { httpRequest } from '../http';
 import { isAuthApiError } from '../errors';
 
-export interface IntrospectOptions {
-  withCredentials?: boolean;
-  interactionHandle?: string;
-  stateHandle?: string;
-  version?: string;
-}
-
 export async function introspect (
   authClient: OktaAuthInterface, 
   options: IntrospectOptions = {}
@@ -34,7 +27,7 @@ export async function introspect (
   let requestDidSucceed;
 
   // try load from storage first
-  const savedIdxResponse = authClient.transactionManager.loadIdxResponse();
+  const savedIdxResponse = authClient.transactionManager.loadIdxResponse(options);
   if (savedIdxResponse) {
     rawIdxResponse = savedIdxResponse.rawIdxResponse;
     requestDidSucceed = savedIdxResponse.requestDidSucceed;

lib/idx/proceed.ts

@@ -14,27 +14,12 @@
 import { 
   OktaAuthInterface,
   IdxTransaction,
+  ProceedOptions,
 } from '../types';
 import { run } from './run';
-import { AuthenticationOptions } from './authenticate';
-import {
-  EnrollPollValues as EnrollPollOptions,
-  SelectEnrollmentChannelValues as SelectEnrollmentChannelOptions
-} from './remediators';
-import { RegistrationOptions } from './register';
-import { PasswordRecoveryOptions } from './recoverPassword';
-import { AccountUnlockOptions } from './unlockAccount';
 import { getSavedTransactionMeta } from './transactionMeta';
 import { AuthSdkError } from '../errors';
 
-export type ProceedOptions = AuthenticationOptions
-  & RegistrationOptions
-  & PasswordRecoveryOptions
-  & AccountUnlockOptions
-  & EnrollPollOptions
-  & SelectEnrollmentChannelOptions
-  & { step?: string };
-
 export function canProceed(authClient: OktaAuthInterface, options: ProceedOptions = {}): boolean {
   const meta = getSavedTransactionMeta(authClient, options);
   return !!(meta || options.stateHandle);

lib/idx/recoverPassword.ts

@@ -12,29 +12,13 @@
 
 
 import { run } from './run';
-import {
-  IdentifyValues,
-  SelectAuthenticatorAuthenticateValues,
-  ChallengeAuthenticatorValues,
-  AuthenticatorVerificationDataValues,
-  ResetAuthenticatorValues,
-  ReEnrollAuthenticatorValues,
-} from './remediators';
 import { getFlowSpecification } from './flow';
 import { 
   OktaAuthInterface, 
-  IdxOptions, 
+  PasswordRecoveryOptions, 
   IdxTransaction,
 } from '../types';
 
-export type PasswordRecoveryOptions = IdxOptions 
-  & IdentifyValues 
-  & SelectAuthenticatorAuthenticateValues 
-  & ChallengeAuthenticatorValues 
-  & ResetAuthenticatorValues
-  & AuthenticatorVerificationDataValues
-  & ReEnrollAuthenticatorValues;
-
 export async function recoverPassword(
   authClient: OktaAuthInterface, options: PasswordRecoveryOptions = {}
 ): Promise<IdxTransaction> {