@axinom/mosaic-user-auth 0.28.0 → 0.29.0-rc.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{UserServiceClient → cjs/UserServiceClient}/UserServiceClient.d.ts +5 -5
- package/dist/{UserServiceClient → cjs/UserServiceClient}/UserServiceClient.d.ts.map +1 -1
- package/dist/{UserServiceProvider → cjs/UserServiceProvider}/UserServiceProvider.d.ts +3 -3
- package/dist/cjs/UserServiceProvider/UserServiceProvider.d.ts.map +1 -0
- package/dist/cjs/common/ensure-error.d.ts.map +1 -0
- package/dist/cjs/common/enums.d.ts.map +1 -0
- package/dist/{common → cjs/common}/stringify-gql-query.d.ts +1 -1
- package/dist/cjs/common/stringify-gql-query.d.ts.map +1 -0
- package/dist/{common → cjs/common}/types.d.ts +1 -1
- package/dist/cjs/common/types.d.ts.map +1 -0
- package/dist/cjs/common/user-auth-error.d.ts.map +1 -0
- package/dist/{generated → cjs/generated}/ax-auth-management-graphql.types.d.ts +1 -1
- package/dist/cjs/generated/ax-auth-management-graphql.types.d.ts.map +1 -0
- package/dist/{generated → cjs/generated}/user-service-end-user-graphql.types.d.ts +1 -1
- package/dist/cjs/generated/user-service-end-user-graphql.types.d.ts.map +1 -0
- package/dist/{generated → cjs/generated}/user-service-management-graphql.types.d.ts +1 -1
- package/dist/cjs/generated/user-service-management-graphql.types.d.ts.map +1 -0
- package/dist/cjs/index.d.ts +5 -0
- package/dist/cjs/index.d.ts.map +1 -0
- package/dist/{index.js → cjs/index.js} +553 -626
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/package.json +1 -0
- package/dist/{util → cjs/util}/endUserApplication.d.ts +2 -2
- package/dist/cjs/util/endUserApplication.d.ts.map +1 -0
- package/dist/{util → cjs/util}/userAuth.d.ts +3 -3
- package/dist/cjs/util/userAuth.d.ts.map +1 -0
- package/dist/{util → cjs/util}/userProfile.d.ts +1 -1
- package/dist/cjs/util/userProfile.d.ts.map +1 -0
- package/dist/esm/UserServiceClient/UserServiceClient.d.ts +207 -0
- package/dist/esm/UserServiceClient/UserServiceClient.d.ts.map +1 -0
- package/dist/esm/UserServiceProvider/UserServiceProvider.d.ts +28 -0
- package/dist/esm/UserServiceProvider/UserServiceProvider.d.ts.map +1 -0
- package/dist/esm/common/ensure-error.d.ts +16 -0
- package/dist/esm/common/ensure-error.d.ts.map +1 -0
- package/dist/esm/common/enums.d.ts +12 -0
- package/dist/esm/common/enums.d.ts.map +1 -0
- package/dist/esm/common/stringify-gql-query.d.ts +11 -0
- package/dist/esm/common/stringify-gql-query.d.ts.map +1 -0
- package/dist/esm/common/types.d.ts +146 -0
- package/dist/esm/common/types.d.ts.map +1 -0
- package/dist/esm/common/user-auth-error.d.ts +9 -0
- package/dist/esm/common/user-auth-error.d.ts.map +1 -0
- package/dist/esm/generated/ax-auth-management-graphql.types.d.ts +1400 -0
- package/dist/esm/generated/ax-auth-management-graphql.types.d.ts.map +1 -0
- package/dist/esm/generated/user-service-end-user-graphql.types.d.ts +854 -0
- package/dist/esm/generated/user-service-end-user-graphql.types.d.ts.map +1 -0
- package/dist/esm/generated/user-service-management-graphql.types.d.ts +2915 -0
- package/dist/esm/generated/user-service-management-graphql.types.d.ts.map +1 -0
- package/dist/esm/index.d.ts +5 -0
- package/dist/esm/index.d.ts.map +1 -0
- package/dist/{index.es.js → esm/index.js} +554 -627
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/package.json +1 -0
- package/dist/esm/util/endUserApplication.d.ts +11 -0
- package/dist/esm/util/endUserApplication.d.ts.map +1 -0
- package/dist/esm/util/userAuth.d.ts +111 -0
- package/dist/esm/util/userAuth.d.ts.map +1 -0
- package/dist/esm/util/userProfile.d.ts +13 -0
- package/dist/esm/util/userProfile.d.ts.map +1 -0
- package/package.json +20 -8
- package/src/UserServiceClient/UserServiceClient.ts +26 -26
- package/src/UserServiceProvider/UserServiceProvider.tsx +4 -4
- package/src/common/stringify-gql-query.ts +1 -1
- package/src/common/types.ts +1 -1
- package/src/generated/ax-auth-management-graphql.types.ts +1 -1
- package/src/generated/user-service-end-user-graphql.types.ts +1 -1
- package/src/generated/user-service-management-graphql.types.ts +1 -1
- package/src/index.ts +4 -4
- package/src/util/endUserApplication.spec.ts +7 -7
- package/src/util/endUserApplication.ts +5 -5
- package/src/util/userAuth.spec.ts +27 -27
- package/src/util/userAuth.ts +35 -31
- package/src/util/userProfile.spec.ts +2 -2
- package/src/util/userProfile.ts +9 -9
- package/dist/UserServiceProvider/UserServiceProvider.d.ts.map +0 -1
- package/dist/common/ensure-error.d.ts.map +0 -1
- package/dist/common/enums.d.ts.map +0 -1
- package/dist/common/stringify-gql-query.d.ts.map +0 -1
- package/dist/common/types.d.ts.map +0 -1
- package/dist/common/user-auth-error.d.ts.map +0 -1
- package/dist/generated/ax-auth-management-graphql.types.d.ts.map +0 -1
- package/dist/generated/user-service-end-user-graphql.types.d.ts.map +0 -1
- package/dist/generated/user-service-management-graphql.types.d.ts.map +0 -1
- package/dist/index.d.ts +0 -5
- package/dist/index.d.ts.map +0 -1
- package/dist/index.es.js.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/util/endUserApplication.d.ts.map +0 -1
- package/dist/util/endUserApplication.spec.d.ts +0 -2
- package/dist/util/endUserApplication.spec.d.ts.map +0 -1
- package/dist/util/userAuth.d.ts.map +0 -1
- package/dist/util/userAuth.spec.d.ts +0 -2
- package/dist/util/userAuth.spec.d.ts.map +0 -1
- package/dist/util/userProfile.d.ts.map +0 -1
- package/dist/util/userProfile.spec.d.ts +0 -2
- package/dist/util/userProfile.spec.d.ts.map +0 -1
- /package/dist/{common → cjs/common}/ensure-error.d.ts +0 -0
- /package/dist/{common → cjs/common}/enums.d.ts +0 -0
- /package/dist/{common → cjs/common}/user-auth-error.d.ts +0 -0
|
@@ -37,50 +37,6 @@ exports.TokenRenewalMethod = void 0;
|
|
|
37
37
|
TokenRenewalMethod[TokenRenewalMethod["ON_DEMAND"] = 1] = "ON_DEMAND";
|
|
38
38
|
})(exports.TokenRenewalMethod || (exports.TokenRenewalMethod = {}));
|
|
39
39
|
|
|
40
|
-
/******************************************************************************
|
|
41
|
-
Copyright (c) Microsoft Corporation.
|
|
42
|
-
|
|
43
|
-
Permission to use, copy, modify, and/or distribute this software for any
|
|
44
|
-
purpose with or without fee is hereby granted.
|
|
45
|
-
|
|
46
|
-
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
|
|
47
|
-
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
48
|
-
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
49
|
-
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
50
|
-
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
|
|
51
|
-
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
52
|
-
PERFORMANCE OF THIS SOFTWARE.
|
|
53
|
-
***************************************************************************** */
|
|
54
|
-
|
|
55
|
-
function __awaiter(thisArg, _arguments, P, generator) {
|
|
56
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
57
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
58
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
59
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
60
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
61
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
62
|
-
});
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
|
|
66
|
-
|
|
67
|
-
function createCommonjsModule(fn, basedir, module) {
|
|
68
|
-
return module = {
|
|
69
|
-
path: basedir,
|
|
70
|
-
exports: {},
|
|
71
|
-
require: function (path, base) {
|
|
72
|
-
return commonjsRequire(path, (base === undefined || base === null) ? module.path : base);
|
|
73
|
-
}
|
|
74
|
-
}, fn(module, module.exports), module.exports;
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
function commonjsRequire () {
|
|
78
|
-
throw new Error('Dynamic requires are not currently supported by @rollup/plugin-commonjs');
|
|
79
|
-
}
|
|
80
|
-
|
|
81
|
-
var enums = createCommonjsModule(function (module, exports) {
|
|
82
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
83
|
-
exports.AuthenticateEndUserApplicationResponseCode = exports.DecryptNativeCookieResponseCode = exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ResetPasswordResponseCode = exports.SignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = exports.UserAuthErrorCode = void 0;
|
|
84
40
|
/**
|
|
85
41
|
* This is the Error Type that the REST middleware will respond when there's an error
|
|
86
42
|
* from the User Service that does not belong to Token/SignOut or IDPConfiguration responses.
|
|
@@ -96,7 +52,7 @@ var UserAuthErrorCode;
|
|
|
96
52
|
UserAuthErrorCode["APPLICATION_NOT_ACTIVE"] = "APPLICATION_NOT_ACTIVE";
|
|
97
53
|
UserAuthErrorCode["INVALID_IDP_CONNECTION"] = "INVALID_IDP_CONNECTION";
|
|
98
54
|
UserAuthErrorCode["INTERNAL_SERVER_ERROR"] = "INTERNAL_SERVER_ERROR";
|
|
99
|
-
})(UserAuthErrorCode || (
|
|
55
|
+
})(UserAuthErrorCode || (UserAuthErrorCode = {}));
|
|
100
56
|
/**
|
|
101
57
|
* Token response code from User Service Auth API
|
|
102
58
|
*/
|
|
@@ -109,7 +65,7 @@ var TokenResponseCode;
|
|
|
109
65
|
TokenResponseCode["AUTH_FLOW_ERROR"] = "AUTH_FLOW_ERROR";
|
|
110
66
|
TokenResponseCode["BAD_REQUEST"] = "BAD_REQUEST";
|
|
111
67
|
TokenResponseCode["INTERNAL_SERVER_ERROR"] = "INTERNAL_SERVER_ERROR";
|
|
112
|
-
})(TokenResponseCode || (
|
|
68
|
+
})(TokenResponseCode || (TokenResponseCode = {}));
|
|
113
69
|
/**
|
|
114
70
|
* Sign out response code from User Service Auth API
|
|
115
71
|
*/
|
|
@@ -118,7 +74,7 @@ var SignOutResponseCode;
|
|
|
118
74
|
SignOutResponseCode["SUCCESS"] = "SUCCESS";
|
|
119
75
|
SignOutResponseCode["BAD_REQUEST"] = "BAD_REQUEST";
|
|
120
76
|
SignOutResponseCode["INTERNAL_SERVER_ERROR"] = "INTERNAL_SERVER_ERROR";
|
|
121
|
-
})(SignOutResponseCode || (
|
|
77
|
+
})(SignOutResponseCode || (SignOutResponseCode = {}));
|
|
122
78
|
/**
|
|
123
79
|
* IDP Configuration response code from User Service Auth API
|
|
124
80
|
*/
|
|
@@ -130,7 +86,7 @@ var IdpConfigurationResponseCode;
|
|
|
130
86
|
IdpConfigurationResponseCode["ACCOUNT_NOT_ACTIVE"] = "ACCOUNT_NOT_ACTIVE";
|
|
131
87
|
IdpConfigurationResponseCode["BAD_REQUEST"] = "BAD_REQUEST";
|
|
132
88
|
IdpConfigurationResponseCode["INTERNAL_SERVER_ERROR"] = "INTERNAL_SERVER_ERROR";
|
|
133
|
-
})(IdpConfigurationResponseCode || (
|
|
89
|
+
})(IdpConfigurationResponseCode || (IdpConfigurationResponseCode = {}));
|
|
134
90
|
/**
|
|
135
91
|
* Sign In With Credentials Response Code from User Service Auth API
|
|
136
92
|
*/
|
|
@@ -143,7 +99,7 @@ var SignInResponseCode;
|
|
|
143
99
|
SignInResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
|
|
144
100
|
SignInResponseCode["INVALID_IDP_CONNECTION"] = "INVALID_IDP_CONNECTION";
|
|
145
101
|
SignInResponseCode["APPLICATION_NOT_ACTIVE"] = "APPLICATION_NOT_ACTIVE";
|
|
146
|
-
})(SignInResponseCode || (
|
|
102
|
+
})(SignInResponseCode || (SignInResponseCode = {}));
|
|
147
103
|
/**
|
|
148
104
|
* Sign In With Credentials Password Reset/Complete Password Reset Code from User Service Auth API
|
|
149
105
|
*/
|
|
@@ -152,7 +108,7 @@ var ResetPasswordResponseCode;
|
|
|
152
108
|
ResetPasswordResponseCode["SUCCESS"] = "SUCCESS";
|
|
153
109
|
ResetPasswordResponseCode["ERROR"] = "ERROR";
|
|
154
110
|
ResetPasswordResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
|
|
155
|
-
})(ResetPasswordResponseCode || (
|
|
111
|
+
})(ResetPasswordResponseCode || (ResetPasswordResponseCode = {}));
|
|
156
112
|
/**
|
|
157
113
|
* Sign Up With Credential Response Code from User Service Auth API
|
|
158
114
|
*/
|
|
@@ -161,7 +117,7 @@ var UserSignUpResponseCode;
|
|
|
161
117
|
UserSignUpResponseCode["SUCCESS"] = "SUCCESS";
|
|
162
118
|
UserSignUpResponseCode["ERROR"] = "ERROR";
|
|
163
119
|
UserSignUpResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
|
|
164
|
-
})(UserSignUpResponseCode || (
|
|
120
|
+
})(UserSignUpResponseCode || (UserSignUpResponseCode = {}));
|
|
165
121
|
/**
|
|
166
122
|
* Verify Sign Up With Credential Response Code from User Service Auth API
|
|
167
123
|
*/
|
|
@@ -170,7 +126,7 @@ var CompleteUserSignUpResponseCode;
|
|
|
170
126
|
CompleteUserSignUpResponseCode["SUCCESS"] = "SUCCESS";
|
|
171
127
|
CompleteUserSignUpResponseCode["ERROR"] = "ERROR";
|
|
172
128
|
CompleteUserSignUpResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
|
|
173
|
-
})(CompleteUserSignUpResponseCode || (
|
|
129
|
+
})(CompleteUserSignUpResponseCode || (CompleteUserSignUpResponseCode = {}));
|
|
174
130
|
/**
|
|
175
131
|
* OTP Check Response Code from User Service Auth API
|
|
176
132
|
* This response type is used for both Sign Up OTP check and Reset Password OTP check.
|
|
@@ -180,16 +136,16 @@ var CheckOtpResponseCode;
|
|
|
180
136
|
CheckOtpResponseCode["SUCCESS"] = "SUCCESS";
|
|
181
137
|
CheckOtpResponseCode["ERROR"] = "ERROR";
|
|
182
138
|
CheckOtpResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
|
|
183
|
-
})(CheckOtpResponseCode || (
|
|
139
|
+
})(CheckOtpResponseCode || (CheckOtpResponseCode = {}));
|
|
184
140
|
/**
|
|
185
141
|
* IDP Protocol categories
|
|
186
142
|
*/
|
|
187
|
-
var IdpProtocol;
|
|
143
|
+
var IdpProtocol$1;
|
|
188
144
|
(function (IdpProtocol) {
|
|
189
145
|
IdpProtocol["OIDC"] = "OIDC";
|
|
190
146
|
IdpProtocol["OAUTH2"] = "OAUTH2";
|
|
191
147
|
IdpProtocol["DELEGATED"] = "DELEGATED";
|
|
192
|
-
})(IdpProtocol || (
|
|
148
|
+
})(IdpProtocol$1 || (IdpProtocol$1 = {}));
|
|
193
149
|
/**
|
|
194
150
|
* Response codes specific to Native Cookie Decryption.
|
|
195
151
|
*/
|
|
@@ -197,7 +153,7 @@ var DecryptNativeCookieResponseCode;
|
|
|
197
153
|
(function (DecryptNativeCookieResponseCode) {
|
|
198
154
|
DecryptNativeCookieResponseCode["SUCCESS"] = "SUCCESS";
|
|
199
155
|
DecryptNativeCookieResponseCode["COOKIE_DECRYPTION_FAILED"] = "COOKIE_DECRYPTION_FAILED";
|
|
200
|
-
})(DecryptNativeCookieResponseCode || (
|
|
156
|
+
})(DecryptNativeCookieResponseCode || (DecryptNativeCookieResponseCode = {}));
|
|
201
157
|
/**
|
|
202
158
|
* Response codes specific to End User Application Token Generation
|
|
203
159
|
*/
|
|
@@ -207,15 +163,9 @@ var AuthenticateEndUserApplicationResponseCode;
|
|
|
207
163
|
AuthenticateEndUserApplicationResponseCode["APPLICATION_NOT_FOUND"] = "APPLICATION_NOT_FOUND";
|
|
208
164
|
AuthenticateEndUserApplicationResponseCode["APPLICATION_NOT_ENABLED"] = "APPLICATION_NOT_ENABLED";
|
|
209
165
|
AuthenticateEndUserApplicationResponseCode["END_USER_APP_TOKEN_GENERATION_ERROR"] = "END_USER_APP_TOKEN_GENERATION_ERROR";
|
|
210
|
-
})(AuthenticateEndUserApplicationResponseCode || (
|
|
211
|
-
|
|
212
|
-
});
|
|
166
|
+
})(AuthenticateEndUserApplicationResponseCode || (AuthenticateEndUserApplicationResponseCode = {}));
|
|
213
167
|
|
|
214
|
-
|
|
215
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
216
|
-
exports.managedIdProviderDefaults = void 0;
|
|
217
|
-
|
|
218
|
-
exports.managedIdProviderDefaults = {
|
|
168
|
+
({
|
|
219
169
|
AX_GOOGLE: {
|
|
220
170
|
discoveryDocumentUrl: 'https://accounts.google.com/.well-known/openid-configuration',
|
|
221
171
|
providerIconUrl: 'https://developers.google.com/identity/images/g-logo.png',
|
|
@@ -227,14 +177,14 @@ exports.managedIdProviderDefaults = {
|
|
|
227
177
|
{ name: 'email', default: true },
|
|
228
178
|
{ name: 'profile', default: true },
|
|
229
179
|
],
|
|
230
|
-
protocol:
|
|
180
|
+
protocol: IdpProtocol$1.OIDC,
|
|
231
181
|
},
|
|
232
182
|
AX_FACEBOOK: {
|
|
233
183
|
authorizationEndpointUrl: 'https://www.facebook.com/dialog/oauth',
|
|
234
184
|
tokenEndpointUrl: 'https://graph.facebook.com/oauth/access_token',
|
|
235
185
|
userInfoEndpointUrl: 'https://graph.facebook.com/me',
|
|
236
186
|
scopes: [{ name: 'email', default: true }],
|
|
237
|
-
protocol:
|
|
187
|
+
protocol: IdpProtocol$1.OAUTH2,
|
|
238
188
|
},
|
|
239
189
|
AX_APPLE: {
|
|
240
190
|
discoveryDocumentUrl: 'https://appleid.apple.com/.well-known/openid-configuration',
|
|
@@ -246,7 +196,7 @@ exports.managedIdProviderDefaults = {
|
|
|
246
196
|
{ name: 'email', default: true },
|
|
247
197
|
{ name: 'name', default: true },
|
|
248
198
|
],
|
|
249
|
-
protocol:
|
|
199
|
+
protocol: IdpProtocol$1.OIDC,
|
|
250
200
|
},
|
|
251
201
|
AX_AUTH: {
|
|
252
202
|
scopes: [
|
|
@@ -255,37 +205,8 @@ exports.managedIdProviderDefaults = {
|
|
|
255
205
|
{ name: 'profile', default: true },
|
|
256
206
|
{ name: 'offline_access', default: true },
|
|
257
207
|
],
|
|
258
|
-
protocol:
|
|
208
|
+
protocol: IdpProtocol$1.OIDC,
|
|
259
209
|
},
|
|
260
|
-
};
|
|
261
|
-
|
|
262
|
-
});
|
|
263
|
-
|
|
264
|
-
var types = createCommonjsModule(function (module, exports) {
|
|
265
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
266
|
-
|
|
267
|
-
});
|
|
268
|
-
|
|
269
|
-
var dist = createCommonjsModule(function (module, exports) {
|
|
270
|
-
var __createBinding = (commonjsGlobal && commonjsGlobal.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
271
|
-
if (k2 === undefined) k2 = k;
|
|
272
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
273
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
274
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
275
|
-
}
|
|
276
|
-
Object.defineProperty(o, k2, desc);
|
|
277
|
-
}) : (function(o, m, k, k2) {
|
|
278
|
-
if (k2 === undefined) k2 = k;
|
|
279
|
-
o[k2] = m[k];
|
|
280
|
-
}));
|
|
281
|
-
var __exportStar = (commonjsGlobal && commonjsGlobal.__exportStar) || function(m, exports) {
|
|
282
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
283
|
-
};
|
|
284
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
285
|
-
__exportStar(constants, exports);
|
|
286
|
-
__exportStar(enums, exports);
|
|
287
|
-
__exportStar(types, exports);
|
|
288
|
-
|
|
289
210
|
});
|
|
290
211
|
|
|
291
212
|
/**
|
|
@@ -312,6 +233,18 @@ const ensureError = (error) => {
|
|
|
312
233
|
return new Error(`An error that is not an instance of an Error has been thrown: ${String(error)}`);
|
|
313
234
|
};
|
|
314
235
|
|
|
236
|
+
/**
|
|
237
|
+
* Class mimicking the minimal structure of a MosaicError.
|
|
238
|
+
* This class is defined here to avoid the @axinom/service-common dependency.
|
|
239
|
+
*/
|
|
240
|
+
class UserAuthError extends Error {
|
|
241
|
+
code;
|
|
242
|
+
constructor(message, code) {
|
|
243
|
+
super(message);
|
|
244
|
+
this.code = code;
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
|
|
315
248
|
// istanbul ignore next (See: 'https://github.com/graphql/graphql-js/issues/2317')
|
|
316
249
|
var nodejsCustomInspectSymbol = typeof Symbol === 'function' && typeof Symbol.for === 'function' ? Symbol.for('nodejs.util.inspect.custom') : undefined;
|
|
317
250
|
var nodejsCustomInspectSymbol$1 = nodejsCustomInspectSymbol;
|
|
@@ -1740,11 +1673,13 @@ const DecryptNativeCookieDocument = { "kind": "Document", "definitions": [{ "kin
|
|
|
1740
1673
|
* @param userServiceManagementBaseUrl Base URL of AX_AUTH management GQL schema.
|
|
1741
1674
|
* @returns AuthenticateEndUserApplicationResponse
|
|
1742
1675
|
*/
|
|
1743
|
-
const authenticateEndUserApplication = (authenticateEndUserApplicationInput, userServiceManagementBaseUrl) =>
|
|
1676
|
+
const authenticateEndUserApplication = async (authenticateEndUserApplicationInput, userServiceManagementBaseUrl) => {
|
|
1744
1677
|
const variables = {
|
|
1745
|
-
input:
|
|
1678
|
+
input: {
|
|
1679
|
+
...authenticateEndUserApplicationInput,
|
|
1680
|
+
},
|
|
1746
1681
|
};
|
|
1747
|
-
const authenticateEndUserApplicationResponse =
|
|
1682
|
+
const authenticateEndUserApplicationResponse = await (await fetch(`${userServiceManagementBaseUrl}/graphql-management`, {
|
|
1748
1683
|
method: 'POST',
|
|
1749
1684
|
cache: 'no-cache',
|
|
1750
1685
|
redirect: 'follow',
|
|
@@ -1762,7 +1697,7 @@ const authenticateEndUserApplication = (authenticateEndUserApplicationInput, use
|
|
|
1762
1697
|
};
|
|
1763
1698
|
}
|
|
1764
1699
|
return {
|
|
1765
|
-
code:
|
|
1700
|
+
code: AuthenticateEndUserApplicationResponseCode.SUCCESS,
|
|
1766
1701
|
endUserApplicationToken: {
|
|
1767
1702
|
accessToken: authenticateEndUserApplicationResponse.data
|
|
1768
1703
|
.authenticateEndUserApplication.accessToken,
|
|
@@ -1772,18 +1707,7 @@ const authenticateEndUserApplication = (authenticateEndUserApplicationInput, use
|
|
|
1772
1707
|
.authenticateEndUserApplication.tokenType,
|
|
1773
1708
|
},
|
|
1774
1709
|
};
|
|
1775
|
-
}
|
|
1776
|
-
|
|
1777
|
-
/**
|
|
1778
|
-
* Class mimicking the minimal structure of a MosaicError.
|
|
1779
|
-
* This class is defined here to avoid the @axinom/service-common dependency.
|
|
1780
|
-
*/
|
|
1781
|
-
class UserAuthError extends Error {
|
|
1782
|
-
constructor(message, code) {
|
|
1783
|
-
super(message);
|
|
1784
|
-
this.code = code;
|
|
1785
|
-
}
|
|
1786
|
-
}
|
|
1710
|
+
};
|
|
1787
1711
|
|
|
1788
1712
|
/** Methods to use when ordering `EnvironmentClientMapping`. */
|
|
1789
1713
|
var EnvironmentClientMappingsOrderBy;
|
|
@@ -1920,17 +1844,15 @@ const InitiateEndUserPasswordResetDocument = { "kind": "Document", "definitions"
|
|
|
1920
1844
|
const CheckPasswordResetOtpDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "CheckPasswordResetOtp" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "CheckEndUserPasswordResetOtpInput" } } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "checkEndUserPasswordResetOtp" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "isOtpValid" } }] } }] } }] };
|
|
1921
1845
|
const CompleteEndUserPasswordResetDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "CompleteEndUserPasswordReset" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "CompleteEndUserPasswordResetInput" } } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "completeEndUserPasswordReset" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "idpUserId" } }] } }] } }] };
|
|
1922
1846
|
|
|
1923
|
-
function invokeUserAuthMethod(
|
|
1924
|
-
|
|
1925
|
-
|
|
1926
|
-
|
|
1927
|
-
|
|
1928
|
-
|
|
1929
|
-
|
|
1930
|
-
|
|
1931
|
-
|
|
1932
|
-
})).json();
|
|
1933
|
-
});
|
|
1847
|
+
async function invokeUserAuthMethod(method, userAuthConfig, isRootLevel = false) {
|
|
1848
|
+
const endpointUrl = new URL(`${userAuthConfig.tenantId}/${userAuthConfig.environmentId}/${userAuthConfig.applicationId}/${method}`, userAuthConfig.userAuthBaseUrl);
|
|
1849
|
+
const rootEndpointUrl = new URL(`${method}`, userAuthConfig.userAuthBaseUrl);
|
|
1850
|
+
return (await fetch(isRootLevel ? rootEndpointUrl.href : endpointUrl.href, {
|
|
1851
|
+
cache: 'no-cache',
|
|
1852
|
+
credentials: isRootLevel ? 'omit' : 'include',
|
|
1853
|
+
redirect: 'follow',
|
|
1854
|
+
referrerPolicy: 'origin',
|
|
1855
|
+
})).json();
|
|
1934
1856
|
}
|
|
1935
1857
|
/**
|
|
1936
1858
|
* Get the well-known endpoints exposed by ax-user-service.
|
|
@@ -1938,10 +1860,10 @@ function invokeUserAuthMethod(method_1, userAuthConfig_1) {
|
|
|
1938
1860
|
* @param userAuthConfig an object containing user authentication info.
|
|
1939
1861
|
* @returns `WellKnownEndpointResponse`
|
|
1940
1862
|
*/
|
|
1941
|
-
const getWellKnownEndpoints = (userAuthConfig) =>
|
|
1942
|
-
const userServiceEndpoints =
|
|
1863
|
+
const getWellKnownEndpoints = async (userAuthConfig) => {
|
|
1864
|
+
const userServiceEndpoints = await invokeUserAuthMethod('.well-known', userAuthConfig, true);
|
|
1943
1865
|
return userServiceEndpoints;
|
|
1944
|
-
}
|
|
1866
|
+
};
|
|
1945
1867
|
/**
|
|
1946
1868
|
* Perform a user sign in process according to the SignInWithCredentials flow.
|
|
1947
1869
|
*
|
|
@@ -1950,9 +1872,9 @@ const getWellKnownEndpoints = (userAuthConfig) => __awaiter(void 0, void 0, void
|
|
|
1950
1872
|
* @param signInRequest Sign info (email, password).
|
|
1951
1873
|
* @returns
|
|
1952
1874
|
*/
|
|
1953
|
-
const performSignInWithCredentials = (userAuthConfig, axAuthConnectionId, signInRequest) =>
|
|
1875
|
+
const performSignInWithCredentials = async (userAuthConfig, axAuthConnectionId, signInRequest) => {
|
|
1954
1876
|
const signInURL = new URL(`${userAuthConfig.tenantId}/${userAuthConfig.environmentId}/${userAuthConfig.applicationId}/sign-in-with-credentials`, userAuthConfig.userAuthBaseUrl);
|
|
1955
|
-
const signInResponse =
|
|
1877
|
+
const signInResponse = await (await fetch(signInURL.href, {
|
|
1956
1878
|
method: 'POST',
|
|
1957
1879
|
cache: 'no-cache',
|
|
1958
1880
|
credentials: 'include',
|
|
@@ -1961,10 +1883,13 @@ const performSignInWithCredentials = (userAuthConfig, axAuthConnectionId, signIn
|
|
|
1961
1883
|
headers: {
|
|
1962
1884
|
'Content-Type': 'application/json',
|
|
1963
1885
|
},
|
|
1964
|
-
body: JSON.stringify(
|
|
1886
|
+
body: JSON.stringify({
|
|
1887
|
+
...signInRequest,
|
|
1888
|
+
connectionId: axAuthConnectionId,
|
|
1889
|
+
}),
|
|
1965
1890
|
})).json();
|
|
1966
1891
|
return signInResponse;
|
|
1967
|
-
}
|
|
1892
|
+
};
|
|
1968
1893
|
/**
|
|
1969
1894
|
* Start the user sign-up flow, using the AxAuth-Service as a user-store.
|
|
1970
1895
|
*
|
|
@@ -1973,11 +1898,11 @@ const performSignInWithCredentials = (userAuthConfig, axAuthConnectionId, signIn
|
|
|
1973
1898
|
* @param axAuthManagementEndpoint Endpoint of AX_AUTH management GQL schema.
|
|
1974
1899
|
* @returns
|
|
1975
1900
|
*/
|
|
1976
|
-
const initiateUserSignUp = (userSignUpRequest, axAuthManagementEndpoint) =>
|
|
1901
|
+
const initiateUserSignUp = async (userSignUpRequest, axAuthManagementEndpoint) => {
|
|
1977
1902
|
const variables = {
|
|
1978
1903
|
input: userSignUpRequest,
|
|
1979
1904
|
};
|
|
1980
|
-
const userSignUpResponse =
|
|
1905
|
+
const userSignUpResponse = await (await fetch(`${axAuthManagementEndpoint}`, {
|
|
1981
1906
|
method: 'POST',
|
|
1982
1907
|
cache: 'no-cache',
|
|
1983
1908
|
redirect: 'follow',
|
|
@@ -1989,14 +1914,14 @@ const initiateUserSignUp = (userSignUpRequest, axAuthManagementEndpoint) => __aw
|
|
|
1989
1914
|
})).json();
|
|
1990
1915
|
if (userSignUpResponse.errors !== undefined) {
|
|
1991
1916
|
return {
|
|
1992
|
-
code:
|
|
1917
|
+
code: UserSignUpResponseCode.ERROR,
|
|
1993
1918
|
message: userSignUpResponse.errors[0].message,
|
|
1994
1919
|
};
|
|
1995
1920
|
}
|
|
1996
1921
|
return {
|
|
1997
|
-
code:
|
|
1922
|
+
code: UserSignUpResponseCode.SUCCESS,
|
|
1998
1923
|
};
|
|
1999
|
-
}
|
|
1924
|
+
};
|
|
2000
1925
|
/**
|
|
2001
1926
|
* Check if a provided OTP code for User Sign Up is still valid.
|
|
2002
1927
|
*
|
|
@@ -2005,11 +1930,11 @@ const initiateUserSignUp = (userSignUpRequest, axAuthManagementEndpoint) => __aw
|
|
|
2005
1930
|
* @param axAuthManagementEndpoint Endpoint of AX_AUTH management GQL schema.
|
|
2006
1931
|
* @returns
|
|
2007
1932
|
*/
|
|
2008
|
-
const checkUserSignUpOtp = (checkUserSignUpOtpRequest, axAuthManagementEndpoint) =>
|
|
1933
|
+
const checkUserSignUpOtp = async (checkUserSignUpOtpRequest, axAuthManagementEndpoint) => {
|
|
2009
1934
|
const variables = {
|
|
2010
1935
|
input: checkUserSignUpOtpRequest,
|
|
2011
1936
|
};
|
|
2012
|
-
const checkSignUpOtpResponse =
|
|
1937
|
+
const checkSignUpOtpResponse = await (await fetch(`${axAuthManagementEndpoint}`, {
|
|
2013
1938
|
method: 'POST',
|
|
2014
1939
|
cache: 'no-cache',
|
|
2015
1940
|
redirect: 'follow',
|
|
@@ -2021,15 +1946,15 @@ const checkUserSignUpOtp = (checkUserSignUpOtpRequest, axAuthManagementEndpoint)
|
|
|
2021
1946
|
})).json();
|
|
2022
1947
|
if (checkSignUpOtpResponse.errors !== undefined) {
|
|
2023
1948
|
return {
|
|
2024
|
-
code:
|
|
1949
|
+
code: CheckOtpResponseCode.ERROR,
|
|
2025
1950
|
message: checkSignUpOtpResponse.errors[0].message,
|
|
2026
1951
|
};
|
|
2027
1952
|
}
|
|
2028
1953
|
return {
|
|
2029
|
-
code:
|
|
1954
|
+
code: CheckOtpResponseCode.SUCCESS,
|
|
2030
1955
|
isOtpValid: checkSignUpOtpResponse.data.checkEndUserSignUpOtp.isOtpValid,
|
|
2031
1956
|
};
|
|
2032
|
-
}
|
|
1957
|
+
};
|
|
2033
1958
|
/**
|
|
2034
1959
|
* Verify the OTP and complete the sign-up flow
|
|
2035
1960
|
*
|
|
@@ -2038,11 +1963,11 @@ const checkUserSignUpOtp = (checkUserSignUpOtpRequest, axAuthManagementEndpoint)
|
|
|
2038
1963
|
* @param axAuthManagementEndpoint Endpoint of AX_AUTH management GQL schema.
|
|
2039
1964
|
* @returns
|
|
2040
1965
|
*/
|
|
2041
|
-
const completeUserSignUp = (completeUserSignUpRequest, axAuthManagementEndpoint) =>
|
|
1966
|
+
const completeUserSignUp = async (completeUserSignUpRequest, axAuthManagementEndpoint) => {
|
|
2042
1967
|
const variables = {
|
|
2043
1968
|
input: completeUserSignUpRequest,
|
|
2044
1969
|
};
|
|
2045
|
-
const completeUserSignUpResponse =
|
|
1970
|
+
const completeUserSignUpResponse = await (await fetch(`${axAuthManagementEndpoint}`, {
|
|
2046
1971
|
method: 'POST',
|
|
2047
1972
|
cache: 'no-cache',
|
|
2048
1973
|
redirect: 'follow',
|
|
@@ -2054,14 +1979,14 @@ const completeUserSignUp = (completeUserSignUpRequest, axAuthManagementEndpoint)
|
|
|
2054
1979
|
})).json();
|
|
2055
1980
|
if (completeUserSignUpResponse.errors !== undefined) {
|
|
2056
1981
|
return {
|
|
2057
|
-
code:
|
|
1982
|
+
code: CompleteUserSignUpResponseCode.ERROR,
|
|
2058
1983
|
message: completeUserSignUpResponse.errors[0].message,
|
|
2059
1984
|
};
|
|
2060
1985
|
}
|
|
2061
1986
|
return {
|
|
2062
|
-
code:
|
|
1987
|
+
code: CompleteUserSignUpResponseCode.SUCCESS,
|
|
2063
1988
|
};
|
|
2064
|
-
}
|
|
1989
|
+
};
|
|
2065
1990
|
/**
|
|
2066
1991
|
* Start the process of resetting the password for a registered user.
|
|
2067
1992
|
*
|
|
@@ -2071,7 +1996,7 @@ const completeUserSignUp = (completeUserSignUpRequest, axAuthManagementEndpoint)
|
|
|
2071
1996
|
* @param customData An optional arbitrary JSON object. When used, this customData will be submitted to the Forgot Password Webhook via the HTTP POST request body, and can be used to transfer some needed context to the Webhook.
|
|
2072
1997
|
* @returns
|
|
2073
1998
|
*/
|
|
2074
|
-
const initiatePasswordReset = (email, axAuthClientId, axAuthManagementEndpoint, customData) =>
|
|
1999
|
+
const initiatePasswordReset = async (email, axAuthClientId, axAuthManagementEndpoint, customData) => {
|
|
2075
2000
|
const variables = {
|
|
2076
2001
|
input: {
|
|
2077
2002
|
oAuthClientId: axAuthClientId,
|
|
@@ -2079,7 +2004,7 @@ const initiatePasswordReset = (email, axAuthClientId, axAuthManagementEndpoint,
|
|
|
2079
2004
|
customData: customData,
|
|
2080
2005
|
},
|
|
2081
2006
|
};
|
|
2082
|
-
const initiateResetPasswordResponse =
|
|
2007
|
+
const initiateResetPasswordResponse = await (await fetch(`${axAuthManagementEndpoint}`, {
|
|
2083
2008
|
method: 'POST',
|
|
2084
2009
|
cache: 'no-cache',
|
|
2085
2010
|
redirect: 'follow',
|
|
@@ -2091,14 +2016,14 @@ const initiatePasswordReset = (email, axAuthClientId, axAuthManagementEndpoint,
|
|
|
2091
2016
|
})).json();
|
|
2092
2017
|
if (initiateResetPasswordResponse.errors !== undefined) {
|
|
2093
2018
|
return {
|
|
2094
|
-
code:
|
|
2019
|
+
code: ResetPasswordResponseCode.ERROR,
|
|
2095
2020
|
message: initiateResetPasswordResponse.errors[0].message,
|
|
2096
2021
|
};
|
|
2097
2022
|
}
|
|
2098
2023
|
return {
|
|
2099
|
-
code:
|
|
2024
|
+
code: ResetPasswordResponseCode.SUCCESS,
|
|
2100
2025
|
};
|
|
2101
|
-
}
|
|
2026
|
+
};
|
|
2102
2027
|
/**
|
|
2103
2028
|
* Check if a provided OTP code for User Sign Up is valid.
|
|
2104
2029
|
*
|
|
@@ -2107,11 +2032,11 @@ const initiatePasswordReset = (email, axAuthClientId, axAuthManagementEndpoint,
|
|
|
2107
2032
|
* @param axAuthManagementEndpoint Endpoint of AX_AUTH management GQL schema.
|
|
2108
2033
|
* @returns
|
|
2109
2034
|
*/
|
|
2110
|
-
const checkPasswordResetOtp = (checkPasswordResetOtpRequest, axAuthManagementEndpoint) =>
|
|
2035
|
+
const checkPasswordResetOtp = async (checkPasswordResetOtpRequest, axAuthManagementEndpoint) => {
|
|
2111
2036
|
const variables = {
|
|
2112
2037
|
input: checkPasswordResetOtpRequest,
|
|
2113
2038
|
};
|
|
2114
|
-
const checkPasswordResetOtpResponse =
|
|
2039
|
+
const checkPasswordResetOtpResponse = await (await fetch(`${axAuthManagementEndpoint}`, {
|
|
2115
2040
|
method: 'POST',
|
|
2116
2041
|
cache: 'no-cache',
|
|
2117
2042
|
redirect: 'follow',
|
|
@@ -2123,16 +2048,16 @@ const checkPasswordResetOtp = (checkPasswordResetOtpRequest, axAuthManagementEnd
|
|
|
2123
2048
|
})).json();
|
|
2124
2049
|
if (checkPasswordResetOtpResponse.errors !== undefined) {
|
|
2125
2050
|
return {
|
|
2126
|
-
code:
|
|
2051
|
+
code: CheckOtpResponseCode.ERROR,
|
|
2127
2052
|
message: checkPasswordResetOtpResponse.errors[0].message,
|
|
2128
2053
|
};
|
|
2129
2054
|
}
|
|
2130
2055
|
return {
|
|
2131
|
-
code:
|
|
2056
|
+
code: CheckOtpResponseCode.SUCCESS,
|
|
2132
2057
|
isOtpValid: checkPasswordResetOtpResponse.data.checkEndUserPasswordResetOtp
|
|
2133
2058
|
.isOtpValid,
|
|
2134
2059
|
};
|
|
2135
|
-
}
|
|
2060
|
+
};
|
|
2136
2061
|
/**
|
|
2137
2062
|
* Complete the process of resetting the password for a registered user.
|
|
2138
2063
|
*
|
|
@@ -2141,11 +2066,11 @@ const checkPasswordResetOtp = (checkPasswordResetOtpRequest, axAuthManagementEnd
|
|
|
2141
2066
|
* @param axAuthManagementEndpoint Endpoint of AX_AUTH management GQL schema.
|
|
2142
2067
|
* @returns
|
|
2143
2068
|
*/
|
|
2144
|
-
const completePasswordReset = (completePasswordResetRequest, axAuthManagementEndpoint) =>
|
|
2069
|
+
const completePasswordReset = async (completePasswordResetRequest, axAuthManagementEndpoint) => {
|
|
2145
2070
|
const variables = {
|
|
2146
2071
|
input: completePasswordResetRequest,
|
|
2147
2072
|
};
|
|
2148
|
-
const completePasswordResetResponse =
|
|
2073
|
+
const completePasswordResetResponse = await (await fetch(`${axAuthManagementEndpoint}`, {
|
|
2149
2074
|
method: 'POST',
|
|
2150
2075
|
cache: 'no-cache',
|
|
2151
2076
|
redirect: 'follow',
|
|
@@ -2157,19 +2082,18 @@ const completePasswordReset = (completePasswordResetRequest, axAuthManagementEnd
|
|
|
2157
2082
|
})).json();
|
|
2158
2083
|
if (completePasswordResetResponse.errors !== undefined) {
|
|
2159
2084
|
return {
|
|
2160
|
-
code:
|
|
2085
|
+
code: ResetPasswordResponseCode.ERROR,
|
|
2161
2086
|
message: completePasswordResetResponse.errors[0].message,
|
|
2162
2087
|
};
|
|
2163
2088
|
}
|
|
2164
2089
|
return {
|
|
2165
|
-
code:
|
|
2090
|
+
code: ResetPasswordResponseCode.SUCCESS,
|
|
2166
2091
|
};
|
|
2167
|
-
}
|
|
2168
|
-
const getIdpConfigurations = (userAuthConfig) =>
|
|
2169
|
-
|
|
2170
|
-
|
|
2171
|
-
|
|
2172
|
-
return ((_b = (_a = configResponse.availableIdentityProviders) === null || _a === void 0 ? void 0 : _a.map((idp) => {
|
|
2092
|
+
};
|
|
2093
|
+
const getIdpConfigurations = async (userAuthConfig) => {
|
|
2094
|
+
const configResponse = await invokeUserAuthMethod('get-user-auth-idp-config', userAuthConfig);
|
|
2095
|
+
if (configResponse.code === IdpConfigurationResponseCode.SUCCESS) {
|
|
2096
|
+
return (configResponse.availableIdentityProviders?.map((idp) => {
|
|
2173
2097
|
return {
|
|
2174
2098
|
idpConnectionId: idp.idpConnectionId,
|
|
2175
2099
|
providerId: idp.providerId,
|
|
@@ -2178,12 +2102,12 @@ const getIdpConfigurations = (userAuthConfig) => __awaiter(void 0, void 0, void
|
|
|
2178
2102
|
title: idp.title,
|
|
2179
2103
|
sortOrder: idp.sortOrder,
|
|
2180
2104
|
};
|
|
2181
|
-
})
|
|
2105
|
+
}) ?? []);
|
|
2182
2106
|
}
|
|
2183
2107
|
else {
|
|
2184
2108
|
return [];
|
|
2185
2109
|
}
|
|
2186
|
-
}
|
|
2110
|
+
};
|
|
2187
2111
|
/**
|
|
2188
2112
|
* Get the Authentication URL for a given IDP for web based applications.
|
|
2189
2113
|
*
|
|
@@ -2215,38 +2139,37 @@ const getNativeAuthUrl = (userAuthConfig, idpConnectionId, returnUrl, encryption
|
|
|
2215
2139
|
/**
|
|
2216
2140
|
* Returns a new user token by invoking the User Auth API
|
|
2217
2141
|
*/
|
|
2218
|
-
const fetchUserToken = (userAuthConfig) =>
|
|
2219
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s;
|
|
2142
|
+
const fetchUserToken = async (userAuthConfig) => {
|
|
2220
2143
|
try {
|
|
2221
|
-
const tokenResponse =
|
|
2222
|
-
if (tokenResponse.code !==
|
|
2144
|
+
const tokenResponse = await invokeUserAuthMethod('token', userAuthConfig);
|
|
2145
|
+
if (tokenResponse.code !== TokenResponseCode.SUCCESS) {
|
|
2223
2146
|
throw new UserAuthError(tokenResponse.message, tokenResponse.code);
|
|
2224
2147
|
}
|
|
2225
2148
|
else {
|
|
2226
2149
|
return {
|
|
2227
|
-
tenantId:
|
|
2228
|
-
environmentId:
|
|
2229
|
-
applicationId:
|
|
2230
|
-
userId:
|
|
2231
|
-
profileId:
|
|
2232
|
-
email:
|
|
2233
|
-
name:
|
|
2150
|
+
tenantId: tokenResponse.tenantId ?? '',
|
|
2151
|
+
environmentId: tokenResponse.environmentId ?? '',
|
|
2152
|
+
applicationId: tokenResponse.applicationId ?? '',
|
|
2153
|
+
userId: tokenResponse.user?.id ?? '',
|
|
2154
|
+
profileId: tokenResponse.user?.profileId ?? '',
|
|
2155
|
+
email: tokenResponse.user?.email ?? null,
|
|
2156
|
+
name: tokenResponse.user?.name ?? null,
|
|
2234
2157
|
extensions: tokenResponse.extensions,
|
|
2235
|
-
accessToken:
|
|
2236
|
-
expiresInSeconds:
|
|
2237
|
-
expiresAt:
|
|
2158
|
+
accessToken: tokenResponse.user?.token.accessToken ?? '',
|
|
2159
|
+
expiresInSeconds: tokenResponse.user?.token.expiresInSeconds ?? 0,
|
|
2160
|
+
expiresAt: tokenResponse.user?.token.expiresAt,
|
|
2238
2161
|
};
|
|
2239
2162
|
}
|
|
2240
2163
|
}
|
|
2241
2164
|
catch (e) {
|
|
2242
2165
|
const error = ensureError(e);
|
|
2243
|
-
throw new UserAuthError(error.message,
|
|
2166
|
+
throw new UserAuthError(error.message, error.code ?? TokenResponseCode.INTERNAL_SERVER_ERROR);
|
|
2244
2167
|
}
|
|
2245
|
-
}
|
|
2246
|
-
const logoutUser = (userAuthConfig) =>
|
|
2247
|
-
const logoutResponse =
|
|
2248
|
-
return logoutResponse.code ===
|
|
2249
|
-
}
|
|
2168
|
+
};
|
|
2169
|
+
const logoutUser = async (userAuthConfig) => {
|
|
2170
|
+
const logoutResponse = await invokeUserAuthMethod('sign-out', userAuthConfig);
|
|
2171
|
+
return logoutResponse.code === SignOutResponseCode.SUCCESS;
|
|
2172
|
+
};
|
|
2250
2173
|
/**
|
|
2251
2174
|
* Decrypts an encrypted User Token Cookie
|
|
2252
2175
|
*
|
|
@@ -2255,14 +2178,14 @@ const logoutUser = (userAuthConfig) => __awaiter(void 0, void 0, void 0, functio
|
|
|
2255
2178
|
* @param userServiceManagementEndpoint
|
|
2256
2179
|
* @returns
|
|
2257
2180
|
*/
|
|
2258
|
-
const decryptNativeCookie = (encryptedCookie, key, userServiceManagementEndpoint) =>
|
|
2181
|
+
const decryptNativeCookie = async (encryptedCookie, key, userServiceManagementEndpoint) => {
|
|
2259
2182
|
const variables = {
|
|
2260
2183
|
input: {
|
|
2261
2184
|
encryptedValue: encryptedCookie,
|
|
2262
2185
|
key,
|
|
2263
2186
|
},
|
|
2264
2187
|
};
|
|
2265
|
-
const decryptNativeCookieResponse =
|
|
2188
|
+
const decryptNativeCookieResponse = await (await fetch(`${userServiceManagementEndpoint}`, {
|
|
2266
2189
|
method: 'POST',
|
|
2267
2190
|
cache: 'no-cache',
|
|
2268
2191
|
redirect: 'follow',
|
|
@@ -2274,15 +2197,15 @@ const decryptNativeCookie = (encryptedCookie, key, userServiceManagementEndpoint
|
|
|
2274
2197
|
})).json();
|
|
2275
2198
|
if (decryptNativeCookieResponse.errors !== undefined) {
|
|
2276
2199
|
return {
|
|
2277
|
-
code:
|
|
2200
|
+
code: DecryptNativeCookieResponseCode.COOKIE_DECRYPTION_FAILED,
|
|
2278
2201
|
message: decryptNativeCookieResponse.errors[0].message,
|
|
2279
2202
|
};
|
|
2280
2203
|
}
|
|
2281
2204
|
return {
|
|
2282
|
-
code:
|
|
2205
|
+
code: DecryptNativeCookieResponseCode.SUCCESS,
|
|
2283
2206
|
decryptedCookie: decryptNativeCookieResponse.data.decryptWithKeyAes.decryptedValue,
|
|
2284
2207
|
};
|
|
2285
|
-
}
|
|
2208
|
+
};
|
|
2286
2209
|
|
|
2287
2210
|
/** Exposes all error codes and messages for errors that a service requests can throw. In some cases, messages that are actually thrown can be different, since they can include more details or a single code can used for different errors of the same type. */
|
|
2288
2211
|
var ErrorCodesEnum;
|
|
@@ -2493,11 +2416,11 @@ const CreateUserProfileDocument = { "kind": "Document", "definitions": [{ "kind"
|
|
|
2493
2416
|
const UpdateUserProfileDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "UpdateUserProfile" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "UpdateUserProfileInput" } } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "updateUserProfile" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "userProfile" }, "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "id" } }, { "kind": "Field", "name": { "kind": "Name", "value": "displayName" } }, { "kind": "Field", "name": { "kind": "Name", "value": "defaultProfile" } }, { "kind": "Field", "name": { "kind": "Name", "value": "profilePictureUrl" } }] } }] } }] } }] };
|
|
2494
2417
|
const DeleteUserProfileDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "DeleteUserProfile" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "DeleteUserProfileInput" } } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "deleteUserProfile" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "userProfile" }, "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "id" } }, { "kind": "Field", "name": { "kind": "Name", "value": "displayName" } }, { "kind": "Field", "name": { "kind": "Name", "value": "defaultProfile" } }, { "kind": "Field", "name": { "kind": "Name", "value": "profilePictureUrl" } }] } }] } }] } }] };
|
|
2495
2418
|
|
|
2496
|
-
const setActiveProfile = (userServiceBaseUrl, accessToken, profileId) =>
|
|
2419
|
+
const setActiveProfile = async (userServiceBaseUrl, accessToken, profileId) => {
|
|
2497
2420
|
const variables = {
|
|
2498
2421
|
profileId,
|
|
2499
2422
|
};
|
|
2500
|
-
const activeUserProfile =
|
|
2423
|
+
const activeUserProfile = await (await fetch(`${userServiceBaseUrl}/graphql`, {
|
|
2501
2424
|
method: 'POST',
|
|
2502
2425
|
cache: 'no-cache',
|
|
2503
2426
|
redirect: 'follow',
|
|
@@ -2519,12 +2442,12 @@ const setActiveProfile = (userServiceBaseUrl, accessToken, profileId) => __await
|
|
|
2519
2442
|
message: activeUserProfile.errors[0].message,
|
|
2520
2443
|
};
|
|
2521
2444
|
}
|
|
2522
|
-
}
|
|
2523
|
-
const getUserProfile = (userServiceBaseUrl, accessToken, profileId) =>
|
|
2445
|
+
};
|
|
2446
|
+
const getUserProfile = async (userServiceBaseUrl, accessToken, profileId) => {
|
|
2524
2447
|
const variables = {
|
|
2525
2448
|
profileId,
|
|
2526
2449
|
};
|
|
2527
|
-
const userProfileResponse =
|
|
2450
|
+
const userProfileResponse = await (await fetch(`${userServiceBaseUrl}/graphql`, {
|
|
2528
2451
|
method: 'POST',
|
|
2529
2452
|
cache: 'no-cache',
|
|
2530
2453
|
redirect: 'follow',
|
|
@@ -2547,9 +2470,9 @@ const getUserProfile = (userServiceBaseUrl, accessToken, profileId) => __awaiter
|
|
|
2547
2470
|
message: userProfileResponse.errors[0].message,
|
|
2548
2471
|
};
|
|
2549
2472
|
}
|
|
2550
|
-
}
|
|
2551
|
-
const getUserProfiles = (userServiceBaseUrl, accessToken) =>
|
|
2552
|
-
const userProfilesResponse =
|
|
2473
|
+
};
|
|
2474
|
+
const getUserProfiles = async (userServiceBaseUrl, accessToken) => {
|
|
2475
|
+
const userProfilesResponse = await (await fetch(`${userServiceBaseUrl}/graphql`, {
|
|
2553
2476
|
method: 'POST',
|
|
2554
2477
|
cache: 'no-cache',
|
|
2555
2478
|
redirect: 'follow',
|
|
@@ -2572,8 +2495,8 @@ const getUserProfiles = (userServiceBaseUrl, accessToken) => __awaiter(void 0, v
|
|
|
2572
2495
|
message: userProfilesResponse.errors[0].message,
|
|
2573
2496
|
};
|
|
2574
2497
|
}
|
|
2575
|
-
}
|
|
2576
|
-
const createUserProfile = (userServiceBaseUrl, accessToken, displayName, profilePictureUrl) =>
|
|
2498
|
+
};
|
|
2499
|
+
const createUserProfile = async (userServiceBaseUrl, accessToken, displayName, profilePictureUrl) => {
|
|
2577
2500
|
const variables = {
|
|
2578
2501
|
input: {
|
|
2579
2502
|
userProfile: {
|
|
@@ -2582,7 +2505,7 @@ const createUserProfile = (userServiceBaseUrl, accessToken, displayName, profile
|
|
|
2582
2505
|
},
|
|
2583
2506
|
},
|
|
2584
2507
|
};
|
|
2585
|
-
const createUserProfileResponse =
|
|
2508
|
+
const createUserProfileResponse = await (await fetch(`${userServiceBaseUrl}/graphql`, {
|
|
2586
2509
|
method: 'POST',
|
|
2587
2510
|
cache: 'no-cache',
|
|
2588
2511
|
redirect: 'follow',
|
|
@@ -2605,13 +2528,13 @@ const createUserProfile = (userServiceBaseUrl, accessToken, displayName, profile
|
|
|
2605
2528
|
message: createUserProfileResponse.errors[0].message,
|
|
2606
2529
|
};
|
|
2607
2530
|
}
|
|
2608
|
-
}
|
|
2531
|
+
};
|
|
2609
2532
|
/**
|
|
2610
2533
|
* Updates a user profile
|
|
2611
2534
|
* @param userProfileToUpdate User Profile object with required updates. This should be based on the current user profile object, with the required changes done on top of it.
|
|
2612
2535
|
* @returns
|
|
2613
2536
|
*/
|
|
2614
|
-
const updateUserProfile = (userServiceBaseUrl, accessToken, userProfileToUpdate) =>
|
|
2537
|
+
const updateUserProfile = async (userServiceBaseUrl, accessToken, userProfileToUpdate) => {
|
|
2615
2538
|
const variables = {
|
|
2616
2539
|
input: {
|
|
2617
2540
|
id: userProfileToUpdate.id,
|
|
@@ -2623,7 +2546,7 @@ const updateUserProfile = (userServiceBaseUrl, accessToken, userProfileToUpdate)
|
|
|
2623
2546
|
},
|
|
2624
2547
|
},
|
|
2625
2548
|
};
|
|
2626
|
-
const updateUserProfileResponse =
|
|
2549
|
+
const updateUserProfileResponse = await (await fetch(`${userServiceBaseUrl}/graphql`, {
|
|
2627
2550
|
method: 'POST',
|
|
2628
2551
|
cache: 'no-cache',
|
|
2629
2552
|
redirect: 'follow',
|
|
@@ -2646,14 +2569,14 @@ const updateUserProfile = (userServiceBaseUrl, accessToken, userProfileToUpdate)
|
|
|
2646
2569
|
message: updateUserProfileResponse.errors[0].message,
|
|
2647
2570
|
};
|
|
2648
2571
|
}
|
|
2649
|
-
}
|
|
2650
|
-
const deleteUserProfile = (userServiceBaseUrl, accessToken, userProfileId) =>
|
|
2572
|
+
};
|
|
2573
|
+
const deleteUserProfile = async (userServiceBaseUrl, accessToken, userProfileId) => {
|
|
2651
2574
|
const variables = {
|
|
2652
2575
|
input: {
|
|
2653
2576
|
id: userProfileId,
|
|
2654
2577
|
},
|
|
2655
2578
|
};
|
|
2656
|
-
const deleteUserProfileResponse =
|
|
2579
|
+
const deleteUserProfileResponse = await (await fetch(`${userServiceBaseUrl}/graphql`, {
|
|
2657
2580
|
method: 'POST',
|
|
2658
2581
|
cache: 'no-cache',
|
|
2659
2582
|
redirect: 'follow',
|
|
@@ -2676,7 +2599,7 @@ const deleteUserProfile = (userServiceBaseUrl, accessToken, userProfileId) => __
|
|
|
2676
2599
|
message: deleteUserProfileResponse.errors[0].message,
|
|
2677
2600
|
};
|
|
2678
2601
|
}
|
|
2679
|
-
}
|
|
2602
|
+
};
|
|
2680
2603
|
|
|
2681
2604
|
/**
|
|
2682
2605
|
* This is the duration in seconds which we will either nullify the token (when using ON_DEMAND renewal method) or
|
|
@@ -2686,6 +2609,13 @@ const deleteUserProfile = (userServiceBaseUrl, accessToken, userProfileId) => __
|
|
|
2686
2609
|
*/
|
|
2687
2610
|
const inAdvanceTokenRenewalDurationInSeconds = 30;
|
|
2688
2611
|
class UserServiceClient {
|
|
2612
|
+
userAuthConfig;
|
|
2613
|
+
userServiceConfig;
|
|
2614
|
+
tokenRenewalMethod;
|
|
2615
|
+
_tokenChangedHandlers = [];
|
|
2616
|
+
_tokenResponse = null;
|
|
2617
|
+
_signInWithCredentialsEndpointResponse = undefined;
|
|
2618
|
+
_axAuthIdpConfig = undefined;
|
|
2689
2619
|
/**
|
|
2690
2620
|
* Creates a user service client. For performance reasons there should only be a single client instance created by an application
|
|
2691
2621
|
* @param userAuthConfig Configuration values for the user service auth API
|
|
@@ -2696,421 +2626,6 @@ class UserServiceClient {
|
|
|
2696
2626
|
this.userAuthConfig = userAuthConfig;
|
|
2697
2627
|
this.userServiceConfig = userServiceConfig;
|
|
2698
2628
|
this.tokenRenewalMethod = tokenRenewalMethod;
|
|
2699
|
-
this._tokenChangedHandlers = [];
|
|
2700
|
-
this._tokenResponse = null;
|
|
2701
|
-
this._signInWithCredentialsEndpointResponse = undefined;
|
|
2702
|
-
this._axAuthIdpConfig = undefined;
|
|
2703
|
-
this.emitTokenChanged = (token) => {
|
|
2704
|
-
this._tokenChangedHandlers.forEach((handler) => handler(token));
|
|
2705
|
-
};
|
|
2706
|
-
this.getAxAuthIdpConfig = () => __awaiter(this, void 0, void 0, function* () {
|
|
2707
|
-
// If _axAuthIdpConfig is not fetched previously, retrieve it.
|
|
2708
|
-
if (this._axAuthIdpConfig === undefined) {
|
|
2709
|
-
const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig);
|
|
2710
|
-
const axAuthConfig = idpConfigurations.find((idpConfig) => idpConfig.providerId === 'AX_AUTH');
|
|
2711
|
-
if (axAuthConfig !== undefined) {
|
|
2712
|
-
this._axAuthIdpConfig = axAuthConfig;
|
|
2713
|
-
}
|
|
2714
|
-
else {
|
|
2715
|
-
this._axAuthIdpConfig = null;
|
|
2716
|
-
}
|
|
2717
|
-
}
|
|
2718
|
-
return this._axAuthIdpConfig;
|
|
2719
|
-
});
|
|
2720
|
-
this.getSignInWithCredentialsEndpoints = () => __awaiter(this, void 0, void 0, function* () {
|
|
2721
|
-
// If _signInWithCredentialsEndpointResponse is not fetched previously, retrieve it by calling the well-known endpoint of ax-user-service.
|
|
2722
|
-
if (this._signInWithCredentialsEndpointResponse === undefined) {
|
|
2723
|
-
const endpoints = yield getWellKnownEndpoints(this.userAuthConfig);
|
|
2724
|
-
this._signInWithCredentialsEndpointResponse = {
|
|
2725
|
-
code: 'SUCCESS',
|
|
2726
|
-
managementEndpoint: endpoints.axAuthManagementGQL,
|
|
2727
|
-
authEndpoint: endpoints.axAuthEndpoint,
|
|
2728
|
-
};
|
|
2729
|
-
}
|
|
2730
|
-
return this._signInWithCredentialsEndpointResponse;
|
|
2731
|
-
});
|
|
2732
|
-
/**
|
|
2733
|
-
* Returns a new token by invoking the User API
|
|
2734
|
-
*/
|
|
2735
|
-
this.fetchToken = () => __awaiter(this, void 0, void 0, function* () {
|
|
2736
|
-
try {
|
|
2737
|
-
const userToken = yield fetchUserToken(this.userAuthConfig);
|
|
2738
|
-
const userProfileResponse = yield getUserProfile(this.userServiceConfig.userServiceBaseUrl, userToken.accessToken, userToken.profileId);
|
|
2739
|
-
return {
|
|
2740
|
-
code: dist.TokenResponseCode.SUCCESS,
|
|
2741
|
-
userToken,
|
|
2742
|
-
userProfile: userProfileResponse.userProfile,
|
|
2743
|
-
nextTokenRenewalAt: new Date(Date.now() +
|
|
2744
|
-
(userToken.expiresInSeconds -
|
|
2745
|
-
inAdvanceTokenRenewalDurationInSeconds) *
|
|
2746
|
-
1000),
|
|
2747
|
-
};
|
|
2748
|
-
}
|
|
2749
|
-
catch (error) {
|
|
2750
|
-
return {
|
|
2751
|
-
code: error.code,
|
|
2752
|
-
message: error.message,
|
|
2753
|
-
};
|
|
2754
|
-
}
|
|
2755
|
-
});
|
|
2756
|
-
// This is set to true when the token is being pre-emptively refreshed in `recursivelyRefreshToken` method.
|
|
2757
|
-
// It avoids `setTimeout` from being called multiple times.
|
|
2758
|
-
this._recursiveRefreshActive = false;
|
|
2759
|
-
/**
|
|
2760
|
-
* Renews the token pre-emptively by recursively refreshing the cached token just before it's expiry
|
|
2761
|
-
*/
|
|
2762
|
-
this.recursivelyRefreshToken = () => __awaiter(this, void 0, void 0, function* () {
|
|
2763
|
-
var _a;
|
|
2764
|
-
if (((_a = this.tokenResponse) === null || _a === void 0 ? void 0 : _a.userToken) !== undefined &&
|
|
2765
|
-
this._recursiveRefreshActive === false) {
|
|
2766
|
-
this._recursiveRefreshActive = true;
|
|
2767
|
-
setTimeout(() => __awaiter(this, void 0, void 0, function* () {
|
|
2768
|
-
this._recursiveRefreshActive = false;
|
|
2769
|
-
this.tokenResponse = yield this.fetchToken();
|
|
2770
|
-
yield this.recursivelyRefreshToken();
|
|
2771
|
-
}), (this.tokenResponse.userToken.expiresInSeconds - inAdvanceTokenRenewalDurationInSeconds) * 1000);
|
|
2772
|
-
}
|
|
2773
|
-
});
|
|
2774
|
-
/**
|
|
2775
|
-
* A utility function which can be used to determine if there exists an `AxAuth` IDP configured for the Mosaic application.
|
|
2776
|
-
* Based on the outcome of this function, an end-user application can conditionally offer the option to Sign-In directly
|
|
2777
|
-
* via email & password.
|
|
2778
|
-
*
|
|
2779
|
-
* @see {@link signInWithCredentials}
|
|
2780
|
-
*
|
|
2781
|
-
* @returns a boolean indicating if the Mosaic application has an AxAuth IDP provider configured and it is enabled.
|
|
2782
|
-
*/
|
|
2783
|
-
this.isDirectSignInConfigured = () => __awaiter(this, void 0, void 0, function* () {
|
|
2784
|
-
const axAuthIdpConfig = yield this.getAxAuthIdpConfig();
|
|
2785
|
-
return axAuthIdpConfig !== null;
|
|
2786
|
-
});
|
|
2787
|
-
/**
|
|
2788
|
-
* Starts a SignInWithCredentials flow using the AX_AUTH IDP configured for the application.
|
|
2789
|
-
*
|
|
2790
|
-
* @param signInRequest
|
|
2791
|
-
* @returns `SignInResponse`
|
|
2792
|
-
*/
|
|
2793
|
-
this.signInWithCredentials = (signInRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2794
|
-
const axAuthIdpConfig = yield this.getAxAuthIdpConfig();
|
|
2795
|
-
if (axAuthIdpConfig !== null) {
|
|
2796
|
-
const result = yield performSignInWithCredentials(this.userAuthConfig, axAuthIdpConfig.idpConnectionId, signInRequest);
|
|
2797
|
-
return result;
|
|
2798
|
-
}
|
|
2799
|
-
else {
|
|
2800
|
-
return {
|
|
2801
|
-
code: dist.SignInResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2802
|
-
message: 'No IDP has been configured for sign in with credentials.',
|
|
2803
|
-
};
|
|
2804
|
-
}
|
|
2805
|
-
});
|
|
2806
|
-
/**
|
|
2807
|
-
* Registers a new user in the AX_AUTH IDP configured for the application.
|
|
2808
|
-
*
|
|
2809
|
-
* @param userSignUpRequest
|
|
2810
|
-
* @returns `UserSignUpResponse`
|
|
2811
|
-
*/
|
|
2812
|
-
this.initiateUserSignUp = (userSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2813
|
-
const axAuthIdpConfig = yield this.getAxAuthIdpConfig();
|
|
2814
|
-
const signInWithCredentialsEndpoints = yield this.getSignInWithCredentialsEndpoints();
|
|
2815
|
-
if (axAuthIdpConfig !== null &&
|
|
2816
|
-
axAuthIdpConfig.clientId !== null &&
|
|
2817
|
-
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2818
|
-
const signUpRequest = Object.assign(Object.assign({}, userSignUpRequest), { oAuthClientId: axAuthIdpConfig.clientId });
|
|
2819
|
-
const result = yield initiateUserSignUp(signUpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2820
|
-
return result;
|
|
2821
|
-
}
|
|
2822
|
-
else {
|
|
2823
|
-
return {
|
|
2824
|
-
code: dist.UserSignUpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2825
|
-
message: 'No IDP has been configured for user sign-up.',
|
|
2826
|
-
};
|
|
2827
|
-
}
|
|
2828
|
-
});
|
|
2829
|
-
/**
|
|
2830
|
-
* Checks if a given User Sign-Up OTP Code is valid
|
|
2831
|
-
*
|
|
2832
|
-
* @param checkUserSignUpOtpRequest
|
|
2833
|
-
* @returns `CheckUserSignUpOtpResponse`
|
|
2834
|
-
*/
|
|
2835
|
-
this.checkUserSignUpOTP = (checkUserSignUpOtpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2836
|
-
const axAuthIdpConfig = yield this.getAxAuthIdpConfig();
|
|
2837
|
-
const signInWithCredentialsEndpoints = yield this.getSignInWithCredentialsEndpoints();
|
|
2838
|
-
if (axAuthIdpConfig !== null &&
|
|
2839
|
-
axAuthIdpConfig.clientId !== null &&
|
|
2840
|
-
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2841
|
-
const result = yield checkUserSignUpOtp(checkUserSignUpOtpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2842
|
-
return result;
|
|
2843
|
-
}
|
|
2844
|
-
else {
|
|
2845
|
-
return {
|
|
2846
|
-
code: dist.CheckOtpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2847
|
-
message: 'No IDP has been configured for user sign-up.',
|
|
2848
|
-
};
|
|
2849
|
-
}
|
|
2850
|
-
});
|
|
2851
|
-
/**
|
|
2852
|
-
* Completes a user sign up process using the AX_AUTH IDP.
|
|
2853
|
-
* The user needs to input the OTP along with a password (if not provided earlier) to finish the process.
|
|
2854
|
-
*
|
|
2855
|
-
* @param originUrl
|
|
2856
|
-
* @param completeUserSignUpRequest
|
|
2857
|
-
* @returns
|
|
2858
|
-
*/
|
|
2859
|
-
this.completeUserSignUp = (completeUserSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2860
|
-
const signInWithCredentialsEndpoints = yield this.getSignInWithCredentialsEndpoints();
|
|
2861
|
-
if (signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2862
|
-
const result = yield completeUserSignUp(completeUserSignUpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2863
|
-
return result;
|
|
2864
|
-
}
|
|
2865
|
-
else {
|
|
2866
|
-
return {
|
|
2867
|
-
code: dist.CompleteUserSignUpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2868
|
-
message: 'No IDP has been configured to handle user sign-up verification.',
|
|
2869
|
-
};
|
|
2870
|
-
}
|
|
2871
|
-
});
|
|
2872
|
-
/**
|
|
2873
|
-
* Starts the process of resetting a password for a user registered using the AX_AUTH IDP.
|
|
2874
|
-
* This will initiate the call to the webhook configured in AX_AUTH to send the generated OTP
|
|
2875
|
-
* to the user.
|
|
2876
|
-
*
|
|
2877
|
-
* @param email
|
|
2878
|
-
* @param customData An optional arbitrary JSON object. When used, this customData will be submitted to the Forgot Password Webhook via the HTTP POST request body, and can be used to transfer some needed context to the Webhook.
|
|
2879
|
-
* @returns `InitiatePasswordResetResponse`
|
|
2880
|
-
*/
|
|
2881
|
-
this.initiateResetPassword = (email, customData) => __awaiter(this, void 0, void 0, function* () {
|
|
2882
|
-
const axAuthIdpConfig = yield this.getAxAuthIdpConfig();
|
|
2883
|
-
const signInWithCredentialsEndpoints = yield this.getSignInWithCredentialsEndpoints();
|
|
2884
|
-
if (axAuthIdpConfig !== null &&
|
|
2885
|
-
axAuthIdpConfig.clientId !== null &&
|
|
2886
|
-
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2887
|
-
const result = yield initiatePasswordReset(email, axAuthIdpConfig.clientId, signInWithCredentialsEndpoints.managementEndpoint, customData);
|
|
2888
|
-
return result;
|
|
2889
|
-
}
|
|
2890
|
-
else {
|
|
2891
|
-
return {
|
|
2892
|
-
code: dist.ResetPasswordResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2893
|
-
message: 'No IDP has been configured to handle password reset.',
|
|
2894
|
-
};
|
|
2895
|
-
}
|
|
2896
|
-
});
|
|
2897
|
-
/**
|
|
2898
|
-
* Checks if a given Reset Password OTP Code is valid
|
|
2899
|
-
*
|
|
2900
|
-
* @param checkPasswordResetOtpRequest
|
|
2901
|
-
* @returns `CheckPasswordResetOtpResponse`
|
|
2902
|
-
*/
|
|
2903
|
-
this.checkResetPasswordOTP = (checkPasswordResetOtpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2904
|
-
const axAuthIdpConfig = yield this.getAxAuthIdpConfig();
|
|
2905
|
-
const signInWithCredentialsEndpoints = yield this.getSignInWithCredentialsEndpoints();
|
|
2906
|
-
if (axAuthIdpConfig !== null &&
|
|
2907
|
-
axAuthIdpConfig.clientId !== null &&
|
|
2908
|
-
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2909
|
-
const result = yield checkPasswordResetOtp(checkPasswordResetOtpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2910
|
-
return result;
|
|
2911
|
-
}
|
|
2912
|
-
else {
|
|
2913
|
-
return {
|
|
2914
|
-
code: dist.CheckOtpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2915
|
-
message: 'No IDP has been configured for user sign-up.',
|
|
2916
|
-
};
|
|
2917
|
-
}
|
|
2918
|
-
});
|
|
2919
|
-
/**
|
|
2920
|
-
* Completes the password reset flow for a user registered using the AX_AUTH IDP.
|
|
2921
|
-
* The user needs to input the OTP along with a new password to finish the process.
|
|
2922
|
-
*
|
|
2923
|
-
* @param completePasswordResetRequest
|
|
2924
|
-
* @returns
|
|
2925
|
-
*/
|
|
2926
|
-
this.completeResetPassword = (completePasswordResetRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2927
|
-
const signInWithCredentialsEndpoints = yield this.getSignInWithCredentialsEndpoints();
|
|
2928
|
-
if (signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2929
|
-
const result = yield completePasswordReset(completePasswordResetRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2930
|
-
return result;
|
|
2931
|
-
}
|
|
2932
|
-
else {
|
|
2933
|
-
return {
|
|
2934
|
-
code: dist.ResetPasswordResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2935
|
-
message: 'No IDP has been configured to handle password reset.',
|
|
2936
|
-
};
|
|
2937
|
-
}
|
|
2938
|
-
});
|
|
2939
|
-
/**
|
|
2940
|
-
* Returns a token. The method will ensure to avoid unnecessary API calls by caching valid tokens.
|
|
2941
|
-
*
|
|
2942
|
-
* It is not recommended to remember the token for later use.
|
|
2943
|
-
* When in need of a token, please call this method to get a new token.
|
|
2944
|
-
*/
|
|
2945
|
-
this.getToken = () => __awaiter(this, void 0, void 0, function* () {
|
|
2946
|
-
var _a;
|
|
2947
|
-
// Set token response to null if the token has expired.
|
|
2948
|
-
if (this.tokenResponse !== null &&
|
|
2949
|
-
(((_a = this.tokenResponse.userToken) === null || _a === void 0 ? void 0 : _a.expiresAt) === undefined ||
|
|
2950
|
-
this.tokenResponse.userToken.expiresAt <= new Date(Date.now()))) {
|
|
2951
|
-
this.tokenResponse = null;
|
|
2952
|
-
}
|
|
2953
|
-
if (this.tokenResponse !== null && this.tokenResponse.code === 'SUCCESS') {
|
|
2954
|
-
// We already have a valid token
|
|
2955
|
-
return Promise.resolve(this.tokenResponse);
|
|
2956
|
-
}
|
|
2957
|
-
this.tokenResponse = yield this.fetchToken();
|
|
2958
|
-
if (this.tokenResponse.userToken !== undefined) {
|
|
2959
|
-
if (this.tokenRenewalMethod === exports.TokenRenewalMethod.PRE_EMPTIVE) {
|
|
2960
|
-
// Renew the token pre-emptively
|
|
2961
|
-
yield this.recursivelyRefreshToken();
|
|
2962
|
-
}
|
|
2963
|
-
}
|
|
2964
|
-
return this.tokenResponse;
|
|
2965
|
-
});
|
|
2966
|
-
/**
|
|
2967
|
-
* Adds an event handler that will be invoked whenever a new token response is loaded from the backend
|
|
2968
|
-
*
|
|
2969
|
-
*/
|
|
2970
|
-
this.addTokenChangedHandler = (callback) => {
|
|
2971
|
-
this._tokenChangedHandlers.push(callback);
|
|
2972
|
-
};
|
|
2973
|
-
/**
|
|
2974
|
-
* Removes an event handler for the TokenChanged event
|
|
2975
|
-
*/
|
|
2976
|
-
this.removeTokenChangedHandler = (callback) => {
|
|
2977
|
-
this._tokenChangedHandlers = this._tokenChangedHandlers.filter((c) => c !== callback);
|
|
2978
|
-
};
|
|
2979
|
-
/**
|
|
2980
|
-
* Returns an array of IDP Configurations that are configured for the application
|
|
2981
|
-
* This list will exclude connections for provider id AX_AUTH as it is used for a user sign-up and SignInWithCredentials flows.
|
|
2982
|
-
*
|
|
2983
|
-
*/
|
|
2984
|
-
this.getIdpConfigurations = () => __awaiter(this, void 0, void 0, function* () {
|
|
2985
|
-
// Extract the IDP Configuration for AX_AUTH and remove it from the ID Providers list.
|
|
2986
|
-
const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig)).filter((idpConfig) => idpConfig.providerId !== 'AX_AUTH');
|
|
2987
|
-
return idpConfigurations;
|
|
2988
|
-
});
|
|
2989
|
-
/**
|
|
2990
|
-
* Logs out the user
|
|
2991
|
-
*/
|
|
2992
|
-
this.logoutUser = () => __awaiter(this, void 0, void 0, function* () {
|
|
2993
|
-
this.tokenResponse = null;
|
|
2994
|
-
// We want the user to be considered logged out, so we emit the TokenChanged here using 'null'
|
|
2995
|
-
this.emitTokenChanged(null);
|
|
2996
|
-
return logoutUser(this.userAuthConfig);
|
|
2997
|
-
});
|
|
2998
|
-
/**
|
|
2999
|
-
* Sets a given Profile ID as the active profile
|
|
3000
|
-
*/
|
|
3001
|
-
this.setActiveProfile = (endUserAccessToken, profileId) => __awaiter(this, void 0, void 0, function* () {
|
|
3002
|
-
try {
|
|
3003
|
-
const result = yield setActiveProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, profileId);
|
|
3004
|
-
// current token is invalid now since the active profile has changed
|
|
3005
|
-
// we clear the current token response here so that the next call will retrieve a new token
|
|
3006
|
-
this.tokenResponse = null;
|
|
3007
|
-
return result;
|
|
3008
|
-
}
|
|
3009
|
-
catch (e) {
|
|
3010
|
-
const error = ensureError(e);
|
|
3011
|
-
return { code: 'ERROR', message: error.message, details: { error } };
|
|
3012
|
-
}
|
|
3013
|
-
});
|
|
3014
|
-
/**
|
|
3015
|
-
* Returns a user profile
|
|
3016
|
-
*/
|
|
3017
|
-
this.getUserProfile = (endUserAccessToken, profileId) => __awaiter(this, void 0, void 0, function* () {
|
|
3018
|
-
try {
|
|
3019
|
-
return getUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, profileId);
|
|
3020
|
-
}
|
|
3021
|
-
catch (e) {
|
|
3022
|
-
const error = ensureError(e);
|
|
3023
|
-
return { code: 'ERROR', message: error.message, details: { error } };
|
|
3024
|
-
}
|
|
3025
|
-
});
|
|
3026
|
-
/**
|
|
3027
|
-
* Returns an array of all user profiles
|
|
3028
|
-
*/
|
|
3029
|
-
this.getUserProfiles = (endUserAccessToken) => __awaiter(this, void 0, void 0, function* () {
|
|
3030
|
-
try {
|
|
3031
|
-
return getUserProfiles(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken);
|
|
3032
|
-
}
|
|
3033
|
-
catch (e) {
|
|
3034
|
-
const error = ensureError(e);
|
|
3035
|
-
return { code: 'ERROR', message: error.message, details: { error } };
|
|
3036
|
-
}
|
|
3037
|
-
});
|
|
3038
|
-
/**
|
|
3039
|
-
* Creates a new user profile
|
|
3040
|
-
*/
|
|
3041
|
-
this.createUserProfile = (endUserAccessToken, displayName, profilePictureUrl) => __awaiter(this, void 0, void 0, function* () {
|
|
3042
|
-
try {
|
|
3043
|
-
return createUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, displayName, profilePictureUrl);
|
|
3044
|
-
}
|
|
3045
|
-
catch (e) {
|
|
3046
|
-
const error = ensureError(e);
|
|
3047
|
-
return { code: 'ERROR', message: error.message, details: { error } };
|
|
3048
|
-
}
|
|
3049
|
-
});
|
|
3050
|
-
/**
|
|
3051
|
-
* Updates a user profile
|
|
3052
|
-
* @param userProfileToUpdate User Profile object with required updates. This should be based on the current user profile object, with the required changes done on top of it.
|
|
3053
|
-
*/
|
|
3054
|
-
this.updateUserProfile = (endUserAccessToken, userProfileToUpdate) => __awaiter(this, void 0, void 0, function* () {
|
|
3055
|
-
try {
|
|
3056
|
-
return updateUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, userProfileToUpdate);
|
|
3057
|
-
}
|
|
3058
|
-
catch (e) {
|
|
3059
|
-
const error = ensureError(e);
|
|
3060
|
-
return { code: 'ERROR', message: error.message, details: { error } };
|
|
3061
|
-
}
|
|
3062
|
-
});
|
|
3063
|
-
/**
|
|
3064
|
-
* Deletes a user profile
|
|
3065
|
-
*/
|
|
3066
|
-
this.deleteUserProfile = (endUserAccessToken, userProfileId) => __awaiter(this, void 0, void 0, function* () {
|
|
3067
|
-
try {
|
|
3068
|
-
return deleteUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, userProfileId);
|
|
3069
|
-
}
|
|
3070
|
-
catch (e) {
|
|
3071
|
-
const error = ensureError(e);
|
|
3072
|
-
return { code: 'ERROR', message: error.message };
|
|
3073
|
-
}
|
|
3074
|
-
});
|
|
3075
|
-
/**
|
|
3076
|
-
* Authenticate an end-user application and receive an Application Token
|
|
3077
|
-
* @param authenticateEndUserApplicationRequest an object containing the tenantId/environmentId/applicationId/applicationKey info.
|
|
3078
|
-
* @returns AuthenticateEndUserApplicationResponse
|
|
3079
|
-
*/
|
|
3080
|
-
this.authenticateEndUserApplication = (authenticateEndUserApplicationRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
3081
|
-
return authenticateEndUserApplication(authenticateEndUserApplicationRequest, this.userServiceConfig.userServiceBaseUrl);
|
|
3082
|
-
});
|
|
3083
|
-
/**
|
|
3084
|
-
* Decrypt an User Token Cookie used in Native Apps.
|
|
3085
|
-
* @param encryptedCookie
|
|
3086
|
-
* @param key
|
|
3087
|
-
* @returns
|
|
3088
|
-
*/
|
|
3089
|
-
this.decryptNativeCookie = (encryptedCookie, key) => __awaiter(this, void 0, void 0, function* () {
|
|
3090
|
-
return decryptNativeCookie(encryptedCookie, key, `${this.userServiceConfig.userServiceBaseUrl}/graphql-management`);
|
|
3091
|
-
});
|
|
3092
|
-
/**
|
|
3093
|
-
* Returns the authentication URL for web based applications.
|
|
3094
|
-
*
|
|
3095
|
-
* @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
|
|
3096
|
-
* @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
|
|
3097
|
-
* @returns a URL object with the Authentication URL
|
|
3098
|
-
*/
|
|
3099
|
-
this.getAuthUrl = (idpConnectionId, returnUrl) => {
|
|
3100
|
-
return getAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl);
|
|
3101
|
-
};
|
|
3102
|
-
/**
|
|
3103
|
-
* Returns the authentication URL for native applications.
|
|
3104
|
-
*
|
|
3105
|
-
* @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
|
|
3106
|
-
* @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
|
|
3107
|
-
* @param encryptionKey A hex string with the length of 32 bytes that is used as the encryption key to encrypt the authorization Cookie.
|
|
3108
|
-
* @returns a URL object with the Authentication URL
|
|
3109
|
-
*/
|
|
3110
|
-
this.getNativeAuthUrl = (idpConnectionId, returnUrl, encryptionKey) => {
|
|
3111
|
-
const authUrl = getNativeAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl, encryptionKey);
|
|
3112
|
-
return authUrl;
|
|
3113
|
-
};
|
|
3114
2629
|
}
|
|
3115
2630
|
get tokenResponse() {
|
|
3116
2631
|
return this._tokenResponse;
|
|
@@ -3123,6 +2638,418 @@ class UserServiceClient {
|
|
|
3123
2638
|
this.emitTokenChanged(value);
|
|
3124
2639
|
}
|
|
3125
2640
|
}
|
|
2641
|
+
emitTokenChanged = (token) => {
|
|
2642
|
+
this._tokenChangedHandlers.forEach((handler) => handler(token));
|
|
2643
|
+
};
|
|
2644
|
+
getAxAuthIdpConfig = async () => {
|
|
2645
|
+
// If _axAuthIdpConfig is not fetched previously, retrieve it.
|
|
2646
|
+
if (this._axAuthIdpConfig === undefined) {
|
|
2647
|
+
const idpConfigurations = await getIdpConfigurations(this.userAuthConfig);
|
|
2648
|
+
const axAuthConfig = idpConfigurations.find((idpConfig) => idpConfig.providerId === 'AX_AUTH');
|
|
2649
|
+
if (axAuthConfig !== undefined) {
|
|
2650
|
+
this._axAuthIdpConfig = axAuthConfig;
|
|
2651
|
+
}
|
|
2652
|
+
else {
|
|
2653
|
+
this._axAuthIdpConfig = null;
|
|
2654
|
+
}
|
|
2655
|
+
}
|
|
2656
|
+
return this._axAuthIdpConfig;
|
|
2657
|
+
};
|
|
2658
|
+
getSignInWithCredentialsEndpoints = async () => {
|
|
2659
|
+
// If _signInWithCredentialsEndpointResponse is not fetched previously, retrieve it by calling the well-known endpoint of ax-user-service.
|
|
2660
|
+
if (this._signInWithCredentialsEndpointResponse === undefined) {
|
|
2661
|
+
const endpoints = await getWellKnownEndpoints(this.userAuthConfig);
|
|
2662
|
+
this._signInWithCredentialsEndpointResponse = {
|
|
2663
|
+
code: 'SUCCESS',
|
|
2664
|
+
managementEndpoint: endpoints.axAuthManagementGQL,
|
|
2665
|
+
authEndpoint: endpoints.axAuthEndpoint,
|
|
2666
|
+
};
|
|
2667
|
+
}
|
|
2668
|
+
return this._signInWithCredentialsEndpointResponse;
|
|
2669
|
+
};
|
|
2670
|
+
/**
|
|
2671
|
+
* Returns a new token by invoking the User API
|
|
2672
|
+
*/
|
|
2673
|
+
fetchToken = async () => {
|
|
2674
|
+
try {
|
|
2675
|
+
const userToken = await fetchUserToken(this.userAuthConfig);
|
|
2676
|
+
const userProfileResponse = await getUserProfile(this.userServiceConfig.userServiceBaseUrl, userToken.accessToken, userToken.profileId);
|
|
2677
|
+
return {
|
|
2678
|
+
code: TokenResponseCode.SUCCESS,
|
|
2679
|
+
userToken,
|
|
2680
|
+
userProfile: userProfileResponse.userProfile,
|
|
2681
|
+
nextTokenRenewalAt: new Date(Date.now() +
|
|
2682
|
+
(userToken.expiresInSeconds -
|
|
2683
|
+
inAdvanceTokenRenewalDurationInSeconds) *
|
|
2684
|
+
1000),
|
|
2685
|
+
};
|
|
2686
|
+
}
|
|
2687
|
+
catch (error) {
|
|
2688
|
+
return {
|
|
2689
|
+
code: error.code,
|
|
2690
|
+
message: error.message,
|
|
2691
|
+
};
|
|
2692
|
+
}
|
|
2693
|
+
};
|
|
2694
|
+
// This is set to true when the token is being pre-emptively refreshed in `recursivelyRefreshToken` method.
|
|
2695
|
+
// It avoids `setTimeout` from being called multiple times.
|
|
2696
|
+
_recursiveRefreshActive = false;
|
|
2697
|
+
/**
|
|
2698
|
+
* Renews the token pre-emptively by recursively refreshing the cached token just before it's expiry
|
|
2699
|
+
*/
|
|
2700
|
+
recursivelyRefreshToken = async () => {
|
|
2701
|
+
if (this.tokenResponse?.userToken !== undefined &&
|
|
2702
|
+
this._recursiveRefreshActive === false) {
|
|
2703
|
+
this._recursiveRefreshActive = true;
|
|
2704
|
+
setTimeout(async () => {
|
|
2705
|
+
this._recursiveRefreshActive = false;
|
|
2706
|
+
this.tokenResponse = await this.fetchToken();
|
|
2707
|
+
await this.recursivelyRefreshToken();
|
|
2708
|
+
}, (this.tokenResponse.userToken.expiresInSeconds - inAdvanceTokenRenewalDurationInSeconds) * 1000);
|
|
2709
|
+
}
|
|
2710
|
+
};
|
|
2711
|
+
/**
|
|
2712
|
+
* A utility function which can be used to determine if there exists an `AxAuth` IDP configured for the Mosaic application.
|
|
2713
|
+
* Based on the outcome of this function, an end-user application can conditionally offer the option to Sign-In directly
|
|
2714
|
+
* via email & password.
|
|
2715
|
+
*
|
|
2716
|
+
* @see {@link signInWithCredentials}
|
|
2717
|
+
*
|
|
2718
|
+
* @returns a boolean indicating if the Mosaic application has an AxAuth IDP provider configured and it is enabled.
|
|
2719
|
+
*/
|
|
2720
|
+
isDirectSignInConfigured = async () => {
|
|
2721
|
+
const axAuthIdpConfig = await this.getAxAuthIdpConfig();
|
|
2722
|
+
return axAuthIdpConfig !== null;
|
|
2723
|
+
};
|
|
2724
|
+
/**
|
|
2725
|
+
* Starts a SignInWithCredentials flow using the AX_AUTH IDP configured for the application.
|
|
2726
|
+
*
|
|
2727
|
+
* @param signInRequest
|
|
2728
|
+
* @returns `SignInResponse`
|
|
2729
|
+
*/
|
|
2730
|
+
signInWithCredentials = async (signInRequest) => {
|
|
2731
|
+
const axAuthIdpConfig = await this.getAxAuthIdpConfig();
|
|
2732
|
+
if (axAuthIdpConfig !== null) {
|
|
2733
|
+
const result = await performSignInWithCredentials(this.userAuthConfig, axAuthIdpConfig.idpConnectionId, signInRequest);
|
|
2734
|
+
return result;
|
|
2735
|
+
}
|
|
2736
|
+
else {
|
|
2737
|
+
return {
|
|
2738
|
+
code: SignInResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2739
|
+
message: 'No IDP has been configured for sign in with credentials.',
|
|
2740
|
+
};
|
|
2741
|
+
}
|
|
2742
|
+
};
|
|
2743
|
+
/**
|
|
2744
|
+
* Registers a new user in the AX_AUTH IDP configured for the application.
|
|
2745
|
+
*
|
|
2746
|
+
* @param userSignUpRequest
|
|
2747
|
+
* @returns `UserSignUpResponse`
|
|
2748
|
+
*/
|
|
2749
|
+
initiateUserSignUp = async (userSignUpRequest) => {
|
|
2750
|
+
const axAuthIdpConfig = await this.getAxAuthIdpConfig();
|
|
2751
|
+
const signInWithCredentialsEndpoints = await this.getSignInWithCredentialsEndpoints();
|
|
2752
|
+
if (axAuthIdpConfig !== null &&
|
|
2753
|
+
axAuthIdpConfig.clientId !== null &&
|
|
2754
|
+
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2755
|
+
const signUpRequest = {
|
|
2756
|
+
...userSignUpRequest,
|
|
2757
|
+
oAuthClientId: axAuthIdpConfig.clientId,
|
|
2758
|
+
};
|
|
2759
|
+
const result = await initiateUserSignUp(signUpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2760
|
+
return result;
|
|
2761
|
+
}
|
|
2762
|
+
else {
|
|
2763
|
+
return {
|
|
2764
|
+
code: UserSignUpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2765
|
+
message: 'No IDP has been configured for user sign-up.',
|
|
2766
|
+
};
|
|
2767
|
+
}
|
|
2768
|
+
};
|
|
2769
|
+
/**
|
|
2770
|
+
* Checks if a given User Sign-Up OTP Code is valid
|
|
2771
|
+
*
|
|
2772
|
+
* @param checkUserSignUpOtpRequest
|
|
2773
|
+
* @returns `CheckUserSignUpOtpResponse`
|
|
2774
|
+
*/
|
|
2775
|
+
checkUserSignUpOTP = async (checkUserSignUpOtpRequest) => {
|
|
2776
|
+
const axAuthIdpConfig = await this.getAxAuthIdpConfig();
|
|
2777
|
+
const signInWithCredentialsEndpoints = await this.getSignInWithCredentialsEndpoints();
|
|
2778
|
+
if (axAuthIdpConfig !== null &&
|
|
2779
|
+
axAuthIdpConfig.clientId !== null &&
|
|
2780
|
+
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2781
|
+
const result = await checkUserSignUpOtp(checkUserSignUpOtpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2782
|
+
return result;
|
|
2783
|
+
}
|
|
2784
|
+
else {
|
|
2785
|
+
return {
|
|
2786
|
+
code: CheckOtpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2787
|
+
message: 'No IDP has been configured for user sign-up.',
|
|
2788
|
+
};
|
|
2789
|
+
}
|
|
2790
|
+
};
|
|
2791
|
+
/**
|
|
2792
|
+
* Completes a user sign up process using the AX_AUTH IDP.
|
|
2793
|
+
* The user needs to input the OTP along with a password (if not provided earlier) to finish the process.
|
|
2794
|
+
*
|
|
2795
|
+
* @param originUrl
|
|
2796
|
+
* @param completeUserSignUpRequest
|
|
2797
|
+
* @returns
|
|
2798
|
+
*/
|
|
2799
|
+
completeUserSignUp = async (completeUserSignUpRequest) => {
|
|
2800
|
+
const signInWithCredentialsEndpoints = await this.getSignInWithCredentialsEndpoints();
|
|
2801
|
+
if (signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2802
|
+
const result = await completeUserSignUp(completeUserSignUpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2803
|
+
return result;
|
|
2804
|
+
}
|
|
2805
|
+
else {
|
|
2806
|
+
return {
|
|
2807
|
+
code: CompleteUserSignUpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2808
|
+
message: 'No IDP has been configured to handle user sign-up verification.',
|
|
2809
|
+
};
|
|
2810
|
+
}
|
|
2811
|
+
};
|
|
2812
|
+
/**
|
|
2813
|
+
* Starts the process of resetting a password for a user registered using the AX_AUTH IDP.
|
|
2814
|
+
* This will initiate the call to the webhook configured in AX_AUTH to send the generated OTP
|
|
2815
|
+
* to the user.
|
|
2816
|
+
*
|
|
2817
|
+
* @param email
|
|
2818
|
+
* @param customData An optional arbitrary JSON object. When used, this customData will be submitted to the Forgot Password Webhook via the HTTP POST request body, and can be used to transfer some needed context to the Webhook.
|
|
2819
|
+
* @returns `InitiatePasswordResetResponse`
|
|
2820
|
+
*/
|
|
2821
|
+
initiateResetPassword = async (email, customData) => {
|
|
2822
|
+
const axAuthIdpConfig = await this.getAxAuthIdpConfig();
|
|
2823
|
+
const signInWithCredentialsEndpoints = await this.getSignInWithCredentialsEndpoints();
|
|
2824
|
+
if (axAuthIdpConfig !== null &&
|
|
2825
|
+
axAuthIdpConfig.clientId !== null &&
|
|
2826
|
+
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2827
|
+
const result = await initiatePasswordReset(email, axAuthIdpConfig.clientId, signInWithCredentialsEndpoints.managementEndpoint, customData);
|
|
2828
|
+
return result;
|
|
2829
|
+
}
|
|
2830
|
+
else {
|
|
2831
|
+
return {
|
|
2832
|
+
code: ResetPasswordResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2833
|
+
message: 'No IDP has been configured to handle password reset.',
|
|
2834
|
+
};
|
|
2835
|
+
}
|
|
2836
|
+
};
|
|
2837
|
+
/**
|
|
2838
|
+
* Checks if a given Reset Password OTP Code is valid
|
|
2839
|
+
*
|
|
2840
|
+
* @param checkPasswordResetOtpRequest
|
|
2841
|
+
* @returns `CheckPasswordResetOtpResponse`
|
|
2842
|
+
*/
|
|
2843
|
+
checkResetPasswordOTP = async (checkPasswordResetOtpRequest) => {
|
|
2844
|
+
const axAuthIdpConfig = await this.getAxAuthIdpConfig();
|
|
2845
|
+
const signInWithCredentialsEndpoints = await this.getSignInWithCredentialsEndpoints();
|
|
2846
|
+
if (axAuthIdpConfig !== null &&
|
|
2847
|
+
axAuthIdpConfig.clientId !== null &&
|
|
2848
|
+
signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2849
|
+
const result = await checkPasswordResetOtp(checkPasswordResetOtpRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2850
|
+
return result;
|
|
2851
|
+
}
|
|
2852
|
+
else {
|
|
2853
|
+
return {
|
|
2854
|
+
code: CheckOtpResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2855
|
+
message: 'No IDP has been configured for user sign-up.',
|
|
2856
|
+
};
|
|
2857
|
+
}
|
|
2858
|
+
};
|
|
2859
|
+
/**
|
|
2860
|
+
* Completes the password reset flow for a user registered using the AX_AUTH IDP.
|
|
2861
|
+
* The user needs to input the OTP along with a new password to finish the process.
|
|
2862
|
+
*
|
|
2863
|
+
* @param completePasswordResetRequest
|
|
2864
|
+
* @returns
|
|
2865
|
+
*/
|
|
2866
|
+
completeResetPassword = async (completePasswordResetRequest) => {
|
|
2867
|
+
const signInWithCredentialsEndpoints = await this.getSignInWithCredentialsEndpoints();
|
|
2868
|
+
if (signInWithCredentialsEndpoints.managementEndpoint !== undefined) {
|
|
2869
|
+
const result = await completePasswordReset(completePasswordResetRequest, signInWithCredentialsEndpoints.managementEndpoint);
|
|
2870
|
+
return result;
|
|
2871
|
+
}
|
|
2872
|
+
else {
|
|
2873
|
+
return {
|
|
2874
|
+
code: ResetPasswordResponseCode.SERVICE_CONFIGURATION_ERROR,
|
|
2875
|
+
message: 'No IDP has been configured to handle password reset.',
|
|
2876
|
+
};
|
|
2877
|
+
}
|
|
2878
|
+
};
|
|
2879
|
+
/**
|
|
2880
|
+
* Returns a token. The method will ensure to avoid unnecessary API calls by caching valid tokens.
|
|
2881
|
+
*
|
|
2882
|
+
* It is not recommended to remember the token for later use.
|
|
2883
|
+
* When in need of a token, please call this method to get a new token.
|
|
2884
|
+
*/
|
|
2885
|
+
getToken = async () => {
|
|
2886
|
+
// Set token response to null if the token has expired.
|
|
2887
|
+
if (this.tokenResponse !== null &&
|
|
2888
|
+
(this.tokenResponse.userToken?.expiresAt === undefined ||
|
|
2889
|
+
this.tokenResponse.userToken.expiresAt <= new Date(Date.now()))) {
|
|
2890
|
+
this.tokenResponse = null;
|
|
2891
|
+
}
|
|
2892
|
+
if (this.tokenResponse !== null && this.tokenResponse.code === 'SUCCESS') {
|
|
2893
|
+
// We already have a valid token
|
|
2894
|
+
return Promise.resolve(this.tokenResponse);
|
|
2895
|
+
}
|
|
2896
|
+
this.tokenResponse = await this.fetchToken();
|
|
2897
|
+
if (this.tokenResponse.userToken !== undefined) {
|
|
2898
|
+
if (this.tokenRenewalMethod === exports.TokenRenewalMethod.PRE_EMPTIVE) {
|
|
2899
|
+
// Renew the token pre-emptively
|
|
2900
|
+
await this.recursivelyRefreshToken();
|
|
2901
|
+
}
|
|
2902
|
+
}
|
|
2903
|
+
return this.tokenResponse;
|
|
2904
|
+
};
|
|
2905
|
+
/**
|
|
2906
|
+
* Adds an event handler that will be invoked whenever a new token response is loaded from the backend
|
|
2907
|
+
*
|
|
2908
|
+
*/
|
|
2909
|
+
addTokenChangedHandler = (callback) => {
|
|
2910
|
+
this._tokenChangedHandlers.push(callback);
|
|
2911
|
+
};
|
|
2912
|
+
/**
|
|
2913
|
+
* Removes an event handler for the TokenChanged event
|
|
2914
|
+
*/
|
|
2915
|
+
removeTokenChangedHandler = (callback) => {
|
|
2916
|
+
this._tokenChangedHandlers = this._tokenChangedHandlers.filter((c) => c !== callback);
|
|
2917
|
+
};
|
|
2918
|
+
/**
|
|
2919
|
+
* Returns an array of IDP Configurations that are configured for the application
|
|
2920
|
+
* This list will exclude connections for provider id AX_AUTH as it is used for a user sign-up and SignInWithCredentials flows.
|
|
2921
|
+
*
|
|
2922
|
+
*/
|
|
2923
|
+
getIdpConfigurations = async () => {
|
|
2924
|
+
// Extract the IDP Configuration for AX_AUTH and remove it from the ID Providers list.
|
|
2925
|
+
const idpConfigurations = (await getIdpConfigurations(this.userAuthConfig)).filter((idpConfig) => idpConfig.providerId !== 'AX_AUTH');
|
|
2926
|
+
return idpConfigurations;
|
|
2927
|
+
};
|
|
2928
|
+
/**
|
|
2929
|
+
* Logs out the user
|
|
2930
|
+
*/
|
|
2931
|
+
logoutUser = async () => {
|
|
2932
|
+
this.tokenResponse = null;
|
|
2933
|
+
// We want the user to be considered logged out, so we emit the TokenChanged here using 'null'
|
|
2934
|
+
this.emitTokenChanged(null);
|
|
2935
|
+
return logoutUser(this.userAuthConfig);
|
|
2936
|
+
};
|
|
2937
|
+
/**
|
|
2938
|
+
* Sets a given Profile ID as the active profile
|
|
2939
|
+
*/
|
|
2940
|
+
setActiveProfile = async (endUserAccessToken, profileId) => {
|
|
2941
|
+
try {
|
|
2942
|
+
const result = await setActiveProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, profileId);
|
|
2943
|
+
// current token is invalid now since the active profile has changed
|
|
2944
|
+
// we clear the current token response here so that the next call will retrieve a new token
|
|
2945
|
+
this.tokenResponse = null;
|
|
2946
|
+
return result;
|
|
2947
|
+
}
|
|
2948
|
+
catch (e) {
|
|
2949
|
+
const error = ensureError(e);
|
|
2950
|
+
return { code: 'ERROR', message: error.message, details: { error } };
|
|
2951
|
+
}
|
|
2952
|
+
};
|
|
2953
|
+
/**
|
|
2954
|
+
* Returns a user profile
|
|
2955
|
+
*/
|
|
2956
|
+
getUserProfile = async (endUserAccessToken, profileId) => {
|
|
2957
|
+
try {
|
|
2958
|
+
return getUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, profileId);
|
|
2959
|
+
}
|
|
2960
|
+
catch (e) {
|
|
2961
|
+
const error = ensureError(e);
|
|
2962
|
+
return { code: 'ERROR', message: error.message, details: { error } };
|
|
2963
|
+
}
|
|
2964
|
+
};
|
|
2965
|
+
/**
|
|
2966
|
+
* Returns an array of all user profiles
|
|
2967
|
+
*/
|
|
2968
|
+
getUserProfiles = async (endUserAccessToken) => {
|
|
2969
|
+
try {
|
|
2970
|
+
return getUserProfiles(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken);
|
|
2971
|
+
}
|
|
2972
|
+
catch (e) {
|
|
2973
|
+
const error = ensureError(e);
|
|
2974
|
+
return { code: 'ERROR', message: error.message, details: { error } };
|
|
2975
|
+
}
|
|
2976
|
+
};
|
|
2977
|
+
/**
|
|
2978
|
+
* Creates a new user profile
|
|
2979
|
+
*/
|
|
2980
|
+
createUserProfile = async (endUserAccessToken, displayName, profilePictureUrl) => {
|
|
2981
|
+
try {
|
|
2982
|
+
return createUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, displayName, profilePictureUrl);
|
|
2983
|
+
}
|
|
2984
|
+
catch (e) {
|
|
2985
|
+
const error = ensureError(e);
|
|
2986
|
+
return { code: 'ERROR', message: error.message, details: { error } };
|
|
2987
|
+
}
|
|
2988
|
+
};
|
|
2989
|
+
/**
|
|
2990
|
+
* Updates a user profile
|
|
2991
|
+
* @param userProfileToUpdate User Profile object with required updates. This should be based on the current user profile object, with the required changes done on top of it.
|
|
2992
|
+
*/
|
|
2993
|
+
updateUserProfile = async (endUserAccessToken, userProfileToUpdate) => {
|
|
2994
|
+
try {
|
|
2995
|
+
return updateUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, userProfileToUpdate);
|
|
2996
|
+
}
|
|
2997
|
+
catch (e) {
|
|
2998
|
+
const error = ensureError(e);
|
|
2999
|
+
return { code: 'ERROR', message: error.message, details: { error } };
|
|
3000
|
+
}
|
|
3001
|
+
};
|
|
3002
|
+
/**
|
|
3003
|
+
* Deletes a user profile
|
|
3004
|
+
*/
|
|
3005
|
+
deleteUserProfile = async (endUserAccessToken, userProfileId) => {
|
|
3006
|
+
try {
|
|
3007
|
+
return deleteUserProfile(this.userServiceConfig.userServiceBaseUrl, endUserAccessToken, userProfileId);
|
|
3008
|
+
}
|
|
3009
|
+
catch (e) {
|
|
3010
|
+
const error = ensureError(e);
|
|
3011
|
+
return { code: 'ERROR', message: error.message };
|
|
3012
|
+
}
|
|
3013
|
+
};
|
|
3014
|
+
/**
|
|
3015
|
+
* Authenticate an end-user application and receive an Application Token
|
|
3016
|
+
* @param authenticateEndUserApplicationRequest an object containing the tenantId/environmentId/applicationId/applicationKey info.
|
|
3017
|
+
* @returns AuthenticateEndUserApplicationResponse
|
|
3018
|
+
*/
|
|
3019
|
+
authenticateEndUserApplication = async (authenticateEndUserApplicationRequest) => {
|
|
3020
|
+
return authenticateEndUserApplication(authenticateEndUserApplicationRequest, this.userServiceConfig.userServiceBaseUrl);
|
|
3021
|
+
};
|
|
3022
|
+
/**
|
|
3023
|
+
* Decrypt an User Token Cookie used in Native Apps.
|
|
3024
|
+
* @param encryptedCookie
|
|
3025
|
+
* @param key
|
|
3026
|
+
* @returns
|
|
3027
|
+
*/
|
|
3028
|
+
decryptNativeCookie = async (encryptedCookie, key) => {
|
|
3029
|
+
return decryptNativeCookie(encryptedCookie, key, `${this.userServiceConfig.userServiceBaseUrl}/graphql-management`);
|
|
3030
|
+
};
|
|
3031
|
+
/**
|
|
3032
|
+
* Returns the authentication URL for web based applications.
|
|
3033
|
+
*
|
|
3034
|
+
* @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
|
|
3035
|
+
* @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
|
|
3036
|
+
* @returns a URL object with the Authentication URL
|
|
3037
|
+
*/
|
|
3038
|
+
getAuthUrl = (idpConnectionId, returnUrl) => {
|
|
3039
|
+
return getAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl);
|
|
3040
|
+
};
|
|
3041
|
+
/**
|
|
3042
|
+
* Returns the authentication URL for native applications.
|
|
3043
|
+
*
|
|
3044
|
+
* @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
|
|
3045
|
+
* @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
|
|
3046
|
+
* @param encryptionKey A hex string with the length of 32 bytes that is used as the encryption key to encrypt the authorization Cookie.
|
|
3047
|
+
* @returns a URL object with the Authentication URL
|
|
3048
|
+
*/
|
|
3049
|
+
getNativeAuthUrl = (idpConnectionId, returnUrl, encryptionKey) => {
|
|
3050
|
+
const authUrl = getNativeAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl, encryptionKey);
|
|
3051
|
+
return authUrl;
|
|
3052
|
+
};
|
|
3126
3053
|
}
|
|
3127
3054
|
|
|
3128
3055
|
const UserServiceContext = React.createContext(null);
|