@axinom/mosaic-user-auth 0.3.6-rc.1 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/dist/UserServiceClient/UserServiceClient.d.ts +67 -14
- package/dist/UserServiceClient/UserServiceClient.d.ts.map +1 -1
- package/dist/UserServiceProvider/UserServiceProvider.d.ts +7 -3
- package/dist/UserServiceProvider/UserServiceProvider.d.ts.map +1 -1
- package/dist/common/types.d.ts +1 -0
- package/dist/common/types.d.ts.map +1 -1
- package/dist/generated/user-service-management-graphql.types.d.ts +295 -3
- package/dist/generated/user-service-management-graphql.types.d.ts.map +1 -1
- package/dist/index.es.js +193 -38
- package/dist/index.es.js.map +1 -1
- package/dist/index.js +192 -37
- package/dist/index.js.map +1 -1
- package/dist/util/userAuth.d.ts +28 -2
- package/dist/util/userAuth.d.ts.map +1 -1
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -59,7 +59,7 @@ function commonjsRequire () {
|
|
|
59
59
|
|
|
60
60
|
var enums = createCommonjsModule(function (module, exports) {
|
|
61
61
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
62
|
-
exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ROPCPasswordResponseCode = exports.ROPCSignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = void 0;
|
|
62
|
+
exports.DecryptNativeCookieResponseCode = exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ROPCPasswordResponseCode = exports.ROPCSignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = void 0;
|
|
63
63
|
/**
|
|
64
64
|
* Token response code from User Service Auth API
|
|
65
65
|
*/
|
|
@@ -141,12 +141,23 @@ var CheckOtpResponseCode;
|
|
|
141
141
|
CheckOtpResponseCode["ERROR"] = "ERROR";
|
|
142
142
|
CheckOtpResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
|
|
143
143
|
})(CheckOtpResponseCode = exports.CheckOtpResponseCode || (exports.CheckOtpResponseCode = {}));
|
|
144
|
+
/**
|
|
145
|
+
* IDP Protocol categories
|
|
146
|
+
*/
|
|
144
147
|
var IdpProtocol;
|
|
145
148
|
(function (IdpProtocol) {
|
|
146
149
|
IdpProtocol["OIDC"] = "OIDC";
|
|
147
150
|
IdpProtocol["OAUTH2"] = "OAUTH2";
|
|
148
151
|
IdpProtocol["DELEGATED"] = "DELEGATED";
|
|
149
152
|
})(IdpProtocol = exports.IdpProtocol || (exports.IdpProtocol = {}));
|
|
153
|
+
/**
|
|
154
|
+
* Response codes specific to Native Cookie Decryption.
|
|
155
|
+
*/
|
|
156
|
+
var DecryptNativeCookieResponseCode;
|
|
157
|
+
(function (DecryptNativeCookieResponseCode) {
|
|
158
|
+
DecryptNativeCookieResponseCode["SUCCESS"] = "SUCCESS";
|
|
159
|
+
DecryptNativeCookieResponseCode["COOKIE_DECRYPTION_FAILED"] = "COOKIE_DECRYPTION_FAILED";
|
|
160
|
+
})(DecryptNativeCookieResponseCode = exports.DecryptNativeCookieResponseCode || (exports.DecryptNativeCookieResponseCode = {}));
|
|
150
161
|
|
|
151
162
|
});
|
|
152
163
|
|
|
@@ -1289,6 +1300,8 @@ var IdpConnectionsOrderBy;
|
|
|
1289
1300
|
IdpConnectionsOrderBy["NATURAL"] = "NATURAL";
|
|
1290
1301
|
IdpConnectionsOrderBy["PRIMARY_KEY_ASC"] = "PRIMARY_KEY_ASC";
|
|
1291
1302
|
IdpConnectionsOrderBy["PRIMARY_KEY_DESC"] = "PRIMARY_KEY_DESC";
|
|
1303
|
+
IdpConnectionsOrderBy["PROTOCOL_ASC"] = "PROTOCOL_ASC";
|
|
1304
|
+
IdpConnectionsOrderBy["PROTOCOL_DESC"] = "PROTOCOL_DESC";
|
|
1292
1305
|
IdpConnectionsOrderBy["PROVIDER_ICON_URL_ASC"] = "PROVIDER_ICON_URL_ASC";
|
|
1293
1306
|
IdpConnectionsOrderBy["PROVIDER_ICON_URL_DESC"] = "PROVIDER_ICON_URL_DESC";
|
|
1294
1307
|
IdpConnectionsOrderBy["PROVIDER_ID_ASC"] = "PROVIDER_ID_ASC";
|
|
@@ -1314,6 +1327,15 @@ var IdpConnectionsOrderBy;
|
|
|
1314
1327
|
IdpConnectionsOrderBy["USER_INFO_RETRIEVAL_WEBHOOK_ASC"] = "USER_INFO_RETRIEVAL_WEBHOOK_ASC";
|
|
1315
1328
|
IdpConnectionsOrderBy["USER_INFO_RETRIEVAL_WEBHOOK_DESC"] = "USER_INFO_RETRIEVAL_WEBHOOK_DESC";
|
|
1316
1329
|
})(IdpConnectionsOrderBy || (IdpConnectionsOrderBy = {}));
|
|
1330
|
+
var IdpProtocol;
|
|
1331
|
+
(function (IdpProtocol) {
|
|
1332
|
+
/** Delegated */
|
|
1333
|
+
IdpProtocol["DELEGATED"] = "DELEGATED";
|
|
1334
|
+
/** OAuth 2.0 */
|
|
1335
|
+
IdpProtocol["OAUTH2"] = "OAUTH2";
|
|
1336
|
+
/** OIDC */
|
|
1337
|
+
IdpProtocol["OIDC"] = "OIDC";
|
|
1338
|
+
})(IdpProtocol || (IdpProtocol = {}));
|
|
1317
1339
|
/** Methods to use when ordering `IdProvider`. */
|
|
1318
1340
|
var IdProvidersOrderBy;
|
|
1319
1341
|
(function (IdProvidersOrderBy) {
|
|
@@ -1356,6 +1378,29 @@ var ServiceConfigurationsOrderBy;
|
|
|
1356
1378
|
ServiceConfigurationsOrderBy["WEBHOOK_TIMEOUT_ASC"] = "WEBHOOK_TIMEOUT_ASC";
|
|
1357
1379
|
ServiceConfigurationsOrderBy["WEBHOOK_TIMEOUT_DESC"] = "WEBHOOK_TIMEOUT_DESC";
|
|
1358
1380
|
})(ServiceConfigurationsOrderBy || (ServiceConfigurationsOrderBy = {}));
|
|
1381
|
+
/** Methods to use when ordering `UserIdpDatum`. */
|
|
1382
|
+
var UserIdpDataOrderBy;
|
|
1383
|
+
(function (UserIdpDataOrderBy) {
|
|
1384
|
+
UserIdpDataOrderBy["CREATED_DATE_ASC"] = "CREATED_DATE_ASC";
|
|
1385
|
+
UserIdpDataOrderBy["CREATED_DATE_DESC"] = "CREATED_DATE_DESC";
|
|
1386
|
+
UserIdpDataOrderBy["IDP_CONNECTION_ID_ASC"] = "IDP_CONNECTION_ID_ASC";
|
|
1387
|
+
UserIdpDataOrderBy["IDP_CONNECTION_ID_DESC"] = "IDP_CONNECTION_ID_DESC";
|
|
1388
|
+
UserIdpDataOrderBy["IDP_SUBJECT_ID_ASC"] = "IDP_SUBJECT_ID_ASC";
|
|
1389
|
+
UserIdpDataOrderBy["IDP_SUBJECT_ID_DESC"] = "IDP_SUBJECT_ID_DESC";
|
|
1390
|
+
UserIdpDataOrderBy["INITIAL_IDP_REFRESH_TOKEN_ASC"] = "INITIAL_IDP_REFRESH_TOKEN_ASC";
|
|
1391
|
+
UserIdpDataOrderBy["INITIAL_IDP_REFRESH_TOKEN_DESC"] = "INITIAL_IDP_REFRESH_TOKEN_DESC";
|
|
1392
|
+
UserIdpDataOrderBy["NATURAL"] = "NATURAL";
|
|
1393
|
+
UserIdpDataOrderBy["PRIMARY_KEY_ASC"] = "PRIMARY_KEY_ASC";
|
|
1394
|
+
UserIdpDataOrderBy["PRIMARY_KEY_DESC"] = "PRIMARY_KEY_DESC";
|
|
1395
|
+
UserIdpDataOrderBy["PROVIDER_ID_ASC"] = "PROVIDER_ID_ASC";
|
|
1396
|
+
UserIdpDataOrderBy["PROVIDER_ID_DESC"] = "PROVIDER_ID_DESC";
|
|
1397
|
+
UserIdpDataOrderBy["RAW_PAYLOAD_ASC"] = "RAW_PAYLOAD_ASC";
|
|
1398
|
+
UserIdpDataOrderBy["RAW_PAYLOAD_DESC"] = "RAW_PAYLOAD_DESC";
|
|
1399
|
+
UserIdpDataOrderBy["UPDATED_DATE_ASC"] = "UPDATED_DATE_ASC";
|
|
1400
|
+
UserIdpDataOrderBy["UPDATED_DATE_DESC"] = "UPDATED_DATE_DESC";
|
|
1401
|
+
UserIdpDataOrderBy["USER_ID_ASC"] = "USER_ID_ASC";
|
|
1402
|
+
UserIdpDataOrderBy["USER_ID_DESC"] = "USER_ID_DESC";
|
|
1403
|
+
})(UserIdpDataOrderBy || (UserIdpDataOrderBy = {}));
|
|
1359
1404
|
/** Methods to use when ordering `UserProfile`. */
|
|
1360
1405
|
var UserProfilesOrderBy;
|
|
1361
1406
|
(function (UserProfilesOrderBy) {
|
|
@@ -1420,7 +1465,8 @@ var UsersOrderBy;
|
|
|
1420
1465
|
UsersOrderBy["UPDATED_USER_ASC"] = "UPDATED_USER_ASC";
|
|
1421
1466
|
UsersOrderBy["UPDATED_USER_DESC"] = "UPDATED_USER_DESC";
|
|
1422
1467
|
})(UsersOrderBy || (UsersOrderBy = {}));
|
|
1423
|
-
const AuthenticateConsumerApplicationDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "AuthenticateConsumerApplication" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "AuthenticateConsumerApplicationInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "authenticateConsumerApplication" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "accessToken" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "expiresInSeconds" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "tokenType" }, "arguments": [], "directives": [] }] } }] } }] };
|
|
1468
|
+
const AuthenticateConsumerApplicationDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "AuthenticateConsumerApplication" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "AuthenticateConsumerApplicationInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "authenticateConsumerApplication" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "accessToken" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "expiresInSeconds" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "tokenType" }, "arguments": [], "directives": [] }] } }] } }] };
|
|
1469
|
+
const DecryptNativeCookieDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "DecryptNativeCookie" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "DecryptWithKeyAesInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "decryptWithKeyAes" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "decryptedValue" }, "arguments": [], "directives": [] }] } }] } }] };
|
|
1424
1470
|
|
|
1425
1471
|
/**
|
|
1426
1472
|
* Authenticate a Consumer Application and receive a token.
|
|
@@ -1837,7 +1883,7 @@ const completePasswordReset = (completePasswordResetRequest, axAuthManagementEnd
|
|
|
1837
1883
|
code: dist.ROPCPasswordResponseCode.SUCCESS,
|
|
1838
1884
|
};
|
|
1839
1885
|
});
|
|
1840
|
-
const getIdpConfigurations = (userAuthConfig
|
|
1886
|
+
const getIdpConfigurations = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
1841
1887
|
var _a, _b;
|
|
1842
1888
|
const configResponse = yield invokeUserAuthMethod('get-user-auth-idp-config', userAuthConfig);
|
|
1843
1889
|
if (configResponse.code === dist.IdpConfigurationResponseCode.SUCCESS) {
|
|
@@ -1849,7 +1895,6 @@ const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, vo
|
|
|
1849
1895
|
providerIconUrl: idp.providerIconUrl,
|
|
1850
1896
|
title: idp.title,
|
|
1851
1897
|
sortOrder: idp.sortOrder,
|
|
1852
|
-
authUrl: `${userAuthConfig.userAuthBaseUrl}/oauth?tenantId=${userAuthConfig.tenantId}&environmentId=${userAuthConfig.environmentId}&applicationId=${userAuthConfig.applicationId}&idpConnectionId=${idp.idpConnectionId}&originUrl=${originUrl}&userAuthProxyUrl=${userAuthConfig.userAuthBaseUrl}`,
|
|
1853
1898
|
};
|
|
1854
1899
|
})) !== null && _b !== void 0 ? _b : []);
|
|
1855
1900
|
}
|
|
@@ -1857,11 +1902,39 @@ const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, vo
|
|
|
1857
1902
|
return [];
|
|
1858
1903
|
}
|
|
1859
1904
|
});
|
|
1905
|
+
/**
|
|
1906
|
+
* Get the Authentication URL for a given IDP for web based applications.
|
|
1907
|
+
*
|
|
1908
|
+
* @param userAuthConfig The UserAuthConfig object.
|
|
1909
|
+
* @param idpConnectionId IDP Connection ID that should be authenticated with.
|
|
1910
|
+
* @param returnUrl The return URL which the User Service will redirect after completing the authentication flow.
|
|
1911
|
+
* @returns a URL object
|
|
1912
|
+
*/
|
|
1913
|
+
const getAuthUrl = (userAuthConfig, idpConnectionId, returnUrl) => {
|
|
1914
|
+
const authUrl = new URL('oauth', userAuthConfig.userAuthBaseUrl);
|
|
1915
|
+
authUrl.searchParams.set('tenantId', userAuthConfig.tenantId);
|
|
1916
|
+
authUrl.searchParams.set('environmentId', userAuthConfig.environmentId);
|
|
1917
|
+
authUrl.searchParams.set('applicationId', userAuthConfig.applicationId);
|
|
1918
|
+
authUrl.searchParams.set('idpConnectionId', idpConnectionId);
|
|
1919
|
+
authUrl.searchParams.set('originUrl', returnUrl);
|
|
1920
|
+
authUrl.searchParams.set('userAuthProxyUrl', userAuthConfig.userAuthBaseUrl);
|
|
1921
|
+
return authUrl;
|
|
1922
|
+
};
|
|
1923
|
+
/**
|
|
1924
|
+
* TODO: Move this to the react-native-lib.
|
|
1925
|
+
* react-native does not support URL.searchParams.set() method.
|
|
1926
|
+
* We need to explicitly install react-native-url-polyfill package.
|
|
1927
|
+
* Best if we do that in react-native specific user-auth-lib. *
|
|
1928
|
+
*/
|
|
1929
|
+
const getNativeAuthUrl = (userAuthConfig, idpConnectionId, returnUrl, encryptionKey) => {
|
|
1930
|
+
const authUrl = new URL(`oauth?tenantId=${userAuthConfig.tenantId}&environmentId=${userAuthConfig.environmentId}&applicationId=${userAuthConfig.applicationId}&idpConnectionId=${idpConnectionId}&originUrl=${returnUrl}&userAuthProxyUrl=${userAuthConfig.userAuthBaseUrl}&encryptionKey=${encryptionKey}`, userAuthConfig.userAuthBaseUrl);
|
|
1931
|
+
return authUrl;
|
|
1932
|
+
};
|
|
1860
1933
|
/**
|
|
1861
1934
|
* Returns a new user token by invoking the User Auth API
|
|
1862
1935
|
*/
|
|
1863
1936
|
const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
1864
|
-
var _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s;
|
|
1937
|
+
var _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t;
|
|
1865
1938
|
const tokenResponse = yield invokeUserAuthMethod('token', userAuthConfig);
|
|
1866
1939
|
if (tokenResponse.code !== dist.TokenResponseCode.SUCCESS) {
|
|
1867
1940
|
throw Error(tokenResponse.message);
|
|
@@ -1878,6 +1951,7 @@ const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, fun
|
|
|
1878
1951
|
extensions: tokenResponse.extensions,
|
|
1879
1952
|
accessToken: (_q = (_p = tokenResponse.user) === null || _p === void 0 ? void 0 : _p.token.accessToken) !== null && _q !== void 0 ? _q : '',
|
|
1880
1953
|
expiresInSeconds: (_s = (_r = tokenResponse.user) === null || _r === void 0 ? void 0 : _r.token.expiresInSeconds) !== null && _s !== void 0 ? _s : 0,
|
|
1954
|
+
expiresAt: (_t = tokenResponse.user) === null || _t === void 0 ? void 0 : _t.token.expiresAt,
|
|
1881
1955
|
};
|
|
1882
1956
|
}
|
|
1883
1957
|
});
|
|
@@ -1885,20 +1959,56 @@ const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, fun
|
|
|
1885
1959
|
* Returns a user token. The method will ensure to avoid unnecessary API calls by caching valid user tokens.
|
|
1886
1960
|
*/
|
|
1887
1961
|
const getUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
1962
|
+
if ((currentUserToken === null || currentUserToken === void 0 ? void 0 : currentUserToken.expiresAt) === undefined ||
|
|
1963
|
+
currentUserToken.expiresAt <= new Date(Date.now())) {
|
|
1964
|
+
currentUserToken = null;
|
|
1965
|
+
}
|
|
1888
1966
|
if (currentUserToken !== null) {
|
|
1889
1967
|
// A valid user token is already available
|
|
1890
1968
|
return Promise.resolve(currentUserToken);
|
|
1891
1969
|
}
|
|
1892
1970
|
currentUserToken = yield fetchUserToken(userAuthConfig);
|
|
1893
|
-
// Clear currentUserToken when the token expires, so the next call will retrieve a new one
|
|
1894
|
-
setTimeout(() => __awaiter(void 0, void 0, void 0, function* () {
|
|
1895
|
-
currentUserToken = null;
|
|
1896
|
-
}), (currentUserToken.expiresInSeconds - 60) * 1000);
|
|
1897
1971
|
return currentUserToken;
|
|
1898
1972
|
});
|
|
1899
1973
|
const logoutUser = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
1900
1974
|
const logoutResponse = yield invokeUserAuthMethod('sign-out', userAuthConfig);
|
|
1901
1975
|
return logoutResponse.code === dist.SignOutResponseCode.SUCCESS;
|
|
1976
|
+
});
|
|
1977
|
+
/**
|
|
1978
|
+
* Decrypts an encrypted User Token Cookie
|
|
1979
|
+
*
|
|
1980
|
+
* @param encryptedCookie
|
|
1981
|
+
* @param key
|
|
1982
|
+
* @param userServiceManagementEndpoint
|
|
1983
|
+
* @returns
|
|
1984
|
+
*/
|
|
1985
|
+
const decryptNativeCookie = (encryptedCookie, key, userServiceManagementEndpoint) => __awaiter(void 0, void 0, void 0, function* () {
|
|
1986
|
+
const variables = {
|
|
1987
|
+
input: {
|
|
1988
|
+
encryptedValue: encryptedCookie,
|
|
1989
|
+
key,
|
|
1990
|
+
},
|
|
1991
|
+
};
|
|
1992
|
+
const decryptNativeCookieResponse = yield (yield fetch(`${userServiceManagementEndpoint}`, {
|
|
1993
|
+
method: 'POST',
|
|
1994
|
+
cache: 'no-cache',
|
|
1995
|
+
redirect: 'follow',
|
|
1996
|
+
referrerPolicy: 'origin',
|
|
1997
|
+
headers: {
|
|
1998
|
+
'content-type': 'application/json',
|
|
1999
|
+
},
|
|
2000
|
+
body: stringifyGqlQuery(DecryptNativeCookieDocument, variables),
|
|
2001
|
+
})).json();
|
|
2002
|
+
if (decryptNativeCookieResponse.errors !== undefined) {
|
|
2003
|
+
return {
|
|
2004
|
+
code: dist.DecryptNativeCookieResponseCode.COOKIE_DECRYPTION_FAILED,
|
|
2005
|
+
message: decryptNativeCookieResponse.errors[0].message,
|
|
2006
|
+
};
|
|
2007
|
+
}
|
|
2008
|
+
return {
|
|
2009
|
+
code: dist.DecryptNativeCookieResponseCode.SUCCESS,
|
|
2010
|
+
decryptedCookie: decryptNativeCookieResponse.data.decryptWithKeyAes.decryptedValue,
|
|
2011
|
+
};
|
|
1902
2012
|
});
|
|
1903
2013
|
|
|
1904
2014
|
/** Methods to use when ordering `UserProfile`. */
|
|
@@ -2102,9 +2212,10 @@ class UserServiceClient {
|
|
|
2102
2212
|
* @param userServiceConfig Configuration values for the user service API
|
|
2103
2213
|
* @param tokenRenewalMethod Token renewal method to use
|
|
2104
2214
|
*/
|
|
2105
|
-
constructor(userAuthConfig, userServiceConfig, tokenRenewalMethod = exports.TokenRenewalMethod.ON_DEMAND) {
|
|
2215
|
+
constructor(userAuthConfig, userServiceConfig, setIsSignedIn, tokenRenewalMethod = exports.TokenRenewalMethod.ON_DEMAND) {
|
|
2106
2216
|
this.userAuthConfig = userAuthConfig;
|
|
2107
2217
|
this.userServiceConfig = userServiceConfig;
|
|
2218
|
+
this.setIsSignedIn = setIsSignedIn;
|
|
2108
2219
|
this.tokenRenewalMethod = tokenRenewalMethod;
|
|
2109
2220
|
this._tokenChangedHandlers = [];
|
|
2110
2221
|
this._tokenResponse = null;
|
|
@@ -2119,6 +2230,7 @@ class UserServiceClient {
|
|
|
2119
2230
|
try {
|
|
2120
2231
|
const userToken = yield fetchUserToken(this.userAuthConfig);
|
|
2121
2232
|
const userProfile = yield getUserProfile(this.userServiceConfig.userServiceBaseUrl, userToken.accessToken, userToken.profileId);
|
|
2233
|
+
this.setIsSignedIn(true);
|
|
2122
2234
|
return {
|
|
2123
2235
|
code: 'SUCCESS',
|
|
2124
2236
|
userToken,
|
|
@@ -2130,6 +2242,7 @@ class UserServiceClient {
|
|
|
2130
2242
|
};
|
|
2131
2243
|
}
|
|
2132
2244
|
catch (error) {
|
|
2245
|
+
this.setIsSignedIn(false);
|
|
2133
2246
|
assertError(error);
|
|
2134
2247
|
return {
|
|
2135
2248
|
code: 'ERROR',
|
|
@@ -2189,7 +2302,7 @@ class UserServiceClient {
|
|
|
2189
2302
|
* @returns a boolean indicating if the Mosaic application has an AxAuth IDP provider configured and it is enabled.
|
|
2190
2303
|
*/
|
|
2191
2304
|
this.isDirectSignInConfigured = () => __awaiter(this, void 0, void 0, function* () {
|
|
2192
|
-
const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig
|
|
2305
|
+
const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig);
|
|
2193
2306
|
this._axAuthIdpConfig = idpConfigurations.find((idpConfig) => idpConfig.providerId === 'AX_AUTH');
|
|
2194
2307
|
return this._axAuthIdpConfig !== undefined;
|
|
2195
2308
|
});
|
|
@@ -2215,15 +2328,14 @@ class UserServiceClient {
|
|
|
2215
2328
|
/**
|
|
2216
2329
|
* Registers a new user in the AX_AUTH IDP configured for the application.
|
|
2217
2330
|
*
|
|
2218
|
-
* @param originUrl
|
|
2219
2331
|
* @param userSignUpRequest
|
|
2220
2332
|
* @returns `UserSignUpResponse`
|
|
2221
2333
|
*/
|
|
2222
|
-
this.initiateUserSignUp = (
|
|
2334
|
+
this.initiateUserSignUp = (userSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2223
2335
|
var _d;
|
|
2224
2336
|
// If _axAuthIdpConfig is not fetched previously, retrieve it.
|
|
2225
2337
|
if (this._axAuthIdpConfig === undefined) {
|
|
2226
|
-
yield this.getIdpConfigurations(
|
|
2338
|
+
yield this.getIdpConfigurations();
|
|
2227
2339
|
}
|
|
2228
2340
|
if (this._axAuthIdpConfig !== undefined &&
|
|
2229
2341
|
this._axAuthIdpConfig.clientId !== null &&
|
|
@@ -2242,15 +2354,14 @@ class UserServiceClient {
|
|
|
2242
2354
|
/**
|
|
2243
2355
|
* Checks if a given User Sign-Up OTP Code is valid
|
|
2244
2356
|
*
|
|
2245
|
-
* @param originUrl
|
|
2246
2357
|
* @param checkUserSignUpOtpRequest
|
|
2247
2358
|
* @returns `CheckUserSignUpOtpResponse`
|
|
2248
2359
|
*/
|
|
2249
|
-
this.checkUserSignUpOTP = (
|
|
2360
|
+
this.checkUserSignUpOTP = (checkUserSignUpOtpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2250
2361
|
var _e;
|
|
2251
2362
|
// If _axAuthIdpConfig is not fetched previously, retrieve it.
|
|
2252
2363
|
if (this._axAuthIdpConfig === undefined) {
|
|
2253
|
-
yield this.getIdpConfigurations(
|
|
2364
|
+
yield this.getIdpConfigurations();
|
|
2254
2365
|
}
|
|
2255
2366
|
if (this._axAuthIdpConfig !== undefined &&
|
|
2256
2367
|
this._axAuthIdpConfig.clientId !== null &&
|
|
@@ -2291,15 +2402,14 @@ class UserServiceClient {
|
|
|
2291
2402
|
* This will initiate the call to the webhook configured in AX_AUTH to send the generated OTP
|
|
2292
2403
|
* to the user.
|
|
2293
2404
|
*
|
|
2294
|
-
* @param originUrl
|
|
2295
2405
|
* @param email
|
|
2296
2406
|
* @returns `InitiatePasswordResetResponse`
|
|
2297
2407
|
*/
|
|
2298
|
-
this.initiateResetPassword = (
|
|
2408
|
+
this.initiateResetPassword = (email) => __awaiter(this, void 0, void 0, function* () {
|
|
2299
2409
|
var _g;
|
|
2300
2410
|
// If _axAuthIdpConfig is not fetched previously, retrieve it.
|
|
2301
2411
|
if (this._axAuthIdpConfig === undefined) {
|
|
2302
|
-
yield this.getIdpConfigurations(
|
|
2412
|
+
yield this.getIdpConfigurations();
|
|
2303
2413
|
}
|
|
2304
2414
|
if (this._axAuthIdpConfig !== undefined &&
|
|
2305
2415
|
this._axAuthIdpConfig.clientId !== null &&
|
|
@@ -2317,15 +2427,14 @@ class UserServiceClient {
|
|
|
2317
2427
|
/**
|
|
2318
2428
|
* Checks if a given Reset Password OTP Code is valid
|
|
2319
2429
|
*
|
|
2320
|
-
* @param originUrl
|
|
2321
2430
|
* @param checkPasswordResetOtpRequest
|
|
2322
2431
|
* @returns `CheckPasswordResetOtpResponse`
|
|
2323
2432
|
*/
|
|
2324
|
-
this.checkResetPasswordOTP = (
|
|
2433
|
+
this.checkResetPasswordOTP = (checkPasswordResetOtpRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2325
2434
|
var _h;
|
|
2326
2435
|
// If _axAuthIdpConfig is not fetched previously, retrieve it.
|
|
2327
2436
|
if (this._axAuthIdpConfig === undefined) {
|
|
2328
|
-
yield this.getIdpConfigurations(
|
|
2437
|
+
yield this.getIdpConfigurations();
|
|
2329
2438
|
}
|
|
2330
2439
|
if (this._axAuthIdpConfig !== undefined &&
|
|
2331
2440
|
this._axAuthIdpConfig.clientId !== null &&
|
|
@@ -2344,7 +2453,6 @@ class UserServiceClient {
|
|
|
2344
2453
|
* Completes the password reset flow for a user registered using the AX_AUTH IDP.
|
|
2345
2454
|
* The user needs to input the OTP along with a new password to finish the process.
|
|
2346
2455
|
*
|
|
2347
|
-
* @param originUrl
|
|
2348
2456
|
* @param completePasswordResetRequest
|
|
2349
2457
|
* @returns
|
|
2350
2458
|
*/
|
|
@@ -2368,19 +2476,21 @@ class UserServiceClient {
|
|
|
2368
2476
|
* When in need of a token, please call this method to get a new token.
|
|
2369
2477
|
*/
|
|
2370
2478
|
this.getToken = () => __awaiter(this, void 0, void 0, function* () {
|
|
2479
|
+
var _k;
|
|
2480
|
+
// Set token response to null if the token has expired.
|
|
2481
|
+
if (this.tokenResponse !== null &&
|
|
2482
|
+
(((_k = this.tokenResponse.userToken) === null || _k === void 0 ? void 0 : _k.expiresAt) === undefined ||
|
|
2483
|
+
this.tokenResponse.userToken.expiresAt <= new Date(Date.now()))) {
|
|
2484
|
+
this.tokenResponse = null;
|
|
2485
|
+
this.setIsSignedIn(false);
|
|
2486
|
+
}
|
|
2371
2487
|
if (this.tokenResponse !== null && this.tokenResponse.code === 'SUCCESS') {
|
|
2372
2488
|
// We already have a valid token
|
|
2373
2489
|
return Promise.resolve(this.tokenResponse);
|
|
2374
2490
|
}
|
|
2375
2491
|
this.tokenResponse = yield this.fetchToken();
|
|
2376
2492
|
if (this.tokenResponse.userToken !== undefined) {
|
|
2377
|
-
if (this.tokenRenewalMethod === exports.TokenRenewalMethod.
|
|
2378
|
-
setTimeout(() => __awaiter(this, void 0, void 0, function* () {
|
|
2379
|
-
// Clear tokenResponse when the token expires, so the next call will retrieve a new one
|
|
2380
|
-
this.tokenResponse = null;
|
|
2381
|
-
}), (this.tokenResponse.userToken.expiresInSeconds - inAdvanceTokenRenewalDurationInSeconds) * 1000);
|
|
2382
|
-
}
|
|
2383
|
-
else if (this.tokenRenewalMethod === exports.TokenRenewalMethod.PRE_EMPTIVE) {
|
|
2493
|
+
if (this.tokenRenewalMethod === exports.TokenRenewalMethod.PRE_EMPTIVE) {
|
|
2384
2494
|
// Renew the token pre-emptively
|
|
2385
2495
|
yield this.recursivelyRefreshToken();
|
|
2386
2496
|
}
|
|
@@ -2404,11 +2514,10 @@ class UserServiceClient {
|
|
|
2404
2514
|
* Returns an array of IDP Configurations that are configured for the application
|
|
2405
2515
|
* This list will exclude connections for provider id AX_AUTH as it is used for a user sign-up and ROPC flows.
|
|
2406
2516
|
*
|
|
2407
|
-
* @param originUrl URL to redirect to once the Oauth 2.0 flow is complete
|
|
2408
2517
|
*/
|
|
2409
|
-
this.getIdpConfigurations = (
|
|
2518
|
+
this.getIdpConfigurations = () => __awaiter(this, void 0, void 0, function* () {
|
|
2410
2519
|
// Extract the IDP Configuration for AX_AUTH and remove it from the ID Providers list.
|
|
2411
|
-
const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig
|
|
2520
|
+
const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig)).filter((idpConfig) => {
|
|
2412
2521
|
if (idpConfig.providerId === 'AX_AUTH') {
|
|
2413
2522
|
this._axAuthIdpConfig = idpConfig;
|
|
2414
2523
|
return;
|
|
@@ -2424,7 +2533,12 @@ class UserServiceClient {
|
|
|
2424
2533
|
this.tokenResponse = null;
|
|
2425
2534
|
// We want the user to be considered logged out, so we emit the TokenChanged here using 'null'
|
|
2426
2535
|
this.emitTokenChanged(null);
|
|
2427
|
-
|
|
2536
|
+
const logoutStatus = yield logoutUser(this.userAuthConfig);
|
|
2537
|
+
if (logoutStatus) {
|
|
2538
|
+
// Set the sign in status as false.
|
|
2539
|
+
this.setSignedInStatus(false);
|
|
2540
|
+
}
|
|
2541
|
+
return logoutStatus;
|
|
2428
2542
|
});
|
|
2429
2543
|
/**
|
|
2430
2544
|
* Sets a given Profile ID as the active profile
|
|
@@ -2481,6 +2595,46 @@ class UserServiceClient {
|
|
|
2481
2595
|
this.authenticateConsumerApplication = (authenticateConsumerApplicationRequest) => __awaiter(this, void 0, void 0, function* () {
|
|
2482
2596
|
return authenticateConsumerApplication(authenticateConsumerApplicationRequest, this.userServiceConfig.userServiceBaseUrl);
|
|
2483
2597
|
});
|
|
2598
|
+
/**
|
|
2599
|
+
* Decrypt an User Token Cookie used in Native Apps.
|
|
2600
|
+
* @param encryptedCookie
|
|
2601
|
+
* @param key
|
|
2602
|
+
* @returns
|
|
2603
|
+
*/
|
|
2604
|
+
this.decryptNativeCookie = (encryptedCookie, key) => __awaiter(this, void 0, void 0, function* () {
|
|
2605
|
+
return decryptNativeCookie(encryptedCookie, key, `${this.userServiceConfig.userServiceBaseUrl}/graphql-management`);
|
|
2606
|
+
});
|
|
2607
|
+
/**
|
|
2608
|
+
* Returns the authentication URL for web based applications.
|
|
2609
|
+
*
|
|
2610
|
+
* @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
|
|
2611
|
+
* @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
|
|
2612
|
+
* @returns a URL object with the Authentication URL
|
|
2613
|
+
*/
|
|
2614
|
+
this.getAuthUrl = (idpConnectionId, returnUrl) => {
|
|
2615
|
+
return getAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl);
|
|
2616
|
+
};
|
|
2617
|
+
/**
|
|
2618
|
+
* Returns the authentication URL for native applications.
|
|
2619
|
+
*
|
|
2620
|
+
* @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
|
|
2621
|
+
* @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
|
|
2622
|
+
* @param encryptionKey A hex string with the length of 32 bytes that is used as the encryption key to encrypt the authorization Cookie.
|
|
2623
|
+
* @returns a URL object with the Authentication URL
|
|
2624
|
+
*/
|
|
2625
|
+
this.getNativeAuthUrl = (idpConnectionId, returnUrl, encryptionKey) => {
|
|
2626
|
+
const authUrl = getNativeAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl, encryptionKey);
|
|
2627
|
+
return authUrl;
|
|
2628
|
+
};
|
|
2629
|
+
/**
|
|
2630
|
+
* Sets the sign in status explicitly, allowing to re-render any
|
|
2631
|
+
* React components with the UserServiceProvider.
|
|
2632
|
+
*
|
|
2633
|
+
* @param signInStatus
|
|
2634
|
+
*/
|
|
2635
|
+
this.setSignedInStatus = (signInStatus) => {
|
|
2636
|
+
this.setIsSignedIn(signInStatus);
|
|
2637
|
+
};
|
|
2484
2638
|
// asynchronously get the ROPC endpoints at client initialization
|
|
2485
2639
|
this.getROPCEndpoints();
|
|
2486
2640
|
}
|
|
@@ -2502,8 +2656,9 @@ const UserServiceContext = React.createContext(null);
|
|
|
2502
2656
|
* Provides the User Service Client that can be retrieved using the `useUserService` hook
|
|
2503
2657
|
*/
|
|
2504
2658
|
const UserServiceProvider = ({ children, userAuthConfig, userServiceConfig, tokenRenewalMethod = exports.TokenRenewalMethod.ON_DEMAND, }) => {
|
|
2505
|
-
const
|
|
2506
|
-
|
|
2659
|
+
const [isSignedIn, setIsSignedIn] = React.useState(false);
|
|
2660
|
+
const client = new UserServiceClient(userAuthConfig, userServiceConfig, setIsSignedIn, tokenRenewalMethod);
|
|
2661
|
+
return (React.createElement(UserServiceContext.Provider, { value: Object.assign({ isSignedIn }, client) }, children));
|
|
2507
2662
|
};
|
|
2508
2663
|
/**
|
|
2509
2664
|
* Retrieves the User Service Client
|