@boxyhq/saml-jackson 1.32.0 → 1.33.1-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controller/api.js +17 -7
- package/dist/controller/api.js.map +1 -1
- package/dist/controller/connection/oidc.js +17 -7
- package/dist/controller/connection/oidc.js.map +1 -1
- package/dist/controller/connection/saml.js +17 -7
- package/dist/controller/connection/saml.js.map +1 -1
- package/dist/controller/logout.js +17 -7
- package/dist/controller/logout.js.map +1 -1
- package/dist/controller/oauth/oidc-client.d.ts +9 -4
- package/dist/controller/oauth/oidc-client.js +80 -11
- package/dist/controller/oauth/oidc-client.js.map +1 -1
- package/dist/controller/oauth/oidc-issuer.d.ts +2 -0
- package/dist/controller/oauth/oidc-issuer.js +25 -0
- package/dist/controller/oauth/oidc-issuer.js.map +1 -0
- package/dist/controller/oauth.js +97 -46
- package/dist/controller/oauth.js.map +1 -1
- package/dist/controller/setup-link.js +17 -7
- package/dist/controller/setup-link.js.map +1 -1
- package/dist/controller/sso-handler.d.ts +10 -2
- package/dist/controller/sso-handler.js +34 -12
- package/dist/controller/sso-handler.js.map +1 -1
- package/dist/controller/utils.d.ts +5 -3
- package/dist/controller/utils.js +27 -9
- package/dist/controller/utils.js.map +1 -1
- package/dist/db/db.js +17 -7
- package/dist/db/db.js.map +1 -1
- package/dist/db/dynamoDb.js +17 -7
- package/dist/db/dynamoDb.js.map +1 -1
- package/dist/db/mem.js +17 -7
- package/dist/db/mem.js.map +1 -1
- package/dist/db/mongo.js +17 -7
- package/dist/db/mongo.js.map +1 -1
- package/dist/db/redis.js +17 -7
- package/dist/db/redis.js.map +1 -1
- package/dist/db/sql/sql.js +17 -7
- package/dist/db/sql/sql.js.map +1 -1
- package/dist/db/store.js +17 -7
- package/dist/db/store.js.map +1 -1
- package/dist/directory-sync/batch-events/queue.js +17 -7
- package/dist/directory-sync/batch-events/queue.js.map +1 -1
- package/dist/directory-sync/scim/DirectoryConfig.js +17 -7
- package/dist/directory-sync/scim/DirectoryConfig.js.map +1 -1
- package/dist/directory-sync/scim/Groups.js +17 -7
- package/dist/directory-sync/scim/Groups.js.map +1 -1
- package/dist/ee/identity-federation/idp-login.js +20 -14
- package/dist/ee/identity-federation/idp-login.js.map +1 -1
- package/dist/ee/identity-federation/sso.js +16 -11
- package/dist/ee/identity-federation/sso.js.map +1 -1
- package/dist/event/axios.d.ts +2 -1
- package/dist/index.js +17 -7
- package/dist/index.js.map +1 -1
- package/dist/loadConnection.js +17 -7
- package/dist/loadConnection.js.map +1 -1
- package/dist/saml/lib.js +17 -7
- package/dist/saml/lib.js.map +1 -1
- package/dist/saml/x509.js +17 -7
- package/dist/saml/x509.js.map +1 -1
- package/dist/src/controller/admin.d.ts +27 -0
- package/dist/src/controller/admin.js +60 -0
- package/dist/src/controller/admin.js.map +1 -0
- package/dist/src/controller/analytics.d.ts +16 -0
- package/dist/src/controller/analytics.js +79 -0
- package/dist/src/controller/analytics.js.map +1 -0
- package/dist/src/controller/api.d.ts +557 -0
- package/dist/src/controller/api.js +806 -0
- package/dist/src/controller/api.js.map +1 -0
- package/dist/src/controller/connection/oidc.d.ts +7 -0
- package/dist/src/controller/connection/oidc.js +181 -0
- package/dist/src/controller/connection/oidc.js.map +1 -0
- package/dist/src/controller/connection/saml.d.ts +7 -0
- package/dist/src/controller/connection/saml.js +250 -0
- package/dist/src/controller/connection/saml.js.map +1 -0
- package/dist/src/controller/error.d.ts +10 -0
- package/dist/src/controller/error.js +13 -0
- package/dist/src/controller/error.js.map +1 -0
- package/dist/src/controller/health-check.d.ts +11 -0
- package/dist/src/controller/health-check.js +51 -0
- package/dist/src/controller/health-check.js.map +1 -0
- package/dist/src/controller/logout.d.ts +18 -0
- package/dist/src/controller/logout.js +132 -0
- package/dist/src/controller/logout.js.map +1 -0
- package/dist/src/controller/oauth/allowed.d.ts +1 -0
- package/dist/src/controller/oauth/allowed.js +30 -0
- package/dist/src/controller/oauth/allowed.js.map +1 -0
- package/dist/src/controller/oauth/code-verifier.d.ts +1 -0
- package/dist/src/controller/oauth/code-verifier.js +8 -0
- package/dist/src/controller/oauth/code-verifier.js.map +1 -0
- package/dist/src/controller/oauth/oidc-client.d.ts +12 -0
- package/dist/src/controller/oauth/oidc-client.js +89 -0
- package/dist/src/controller/oauth/oidc-client.js.map +1 -0
- package/dist/src/controller/oauth/redirect.d.ts +1 -0
- package/dist/src/controller/oauth/redirect.js +13 -0
- package/dist/src/controller/oauth/redirect.js.map +1 -0
- package/dist/src/controller/oauth.d.ts +142 -0
- package/dist/src/controller/oauth.js +1112 -0
- package/dist/src/controller/oauth.js.map +1 -0
- package/dist/src/controller/oidc-discovery.d.ts +22 -0
- package/dist/src/controller/oidc-discovery.js +47 -0
- package/dist/src/controller/oidc-discovery.js.map +1 -0
- package/dist/src/controller/setup-link.d.ts +307 -0
- package/dist/src/controller/setup-link.js +462 -0
- package/dist/src/controller/setup-link.js.map +1 -0
- package/dist/src/controller/sp-config.d.ts +22 -0
- package/dist/src/controller/sp-config.js +89 -0
- package/dist/src/controller/sp-config.js.map +1 -0
- package/dist/src/controller/sso-handler.d.ts +66 -0
- package/dist/src/controller/sso-handler.js +306 -0
- package/dist/src/controller/sso-handler.js.map +1 -0
- package/dist/src/controller/utils.d.ts +84 -0
- package/dist/src/controller/utils.js +328 -0
- package/dist/src/controller/utils.js.map +1 -0
- package/dist/src/cron/lock.d.ts +18 -0
- package/dist/src/cron/lock.js +98 -0
- package/dist/src/cron/lock.js.map +1 -0
- package/dist/src/db/db.d.ts +5 -0
- package/dist/src/db/db.js +178 -0
- package/dist/src/db/db.js.map +1 -0
- package/dist/src/db/defaultDb.d.ts +2 -0
- package/dist/src/db/defaultDb.js +18 -0
- package/dist/src/db/defaultDb.js.map +1 -0
- package/dist/src/db/dynamoDb.d.ts +19 -0
- package/dist/src/db/dynamoDb.js +320 -0
- package/dist/src/db/dynamoDb.js.map +1 -0
- package/dist/src/db/encrypter.d.ts +3 -0
- package/dist/src/db/encrypter.js +22 -0
- package/dist/src/db/encrypter.js.map +1 -0
- package/dist/src/db/mem.d.ts +23 -0
- package/dist/src/db/mem.js +186 -0
- package/dist/src/db/mem.js.map +1 -0
- package/dist/src/db/mongo.d.ts +22 -0
- package/dist/src/db/mongo.js +177 -0
- package/dist/src/db/mongo.js.map +1 -0
- package/dist/src/db/planetscale/entity/JacksonIndex.d.ts +5 -0
- package/dist/src/db/planetscale/entity/JacksonIndex.js +32 -0
- package/dist/src/db/planetscale/entity/JacksonIndex.js.map +1 -0
- package/dist/src/db/planetscale/entity/JacksonStore.d.ts +9 -0
- package/dist/src/db/planetscale/entity/JacksonStore.js +63 -0
- package/dist/src/db/planetscale/entity/JacksonStore.js.map +1 -0
- package/dist/src/db/planetscale/entity/JacksonTTL.d.ts +4 -0
- package/dist/src/db/planetscale/entity/JacksonTTL.js +27 -0
- package/dist/src/db/planetscale/entity/JacksonTTL.js.map +1 -0
- package/dist/src/db/redis.d.ts +18 -0
- package/dist/src/db/redis.js +214 -0
- package/dist/src/db/redis.js.map +1 -0
- package/dist/src/db/sql/entity/JacksonIndex.d.ts +7 -0
- package/dist/src/db/sql/entity/JacksonIndex.js +39 -0
- package/dist/src/db/sql/entity/JacksonIndex.js.map +1 -0
- package/dist/src/db/sql/entity/JacksonStore.d.ts +9 -0
- package/dist/src/db/sql/entity/JacksonStore.js +61 -0
- package/dist/src/db/sql/entity/JacksonStore.js.map +1 -0
- package/dist/src/db/sql/entity/JacksonTTL.d.ts +4 -0
- package/dist/src/db/sql/entity/JacksonTTL.js +27 -0
- package/dist/src/db/sql/entity/JacksonTTL.js.map +1 -0
- package/dist/src/db/sql/mariadb/entity/JacksonIndex.d.ts +7 -0
- package/dist/src/db/sql/mariadb/entity/JacksonIndex.js +39 -0
- package/dist/src/db/sql/mariadb/entity/JacksonIndex.js.map +1 -0
- package/dist/src/db/sql/mariadb/entity/JacksonStore.d.ts +9 -0
- package/dist/src/db/sql/mariadb/entity/JacksonStore.js +63 -0
- package/dist/src/db/sql/mariadb/entity/JacksonStore.js.map +1 -0
- package/dist/src/db/sql/mariadb/entity/JacksonTTL.d.ts +4 -0
- package/dist/src/db/sql/mariadb/entity/JacksonTTL.js +27 -0
- package/dist/src/db/sql/mariadb/entity/JacksonTTL.js.map +1 -0
- package/dist/src/db/sql/mssql/entity/JacksonIndex.d.ts +7 -0
- package/dist/src/db/sql/mssql/entity/JacksonIndex.js +39 -0
- package/dist/src/db/sql/mssql/entity/JacksonIndex.js.map +1 -0
- package/dist/src/db/sql/mssql/entity/JacksonStore.d.ts +9 -0
- package/dist/src/db/sql/mssql/entity/JacksonStore.js +61 -0
- package/dist/src/db/sql/mssql/entity/JacksonStore.js.map +1 -0
- package/dist/src/db/sql/mssql/entity/JacksonTTL.d.ts +4 -0
- package/dist/src/db/sql/mssql/entity/JacksonTTL.js +27 -0
- package/dist/src/db/sql/mssql/entity/JacksonTTL.js.map +1 -0
- package/dist/src/db/sql/mssql.d.ts +1 -0
- package/dist/src/db/sql/mssql.js +44 -0
- package/dist/src/db/sql/mssql.js.map +1 -0
- package/dist/src/db/sql/sql.d.ts +32 -0
- package/dist/src/db/sql/sql.js +318 -0
- package/dist/src/db/sql/sql.js.map +1 -0
- package/dist/src/db/sql/sqlite/entity/JacksonIndex.d.ts +7 -0
- package/dist/src/db/sql/sqlite/entity/JacksonIndex.js +39 -0
- package/dist/src/db/sql/sqlite/entity/JacksonIndex.js.map +1 -0
- package/dist/src/db/sql/sqlite/entity/JacksonStore.d.ts +9 -0
- package/dist/src/db/sql/sqlite/entity/JacksonStore.js +61 -0
- package/dist/src/db/sql/sqlite/entity/JacksonStore.js.map +1 -0
- package/dist/src/db/sql/sqlite/entity/JacksonTTL.d.ts +4 -0
- package/dist/src/db/sql/sqlite/entity/JacksonTTL.js +27 -0
- package/dist/src/db/sql/sqlite/entity/JacksonTTL.js.map +1 -0
- package/dist/src/db/store.d.ts +5 -0
- package/dist/src/db/store.js +65 -0
- package/dist/src/db/store.js.map +1 -0
- package/dist/src/db/utils.d.ts +16 -0
- package/dist/src/db/utils.js +28 -0
- package/dist/src/db/utils.js.map +1 -0
- package/dist/src/directory-sync/batch-events/queue.d.ts +40 -0
- package/dist/src/directory-sync/batch-events/queue.js +225 -0
- package/dist/src/directory-sync/batch-events/queue.js.map +1 -0
- package/dist/src/directory-sync/index.d.ts +27 -0
- package/dist/src/directory-sync/index.js +97 -0
- package/dist/src/directory-sync/index.js.map +1 -0
- package/dist/src/directory-sync/non-scim/google/api.d.ts +36 -0
- package/dist/src/directory-sync/non-scim/google/api.js +143 -0
- package/dist/src/directory-sync/non-scim/google/api.js.map +1 -0
- package/dist/src/directory-sync/non-scim/google/index.d.ts +12 -0
- package/dist/src/directory-sync/non-scim/google/index.js +10 -0
- package/dist/src/directory-sync/non-scim/google/index.js.map +1 -0
- package/dist/src/directory-sync/non-scim/google/oauth.d.ts +27 -0
- package/dist/src/directory-sync/non-scim/google/oauth.js +105 -0
- package/dist/src/directory-sync/non-scim/google/oauth.js.map +1 -0
- package/dist/src/directory-sync/non-scim/index.d.ts +24 -0
- package/dist/src/directory-sync/non-scim/index.js +85 -0
- package/dist/src/directory-sync/non-scim/index.js.map +1 -0
- package/dist/src/directory-sync/non-scim/syncGroupMembers.d.ts +23 -0
- package/dist/src/directory-sync/non-scim/syncGroupMembers.js +105 -0
- package/dist/src/directory-sync/non-scim/syncGroupMembers.js.map +1 -0
- package/dist/src/directory-sync/non-scim/syncGroups.d.ts +24 -0
- package/dist/src/directory-sync/non-scim/syncGroups.js +120 -0
- package/dist/src/directory-sync/non-scim/syncGroups.js.map +1 -0
- package/dist/src/directory-sync/non-scim/syncUsers.d.ts +24 -0
- package/dist/src/directory-sync/non-scim/syncUsers.js +120 -0
- package/dist/src/directory-sync/non-scim/syncUsers.js.map +1 -0
- package/dist/src/directory-sync/non-scim/utils.d.ts +36 -0
- package/dist/src/directory-sync/non-scim/utils.js +109 -0
- package/dist/src/directory-sync/non-scim/utils.js.map +1 -0
- package/dist/src/directory-sync/request.d.ts +14 -0
- package/dist/src/directory-sync/request.js +29 -0
- package/dist/src/directory-sync/request.js.map +1 -0
- package/dist/src/directory-sync/scim/Base.d.ts +12 -0
- package/dist/src/directory-sync/scim/Base.js +23 -0
- package/dist/src/directory-sync/scim/Base.js.map +1 -0
- package/dist/src/directory-sync/scim/DirectoryConfig.d.ts +343 -0
- package/dist/src/directory-sync/scim/DirectoryConfig.js +580 -0
- package/dist/src/directory-sync/scim/DirectoryConfig.js.map +1 -0
- package/dist/src/directory-sync/scim/DirectoryGroups.d.ts +28 -0
- package/dist/src/directory-sync/scim/DirectoryGroups.js +252 -0
- package/dist/src/directory-sync/scim/DirectoryGroups.js.map +1 -0
- package/dist/src/directory-sync/scim/DirectoryUsers.d.ts +25 -0
- package/dist/src/directory-sync/scim/DirectoryUsers.js +193 -0
- package/dist/src/directory-sync/scim/DirectoryUsers.js.map +1 -0
- package/dist/src/directory-sync/scim/Groups.d.ts +166 -0
- package/dist/src/directory-sync/scim/Groups.js +348 -0
- package/dist/src/directory-sync/scim/Groups.js.map +1 -0
- package/dist/src/directory-sync/scim/Users.d.ts +99 -0
- package/dist/src/directory-sync/scim/Users.js +215 -0
- package/dist/src/directory-sync/scim/Users.js.map +1 -0
- package/dist/src/directory-sync/scim/WebhookEventsLogger.d.ts +101 -0
- package/dist/src/directory-sync/scim/WebhookEventsLogger.js +165 -0
- package/dist/src/directory-sync/scim/WebhookEventsLogger.js.map +1 -0
- package/dist/src/directory-sync/scim/transform.d.ts +6 -0
- package/dist/src/directory-sync/scim/transform.js +37 -0
- package/dist/src/directory-sync/scim/transform.js.map +1 -0
- package/dist/src/directory-sync/scim/utils.d.ts +33 -0
- package/dist/src/directory-sync/scim/utils.js +129 -0
- package/dist/src/directory-sync/scim/utils.js.map +1 -0
- package/dist/src/directory-sync/types.d.ts +195 -0
- package/dist/src/directory-sync/types.js +10 -0
- package/dist/src/directory-sync/types.js.map +1 -0
- package/dist/src/directory-sync/utils.d.ts +19 -0
- package/dist/src/directory-sync/utils.js +56 -0
- package/dist/src/directory-sync/utils.js.map +1 -0
- package/dist/src/ee/branding/index.d.ts +17 -0
- package/dist/src/ee/branding/index.js +49 -0
- package/dist/src/ee/branding/index.js.map +1 -0
- package/dist/src/ee/common/checkLicense.d.ts +3 -0
- package/dist/src/ee/common/checkLicense.js +23 -0
- package/dist/src/ee/common/checkLicense.js.map +1 -0
- package/dist/src/ee/identity-federation/app.d.ts +328 -0
- package/dist/src/ee/identity-federation/app.js +532 -0
- package/dist/src/ee/identity-federation/app.js.map +1 -0
- package/dist/src/ee/identity-federation/idp-login.d.ts +18 -0
- package/dist/src/ee/identity-federation/idp-login.js +98 -0
- package/dist/src/ee/identity-federation/idp-login.js.map +1 -0
- package/dist/src/ee/identity-federation/index.d.ts +15 -0
- package/dist/src/ee/identity-federation/index.js +43 -0
- package/dist/src/ee/identity-federation/index.js.map +1 -0
- package/dist/src/ee/identity-federation/sso.d.ts +24 -0
- package/dist/src/ee/identity-federation/sso.js +124 -0
- package/dist/src/ee/identity-federation/sso.js.map +1 -0
- package/dist/src/ee/identity-federation/types.d.ts +38 -0
- package/dist/src/ee/identity-federation/types.js +2 -0
- package/dist/src/ee/identity-federation/types.js.map +1 -0
- package/dist/src/ee/ory/ory.d.ts +18 -0
- package/dist/src/ee/ory/ory.js +195 -0
- package/dist/src/ee/ory/ory.js.map +1 -0
- package/dist/src/ee/product/index.d.ts +14 -0
- package/dist/src/ee/product/index.js +45 -0
- package/dist/src/ee/product/index.js.map +1 -0
- package/dist/src/event/axios.d.ts +2 -0
- package/dist/src/event/axios.js +27 -0
- package/dist/src/event/axios.js.map +1 -0
- package/dist/src/event/index.d.ts +11 -0
- package/dist/src/event/index.js +53 -0
- package/dist/src/event/index.js.map +1 -0
- package/dist/src/event/types.d.ts +21 -0
- package/dist/src/event/types.js +2 -0
- package/dist/src/event/types.js.map +1 -0
- package/dist/src/event/utils.d.ts +4 -0
- package/dist/src/event/utils.js +33 -0
- package/dist/src/event/utils.js.map +1 -0
- package/dist/src/event/webhook.d.ts +3 -0
- package/dist/src/event/webhook.js +34 -0
- package/dist/src/event/webhook.js.map +1 -0
- package/dist/src/index.d.ts +35 -0
- package/dist/src/index.js +161 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/loadConnection.d.ts +4 -0
- package/dist/src/loadConnection.js +38 -0
- package/dist/src/loadConnection.js.map +1 -0
- package/dist/src/opentelemetry/metrics.d.ts +14 -0
- package/dist/src/opentelemetry/metrics.js +64 -0
- package/dist/src/opentelemetry/metrics.js.map +1 -0
- package/dist/src/saml/claims.d.ts +12 -0
- package/dist/src/saml/claims.js +57 -0
- package/dist/src/saml/claims.js.map +1 -0
- package/dist/src/saml/lib.d.ts +8 -0
- package/dist/src/saml/lib.js +29 -0
- package/dist/src/saml/lib.js.map +1 -0
- package/dist/src/saml/x509.d.ts +9 -0
- package/dist/src/saml/x509.js +93 -0
- package/dist/src/saml/x509.js.map +1 -0
- package/dist/src/sso-traces/index.d.ts +114 -0
- package/dist/src/sso-traces/index.js +229 -0
- package/dist/src/sso-traces/index.js.map +1 -0
- package/dist/src/sso-traces/types.d.ts +44 -0
- package/dist/src/sso-traces/types.js +2 -0
- package/dist/src/sso-traces/types.js.map +1 -0
- package/dist/src/typings.d.ts +540 -0
- package/dist/src/typings.js +5 -0
- package/dist/src/typings.js.map +1 -0
- package/dist/typeorm.d.ts +3 -0
- package/dist/typeorm.js +58 -0
- package/dist/typeorm.js.map +1 -0
- package/dist/typings.d.ts +1 -1
- package/package.json +13 -13
|
@@ -0,0 +1,306 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
var __rest = (this && this.__rest) || function (s, e) {
|
|
11
|
+
var t = {};
|
|
12
|
+
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
|
|
13
|
+
t[p] = s[p];
|
|
14
|
+
if (s != null && typeof Object.getOwnPropertySymbols === "function")
|
|
15
|
+
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
|
|
16
|
+
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
|
|
17
|
+
t[p[i]] = s[p[i]];
|
|
18
|
+
}
|
|
19
|
+
return t;
|
|
20
|
+
};
|
|
21
|
+
import saml from '@boxyhq/saml20';
|
|
22
|
+
import crypto from 'crypto';
|
|
23
|
+
import { promisify } from 'util';
|
|
24
|
+
import { deflateRaw } from 'zlib';
|
|
25
|
+
import { getDefaultCertificate } from '../saml/x509';
|
|
26
|
+
import * as dbutils from '../db/utils';
|
|
27
|
+
import { JacksonError } from './error';
|
|
28
|
+
import { IndexNames } from './utils';
|
|
29
|
+
import { relayStatePrefix } from './utils';
|
|
30
|
+
import * as redirect from './oauth/redirect';
|
|
31
|
+
import * as allowed from './oauth/allowed';
|
|
32
|
+
import { oidcClientConfig } from './oauth/oidc-client';
|
|
33
|
+
const deflateRawAsync = promisify(deflateRaw);
|
|
34
|
+
export class SSOHandler {
|
|
35
|
+
constructor({ connection, session, opts, }) {
|
|
36
|
+
this.createSAMLResponse = (_a) => __awaiter(this, [_a], void 0, function* ({ profile, session }) {
|
|
37
|
+
const certificate = yield getDefaultCertificate();
|
|
38
|
+
const mappedClaims = profile.claims;
|
|
39
|
+
if (session.mappings) {
|
|
40
|
+
session.mappings.forEach((elem) => {
|
|
41
|
+
const key = elem.key;
|
|
42
|
+
const value = elem.value;
|
|
43
|
+
if (mappedClaims.raw[value]) {
|
|
44
|
+
mappedClaims.raw[key] = mappedClaims.raw[value];
|
|
45
|
+
}
|
|
46
|
+
});
|
|
47
|
+
session.mappings.forEach((elem) => {
|
|
48
|
+
const value = elem.value;
|
|
49
|
+
delete mappedClaims.raw[value];
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
try {
|
|
53
|
+
const responseSigned = yield saml.createSAMLResponse(Object.assign(Object.assign({ audience: session.requested.entityId, acsUrl: session.requested.acsUrl, requestId: session.requested.id, issuer: `${this.opts.samlAudience}`, claims: mappedClaims }, certificate), { flattenArray: true }));
|
|
54
|
+
const params = [];
|
|
55
|
+
if (session.requested.relayState) {
|
|
56
|
+
params.push({
|
|
57
|
+
name: 'RelayState',
|
|
58
|
+
value: session.requested.relayState,
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
params.push({
|
|
62
|
+
name: 'SAMLResponse',
|
|
63
|
+
value: Buffer.from(responseSigned).toString('base64'),
|
|
64
|
+
});
|
|
65
|
+
const responseForm = saml.createPostForm(session.requested.acsUrl, params);
|
|
66
|
+
return { responseForm };
|
|
67
|
+
}
|
|
68
|
+
catch (err) {
|
|
69
|
+
console.error('Error creating SAML response:', err);
|
|
70
|
+
// TODO: Instead send saml response with status code
|
|
71
|
+
throw new JacksonError('Unable to validate SAML Response.', 403);
|
|
72
|
+
}
|
|
73
|
+
});
|
|
74
|
+
// Create a new session to store SP request information
|
|
75
|
+
this.createSession = (_a) => __awaiter(this, [_a], void 0, function* ({ requestId, requested, oidcCodeVerifier, oidcNonce, mappings, }) {
|
|
76
|
+
const sessionId = crypto.randomBytes(16).toString('hex');
|
|
77
|
+
const session = {
|
|
78
|
+
id: requestId,
|
|
79
|
+
requested,
|
|
80
|
+
samlFederated: true,
|
|
81
|
+
mappings,
|
|
82
|
+
};
|
|
83
|
+
if (oidcCodeVerifier) {
|
|
84
|
+
session['oidcCodeVerifier'] = oidcCodeVerifier;
|
|
85
|
+
}
|
|
86
|
+
if (oidcNonce) {
|
|
87
|
+
session['oidcNonce'] = oidcNonce;
|
|
88
|
+
}
|
|
89
|
+
yield this.session.put(sessionId, session);
|
|
90
|
+
return `${relayStatePrefix}${sessionId}`;
|
|
91
|
+
});
|
|
92
|
+
this.connection = connection;
|
|
93
|
+
this.session = session;
|
|
94
|
+
this.opts = opts;
|
|
95
|
+
}
|
|
96
|
+
// If there are multiple connections for the given tenant and product, return the url to the IdP selection page
|
|
97
|
+
// If idp_hint is provided, return the connection with the matching clientID
|
|
98
|
+
// If there is only one connection, return the connection
|
|
99
|
+
resolveConnection(params) {
|
|
100
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
101
|
+
const { authFlow, originalParams, tenant, product, idp_hint, entityId, tenants, idFedAppId = '', fedType = '', thirdPartyLogin = null, ssoTraces, } = params;
|
|
102
|
+
let connections = null;
|
|
103
|
+
const noSSOConnectionErrMessage = 'No SSO connection found.';
|
|
104
|
+
// If an IdP is specified, find the connection for that IdP
|
|
105
|
+
if (idp_hint) {
|
|
106
|
+
const connection = yield this.connection.get(idp_hint);
|
|
107
|
+
if (!connection) {
|
|
108
|
+
throw new JacksonError(noSSOConnectionErrMessage, 404);
|
|
109
|
+
}
|
|
110
|
+
return { connection };
|
|
111
|
+
}
|
|
112
|
+
// Find SAML connections for the app
|
|
113
|
+
if (tenants && tenants.length > 0 && product) {
|
|
114
|
+
const result = yield Promise.all(tenants.map((tenant) => this.connection.getByIndex({
|
|
115
|
+
name: IndexNames.TenantProduct,
|
|
116
|
+
value: dbutils.keyFromParts(tenant, product),
|
|
117
|
+
})));
|
|
118
|
+
connections = result.flatMap((r) => r.data);
|
|
119
|
+
}
|
|
120
|
+
else if (tenant && product) {
|
|
121
|
+
const result = yield this.connection.getByIndex({
|
|
122
|
+
name: IndexNames.TenantProduct,
|
|
123
|
+
value: dbutils.keyFromParts(tenant, product),
|
|
124
|
+
});
|
|
125
|
+
connections = result.data;
|
|
126
|
+
}
|
|
127
|
+
else if (entityId) {
|
|
128
|
+
const result = yield this.connection.getByIndex({
|
|
129
|
+
name: IndexNames.EntityID,
|
|
130
|
+
value: entityId,
|
|
131
|
+
});
|
|
132
|
+
connections = result.data;
|
|
133
|
+
}
|
|
134
|
+
if (!connections || connections.length === 0) {
|
|
135
|
+
throw new JacksonError(noSSOConnectionErrMessage, 404);
|
|
136
|
+
}
|
|
137
|
+
// Third party login from an oidcProvider, here we match the connection from the iss param
|
|
138
|
+
if ((thirdPartyLogin === null || thirdPartyLogin === void 0 ? void 0 : thirdPartyLogin.idpInitiatorType) === 'oidc') {
|
|
139
|
+
const oidcConnections = connections.filter((connection) => 'oidcProvider' in connection);
|
|
140
|
+
for (let _a of oidcConnections) {
|
|
141
|
+
const { oidcProvider } = _a, rest = __rest(_a, ["oidcProvider"]);
|
|
142
|
+
const connection = Object.assign({ oidcProvider }, rest);
|
|
143
|
+
const { discoveryUrl, metadata, clientId, clientSecret } = oidcProvider;
|
|
144
|
+
const oidcConfig = yield oidcClientConfig({
|
|
145
|
+
discoveryUrl,
|
|
146
|
+
metadata,
|
|
147
|
+
clientId,
|
|
148
|
+
clientSecret,
|
|
149
|
+
ssoTraces: ssoTraces,
|
|
150
|
+
});
|
|
151
|
+
if (oidcConfig.serverMetadata().issuer === thirdPartyLogin.iss) {
|
|
152
|
+
if (thirdPartyLogin.target_link_uri) {
|
|
153
|
+
if (!allowed.redirect(thirdPartyLogin.target_link_uri, connection.redirectUrl)) {
|
|
154
|
+
throw new JacksonError('target_link_uri is not allowed');
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
return { connection };
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
// No match found for iss
|
|
161
|
+
throw new JacksonError(noSSOConnectionErrMessage, 404);
|
|
162
|
+
}
|
|
163
|
+
// If more than one, redirect to the connection selection page
|
|
164
|
+
if (connections.length > 1) {
|
|
165
|
+
const url = new URL(`${this.opts.externalUrl}${this.opts.idpDiscoveryPath}`);
|
|
166
|
+
// SP initiated flow
|
|
167
|
+
if (['oauth', 'saml'].includes(authFlow)) {
|
|
168
|
+
const qps = Object.assign({ authFlow: 'sp-initiated', idFedAppId,
|
|
169
|
+
fedType }, originalParams);
|
|
170
|
+
if (tenant && product && fedType !== 'oidc') {
|
|
171
|
+
qps['tenant'] = tenant;
|
|
172
|
+
qps['product'] = product;
|
|
173
|
+
}
|
|
174
|
+
const params = new URLSearchParams(qps);
|
|
175
|
+
return { redirectUrl: `${url}?${params}` };
|
|
176
|
+
}
|
|
177
|
+
// IdP initiated flow
|
|
178
|
+
if (authFlow === 'idp-initiated') {
|
|
179
|
+
if (entityId) {
|
|
180
|
+
const params = new URLSearchParams({
|
|
181
|
+
entityId,
|
|
182
|
+
authFlow,
|
|
183
|
+
});
|
|
184
|
+
const postForm = saml.createPostForm(`${this.opts.idpDiscoveryPath}?${params}`, [
|
|
185
|
+
{
|
|
186
|
+
name: 'SAMLResponse',
|
|
187
|
+
value: originalParams.SAMLResponse,
|
|
188
|
+
},
|
|
189
|
+
]);
|
|
190
|
+
return { postForm };
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
// If only one, use that connection
|
|
195
|
+
return { connection: connections[0] };
|
|
196
|
+
});
|
|
197
|
+
}
|
|
198
|
+
createSAMLRequest(_a) {
|
|
199
|
+
return __awaiter(this, arguments, void 0, function* ({ connection, requestParams, mappings, }) {
|
|
200
|
+
// We have a connection now, so we can create the SAML request
|
|
201
|
+
const certificate = yield getDefaultCertificate();
|
|
202
|
+
const { sso } = connection.idpMetadata;
|
|
203
|
+
let ssoUrl;
|
|
204
|
+
let post = false;
|
|
205
|
+
if ('redirectUrl' in sso) {
|
|
206
|
+
ssoUrl = sso.redirectUrl;
|
|
207
|
+
}
|
|
208
|
+
else if ('postUrl' in sso) {
|
|
209
|
+
ssoUrl = sso.postUrl;
|
|
210
|
+
post = true;
|
|
211
|
+
}
|
|
212
|
+
const samlRequest = saml.request({
|
|
213
|
+
ssoUrl,
|
|
214
|
+
entityID: `${this.opts.samlAudience}`,
|
|
215
|
+
callbackUrl: this.opts.externalUrl + this.opts.samlPath,
|
|
216
|
+
signingKey: certificate.privateKey,
|
|
217
|
+
publicKey: certificate.publicKey,
|
|
218
|
+
forceAuthn: !!connection.forceAuthn,
|
|
219
|
+
identifierFormat: connection.identifierFormat
|
|
220
|
+
? connection.identifierFormat
|
|
221
|
+
: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
|
222
|
+
});
|
|
223
|
+
const relayState = yield this.createSession({
|
|
224
|
+
requestId: samlRequest.id,
|
|
225
|
+
requested: Object.assign(Object.assign({}, requestParams), { client_id: connection.clientID }),
|
|
226
|
+
mappings,
|
|
227
|
+
});
|
|
228
|
+
let redirectUrl;
|
|
229
|
+
let authorizeForm;
|
|
230
|
+
// Decide whether to use HTTP Redirect or HTTP POST binding
|
|
231
|
+
if (!post) {
|
|
232
|
+
redirectUrl = redirect.success(ssoUrl, {
|
|
233
|
+
RelayState: relayState,
|
|
234
|
+
SAMLRequest: Buffer.from(yield deflateRawAsync(samlRequest.request)).toString('base64'),
|
|
235
|
+
});
|
|
236
|
+
}
|
|
237
|
+
else {
|
|
238
|
+
authorizeForm = saml.createPostForm(ssoUrl, [
|
|
239
|
+
{
|
|
240
|
+
name: 'RelayState',
|
|
241
|
+
value: relayState,
|
|
242
|
+
},
|
|
243
|
+
{
|
|
244
|
+
name: 'SAMLRequest',
|
|
245
|
+
value: Buffer.from(samlRequest.request).toString('base64'),
|
|
246
|
+
},
|
|
247
|
+
]);
|
|
248
|
+
}
|
|
249
|
+
return {
|
|
250
|
+
redirect_url: redirectUrl,
|
|
251
|
+
authorize_form: authorizeForm,
|
|
252
|
+
};
|
|
253
|
+
});
|
|
254
|
+
}
|
|
255
|
+
createOIDCRequest(_a) {
|
|
256
|
+
return __awaiter(this, arguments, void 0, function* ({ connection, requestParams, mappings, ssoTraces, }) {
|
|
257
|
+
var _b;
|
|
258
|
+
if (!this.opts.oidcPath) {
|
|
259
|
+
throw new JacksonError('OpenID response handler path (oidcPath) is not set', 400);
|
|
260
|
+
}
|
|
261
|
+
const { discoveryUrl, metadata, clientId, clientSecret } = connection.oidcProvider;
|
|
262
|
+
try {
|
|
263
|
+
const client = yield import('openid-client');
|
|
264
|
+
const oidcConfig = yield oidcClientConfig({
|
|
265
|
+
discoveryUrl,
|
|
266
|
+
metadata,
|
|
267
|
+
clientId,
|
|
268
|
+
clientSecret,
|
|
269
|
+
ssoTraces,
|
|
270
|
+
});
|
|
271
|
+
const oidcCodeVerifier = client.randomPKCECodeVerifier();
|
|
272
|
+
const code_challenge = yield client.calculatePKCECodeChallenge(oidcCodeVerifier);
|
|
273
|
+
const oidcNonce = client.randomNonce();
|
|
274
|
+
const standardScopes = ((_b = this.opts.openid) === null || _b === void 0 ? void 0 : _b.requestProfileScope)
|
|
275
|
+
? ['openid', 'email', 'profile']
|
|
276
|
+
: ['openid', 'email'];
|
|
277
|
+
const relayState = yield this.createSession({
|
|
278
|
+
requestId: connection.clientID,
|
|
279
|
+
requested: requestParams,
|
|
280
|
+
oidcCodeVerifier,
|
|
281
|
+
oidcNonce,
|
|
282
|
+
mappings,
|
|
283
|
+
});
|
|
284
|
+
const ssoUrl = client.buildAuthorizationUrl(oidcConfig, {
|
|
285
|
+
scope: standardScopes
|
|
286
|
+
.filter((value, index, self) => self.indexOf(value) === index) // filter out duplicates
|
|
287
|
+
.join(' '),
|
|
288
|
+
code_challenge,
|
|
289
|
+
code_challenge_method: 'S256',
|
|
290
|
+
state: relayState,
|
|
291
|
+
nonce: oidcNonce,
|
|
292
|
+
redirect_uri: this.opts.externalUrl + this.opts.oidcPath,
|
|
293
|
+
}).href;
|
|
294
|
+
return {
|
|
295
|
+
redirect_url: ssoUrl,
|
|
296
|
+
authorize_form: null,
|
|
297
|
+
};
|
|
298
|
+
}
|
|
299
|
+
catch (err) {
|
|
300
|
+
console.error(err);
|
|
301
|
+
throw new JacksonError(`Unable to complete OIDC request. - ${err.message}`, 400);
|
|
302
|
+
}
|
|
303
|
+
});
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
//# sourceMappingURL=sso-handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sso-handler.js","sourceRoot":"","sources":["../../../src/controller/sso-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,OAAO,IAAI,MAAM,gBAAgB,CAAC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAYlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,OAAO,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,MAAM,eAAe,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;AAE9C,MAAM,OAAO,UAAU;IAKrB,YAAY,EACV,UAAU,EACV,OAAO,EACP,IAAI,GAKL;QA+SD,uBAAkB,GAAG,KAAqE,EAAE,0CAAhE,EAAE,OAAO,EAAE,OAAO,EAA0C;YACtF,MAAM,WAAW,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAElD,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;YACpC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;oBACrB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBACzB,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC5B,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAClD,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBACzB,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACjC,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,kBAAkB,+BAClD,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,QAAQ,EACpC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM,EAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,EAC/B,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EACnC,MAAM,EAAE,YAAY,IACjB,WAAW,KACd,YAAY,EAAE,IAAI,IAClB,CAAC;gBAEH,MAAM,MAAM,GAAsC,EAAE,CAAC;gBAErD,IAAI,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;oBACjC,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,UAAU;qBACpC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACtD,CAAC,CAAC;gBAEH,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAE3E,OAAO,EAAE,YAAY,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;gBACpD,oDAAoD;gBACpD,MAAM,IAAI,YAAY,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAA,CAAC;QAEF,uDAAuD;QAC/C,kBAAa,GAAG,KAYrB,EAAE,0CAZ0B,EAC7B,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,EACT,QAAQ,GAOT;YACC,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEzD,MAAM,OAAO,GAAG;gBACd,EAAE,EAAE,SAAS;gBACb,SAAS;gBACT,aAAa,EAAE,IAAI;gBACnB,QAAQ;aACT,CAAC;YAEF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,OAAO,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;YACjD,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;YACnC,CAAC;YAED,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAE3C,OAAO,GAAG,gBAAgB,GAAG,SAAS,EAAE,CAAC;QAC3C,CAAC,CAAA,CAAC;QArYA,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,+GAA+G;IAC/G,4EAA4E;IAC5E,yDAAyD;IACnD,iBAAiB,CAAC,MAavB;;YAWC,MAAM,EACJ,QAAQ,EACR,cAAc,EACd,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,UAAU,GAAG,EAAE,EACf,OAAO,GAAG,EAAE,EACZ,eAAe,GAAG,IAAI,EACtB,SAAS,GACV,GAAG,MAAM,CAAC;YAEX,IAAI,WAAW,GAA6C,IAAI,CAAC;YACjE,MAAM,yBAAyB,GAAG,0BAA0B,CAAC;YAE7D,2DAA2D;YAC3D,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAEvD,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;gBACzD,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,CAAC;YAED,oCAAoC;YACpC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAC9B,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACrB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBACzB,IAAI,EAAE,UAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CACH,CACF,CAAC;gBAEF,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9C,CAAC;iBAAM,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9C,IAAI,EAAE,UAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CAAC;gBAEH,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9C,IAAI,EAAE,UAAU,CAAC,QAAQ;oBACzB,KAAK,EAAE,QAAQ;iBAChB,CAAC,CAAC;gBAEH,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;YAED,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,0FAA0F;YAC1F,IAAI,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,gBAAgB,MAAK,MAAM,EAAE,CAAC;gBACjD,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CACxC,CAAC,UAAU,EAAE,EAAE,CAAC,cAAc,IAAI,UAAU,CAC1B,CAAC;gBAErB,KAAK,IAAA,EAA+B,IAAI,eAAe,EAAE,CAAC;oBAArD,MAAM,EAAE,YAAY,OAAW,EAAN,IAAI,cAAvB,gBAAyB,CAAA,CAAA;oBAClC,MAAM,UAAU,mBAAK,YAAY,IAAK,IAAI,CAAE,CAAC;oBAC7C,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;oBACxE,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC;wBACxC,YAAY;wBACZ,QAAQ;wBACR,QAAQ;wBACR,YAAY;wBACZ,SAAS,EAAE,SAAU;qBACtB,CAAC,CAAC;oBAEH,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC,MAAM,KAAK,eAAe,CAAC,GAAG,EAAE,CAAC;wBAC/D,IAAI,eAAe,CAAC,eAAe,EAAE,CAAC;4BACpC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,eAAe,EAAE,UAAU,CAAC,WAAuB,CAAC,EAAE,CAAC;gCAC3F,MAAM,IAAI,YAAY,CAAC,gCAAgC,CAAC,CAAC;4BAC3D,CAAC;wBACH,CAAC;wBACD,OAAO,EAAE,UAAU,EAAE,CAAC;oBACxB,CAAC;gBACH,CAAC;gBACD,yBAAyB;gBACzB,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,8DAA8D;YAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBAE7E,oBAAoB;gBACpB,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzC,MAAM,GAAG,mBACP,QAAQ,EAAE,cAAc,EACxB,UAAU;wBACV,OAAO,IACJ,cAAc,CAClB,CAAC;oBACF,IAAI,MAAM,IAAI,OAAO,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;wBAC5C,GAAG,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;wBACvB,GAAG,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC;oBAC3B,CAAC;oBACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;oBAExC,OAAO,EAAE,WAAW,EAAE,GAAG,GAAG,IAAI,MAAM,EAAE,EAAE,CAAC;gBAC7C,CAAC;gBAED,qBAAqB;gBACrB,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;oBACjC,IAAI,QAAQ,EAAE,CAAC;wBACb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;4BACjC,QAAQ;4BACR,QAAQ;yBACT,CAAC,CAAC;wBAEH,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,MAAM,EAAE,EAAE;4BAC9E;gCACE,IAAI,EAAE,cAAc;gCACpB,KAAK,EAAE,cAAc,CAAC,YAAY;6BACnC;yBACF,CAAC,CAAC;wBAEH,OAAO,EAAE,QAAQ,EAAE,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;QACxC,CAAC;KAAA;IAEK,iBAAiB;6DAAC,EACtB,UAAU,EACV,aAAa,EACb,QAAQ,GAKT;YACC,8DAA8D;YAC9D,MAAM,WAAW,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAElD,MAAM,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC;YAEvC,IAAI,MAAM,CAAC;YACX,IAAI,IAAI,GAAG,KAAK,CAAC;YAEjB,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,CAAC,WAAW,CAAC;YAC3B,CAAC;iBAAM,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;gBAC5B,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC;gBACrB,IAAI,GAAG,IAAI,CAAC;YACd,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC;gBAC/B,MAAM;gBACN,QAAQ,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;gBACrC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ;gBACvD,UAAU,EAAE,WAAW,CAAC,UAAU;gBAClC,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU;gBACnC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;oBAC3C,CAAC,CAAC,UAAU,CAAC,gBAAgB;oBAC7B,CAAC,CAAC,wDAAwD;aAC7D,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,EAAE;gBACzB,SAAS,kCACJ,aAAa,KAChB,SAAS,EAAE,UAAU,CAAC,QAAQ,GAC/B;gBACD,QAAQ;aACT,CAAC,CAAC;YAEH,IAAI,WAAW,CAAC;YAChB,IAAI,aAAa,CAAC;YAElB,2DAA2D;YAC3D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;oBACrC,UAAU,EAAE,UAAU;oBACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACxF,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE;oBAC1C;wBACE,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,UAAU;qBAClB;oBACD;wBACE,IAAI,EAAE,aAAa;wBACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;qBAC3D;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,YAAY,EAAE,WAAW;gBACzB,cAAc,EAAE,aAAa;aAC9B,CAAC;QACJ,CAAC;KAAA;IAEK,iBAAiB;6DAAC,EACtB,UAAU,EACV,aAAa,EACb,QAAQ,EACR,SAAS,GAMV;;YACC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxB,MAAM,IAAI,YAAY,CAAC,oDAAoD,EAAE,GAAG,CAAC,CAAC;YACpF,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,UAAU,CAAC,YAAY,CAAC;YAEnF,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;gBAC7C,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC;oBACxC,YAAY;oBACZ,QAAQ;oBACR,QAAQ;oBACR,YAAY;oBACZ,SAAS;iBACV,CAAC,CAAC;gBACH,MAAM,gBAAgB,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;gBACzD,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;gBACjF,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,cAAc,GAAG,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,MAAM,0CAAE,mBAAmB;oBAC1D,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;oBAChC,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAExB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;oBAC1C,SAAS,EAAE,UAAU,CAAC,QAAQ;oBAC9B,SAAS,EAAE,aAAa;oBACxB,gBAAgB;oBAChB,SAAS;oBACT,QAAQ;iBACT,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,MAAM,CAAC,qBAAqB,CAAC,UAAU,EAAE;oBACtD,KAAK,EAAE,cAAc;yBAClB,MAAM,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,wBAAwB;yBACtF,IAAI,CAAC,GAAG,CAAC;oBACZ,cAAc;oBACd,qBAAqB,EAAE,MAAM;oBAC7B,KAAK,EAAE,UAAU;oBACjB,KAAK,EAAE,SAAS;oBAChB,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ;iBACzD,CAAC,CAAC,IAAI,CAAC;gBAER,OAAO;oBACL,YAAY,EAAE,MAAM;oBACpB,cAAc,EAAE,IAAI;iBACrB,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,MAAM,IAAI,YAAY,CAAC,sCAAsC,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;YACnF,CAAC;QACH,CAAC;KAAA;CA0FF"}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
import * as jose from 'jose';
|
|
2
|
+
import type { Configuration, authorizationCodeGrant } from 'openid-client' with { 'resolution-mode': 'import' };
|
|
3
|
+
import type { ConnectionType, OAuthErrorHandlerParams, SAMLSSOConnectionWithEncodedMetadata, SAMLSSOConnectionWithRawMetadata, OIDCSSOConnectionWithDiscoveryUrl, OIDCSSOConnectionWithMetadata, Profile, SAMLSSORecord, OIDCSSORecord, Directory } from '../typings';
|
|
4
|
+
export declare enum IndexNames {
|
|
5
|
+
EntityID = "entityID",
|
|
6
|
+
TenantProduct = "tenantProduct",
|
|
7
|
+
OIDCProviderClientID = "OIDCProviderClientID",
|
|
8
|
+
SSOClientID = "SSOClientID",
|
|
9
|
+
Product = "product",
|
|
10
|
+
Service = "service",
|
|
11
|
+
SetupToken = "token",
|
|
12
|
+
ProductService = "productService",
|
|
13
|
+
TenantProductService = "tenantProductService"
|
|
14
|
+
}
|
|
15
|
+
export declare const storeNamespacePrefix: {
|
|
16
|
+
dsync: {
|
|
17
|
+
config: string;
|
|
18
|
+
logs: string;
|
|
19
|
+
users: string;
|
|
20
|
+
groups: string;
|
|
21
|
+
members: string;
|
|
22
|
+
providers: string;
|
|
23
|
+
events: string;
|
|
24
|
+
lock: string;
|
|
25
|
+
};
|
|
26
|
+
saml: {
|
|
27
|
+
config: string;
|
|
28
|
+
};
|
|
29
|
+
};
|
|
30
|
+
export declare const relayStatePrefix = "boxyhq_jackson_";
|
|
31
|
+
export declare const clientIDFederatedPrefix = "fed_";
|
|
32
|
+
export declare const clientIDOIDCPrefix = "oidc_";
|
|
33
|
+
export declare const validateAbsoluteUrl: (url: any, message: any) => void;
|
|
34
|
+
export declare const OAuthErrorResponse: ({ error, error_description, redirect_uri, state, }: OAuthErrorHandlerParams) => string;
|
|
35
|
+
export declare function getErrorMessage(error: unknown): string;
|
|
36
|
+
export declare const createRandomSecret: (length: number) => Promise<string>;
|
|
37
|
+
export declare function loadJWSPrivateKey(key: string, alg: string): Promise<jose.KeyLike>;
|
|
38
|
+
export declare function isJWSKeyPairLoaded(jwsKeyPair: {
|
|
39
|
+
private: string;
|
|
40
|
+
public: string;
|
|
41
|
+
}): boolean;
|
|
42
|
+
export declare const importJWTPublicKey: (key: string, jwsAlg: string) => Promise<jose.KeyLike>;
|
|
43
|
+
export declare const exportPublicKeyJWK: (key: jose.KeyLike) => Promise<jose.JWK>;
|
|
44
|
+
export declare const generateJwkThumbprint: (jwk: jose.JWK) => Promise<string>;
|
|
45
|
+
export declare const computeKid: (key: string, jwsAlg: string) => Promise<string>;
|
|
46
|
+
export declare const validateSSOConnection: (body: SAMLSSOConnectionWithRawMetadata | SAMLSSOConnectionWithEncodedMetadata | OIDCSSOConnectionWithDiscoveryUrl | OIDCSSOConnectionWithMetadata, strategy: ConnectionType) => void;
|
|
47
|
+
export declare const validateRedirectUrl: ({ redirectUrlList, defaultRedirectUrl }: {
|
|
48
|
+
redirectUrlList: any;
|
|
49
|
+
defaultRedirectUrl: any;
|
|
50
|
+
}) => void;
|
|
51
|
+
export declare const extractRedirectUrls: (urls: string[] | string) => string[];
|
|
52
|
+
export declare const extractHostName: (url: string) => string | null;
|
|
53
|
+
export type AuthorizationCodeGrantResult = Awaited<ReturnType<typeof authorizationCodeGrant>>;
|
|
54
|
+
export declare const extractOIDCUserProfile: (tokens: AuthorizationCodeGrantResult, oidcConfig: Configuration) => Promise<{
|
|
55
|
+
claims: Partial<Profile & {
|
|
56
|
+
raw: Record<string, unknown>;
|
|
57
|
+
}>;
|
|
58
|
+
}>;
|
|
59
|
+
export declare const getScopeValues: (scope?: string) => string[];
|
|
60
|
+
export declare const getEncodedTenantProduct: (param: string) => {
|
|
61
|
+
tenant: string | null;
|
|
62
|
+
product: string | null;
|
|
63
|
+
} | null;
|
|
64
|
+
export declare const validateTenantAndProduct: (tenant: string, product: string) => void;
|
|
65
|
+
export declare const appID: (tenant: string, product: string) => string;
|
|
66
|
+
export declare const fedAppID: (tenant: string, product: string, type?: string) => string;
|
|
67
|
+
declare const wellKnownProviders: {
|
|
68
|
+
readonly 'okta.com': "Okta";
|
|
69
|
+
readonly 'sts.windows.net': "Entra ID";
|
|
70
|
+
readonly 'mocksaml.com': "MockSAML";
|
|
71
|
+
readonly 'onelogin.com': "OneLogin";
|
|
72
|
+
readonly 'keycloak.com': "Keycloak";
|
|
73
|
+
readonly 'jumpcloud.com': "JumpCloud";
|
|
74
|
+
readonly 'google.com': "Google";
|
|
75
|
+
readonly 'auth0.com': "Auth0";
|
|
76
|
+
readonly 'pingone.com': "PingOne";
|
|
77
|
+
};
|
|
78
|
+
export declare const findFriendlyProviderName: (providerName: string) => keyof typeof wellKnownProviders | "null";
|
|
79
|
+
export declare const transformConnections: (connections: Array<SAMLSSORecord | OIDCSSORecord>) => (SAMLSSORecord | OIDCSSORecord)[];
|
|
80
|
+
export declare const transformConnection: (connection: SAMLSSORecord | OIDCSSORecord) => SAMLSSORecord | OIDCSSORecord;
|
|
81
|
+
export declare const isLocalhost: (url: string) => boolean;
|
|
82
|
+
export declare const isConnectionActive: (connection: SAMLSSORecord | OIDCSSORecord | Directory) => boolean;
|
|
83
|
+
export declare const validateSortOrder: (sortOrder: unknown) => void;
|
|
84
|
+
export {};
|