npm - @cosmotech/core - Versions diffs - 1.18.0 → 1.18.2 - Mend

@cosmotech/core 1.18.0 → 1.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.yarn/install-state.gz CHANGED Viewed

Binary file

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,15 @@
+## **1.18.2** <sub><sup>2024-09-23 (e619d7e...e619d7e)</sup></sub>
+### Bug Fixes
+- fix empty user roles when using Keycloak auth provider ([e619d7e](https://github.com/Cosmo-Tech/webapp-component-core/commit/e619d7e))
+## **1.18.1** <sub><sup>2024-09-17 (3629ee8...3629ee8)</sup></sub>
+### Bug Fixes
+- add mechanism to refresh tokens for Keycloak auth provider ([3629ee8](https://github.com/Cosmo-Tech/webapp-component-core/commit/3629ee8))
 ## **1.18.0** <sub><sup>2024-09-11 (cc08ecb...54ff3ae)</sup></sub>
 ### Features

package/dist/index.cjs.js CHANGED Viewed

@@ -41408,6 +41408,22 @@ function isUserSignedIn$2(callback) {
   }
   return currentProvider.isUserSignedIn(callback);
 }
+function refreshTokens$1() {
+  return _refreshTokens.apply(this, arguments);
+}
+function _refreshTokens() {
+  _refreshTokens = _asyncToGenerator(function* () {
+    if (currentProvider === undefined) {
+      return;
+    }
+    if (!currentProvider.refreshTokens) {
+      console.warn('Method refreshTokens is not implemented in the current authentication provider');
+      return;
+    }
+    return currentProvider.refreshTokens();
+  });
+  return _refreshTokens.apply(this, arguments);
+}
 function getUserEmail$2() {
   if (currentProvider === undefined) {
     return undefined;
@@ -41445,6 +41461,7 @@ var Auth = {
   signOut: signOut$2,
   onAuthStateChanged,
   isUserSignedIn: isUserSignedIn$2,
+  refreshTokens: refreshTokens$1,
   getUserEmail: getUserEmail$2,
   getUserName: getUserName$2,
   getUserId: getUserId$2,
@@ -57270,7 +57287,6 @@ var readFromStorage = key => localStorage.getItem(key);
 var clearFromStorage = key => localStorage.removeItem(key);
 var name = 'auth-keycloakRedirect';
 var authData = {
-  authenticated: readFromStorage('authAuthenticated') === 'true',
   accountId: undefined,
   userEmail: undefined,
   username: undefined,
@@ -57303,7 +57319,7 @@ var redirectOnAuthSuccess = () => {
 var _acquireTokensByRequestAndAccount = /*#__PURE__*/function () {
   var _ref2 = _asyncToGenerator(function* (tokenReq, account) {
     if (!tokenReq) {
-      console.warn('No base access token request provided');
+      console.warn('No token request provided');
       tokenReq = {};
     }
     tokenReq.account = account;
@@ -57317,7 +57333,7 @@ var _acquireTokensByRequestAndAccount = /*#__PURE__*/function () {
         return;
       } else if (((_silentTokenFetchErro = silentTokenFetchError.errorMessage) === null || _silentTokenFetchErro === void 0 ? void 0 : _silentTokenFetchErro.indexOf('interaction_required')) !== -1) {
         msalApp.acquireTokenRedirect(tokenReq).then(tokenRes => tokenRes) // Token acquired with interaction
-        .catch(tokenRedirectError => tokenRedirectError); // Token retrieval failed
+        .catch(tokenRedirectError => console.error(tokenRedirectError));
       }
       throw silentTokenFetchError;
     });
@@ -57326,25 +57342,27 @@ var _acquireTokensByRequestAndAccount = /*#__PURE__*/function () {
     return _ref2.apply(this, arguments);
   };
 }();
+// When forceRefresh is set to true, existing tokens in browser storage are ignored and new tokens are retrieved with
+// a silent request
 var acquireTokens = /*#__PURE__*/function () {
   var _ref3 = _asyncToGenerator(function* () {
     var _msalApp$getAllAccoun;
+    var forceRefresh = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : false;
     if (!checkInit()) return;
-    var idToken = readFromStorage('authIdToken');
-    var accessToken = readFromStorage('authAccessToken');
-    var authenticated = readFromStorage('authAuthenticated') === 'true';
-    if (authenticated && idToken != null && accessToken != null) {
+    if (!forceRefresh && readFromStorage('authAuthenticated') === 'true') {
+      var idToken = readFromStorage('authIdToken');
+      var accessToken = readFromStorage('authAccessToken');
       return {
         accessToken,
         idToken
       };
     }
     var account = (_msalApp$getAllAccoun = msalApp.getAllAccounts()) === null || _msalApp$getAllAccoun === void 0 ? void 0 : _msalApp$getAllAccoun[0];
-    var tokenReq = config.accessRequest;
-    if (account === undefined) {
-      return undefined;
-    }
-    return yield _acquireTokensByRequestAndAccount(tokenReq, account);
+    if (account === undefined) return;
+    var tokens = yield _acquireTokensByRequestAndAccount(config.accessRequest, account);
+    _updateTokensInStorage(tokens);
+    return tokens;
   });
   return function acquireTokens() {
     return _ref3.apply(this, arguments);
@@ -57353,12 +57371,10 @@ var acquireTokens = /*#__PURE__*/function () {
 var handleResponse = response => {
   if (response != null) {
     var account = response.account;
+    _updateTokensInStorage(response);
     writeToStorage('authIdTokenPopup', response.idToken);
-    writeToStorage('authIdToken', response.idToken);
-    writeToStorage('authAccessToken', response.accessToken);
     writeToStorage('authAuthenticated', 'true');
     writeToStorage('authAccountId', account.homeAccountId);
-    authData.authenticated = true;
     authData.accountId = account.homeAccountId;
     authData.userEmail = account.username; // In MSAL account data, username property contains user email
     authData.username = account.name;
@@ -57398,50 +57414,56 @@ var signOut = () => {
 var isAsync = () => {
   return false;
 };
+var _updateTokensInStorage = tokens => {
+  if (tokens !== null && tokens !== void 0 && tokens.idToken) writeToStorage('authIdToken', tokens.idToken);
+  if (tokens !== null && tokens !== void 0 && tokens.accessToken) {
+    writeToStorage('authAccessToken', tokens.accessToken);
+    authData.roles = _extractRolesFromAccessToken(tokens.accessToken);
+  }
+};
 var _extractRolesFromAccessToken = accessToken => {
   var result = [];
   if (accessToken) {
     var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
-    if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) {
-      result = decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken.roles;
-    }
+    // The exact key to use may depend from keycloak client & API configuration
+    if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) result = decodedToken.roles;else if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) result = decodedToken.userRoles;
   }
   return result;
 };
 var isUserSignedIn = /*#__PURE__*/function () {
   var _ref4 = _asyncToGenerator(function* () {
-    if (authData.authenticated) return true;
     if (readFromStorage('authAuthenticated') === 'true') {
-      authData.authenticated = true;
+      // Restore roles from access token if necessary (roles in auhtData may be lost after login redirection)
+      if (authData.roles.length === 0) {
+        var accessToken = readFromStorage('authAccessToken');
+        if (accessToken) authData.roles = _extractRolesFromAccessToken(accessToken);
+      }
       return true;
     }
-    // Resume interaction if one is already in progress
-    if (readFromStorage('authInteractionInProgress') === name) {
-      clearFromStorage('authInteractionInProgress');
-      var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
-      if (locationHashParameters.has('state')) {
-        var _config2;
-        if (locationHashParameters.has('iss', (_config2 = config) === null || _config2 === void 0 || (_config2 = _config2.msalConfig) === null || _config2 === void 0 || (_config2 = _config2.auth) === null || _config2 === void 0 || (_config2 = _config2.authorityMetadata) === null || _config2 === void 0 ? void 0 : _config2.issuer)) {
-          // Resume redirect workflow process
-          msalApp.handleRedirectPromise().then(handleResponse);
-        } else if (locationHashParameters.has('iss')) {
-          var _config3;
-          console.warn('Issuer found in url ("' + ((_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer) + '") does not match the keycloak configuration ("' + locationHashParameters.get('iss') + '")');
+    try {
+      // Resume interaction if one is already in progress
+      if (readFromStorage('authInteractionInProgress') === name) {
+        clearFromStorage('authInteractionInProgress');
+        var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
+        if (locationHashParameters.has('state')) {
+          var _config2;
+          if (locationHashParameters.has('iss', (_config2 = config) === null || _config2 === void 0 || (_config2 = _config2.msalConfig) === null || _config2 === void 0 || (_config2 = _config2.auth) === null || _config2 === void 0 || (_config2 = _config2.authorityMetadata) === null || _config2 === void 0 ? void 0 : _config2.issuer)) {
+            msalApp.handleRedirectPromise().then(handleResponse); // Resume redirect workflow process
+          } else if (locationHashParameters.has('iss')) {
+            var _config3;
+            var configIssuer = (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer;
+            var urlIssuer = locationHashParameters.get('iss');
+            console.warn("Issuer found in url \"".concat(urlIssuer, "\" does not match keycloak configuration: \"").concat(configIssuer, "\""));
+          }
         }
       }
-    }
-    // Otherwise, try to acquire a token silently to implement SSO
-    var tokens = yield acquireTokens();
-    if ((tokens === null || tokens === void 0 ? void 0 : tokens.idToken) !== undefined) {
-      writeToStorage('authIdToken', tokens.idToken);
-    }
-    if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined) {
-      var accessToken = tokens.accessToken;
-      authData.roles = _extractRolesFromAccessToken(accessToken);
-      writeToStorage('authAccessToken', accessToken);
-      return true;
+      // Otherwise, try to acquire a token silently to implement SSO
+      var tokens = yield acquireTokens();
+      _updateTokensInStorage(tokens);
+      if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined) return true;
+    } catch (e) {
+      console.error(e);
     }
     return false;
   });
@@ -57449,6 +57471,16 @@ var isUserSignedIn = /*#__PURE__*/function () {
     return _ref4.apply(this, arguments);
   };
 }();
+var refreshTokens = /*#__PURE__*/function () {
+  var _ref5 = _asyncToGenerator(function* () {
+    var tokens = yield acquireTokens(true);
+    _updateTokensInStorage(tokens);
+    return tokens;
+  });
+  return function refreshTokens() {
+    return _ref5.apply(this, arguments);
+  };
+}();
 var getUserEmail = () => {
   var _authData$userEmail, _msalApp$getAllAccoun2;
   if (!checkInit()) return;
@@ -57484,6 +57516,7 @@ var AuthKeycloakRedirect = /*#__PURE__*/Object.freeze({
   isAsync: isAsync,
   isUserSignedIn: isUserSignedIn,
   name: name,
+  refreshTokens: refreshTokens,
   setConfig: setConfig,
   signIn: signIn,
   signOut: signOut

package/dist/index.esm.js CHANGED Viewed

@@ -41406,6 +41406,22 @@ function isUserSignedIn$2(callback) {
   }
   return currentProvider.isUserSignedIn(callback);
 }
+function refreshTokens$1() {
+  return _refreshTokens.apply(this, arguments);
+}
+function _refreshTokens() {
+  _refreshTokens = _asyncToGenerator(function* () {
+    if (currentProvider === undefined) {
+      return;
+    }
+    if (!currentProvider.refreshTokens) {
+      console.warn('Method refreshTokens is not implemented in the current authentication provider');
+      return;
+    }
+    return currentProvider.refreshTokens();
+  });
+  return _refreshTokens.apply(this, arguments);
+}
 function getUserEmail$2() {
   if (currentProvider === undefined) {
     return undefined;
@@ -41443,6 +41459,7 @@ var Auth = {
   signOut: signOut$2,
   onAuthStateChanged,
   isUserSignedIn: isUserSignedIn$2,
+  refreshTokens: refreshTokens$1,
   getUserEmail: getUserEmail$2,
   getUserName: getUserName$2,
   getUserId: getUserId$2,
@@ -57268,7 +57285,6 @@ var readFromStorage = key => localStorage.getItem(key);
 var clearFromStorage = key => localStorage.removeItem(key);
 var name = 'auth-keycloakRedirect';
 var authData = {
-  authenticated: readFromStorage('authAuthenticated') === 'true',
   accountId: undefined,
   userEmail: undefined,
   username: undefined,
@@ -57301,7 +57317,7 @@ var redirectOnAuthSuccess = () => {
 var _acquireTokensByRequestAndAccount = /*#__PURE__*/function () {
   var _ref2 = _asyncToGenerator(function* (tokenReq, account) {
     if (!tokenReq) {
-      console.warn('No base access token request provided');
+      console.warn('No token request provided');
       tokenReq = {};
     }
     tokenReq.account = account;
@@ -57315,7 +57331,7 @@ var _acquireTokensByRequestAndAccount = /*#__PURE__*/function () {
         return;
       } else if (((_silentTokenFetchErro = silentTokenFetchError.errorMessage) === null || _silentTokenFetchErro === void 0 ? void 0 : _silentTokenFetchErro.indexOf('interaction_required')) !== -1) {
         msalApp.acquireTokenRedirect(tokenReq).then(tokenRes => tokenRes) // Token acquired with interaction
-        .catch(tokenRedirectError => tokenRedirectError); // Token retrieval failed
+        .catch(tokenRedirectError => console.error(tokenRedirectError));
       }
       throw silentTokenFetchError;
     });
@@ -57324,25 +57340,27 @@ var _acquireTokensByRequestAndAccount = /*#__PURE__*/function () {
     return _ref2.apply(this, arguments);
   };
 }();
+// When forceRefresh is set to true, existing tokens in browser storage are ignored and new tokens are retrieved with
+// a silent request
 var acquireTokens = /*#__PURE__*/function () {
   var _ref3 = _asyncToGenerator(function* () {
     var _msalApp$getAllAccoun;
+    var forceRefresh = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : false;
     if (!checkInit()) return;
-    var idToken = readFromStorage('authIdToken');
-    var accessToken = readFromStorage('authAccessToken');
-    var authenticated = readFromStorage('authAuthenticated') === 'true';
-    if (authenticated && idToken != null && accessToken != null) {
+    if (!forceRefresh && readFromStorage('authAuthenticated') === 'true') {
+      var idToken = readFromStorage('authIdToken');
+      var accessToken = readFromStorage('authAccessToken');
       return {
         accessToken,
         idToken
       };
     }
     var account = (_msalApp$getAllAccoun = msalApp.getAllAccounts()) === null || _msalApp$getAllAccoun === void 0 ? void 0 : _msalApp$getAllAccoun[0];
-    var tokenReq = config.accessRequest;
-    if (account === undefined) {
-      return undefined;
-    }
-    return yield _acquireTokensByRequestAndAccount(tokenReq, account);
+    if (account === undefined) return;
+    var tokens = yield _acquireTokensByRequestAndAccount(config.accessRequest, account);
+    _updateTokensInStorage(tokens);
+    return tokens;
   });
   return function acquireTokens() {
     return _ref3.apply(this, arguments);
@@ -57351,12 +57369,10 @@ var acquireTokens = /*#__PURE__*/function () {
 var handleResponse = response => {
   if (response != null) {
     var account = response.account;
+    _updateTokensInStorage(response);
     writeToStorage('authIdTokenPopup', response.idToken);
-    writeToStorage('authIdToken', response.idToken);
-    writeToStorage('authAccessToken', response.accessToken);
     writeToStorage('authAuthenticated', 'true');
     writeToStorage('authAccountId', account.homeAccountId);
-    authData.authenticated = true;
     authData.accountId = account.homeAccountId;
     authData.userEmail = account.username; // In MSAL account data, username property contains user email
     authData.username = account.name;
@@ -57396,50 +57412,56 @@ var signOut = () => {
 var isAsync = () => {
   return false;
 };
+var _updateTokensInStorage = tokens => {
+  if (tokens !== null && tokens !== void 0 && tokens.idToken) writeToStorage('authIdToken', tokens.idToken);
+  if (tokens !== null && tokens !== void 0 && tokens.accessToken) {
+    writeToStorage('authAccessToken', tokens.accessToken);
+    authData.roles = _extractRolesFromAccessToken(tokens.accessToken);
+  }
+};
 var _extractRolesFromAccessToken = accessToken => {
   var result = [];
   if (accessToken) {
     var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
-    if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) {
-      result = decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken.roles;
-    }
+    // The exact key to use may depend from keycloak client & API configuration
+    if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) result = decodedToken.roles;else if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) result = decodedToken.userRoles;
   }
   return result;
 };
 var isUserSignedIn = /*#__PURE__*/function () {
   var _ref4 = _asyncToGenerator(function* () {
-    if (authData.authenticated) return true;
     if (readFromStorage('authAuthenticated') === 'true') {
-      authData.authenticated = true;
+      // Restore roles from access token if necessary (roles in auhtData may be lost after login redirection)
+      if (authData.roles.length === 0) {
+        var accessToken = readFromStorage('authAccessToken');
+        if (accessToken) authData.roles = _extractRolesFromAccessToken(accessToken);
+      }
       return true;
     }
-    // Resume interaction if one is already in progress
-    if (readFromStorage('authInteractionInProgress') === name) {
-      clearFromStorage('authInteractionInProgress');
-      var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
-      if (locationHashParameters.has('state')) {
-        var _config2;
-        if (locationHashParameters.has('iss', (_config2 = config) === null || _config2 === void 0 || (_config2 = _config2.msalConfig) === null || _config2 === void 0 || (_config2 = _config2.auth) === null || _config2 === void 0 || (_config2 = _config2.authorityMetadata) === null || _config2 === void 0 ? void 0 : _config2.issuer)) {
-          // Resume redirect workflow process
-          msalApp.handleRedirectPromise().then(handleResponse);
-        } else if (locationHashParameters.has('iss')) {
-          var _config3;
-          console.warn('Issuer found in url ("' + ((_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer) + '") does not match the keycloak configuration ("' + locationHashParameters.get('iss') + '")');
+    try {
+      // Resume interaction if one is already in progress
+      if (readFromStorage('authInteractionInProgress') === name) {
+        clearFromStorage('authInteractionInProgress');
+        var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
+        if (locationHashParameters.has('state')) {
+          var _config2;
+          if (locationHashParameters.has('iss', (_config2 = config) === null || _config2 === void 0 || (_config2 = _config2.msalConfig) === null || _config2 === void 0 || (_config2 = _config2.auth) === null || _config2 === void 0 || (_config2 = _config2.authorityMetadata) === null || _config2 === void 0 ? void 0 : _config2.issuer)) {
+            msalApp.handleRedirectPromise().then(handleResponse); // Resume redirect workflow process
+          } else if (locationHashParameters.has('iss')) {
+            var _config3;
+            var configIssuer = (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer;
+            var urlIssuer = locationHashParameters.get('iss');
+            console.warn("Issuer found in url \"".concat(urlIssuer, "\" does not match keycloak configuration: \"").concat(configIssuer, "\""));
+          }
         }
       }
-    }
-    // Otherwise, try to acquire a token silently to implement SSO
-    var tokens = yield acquireTokens();
-    if ((tokens === null || tokens === void 0 ? void 0 : tokens.idToken) !== undefined) {
-      writeToStorage('authIdToken', tokens.idToken);
-    }
-    if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined) {
-      var accessToken = tokens.accessToken;
-      authData.roles = _extractRolesFromAccessToken(accessToken);
-      writeToStorage('authAccessToken', accessToken);
-      return true;
+      // Otherwise, try to acquire a token silently to implement SSO
+      var tokens = yield acquireTokens();
+      _updateTokensInStorage(tokens);
+      if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined) return true;
+    } catch (e) {
+      console.error(e);
     }
     return false;
   });
@@ -57447,6 +57469,16 @@ var isUserSignedIn = /*#__PURE__*/function () {
     return _ref4.apply(this, arguments);
   };
 }();
+var refreshTokens = /*#__PURE__*/function () {
+  var _ref5 = _asyncToGenerator(function* () {
+    var tokens = yield acquireTokens(true);
+    _updateTokensInStorage(tokens);
+    return tokens;
+  });
+  return function refreshTokens() {
+    return _ref5.apply(this, arguments);
+  };
+}();
 var getUserEmail = () => {
   var _authData$userEmail, _msalApp$getAllAccoun2;
   if (!checkInit()) return;
@@ -57482,6 +57514,7 @@ var AuthKeycloakRedirect = /*#__PURE__*/Object.freeze({
   isAsync: isAsync,
   isUserSignedIn: isUserSignedIn,
   name: name,
+  refreshTokens: refreshTokens,
   setConfig: setConfig,
   signIn: signIn,
   signOut: signOut

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cosmotech/core",
-  "version": "1.18.0",
+  "version": "1.18.2",
   "description": "",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",