@cosmotech/core 1.18.1 → 1.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.yarn/install-state.gz +0 -0
- package/CHANGELOG.md +12 -0
- package/dist/index.cjs.js +41 -32
- package/dist/index.esm.js +41 -32
- package/package.json +1 -1
package/.yarn/install-state.gz
CHANGED
|
Binary file
|
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
## **1.19.0** <sub><sup>2024-10-22 (07716f7...07716f7)</sup></sub>
|
|
2
|
+
|
|
3
|
+
### Features
|
|
4
|
+
|
|
5
|
+
- add configuration option `rolesJwtClaim` in `AuthKeycloakRedirect` provider ([07716f7](https://github.com/Cosmo-Tech/webapp-component-core/commit/07716f7))
|
|
6
|
+
|
|
7
|
+
## **1.18.2** <sub><sup>2024-09-23 (e619d7e...e619d7e)</sup></sub>
|
|
8
|
+
|
|
9
|
+
### Bug Fixes
|
|
10
|
+
|
|
11
|
+
- fix empty user roles when using Keycloak auth provider ([e619d7e](https://github.com/Cosmo-Tech/webapp-component-core/commit/e619d7e))
|
|
12
|
+
|
|
1
13
|
## **1.18.1** <sub><sup>2024-09-17 (3629ee8...3629ee8)</sup></sub>
|
|
2
14
|
|
|
3
15
|
### Bug Fixes
|
package/dist/index.cjs.js
CHANGED
|
@@ -57287,7 +57287,6 @@ var readFromStorage = key => localStorage.getItem(key);
|
|
|
57287
57287
|
var clearFromStorage = key => localStorage.removeItem(key);
|
|
57288
57288
|
var name = 'auth-keycloakRedirect';
|
|
57289
57289
|
var authData = {
|
|
57290
|
-
authenticated: readFromStorage('authAuthenticated') === 'true',
|
|
57291
57290
|
accountId: undefined,
|
|
57292
57291
|
userEmail: undefined,
|
|
57293
57292
|
username: undefined,
|
|
@@ -57351,20 +57350,19 @@ var acquireTokens = /*#__PURE__*/function () {
|
|
|
57351
57350
|
var _msalApp$getAllAccoun;
|
|
57352
57351
|
var forceRefresh = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : false;
|
|
57353
57352
|
if (!checkInit()) return;
|
|
57354
|
-
if (!forceRefresh) {
|
|
57353
|
+
if (!forceRefresh && readFromStorage('authAuthenticated') === 'true') {
|
|
57355
57354
|
var idToken = readFromStorage('authIdToken');
|
|
57356
57355
|
var accessToken = readFromStorage('authAccessToken');
|
|
57357
|
-
|
|
57358
|
-
|
|
57359
|
-
|
|
57360
|
-
|
|
57361
|
-
idToken
|
|
57362
|
-
};
|
|
57363
|
-
}
|
|
57356
|
+
return {
|
|
57357
|
+
accessToken,
|
|
57358
|
+
idToken
|
|
57359
|
+
};
|
|
57364
57360
|
}
|
|
57365
57361
|
var account = (_msalApp$getAllAccoun = msalApp.getAllAccounts()) === null || _msalApp$getAllAccoun === void 0 ? void 0 : _msalApp$getAllAccoun[0];
|
|
57366
57362
|
if (account === undefined) return;
|
|
57367
|
-
|
|
57363
|
+
var tokens = yield _acquireTokensByRequestAndAccount(config.accessRequest, account);
|
|
57364
|
+
_updateTokensInStorage(tokens);
|
|
57365
|
+
return tokens;
|
|
57368
57366
|
});
|
|
57369
57367
|
return function acquireTokens() {
|
|
57370
57368
|
return _ref3.apply(this, arguments);
|
|
@@ -57373,12 +57371,10 @@ var acquireTokens = /*#__PURE__*/function () {
|
|
|
57373
57371
|
var handleResponse = response => {
|
|
57374
57372
|
if (response != null) {
|
|
57375
57373
|
var account = response.account;
|
|
57374
|
+
_updateTokensInStorage(response);
|
|
57376
57375
|
writeToStorage('authIdTokenPopup', response.idToken);
|
|
57377
|
-
writeToStorage('authIdToken', response.idToken);
|
|
57378
|
-
writeToStorage('authAccessToken', response.accessToken);
|
|
57379
57376
|
writeToStorage('authAuthenticated', 'true');
|
|
57380
57377
|
writeToStorage('authAccountId', account.homeAccountId);
|
|
57381
|
-
authData.authenticated = true;
|
|
57382
57378
|
authData.accountId = account.homeAccountId;
|
|
57383
57379
|
authData.userEmail = account.username; // In MSAL account data, username property contains user email
|
|
57384
57380
|
authData.username = account.name;
|
|
@@ -57420,23 +57416,39 @@ var isAsync = () => {
|
|
|
57420
57416
|
};
|
|
57421
57417
|
var _updateTokensInStorage = tokens => {
|
|
57422
57418
|
if (tokens !== null && tokens !== void 0 && tokens.idToken) writeToStorage('authIdToken', tokens.idToken);
|
|
57423
|
-
if (tokens !== null && tokens !== void 0 && tokens.accessToken)
|
|
57419
|
+
if (tokens !== null && tokens !== void 0 && tokens.accessToken) {
|
|
57420
|
+
writeToStorage('authAccessToken', tokens.accessToken);
|
|
57421
|
+
authData.roles = _extractRolesFromAccessToken(tokens.accessToken);
|
|
57422
|
+
}
|
|
57424
57423
|
};
|
|
57425
57424
|
var _extractRolesFromAccessToken = accessToken => {
|
|
57426
|
-
var
|
|
57427
|
-
if (accessToken)
|
|
57428
|
-
|
|
57429
|
-
|
|
57430
|
-
|
|
57431
|
-
|
|
57432
|
-
|
|
57433
|
-
|
|
57425
|
+
var _config2;
|
|
57426
|
+
if (!accessToken) return [];
|
|
57427
|
+
var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
|
|
57428
|
+
// The exact key to use may depend from keycloak client & Cosmo Tech API configuration (c.f. the value of
|
|
57429
|
+
// csm.platform.authorization.roles-jwt-claim in your k8s tenant secrets)
|
|
57430
|
+
var rolesTokenAttribute = (_config2 = config) === null || _config2 === void 0 ? void 0 : _config2.rolesJwtClaim;
|
|
57431
|
+
if (rolesTokenAttribute) {
|
|
57432
|
+
if (decodedToken !== null && decodedToken !== void 0 && decodedToken[rolesTokenAttribute]) return decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken[rolesTokenAttribute];
|
|
57433
|
+
console.warn("Authentication provider configuration defined rolesJwtClaim=\"".concat(rolesTokenAttribute, "\" ") + 'but this key was not found in the access token. Please check your webapp and API configuration.');
|
|
57434
|
+
}
|
|
57435
|
+
if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) return decodedToken.roles; // Legacy default key in token
|
|
57436
|
+
|
|
57437
|
+
if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) {
|
|
57438
|
+
console.warn("DEPRECATED: the token claim for API roles was automatically found in 'userRoles', but the lookup " + 'for this specific key will be removed in a future version. Please update your webapp configuration to ' + "explicitly set AUTH_KEYCLOAK_ROLES_JWT_CLAIM to 'userRoles'.");
|
|
57439
|
+
return decodedToken.userRoles;
|
|
57440
|
+
}
|
|
57441
|
+
console.warn("Couldn't extract roles from access token. Please check your webapp and API configuration.");
|
|
57442
|
+
return [];
|
|
57434
57443
|
};
|
|
57435
57444
|
var isUserSignedIn = /*#__PURE__*/function () {
|
|
57436
57445
|
var _ref4 = _asyncToGenerator(function* () {
|
|
57437
|
-
if (authData.authenticated) return true;
|
|
57438
57446
|
if (readFromStorage('authAuthenticated') === 'true') {
|
|
57439
|
-
|
|
57447
|
+
// Restore roles from access token if necessary (roles in auhtData may be lost after login redirection)
|
|
57448
|
+
if (authData.roles.length === 0) {
|
|
57449
|
+
var accessToken = readFromStorage('authAccessToken');
|
|
57450
|
+
if (accessToken) authData.roles = _extractRolesFromAccessToken(accessToken);
|
|
57451
|
+
}
|
|
57440
57452
|
return true;
|
|
57441
57453
|
}
|
|
57442
57454
|
try {
|
|
@@ -57445,12 +57457,12 @@ var isUserSignedIn = /*#__PURE__*/function () {
|
|
|
57445
57457
|
clearFromStorage('authInteractionInProgress');
|
|
57446
57458
|
var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
|
|
57447
57459
|
if (locationHashParameters.has('state')) {
|
|
57448
|
-
var
|
|
57449
|
-
if (locationHashParameters.has('iss', (
|
|
57460
|
+
var _config3;
|
|
57461
|
+
if (locationHashParameters.has('iss', (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer)) {
|
|
57450
57462
|
msalApp.handleRedirectPromise().then(handleResponse); // Resume redirect workflow process
|
|
57451
57463
|
} else if (locationHashParameters.has('iss')) {
|
|
57452
|
-
var
|
|
57453
|
-
var configIssuer = (
|
|
57464
|
+
var _config4;
|
|
57465
|
+
var configIssuer = (_config4 = config) === null || _config4 === void 0 || (_config4 = _config4.msalConfig) === null || _config4 === void 0 || (_config4 = _config4.auth) === null || _config4 === void 0 || (_config4 = _config4.authorityMetadata) === null || _config4 === void 0 ? void 0 : _config4.issuer;
|
|
57454
57466
|
var urlIssuer = locationHashParameters.get('iss');
|
|
57455
57467
|
console.warn("Issuer found in url \"".concat(urlIssuer, "\" does not match keycloak configuration: \"").concat(configIssuer, "\""));
|
|
57456
57468
|
}
|
|
@@ -57460,10 +57472,7 @@ var isUserSignedIn = /*#__PURE__*/function () {
|
|
|
57460
57472
|
// Otherwise, try to acquire a token silently to implement SSO
|
|
57461
57473
|
var tokens = yield acquireTokens();
|
|
57462
57474
|
_updateTokensInStorage(tokens);
|
|
57463
|
-
if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined)
|
|
57464
|
-
authData.roles = _extractRolesFromAccessToken(tokens.accessToken);
|
|
57465
|
-
return true;
|
|
57466
|
-
}
|
|
57475
|
+
if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined) return true;
|
|
57467
57476
|
} catch (e) {
|
|
57468
57477
|
console.error(e);
|
|
57469
57478
|
}
|
package/dist/index.esm.js
CHANGED
|
@@ -57285,7 +57285,6 @@ var readFromStorage = key => localStorage.getItem(key);
|
|
|
57285
57285
|
var clearFromStorage = key => localStorage.removeItem(key);
|
|
57286
57286
|
var name = 'auth-keycloakRedirect';
|
|
57287
57287
|
var authData = {
|
|
57288
|
-
authenticated: readFromStorage('authAuthenticated') === 'true',
|
|
57289
57288
|
accountId: undefined,
|
|
57290
57289
|
userEmail: undefined,
|
|
57291
57290
|
username: undefined,
|
|
@@ -57349,20 +57348,19 @@ var acquireTokens = /*#__PURE__*/function () {
|
|
|
57349
57348
|
var _msalApp$getAllAccoun;
|
|
57350
57349
|
var forceRefresh = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : false;
|
|
57351
57350
|
if (!checkInit()) return;
|
|
57352
|
-
if (!forceRefresh) {
|
|
57351
|
+
if (!forceRefresh && readFromStorage('authAuthenticated') === 'true') {
|
|
57353
57352
|
var idToken = readFromStorage('authIdToken');
|
|
57354
57353
|
var accessToken = readFromStorage('authAccessToken');
|
|
57355
|
-
|
|
57356
|
-
|
|
57357
|
-
|
|
57358
|
-
|
|
57359
|
-
idToken
|
|
57360
|
-
};
|
|
57361
|
-
}
|
|
57354
|
+
return {
|
|
57355
|
+
accessToken,
|
|
57356
|
+
idToken
|
|
57357
|
+
};
|
|
57362
57358
|
}
|
|
57363
57359
|
var account = (_msalApp$getAllAccoun = msalApp.getAllAccounts()) === null || _msalApp$getAllAccoun === void 0 ? void 0 : _msalApp$getAllAccoun[0];
|
|
57364
57360
|
if (account === undefined) return;
|
|
57365
|
-
|
|
57361
|
+
var tokens = yield _acquireTokensByRequestAndAccount(config.accessRequest, account);
|
|
57362
|
+
_updateTokensInStorage(tokens);
|
|
57363
|
+
return tokens;
|
|
57366
57364
|
});
|
|
57367
57365
|
return function acquireTokens() {
|
|
57368
57366
|
return _ref3.apply(this, arguments);
|
|
@@ -57371,12 +57369,10 @@ var acquireTokens = /*#__PURE__*/function () {
|
|
|
57371
57369
|
var handleResponse = response => {
|
|
57372
57370
|
if (response != null) {
|
|
57373
57371
|
var account = response.account;
|
|
57372
|
+
_updateTokensInStorage(response);
|
|
57374
57373
|
writeToStorage('authIdTokenPopup', response.idToken);
|
|
57375
|
-
writeToStorage('authIdToken', response.idToken);
|
|
57376
|
-
writeToStorage('authAccessToken', response.accessToken);
|
|
57377
57374
|
writeToStorage('authAuthenticated', 'true');
|
|
57378
57375
|
writeToStorage('authAccountId', account.homeAccountId);
|
|
57379
|
-
authData.authenticated = true;
|
|
57380
57376
|
authData.accountId = account.homeAccountId;
|
|
57381
57377
|
authData.userEmail = account.username; // In MSAL account data, username property contains user email
|
|
57382
57378
|
authData.username = account.name;
|
|
@@ -57418,23 +57414,39 @@ var isAsync = () => {
|
|
|
57418
57414
|
};
|
|
57419
57415
|
var _updateTokensInStorage = tokens => {
|
|
57420
57416
|
if (tokens !== null && tokens !== void 0 && tokens.idToken) writeToStorage('authIdToken', tokens.idToken);
|
|
57421
|
-
if (tokens !== null && tokens !== void 0 && tokens.accessToken)
|
|
57417
|
+
if (tokens !== null && tokens !== void 0 && tokens.accessToken) {
|
|
57418
|
+
writeToStorage('authAccessToken', tokens.accessToken);
|
|
57419
|
+
authData.roles = _extractRolesFromAccessToken(tokens.accessToken);
|
|
57420
|
+
}
|
|
57422
57421
|
};
|
|
57423
57422
|
var _extractRolesFromAccessToken = accessToken => {
|
|
57424
|
-
var
|
|
57425
|
-
if (accessToken)
|
|
57426
|
-
|
|
57427
|
-
|
|
57428
|
-
|
|
57429
|
-
|
|
57430
|
-
|
|
57431
|
-
|
|
57423
|
+
var _config2;
|
|
57424
|
+
if (!accessToken) return [];
|
|
57425
|
+
var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
|
|
57426
|
+
// The exact key to use may depend from keycloak client & Cosmo Tech API configuration (c.f. the value of
|
|
57427
|
+
// csm.platform.authorization.roles-jwt-claim in your k8s tenant secrets)
|
|
57428
|
+
var rolesTokenAttribute = (_config2 = config) === null || _config2 === void 0 ? void 0 : _config2.rolesJwtClaim;
|
|
57429
|
+
if (rolesTokenAttribute) {
|
|
57430
|
+
if (decodedToken !== null && decodedToken !== void 0 && decodedToken[rolesTokenAttribute]) return decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken[rolesTokenAttribute];
|
|
57431
|
+
console.warn("Authentication provider configuration defined rolesJwtClaim=\"".concat(rolesTokenAttribute, "\" ") + 'but this key was not found in the access token. Please check your webapp and API configuration.');
|
|
57432
|
+
}
|
|
57433
|
+
if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) return decodedToken.roles; // Legacy default key in token
|
|
57434
|
+
|
|
57435
|
+
if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) {
|
|
57436
|
+
console.warn("DEPRECATED: the token claim for API roles was automatically found in 'userRoles', but the lookup " + 'for this specific key will be removed in a future version. Please update your webapp configuration to ' + "explicitly set AUTH_KEYCLOAK_ROLES_JWT_CLAIM to 'userRoles'.");
|
|
57437
|
+
return decodedToken.userRoles;
|
|
57438
|
+
}
|
|
57439
|
+
console.warn("Couldn't extract roles from access token. Please check your webapp and API configuration.");
|
|
57440
|
+
return [];
|
|
57432
57441
|
};
|
|
57433
57442
|
var isUserSignedIn = /*#__PURE__*/function () {
|
|
57434
57443
|
var _ref4 = _asyncToGenerator(function* () {
|
|
57435
|
-
if (authData.authenticated) return true;
|
|
57436
57444
|
if (readFromStorage('authAuthenticated') === 'true') {
|
|
57437
|
-
|
|
57445
|
+
// Restore roles from access token if necessary (roles in auhtData may be lost after login redirection)
|
|
57446
|
+
if (authData.roles.length === 0) {
|
|
57447
|
+
var accessToken = readFromStorage('authAccessToken');
|
|
57448
|
+
if (accessToken) authData.roles = _extractRolesFromAccessToken(accessToken);
|
|
57449
|
+
}
|
|
57438
57450
|
return true;
|
|
57439
57451
|
}
|
|
57440
57452
|
try {
|
|
@@ -57443,12 +57455,12 @@ var isUserSignedIn = /*#__PURE__*/function () {
|
|
|
57443
57455
|
clearFromStorage('authInteractionInProgress');
|
|
57444
57456
|
var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
|
|
57445
57457
|
if (locationHashParameters.has('state')) {
|
|
57446
|
-
var
|
|
57447
|
-
if (locationHashParameters.has('iss', (
|
|
57458
|
+
var _config3;
|
|
57459
|
+
if (locationHashParameters.has('iss', (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer)) {
|
|
57448
57460
|
msalApp.handleRedirectPromise().then(handleResponse); // Resume redirect workflow process
|
|
57449
57461
|
} else if (locationHashParameters.has('iss')) {
|
|
57450
|
-
var
|
|
57451
|
-
var configIssuer = (
|
|
57462
|
+
var _config4;
|
|
57463
|
+
var configIssuer = (_config4 = config) === null || _config4 === void 0 || (_config4 = _config4.msalConfig) === null || _config4 === void 0 || (_config4 = _config4.auth) === null || _config4 === void 0 || (_config4 = _config4.authorityMetadata) === null || _config4 === void 0 ? void 0 : _config4.issuer;
|
|
57452
57464
|
var urlIssuer = locationHashParameters.get('iss');
|
|
57453
57465
|
console.warn("Issuer found in url \"".concat(urlIssuer, "\" does not match keycloak configuration: \"").concat(configIssuer, "\""));
|
|
57454
57466
|
}
|
|
@@ -57458,10 +57470,7 @@ var isUserSignedIn = /*#__PURE__*/function () {
|
|
|
57458
57470
|
// Otherwise, try to acquire a token silently to implement SSO
|
|
57459
57471
|
var tokens = yield acquireTokens();
|
|
57460
57472
|
_updateTokensInStorage(tokens);
|
|
57461
|
-
if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined)
|
|
57462
|
-
authData.roles = _extractRolesFromAccessToken(tokens.accessToken);
|
|
57463
|
-
return true;
|
|
57464
|
-
}
|
|
57473
|
+
if ((tokens === null || tokens === void 0 ? void 0 : tokens.accessToken) !== undefined) return true;
|
|
57465
57474
|
} catch (e) {
|
|
57466
57475
|
console.error(e);
|
|
57467
57476
|
}
|