npm - @cosmotech/core - Versions diffs - 1.18.2 → 1.19.0 - Mend

@cosmotech/core 1.18.2 → 1.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.yarn/install-state.gz CHANGED Viewed

Binary file

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,9 @@
+## **1.19.0** <sub><sup>2024-10-22 (07716f7...07716f7)</sup></sub>
+### Features
+- add configuration option `rolesJwtClaim` in `AuthKeycloakRedirect` provider ([07716f7](https://github.com/Cosmo-Tech/webapp-component-core/commit/07716f7))
 ## **1.18.2** <sub><sup>2024-09-23 (e619d7e...e619d7e)</sup></sub>
 ### Bug Fixes

package/dist/index.cjs.js CHANGED Viewed

@@ -57422,13 +57422,24 @@ var _updateTokensInStorage = tokens => {
   }
 };
 var _extractRolesFromAccessToken = accessToken => {
-  var result = [];
-  if (accessToken) {
-    var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
-    // The exact key to use may depend from keycloak client & API configuration
-    if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) result = decodedToken.roles;else if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) result = decodedToken.userRoles;
-  }
-  return result;
+  var _config2;
+  if (!accessToken) return [];
+  var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
+  // The exact key to use may depend from keycloak client & Cosmo Tech API configuration (c.f. the value of
+  // csm.platform.authorization.roles-jwt-claim in your k8s tenant secrets)
+  var rolesTokenAttribute = (_config2 = config) === null || _config2 === void 0 ? void 0 : _config2.rolesJwtClaim;
+  if (rolesTokenAttribute) {
+    if (decodedToken !== null && decodedToken !== void 0 && decodedToken[rolesTokenAttribute]) return decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken[rolesTokenAttribute];
+    console.warn("Authentication provider configuration defined rolesJwtClaim=\"".concat(rolesTokenAttribute, "\" ") + 'but this key was not found in the access token. Please check your webapp and API configuration.');
+  }
+  if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) return decodedToken.roles; // Legacy default key in token
+  if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) {
+    console.warn("DEPRECATED: the token claim for API roles was automatically found in 'userRoles', but the lookup " + 'for this specific key will be removed in a future version. Please update your webapp configuration to ' + "explicitly set AUTH_KEYCLOAK_ROLES_JWT_CLAIM to 'userRoles'.");
+    return decodedToken.userRoles;
+  }
+  console.warn("Couldn't extract roles from access token. Please check your webapp and API configuration.");
+  return [];
 };
 var isUserSignedIn = /*#__PURE__*/function () {
   var _ref4 = _asyncToGenerator(function* () {
@@ -57446,12 +57457,12 @@ var isUserSignedIn = /*#__PURE__*/function () {
         clearFromStorage('authInteractionInProgress');
         var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
         if (locationHashParameters.has('state')) {
-          var _config2;
-          if (locationHashParameters.has('iss', (_config2 = config) === null || _config2 === void 0 || (_config2 = _config2.msalConfig) === null || _config2 === void 0 || (_config2 = _config2.auth) === null || _config2 === void 0 || (_config2 = _config2.authorityMetadata) === null || _config2 === void 0 ? void 0 : _config2.issuer)) {
+          var _config3;
+          if (locationHashParameters.has('iss', (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer)) {
             msalApp.handleRedirectPromise().then(handleResponse); // Resume redirect workflow process
           } else if (locationHashParameters.has('iss')) {
-            var _config3;
-            var configIssuer = (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer;
+            var _config4;
+            var configIssuer = (_config4 = config) === null || _config4 === void 0 || (_config4 = _config4.msalConfig) === null || _config4 === void 0 || (_config4 = _config4.auth) === null || _config4 === void 0 || (_config4 = _config4.authorityMetadata) === null || _config4 === void 0 ? void 0 : _config4.issuer;
             var urlIssuer = locationHashParameters.get('iss');
             console.warn("Issuer found in url \"".concat(urlIssuer, "\" does not match keycloak configuration: \"").concat(configIssuer, "\""));
           }

package/dist/index.esm.js CHANGED Viewed

@@ -57420,13 +57420,24 @@ var _updateTokensInStorage = tokens => {
   }
 };
 var _extractRolesFromAccessToken = accessToken => {
-  var result = [];
-  if (accessToken) {
-    var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
-    // The exact key to use may depend from keycloak client & API configuration
-    if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) result = decodedToken.roles;else if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) result = decodedToken.userRoles;
-  }
-  return result;
+  var _config2;
+  if (!accessToken) return [];
+  var decodedToken = JSON.parse(atob(accessToken.split('.')[1]));
+  // The exact key to use may depend from keycloak client & Cosmo Tech API configuration (c.f. the value of
+  // csm.platform.authorization.roles-jwt-claim in your k8s tenant secrets)
+  var rolesTokenAttribute = (_config2 = config) === null || _config2 === void 0 ? void 0 : _config2.rolesJwtClaim;
+  if (rolesTokenAttribute) {
+    if (decodedToken !== null && decodedToken !== void 0 && decodedToken[rolesTokenAttribute]) return decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken[rolesTokenAttribute];
+    console.warn("Authentication provider configuration defined rolesJwtClaim=\"".concat(rolesTokenAttribute, "\" ") + 'but this key was not found in the access token. Please check your webapp and API configuration.');
+  }
+  if (decodedToken !== null && decodedToken !== void 0 && decodedToken.roles) return decodedToken.roles; // Legacy default key in token
+  if (decodedToken !== null && decodedToken !== void 0 && decodedToken.userRoles) {
+    console.warn("DEPRECATED: the token claim for API roles was automatically found in 'userRoles', but the lookup " + 'for this specific key will be removed in a future version. Please update your webapp configuration to ' + "explicitly set AUTH_KEYCLOAK_ROLES_JWT_CLAIM to 'userRoles'.");
+    return decodedToken.userRoles;
+  }
+  console.warn("Couldn't extract roles from access token. Please check your webapp and API configuration.");
+  return [];
 };
 var isUserSignedIn = /*#__PURE__*/function () {
   var _ref4 = _asyncToGenerator(function* () {
@@ -57444,12 +57455,12 @@ var isUserSignedIn = /*#__PURE__*/function () {
         clearFromStorage('authInteractionInProgress');
         var locationHashParameters = new URLSearchParams(window.location.hash.substring(1));
         if (locationHashParameters.has('state')) {
-          var _config2;
-          if (locationHashParameters.has('iss', (_config2 = config) === null || _config2 === void 0 || (_config2 = _config2.msalConfig) === null || _config2 === void 0 || (_config2 = _config2.auth) === null || _config2 === void 0 || (_config2 = _config2.authorityMetadata) === null || _config2 === void 0 ? void 0 : _config2.issuer)) {
+          var _config3;
+          if (locationHashParameters.has('iss', (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer)) {
             msalApp.handleRedirectPromise().then(handleResponse); // Resume redirect workflow process
           } else if (locationHashParameters.has('iss')) {
-            var _config3;
-            var configIssuer = (_config3 = config) === null || _config3 === void 0 || (_config3 = _config3.msalConfig) === null || _config3 === void 0 || (_config3 = _config3.auth) === null || _config3 === void 0 || (_config3 = _config3.authorityMetadata) === null || _config3 === void 0 ? void 0 : _config3.issuer;
+            var _config4;
+            var configIssuer = (_config4 = config) === null || _config4 === void 0 || (_config4 = _config4.msalConfig) === null || _config4 === void 0 || (_config4 = _config4.auth) === null || _config4 === void 0 || (_config4 = _config4.authorityMetadata) === null || _config4 === void 0 ? void 0 : _config4.issuer;
             var urlIssuer = locationHashParameters.get('iss');
             console.warn("Issuer found in url \"".concat(urlIssuer, "\" does not match keycloak configuration: \"").concat(configIssuer, "\""));
           }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cosmotech/core",
-  "version": "1.18.2",
+  "version": "1.19.0",
   "description": "",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",