@egain/ai-agent-sdk 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +295 -0
- package/dist/browser.js +22739 -0
- package/dist/core/AiAgent.d.ts +1126 -0
- package/dist/core/AiAgent.d.ts.map +1 -0
- package/dist/core/AiAgent.js +2037 -0
- package/dist/core/AiAgent.js.map +1 -0
- package/dist/core/api/ApiHelper.d.ts +433 -0
- package/dist/core/api/ApiHelper.d.ts.map +1 -0
- package/dist/core/api/ApiHelper.js +689 -0
- package/dist/core/api/ApiHelper.js.map +1 -0
- package/dist/core/api/CacheAdapter.d.ts +295 -0
- package/dist/core/api/CacheAdapter.d.ts.map +1 -0
- package/dist/core/api/CacheAdapter.js +298 -0
- package/dist/core/api/CacheAdapter.js.map +1 -0
- package/dist/core/auth/AnonymousAuthStrategy.d.ts +87 -0
- package/dist/core/auth/AnonymousAuthStrategy.d.ts.map +1 -0
- package/dist/core/auth/AnonymousAuthStrategy.js +257 -0
- package/dist/core/auth/AnonymousAuthStrategy.js.map +1 -0
- package/dist/core/auth/AuthProvider.d.ts +13 -0
- package/dist/core/auth/AuthProvider.d.ts.map +1 -0
- package/dist/core/auth/AuthProvider.js +2 -0
- package/dist/core/auth/AuthProvider.js.map +1 -0
- package/dist/core/auth/AuthStrategy.d.ts +74 -0
- package/dist/core/auth/AuthStrategy.d.ts.map +1 -0
- package/dist/core/auth/AuthStrategy.js +2 -0
- package/dist/core/auth/AuthStrategy.js.map +1 -0
- package/dist/core/auth/AuthenticationService.d.ts +226 -0
- package/dist/core/auth/AuthenticationService.d.ts.map +1 -0
- package/dist/core/auth/AuthenticationService.js +344 -0
- package/dist/core/auth/AuthenticationService.js.map +1 -0
- package/dist/core/auth/ClientCredentialsAuthStrategy.d.ts +62 -0
- package/dist/core/auth/ClientCredentialsAuthStrategy.d.ts.map +1 -0
- package/dist/core/auth/ClientCredentialsAuthStrategy.js +78 -0
- package/dist/core/auth/ClientCredentialsAuthStrategy.js.map +1 -0
- package/dist/core/auth/PKCEAuthStrategy.d.ts +136 -0
- package/dist/core/auth/PKCEAuthStrategy.d.ts.map +1 -0
- package/dist/core/auth/PKCEAuthStrategy.js +409 -0
- package/dist/core/auth/PKCEAuthStrategy.js.map +1 -0
- package/dist/core/auth/PreAuthStrategy.d.ts +101 -0
- package/dist/core/auth/PreAuthStrategy.d.ts.map +1 -0
- package/dist/core/auth/PreAuthStrategy.js +216 -0
- package/dist/core/auth/PreAuthStrategy.js.map +1 -0
- package/dist/core/auth/msal-browser.js +19683 -0
- package/dist/core/auth/msal-loader.d.ts +14 -0
- package/dist/core/auth/msal-loader.d.ts.map +1 -0
- package/dist/core/auth/msal-loader.js +43 -0
- package/dist/core/auth/msal-loader.js.map +1 -0
- package/dist/core/connection/Connection.d.ts +168 -0
- package/dist/core/connection/Connection.d.ts.map +1 -0
- package/dist/core/connection/Connection.js +290 -0
- package/dist/core/connection/Connection.js.map +1 -0
- package/dist/core/connection/ConnectionState.d.ts +11 -0
- package/dist/core/connection/ConnectionState.d.ts.map +1 -0
- package/dist/core/connection/ConnectionState.js +12 -0
- package/dist/core/connection/ConnectionState.js.map +1 -0
- package/dist/core/connection/Transport.d.ts +98 -0
- package/dist/core/connection/Transport.d.ts.map +1 -0
- package/dist/core/connection/Transport.js +27 -0
- package/dist/core/connection/Transport.js.map +1 -0
- package/dist/core/connection/WebSocketTransport.d.ts +65 -0
- package/dist/core/connection/WebSocketTransport.d.ts.map +1 -0
- package/dist/core/connection/WebSocketTransport.js +177 -0
- package/dist/core/connection/WebSocketTransport.js.map +1 -0
- package/dist/core/errors/SDKError.d.ts +27 -0
- package/dist/core/errors/SDKError.d.ts.map +1 -0
- package/dist/core/errors/SDKError.js +43 -0
- package/dist/core/errors/SDKError.js.map +1 -0
- package/dist/core/events/EventEmitter.d.ts +120 -0
- package/dist/core/events/EventEmitter.d.ts.map +1 -0
- package/dist/core/events/EventEmitter.js +183 -0
- package/dist/core/events/EventEmitter.js.map +1 -0
- package/dist/core/logging/LogLevel.d.ts +33 -0
- package/dist/core/logging/LogLevel.d.ts.map +1 -0
- package/dist/core/logging/LogLevel.js +40 -0
- package/dist/core/logging/LogLevel.js.map +1 -0
- package/dist/core/logging/Logger.d.ts +120 -0
- package/dist/core/logging/Logger.d.ts.map +1 -0
- package/dist/core/logging/Logger.js +204 -0
- package/dist/core/logging/Logger.js.map +1 -0
- package/dist/core/logging/globalLogger.d.ts +8 -0
- package/dist/core/logging/globalLogger.d.ts.map +1 -0
- package/dist/core/logging/globalLogger.js +12 -0
- package/dist/core/logging/globalLogger.js.map +1 -0
- package/dist/core/logging/types.d.ts +45 -0
- package/dist/core/logging/types.d.ts.map +1 -0
- package/dist/core/logging/types.js +2 -0
- package/dist/core/logging/types.js.map +1 -0
- package/dist/core/message/BaseMessageHandler.d.ts +208 -0
- package/dist/core/message/BaseMessageHandler.d.ts.map +1 -0
- package/dist/core/message/BaseMessageHandler.js +155 -0
- package/dist/core/message/BaseMessageHandler.js.map +1 -0
- package/dist/core/message/Message.d.ts +69 -0
- package/dist/core/message/Message.d.ts.map +1 -0
- package/dist/core/message/Message.js +131 -0
- package/dist/core/message/Message.js.map +1 -0
- package/dist/core/message/MessageProcessor.d.ts +51 -0
- package/dist/core/message/MessageProcessor.d.ts.map +1 -0
- package/dist/core/message/MessageProcessor.js +123 -0
- package/dist/core/message/MessageProcessor.js.map +1 -0
- package/dist/core/message/MessageTypes.d.ts +123 -0
- package/dist/core/message/MessageTypes.d.ts.map +1 -0
- package/dist/core/message/MessageTypes.js +106 -0
- package/dist/core/message/MessageTypes.js.map +1 -0
- package/dist/core/message/Transcript.d.ts +373 -0
- package/dist/core/message/Transcript.d.ts.map +1 -0
- package/dist/core/message/Transcript.js +355 -0
- package/dist/core/message/Transcript.js.map +1 -0
- package/dist/core/message/handlers/AgentMessageHandler.d.ts +26 -0
- package/dist/core/message/handlers/AgentMessageHandler.d.ts.map +1 -0
- package/dist/core/message/handlers/AgentMessageHandler.js +130 -0
- package/dist/core/message/handlers/AgentMessageHandler.js.map +1 -0
- package/dist/core/message/handlers/ChatHistoryHandler.d.ts +12 -0
- package/dist/core/message/handlers/ChatHistoryHandler.d.ts.map +1 -0
- package/dist/core/message/handlers/ChatHistoryHandler.js +49 -0
- package/dist/core/message/handlers/ChatHistoryHandler.js.map +1 -0
- package/dist/core/message/handlers/ErrorMessageHandler.d.ts +12 -0
- package/dist/core/message/handlers/ErrorMessageHandler.d.ts.map +1 -0
- package/dist/core/message/handlers/ErrorMessageHandler.js +49 -0
- package/dist/core/message/handlers/ErrorMessageHandler.js.map +1 -0
- package/dist/core/message/handlers/HeartbeatHandler.d.ts +12 -0
- package/dist/core/message/handlers/HeartbeatHandler.d.ts.map +1 -0
- package/dist/core/message/handlers/HeartbeatHandler.js +46 -0
- package/dist/core/message/handlers/HeartbeatHandler.js.map +1 -0
- package/dist/core/message/handlers/TokenRefreshHandler.d.ts +30 -0
- package/dist/core/message/handlers/TokenRefreshHandler.d.ts.map +1 -0
- package/dist/core/message/handlers/TokenRefreshHandler.js +84 -0
- package/dist/core/message/handlers/TokenRefreshHandler.js.map +1 -0
- package/dist/core/message/types.d.ts +107 -0
- package/dist/core/message/types.d.ts.map +1 -0
- package/dist/core/message/types.js +30 -0
- package/dist/core/message/types.js.map +1 -0
- package/dist/core/platform/HookContract.d.ts +112 -0
- package/dist/core/platform/HookContract.d.ts.map +1 -0
- package/dist/core/platform/HookContract.js +13 -0
- package/dist/core/platform/HookContract.js.map +1 -0
- package/dist/core/platform/PlatformComponentService.d.ts +40 -0
- package/dist/core/platform/PlatformComponentService.d.ts.map +1 -0
- package/dist/core/platform/PlatformComponentService.js +12 -0
- package/dist/core/platform/PlatformComponentService.js.map +1 -0
- package/dist/core/platform/PlatformScriptLoader.d.ts +41 -0
- package/dist/core/platform/PlatformScriptLoader.d.ts.map +1 -0
- package/dist/core/platform/PlatformScriptLoader.js +110 -0
- package/dist/core/platform/PlatformScriptLoader.js.map +1 -0
- package/dist/core/polyfills.d.ts +16 -0
- package/dist/core/polyfills.d.ts.map +1 -0
- package/dist/core/polyfills.js +168 -0
- package/dist/core/polyfills.js.map +1 -0
- package/dist/core/portal-initializer/PortalInitializer.d.ts +234 -0
- package/dist/core/portal-initializer/PortalInitializer.d.ts.map +1 -0
- package/dist/core/portal-initializer/PortalInitializer.js +636 -0
- package/dist/core/portal-initializer/PortalInitializer.js.map +1 -0
- package/dist/core/queue/MessageQueue.d.ts +277 -0
- package/dist/core/queue/MessageQueue.d.ts.map +1 -0
- package/dist/core/queue/MessageQueue.js +291 -0
- package/dist/core/queue/MessageQueue.js.map +1 -0
- package/dist/core/types/PortalTypes.d.ts +51 -0
- package/dist/core/types/PortalTypes.d.ts.map +1 -0
- package/dist/core/types/PortalTypes.js +8 -0
- package/dist/core/types/PortalTypes.js.map +1 -0
- package/dist/index.d.ts +91 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +82 -0
- package/dist/index.js.map +1 -0
- package/package.json +84 -0
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Client credentials authentication strategy for server-side applications
|
|
3
|
+
* Implements OAuth 2.0 client credentials flow
|
|
4
|
+
*/
|
|
5
|
+
export class ClientCredentialsAuthStrategy {
|
|
6
|
+
constructor(config) {
|
|
7
|
+
this.config = config;
|
|
8
|
+
this.isAuthenticatedFlag = false;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Initialize the client credentials authentication strategy
|
|
12
|
+
*/
|
|
13
|
+
async initialize(options) {
|
|
14
|
+
// TODO: Implement initialization logic
|
|
15
|
+
// - Validate configuration
|
|
16
|
+
// - Set up token cache if needed
|
|
17
|
+
this.postAuthentication = options?.postAuthentication;
|
|
18
|
+
this.deploymentInfo = options?.deploymentInfo;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Authenticate using client credentials flow
|
|
22
|
+
*/
|
|
23
|
+
async authenticate() {
|
|
24
|
+
// TODO: Implement authentication logic
|
|
25
|
+
// - Fetch initial token using client credentials
|
|
26
|
+
// - Store token for future use
|
|
27
|
+
const token = await this.getToken();
|
|
28
|
+
this.isAuthenticatedFlag = true;
|
|
29
|
+
// Call postAuthentication callback after authentication completes
|
|
30
|
+
if (this.postAuthentication) {
|
|
31
|
+
await this.postAuthentication(token);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Check if the user is currently authenticated
|
|
36
|
+
*/
|
|
37
|
+
isAuthenticated() {
|
|
38
|
+
// TODO: Implement authentication check logic
|
|
39
|
+
// - Check if token exists and is valid
|
|
40
|
+
return this.isAuthenticatedFlag;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Get authentication token using client credentials flow
|
|
44
|
+
*/
|
|
45
|
+
async getToken() {
|
|
46
|
+
// TODO: Implement client credentials token retrieval logic
|
|
47
|
+
// - Check if cached token exists and is valid
|
|
48
|
+
// - If not, request new token using client credentials
|
|
49
|
+
// - Cache the token
|
|
50
|
+
// - Return access token
|
|
51
|
+
return '';
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Request a new access token from the token endpoint
|
|
55
|
+
*/
|
|
56
|
+
async requestToken() {
|
|
57
|
+
// TODO: Implement token request logic
|
|
58
|
+
// - Make POST request to token endpoint
|
|
59
|
+
// - Include client_id and client_secret
|
|
60
|
+
// - Parse response and extract access token
|
|
61
|
+
return '';
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Check if the current token is expired or about to expire
|
|
65
|
+
*/
|
|
66
|
+
isTokenExpired() {
|
|
67
|
+
// TODO: Implement token expiration check
|
|
68
|
+
return false;
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Cleanup resources
|
|
72
|
+
*/
|
|
73
|
+
async cleanup() {
|
|
74
|
+
// TODO: Implement cleanup logic
|
|
75
|
+
// - Clear cached tokens
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
//# sourceMappingURL=ClientCredentialsAuthStrategy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ClientCredentialsAuthStrategy.js","sourceRoot":"","sources":["../../../src/core/auth/ClientCredentialsAuthStrategy.ts"],"names":[],"mappings":"AA6BA;;;GAGG;AACH,MAAM,OAAO,6BAA6B;IAKxC,YAA6B,MAAmC;QAAnC,WAAM,GAAN,MAAM,CAA6B;QAHxD,wBAAmB,GAAY,KAAK,CAAC;IAGsB,CAAC;IAEpE;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,OAAuC;QACtD,uCAAuC;QACvC,2BAA2B;QAC3B,iCAAiC;QACjC,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,CAAC;QACtD,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,uCAAuC;QACvC,iDAAiD;QACjD,+BAA+B;QAC/B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAEhC,kEAAkE;QAClE,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,eAAe;QACb,6CAA6C;QAC7C,uCAAuC;QACvC,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,2DAA2D;QAC3D,8CAA8C;QAC9C,uDAAuD;QACvD,oBAAoB;QACpB,wBAAwB;QACxB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,sCAAsC;QACtC,wCAAwC;QACxC,wCAAwC;QACxC,4CAA4C;QAC5C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,yCAAyC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,gCAAgC;QAChC,wBAAwB;IAC1B,CAAC;CACF"}
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
import { AuthStrategy, AuthStrategyInitializeOptions } from './AuthStrategy.js';
|
|
2
|
+
import { Logger } from '../logging/Logger.js';
|
|
3
|
+
import './msal-loader.js';
|
|
4
|
+
/**
|
|
5
|
+
* Configuration for PKCE authentication strategy
|
|
6
|
+
*/
|
|
7
|
+
export interface PKCEAuthConfig {
|
|
8
|
+
/**
|
|
9
|
+
* Authorization server URL (authority)
|
|
10
|
+
*/
|
|
11
|
+
authorizationUrl?: string;
|
|
12
|
+
/**
|
|
13
|
+
* Token endpoint URL (not used directly by MSAL, but kept for compatibility)
|
|
14
|
+
*/
|
|
15
|
+
tokenUrl?: string;
|
|
16
|
+
/**
|
|
17
|
+
* Client ID
|
|
18
|
+
*/
|
|
19
|
+
clientId: string;
|
|
20
|
+
/**
|
|
21
|
+
* Redirect URI for OAuth callback
|
|
22
|
+
*/
|
|
23
|
+
redirectUri: string;
|
|
24
|
+
/**
|
|
25
|
+
* Optional scopes to request
|
|
26
|
+
*/
|
|
27
|
+
scopes?: string[];
|
|
28
|
+
/**
|
|
29
|
+
* Authentication scheme: 'popup' or 'redirect'
|
|
30
|
+
* @default 'redirect'
|
|
31
|
+
*/
|
|
32
|
+
authScheme?: 'popup' | 'redirect';
|
|
33
|
+
/**
|
|
34
|
+
* Cache location: 'localStorage' or 'sessionStorage'
|
|
35
|
+
* @default 'sessionStorage'
|
|
36
|
+
*/
|
|
37
|
+
cacheLocation?: 'localStorage' | 'sessionStorage';
|
|
38
|
+
/**
|
|
39
|
+
* Known authorities
|
|
40
|
+
*/
|
|
41
|
+
knownAuthorities: string[];
|
|
42
|
+
/**
|
|
43
|
+
* Authority metadata
|
|
44
|
+
*/
|
|
45
|
+
authorityMetadata?: string;
|
|
46
|
+
/**
|
|
47
|
+
* Next route to navigate to after authentication (used as state parameter)
|
|
48
|
+
*/
|
|
49
|
+
nextRoute?: string;
|
|
50
|
+
/**
|
|
51
|
+
* When true, forces local account login instead of federated SSO.
|
|
52
|
+
*/
|
|
53
|
+
localLogin?: boolean;
|
|
54
|
+
}
|
|
55
|
+
declare global {
|
|
56
|
+
interface Window {
|
|
57
|
+
msal?: {
|
|
58
|
+
PublicClientApplication: any;
|
|
59
|
+
InteractionType: any;
|
|
60
|
+
PopupRequest: any;
|
|
61
|
+
RedirectRequest: any;
|
|
62
|
+
SilentRequest: any;
|
|
63
|
+
AccountInfo: any;
|
|
64
|
+
AuthenticationResult: any;
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* PKCE (Proof Key for Code Exchange) authentication strategy for browsers
|
|
70
|
+
* Implements OAuth 2.0 PKCE flow for secure browser-based authentication using MSAL
|
|
71
|
+
*/
|
|
72
|
+
export declare class PKCEAuthStrategy implements AuthStrategy {
|
|
73
|
+
private readonly config;
|
|
74
|
+
/**
|
|
75
|
+
* Build PKCE configuration from deployment info and agent details
|
|
76
|
+
* This method fetches authentication metadata and constructs the PKCE config
|
|
77
|
+
* @param deploymentInfo - Deployment information containing API domain, client IDs, tenant ID
|
|
78
|
+
* @param agentDetails - Agent details containing userType and other agent-specific information
|
|
79
|
+
* @param endpoint - The endpoint URL used to fetch deployment info (used for nextRoute)
|
|
80
|
+
* @param scopes - Scopes to request (passed from AuthenticationService)
|
|
81
|
+
* @param logger - Optional logger instance for logging
|
|
82
|
+
* @param authScheme - Authentication scheme: 'popup' or 'redirect' (defaults to 'popup')
|
|
83
|
+
* @param egClientId - Optional client ID override from initParams (takes priority over deployment client IDs)
|
|
84
|
+
* @param localLogin - When true, forces local account login instead of federated SSO
|
|
85
|
+
* @returns Promise resolving to PKCEAuthConfig
|
|
86
|
+
*/
|
|
87
|
+
static buildConfigFromDeploymentInfo(deploymentInfo: any, agentDetails: any, endpoint: string, scopes: string[], logger?: Logger, authScheme?: 'popup' | 'redirect', egClientId?: string, localLogin?: boolean): Promise<PKCEAuthConfig>;
|
|
88
|
+
private postAuthentication?;
|
|
89
|
+
private isAuthenticatedFlag;
|
|
90
|
+
private deploymentInfo?;
|
|
91
|
+
private msalInstance;
|
|
92
|
+
private authScheme;
|
|
93
|
+
private accessToken;
|
|
94
|
+
private account;
|
|
95
|
+
private isInitialized;
|
|
96
|
+
constructor(config: PKCEAuthConfig);
|
|
97
|
+
/**
|
|
98
|
+
* Initialize the PKCE authentication strategy
|
|
99
|
+
*/
|
|
100
|
+
initialize(options?: AuthStrategyInitializeOptions): Promise<void>;
|
|
101
|
+
/**
|
|
102
|
+
* Handle redirect promise after OAuth redirect
|
|
103
|
+
*/
|
|
104
|
+
private handleRedirectPromise;
|
|
105
|
+
/**
|
|
106
|
+
* Authenticate using PKCE flow
|
|
107
|
+
*/
|
|
108
|
+
authenticate(): Promise<void>;
|
|
109
|
+
/**
|
|
110
|
+
* Check if the user is currently authenticated
|
|
111
|
+
*/
|
|
112
|
+
isAuthenticated(): boolean;
|
|
113
|
+
/**
|
|
114
|
+
* Get authentication token using PKCE flow
|
|
115
|
+
*/
|
|
116
|
+
getToken(): Promise<string>;
|
|
117
|
+
/**
|
|
118
|
+
* Start the PKCE authorization flow
|
|
119
|
+
* Redirects user to authorization server
|
|
120
|
+
*/
|
|
121
|
+
startAuthorizationFlow(): Promise<void>;
|
|
122
|
+
/**
|
|
123
|
+
* Handle the OAuth callback with authorization code
|
|
124
|
+
* This is handled automatically by MSAL's handleRedirectPromise
|
|
125
|
+
*/
|
|
126
|
+
handleCallback(code: string, state: string): Promise<void>;
|
|
127
|
+
/**
|
|
128
|
+
* Refresh the access token using refresh token
|
|
129
|
+
*/
|
|
130
|
+
refreshToken(): Promise<string>;
|
|
131
|
+
/**
|
|
132
|
+
* Cleanup resources
|
|
133
|
+
*/
|
|
134
|
+
cleanup(): Promise<void>;
|
|
135
|
+
}
|
|
136
|
+
//# sourceMappingURL=PKCEAuthStrategy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"PKCEAuthStrategy.d.ts","sourceRoot":"","sources":["../../../src/core/auth/PKCEAuthStrategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA8B,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAC5G,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,kBAAkB,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAElC;;;OAGG;IACH,aAAa,CAAC,EAAE,cAAc,GAAG,gBAAgB,CAAC;IAElD;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,IAAI,CAAC,EAAE;YACL,uBAAuB,EAAE,GAAG,CAAC;YAC7B,eAAe,EAAE,GAAG,CAAC;YACrB,YAAY,EAAE,GAAG,CAAC;YAClB,eAAe,EAAE,GAAG,CAAC;YACrB,aAAa,EAAE,GAAG,CAAC;YACnB,WAAW,EAAE,GAAG,CAAC;YACjB,oBAAoB,EAAE,GAAG,CAAC;SAC3B,CAAC;KACH;CACF;AAED;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,YAAY;IAsJvC,OAAO,CAAC,QAAQ,CAAC,MAAM;IArJnC;;;;;;;;;;;;OAYG;WACU,6BAA6B,CACxC,cAAc,EAAE,GAAG,EACnB,YAAY,EAAE,GAAG,EACjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,CAAC,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,OAAO,GAAG,UAAU,EACjC,UAAU,CAAC,EAAE,MAAM,EACnB,UAAU,CAAC,EAAE,OAAO,GACnB,OAAO,CAAC,cAAc,CAAC;IAsH1B,OAAO,CAAC,kBAAkB,CAAC,CAA6B;IACxD,OAAO,CAAC,mBAAmB,CAAkB;IAC7C,OAAO,CAAC,cAAc,CAAC,CAAM;IAC7B,OAAO,CAAC,YAAY,CAAM;IAC1B,OAAO,CAAC,UAAU,CAAoC;IACtD,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,OAAO,CAAa;IAC5B,OAAO,CAAC,aAAa,CAAkB;gBAEV,MAAM,EAAE,cAAc;IAUnD;;OAEG;IACG,UAAU,CAAC,OAAO,CAAC,EAAE,6BAA6B,GAAG,OAAO,CAAC,IAAI,CAAC;IA8FxE;;OAEG;YACW,qBAAqB;IAenC;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAgFnC;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC;IAmCjC;;;OAGG;IACG,sBAAsB,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7C;;;OAGG;IACG,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAqBrC;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAO/B"}
|
|
@@ -0,0 +1,409 @@
|
|
|
1
|
+
import './msal-loader.js'; // Ensure MSAL is loaded before using it
|
|
2
|
+
/**
|
|
3
|
+
* PKCE (Proof Key for Code Exchange) authentication strategy for browsers
|
|
4
|
+
* Implements OAuth 2.0 PKCE flow for secure browser-based authentication using MSAL
|
|
5
|
+
*/
|
|
6
|
+
export class PKCEAuthStrategy {
|
|
7
|
+
/**
|
|
8
|
+
* Build PKCE configuration from deployment info and agent details
|
|
9
|
+
* This method fetches authentication metadata and constructs the PKCE config
|
|
10
|
+
* @param deploymentInfo - Deployment information containing API domain, client IDs, tenant ID
|
|
11
|
+
* @param agentDetails - Agent details containing userType and other agent-specific information
|
|
12
|
+
* @param endpoint - The endpoint URL used to fetch deployment info (used for nextRoute)
|
|
13
|
+
* @param scopes - Scopes to request (passed from AuthenticationService)
|
|
14
|
+
* @param logger - Optional logger instance for logging
|
|
15
|
+
* @param authScheme - Authentication scheme: 'popup' or 'redirect' (defaults to 'popup')
|
|
16
|
+
* @param egClientId - Optional client ID override from initParams (takes priority over deployment client IDs)
|
|
17
|
+
* @param localLogin - When true, forces local account login instead of federated SSO
|
|
18
|
+
* @returns Promise resolving to PKCEAuthConfig
|
|
19
|
+
*/
|
|
20
|
+
static async buildConfigFromDeploymentInfo(deploymentInfo, agentDetails, endpoint, scopes, logger, authScheme, egClientId, localLogin) {
|
|
21
|
+
const intClientId = deploymentInfo.intClientId;
|
|
22
|
+
const extClientId = deploymentInfo.extClientId;
|
|
23
|
+
const tenantId = deploymentInfo.tenantId;
|
|
24
|
+
const clientId = deploymentInfo.clientId;
|
|
25
|
+
const userType = agentDetails?.userType;
|
|
26
|
+
// Determine metadata URL based on user type and client IDs
|
|
27
|
+
let metaDataUrl = "";
|
|
28
|
+
if ((userType === "agent" && intClientId) ||
|
|
29
|
+
(userType === "customer" && extClientId)) {
|
|
30
|
+
metaDataUrl = deploymentInfo.apiDomain + "/core/authmgr/v3/metadata/tenant/" + tenantId;
|
|
31
|
+
}
|
|
32
|
+
else {
|
|
33
|
+
metaDataUrl = deploymentInfo.apiDomain + "/core/authmgr/v3/metadata/deployment";
|
|
34
|
+
}
|
|
35
|
+
// Ensure HTTPS protocol
|
|
36
|
+
metaDataUrl = metaDataUrl && metaDataUrl.startsWith("https://") ? metaDataUrl : "https://" + metaDataUrl;
|
|
37
|
+
// Fetch metadata
|
|
38
|
+
let metaData;
|
|
39
|
+
try {
|
|
40
|
+
const metaDataResponse = await fetch(metaDataUrl);
|
|
41
|
+
if (!metaDataResponse.ok) {
|
|
42
|
+
throw new Error(`Failed to fetch metadata: ${metaDataResponse.status} ${metaDataResponse.statusText}`);
|
|
43
|
+
}
|
|
44
|
+
metaData = await metaDataResponse.json();
|
|
45
|
+
}
|
|
46
|
+
catch (error) {
|
|
47
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
48
|
+
logger?.error('Failed to fetch authentication metadata', error instanceof Error ? error : new Error(errorMessage), { metaDataUrl });
|
|
49
|
+
throw new Error(`Failed to fetch authentication metadata from ${metaDataUrl}: ${errorMessage}`);
|
|
50
|
+
}
|
|
51
|
+
let loginDomainName = "";
|
|
52
|
+
let idpGatewayId = "";
|
|
53
|
+
let authorityMetadata = {};
|
|
54
|
+
let policy;
|
|
55
|
+
let prefixedScopes = [...scopes]; // Copy scopes to apply prefix later
|
|
56
|
+
// Build authority metadata based on user type
|
|
57
|
+
if (userType === "agent") {
|
|
58
|
+
policy = metaData?.idpPolicies?.userSigninPolicy;
|
|
59
|
+
const authURL = metaData?.authenticationDetails?.oAuthUser[0]?.authURL;
|
|
60
|
+
if (authURL) {
|
|
61
|
+
const authURLObject = new URL(authURL);
|
|
62
|
+
loginDomainName = authURLObject.hostname;
|
|
63
|
+
idpGatewayId = authURLObject.pathname.split("/")[1];
|
|
64
|
+
// Remove query parameters from the URL as domain hints come in authURL for deployment metadata
|
|
65
|
+
authorityMetadata.authorization_endpoint = authURLObject.origin + authURLObject.pathname;
|
|
66
|
+
}
|
|
67
|
+
authorityMetadata.token_endpoint = metaData?.authenticationDetails?.oAuthUser[0]?.accessTokenURL;
|
|
68
|
+
authorityMetadata.issuer = ["https://" + loginDomainName, "tfp", idpGatewayId, policy, "v2.0/"].join("/");
|
|
69
|
+
authorityMetadata.jwks_uri = ["https://" + loginDomainName, idpGatewayId, policy, "discovery/v2.0/keys"].join("/");
|
|
70
|
+
}
|
|
71
|
+
else if (userType === "customer") {
|
|
72
|
+
policy = metaData?.idpPolicies?.customerSigninPolicy;
|
|
73
|
+
const authURL = metaData?.authenticationDetails?.oAuthCustomer[0]?.authURL;
|
|
74
|
+
if (authURL) {
|
|
75
|
+
const authURLObject = new URL(authURL);
|
|
76
|
+
loginDomainName = authURLObject.hostname;
|
|
77
|
+
idpGatewayId = authURLObject.pathname.split("/")[1];
|
|
78
|
+
// Remove query parameters from the URL as domain hints come in authURL for deployment metadata
|
|
79
|
+
authorityMetadata.authorization_endpoint = authURLObject.origin + authURLObject.pathname;
|
|
80
|
+
}
|
|
81
|
+
authorityMetadata.token_endpoint = metaData?.authenticationDetails?.oAuthCustomer[0]?.accessTokenURL;
|
|
82
|
+
authorityMetadata.issuer = ["https://" + loginDomainName, "tfp", idpGatewayId, policy, "v2.0/"].join("/");
|
|
83
|
+
authorityMetadata.jwks_uri = ["https://" + loginDomainName, idpGatewayId, policy, "discovery/v2.0/keys"].join("/");
|
|
84
|
+
}
|
|
85
|
+
else {
|
|
86
|
+
throw new Error(`Invalid userType: ${userType}. Expected 'agent' or 'customer'.`);
|
|
87
|
+
}
|
|
88
|
+
// Build authorization URL (authority)
|
|
89
|
+
const authorizationUrl = ["https://" + loginDomainName, idpGatewayId, policy].join("/");
|
|
90
|
+
// Add permission prefixes to scopes
|
|
91
|
+
const apiPermissionPrefix = userType === "agent" && metaData?.apiMetadata?.CORE?.iApiPermissionPrefix
|
|
92
|
+
? metaData.apiMetadata.CORE.iApiPermissionPrefix
|
|
93
|
+
: userType === "customer" && metaData?.apiMetadata?.CORE?.eApiPermissionPrefix
|
|
94
|
+
? metaData.apiMetadata.CORE.eApiPermissionPrefix
|
|
95
|
+
: metaData?.apiMetadata?.CORE?.apiPermissionPrefix || "";
|
|
96
|
+
if (apiPermissionPrefix && Array.isArray(prefixedScopes)) {
|
|
97
|
+
prefixedScopes = prefixedScopes.map((scope) => apiPermissionPrefix + scope);
|
|
98
|
+
}
|
|
99
|
+
// Select appropriate client ID (egClientId from initParams takes priority)
|
|
100
|
+
let selectedClientId = egClientId || clientId;
|
|
101
|
+
if (!egClientId) {
|
|
102
|
+
if (userType === "agent" && intClientId) {
|
|
103
|
+
selectedClientId = intClientId;
|
|
104
|
+
}
|
|
105
|
+
else if (userType === "customer" && extClientId) {
|
|
106
|
+
selectedClientId = extClientId;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
// Build redirect URI from domainHint
|
|
110
|
+
const domainHint = deploymentInfo.domainHint;
|
|
111
|
+
const redirectUri = "https://" + domainHint + "/system/templates/selfservice/auth-redirect.html";
|
|
112
|
+
// Use the current page URL so auth-redirect.html navigates back to the app after login
|
|
113
|
+
let nextRoute = typeof window !== 'undefined' ? window.location.href : endpoint;
|
|
114
|
+
// Build and return PKCE config
|
|
115
|
+
return {
|
|
116
|
+
clientId: selectedClientId,
|
|
117
|
+
redirectUri: redirectUri, // TODO: Make this configurable
|
|
118
|
+
authorizationUrl: authorizationUrl,
|
|
119
|
+
knownAuthorities: [loginDomainName],
|
|
120
|
+
authorityMetadata: JSON.stringify(authorityMetadata),
|
|
121
|
+
scopes: prefixedScopes,
|
|
122
|
+
authScheme: authScheme ?? 'popup',
|
|
123
|
+
cacheLocation: "sessionStorage",
|
|
124
|
+
nextRoute: nextRoute,
|
|
125
|
+
...(localLogin != null && { localLogin }),
|
|
126
|
+
};
|
|
127
|
+
}
|
|
128
|
+
constructor(config) {
|
|
129
|
+
this.config = config;
|
|
130
|
+
this.isAuthenticatedFlag = false;
|
|
131
|
+
this.authScheme = 'redirect';
|
|
132
|
+
this.accessToken = null;
|
|
133
|
+
this.account = null;
|
|
134
|
+
this.isInitialized = false;
|
|
135
|
+
// Validate browser environment
|
|
136
|
+
if (typeof window === 'undefined') {
|
|
137
|
+
throw new Error('PKCEAuthStrategy can only be used in browser environments');
|
|
138
|
+
}
|
|
139
|
+
// Note: MSAL check is deferred to initialize() to allow lazy loading
|
|
140
|
+
this.authScheme = config.authScheme || 'redirect';
|
|
141
|
+
}
|
|
142
|
+
/**
|
|
143
|
+
* Initialize the PKCE authentication strategy
|
|
144
|
+
*/
|
|
145
|
+
async initialize(options) {
|
|
146
|
+
// Update postAuthentication callback even if already initialized
|
|
147
|
+
// This allows setting the callback after early initialization (e.g., for fetching agent details)
|
|
148
|
+
if (options?.postAuthentication) {
|
|
149
|
+
this.postAuthentication = options.postAuthentication;
|
|
150
|
+
}
|
|
151
|
+
if (this.isInitialized) {
|
|
152
|
+
// If already initialized, just update deploymentInfo if provided
|
|
153
|
+
if (options?.deploymentInfo) {
|
|
154
|
+
this.deploymentInfo = options.deploymentInfo;
|
|
155
|
+
}
|
|
156
|
+
return;
|
|
157
|
+
}
|
|
158
|
+
// Check if MSAL is available (deferred from constructor to allow lazy loading)
|
|
159
|
+
// The msal-loader import ensures MSAL is bundled, but we still need to verify it's available
|
|
160
|
+
if (!window.msal) {
|
|
161
|
+
throw new Error('MSAL library not found. Please ensure msal-browser.js is loaded. The SDK bundle should include MSAL automatically. If you see this error, there may be a bundling issue.');
|
|
162
|
+
}
|
|
163
|
+
this.deploymentInfo = options?.deploymentInfo;
|
|
164
|
+
/**
|
|
165
|
+
{
|
|
166
|
+
"auth": {
|
|
167
|
+
"navigateToLoginRequestUrl": false,
|
|
168
|
+
"clientId": "0e22ec34-1b8f-4d7f-9621-336e5317d2e7",
|
|
169
|
+
"redirectUri": "https://EG5841AIN.ezdev.net/system/templates/selfservice/auth-redirect.html",
|
|
170
|
+
"authority": "https://tmprod95058780int.b2clogin.com/91dc7b59-21d9-4345-a053-a57f4ebddea8/B2C_1A_User_V3_SignIn_OIDC",
|
|
171
|
+
"knownAuthorities": [
|
|
172
|
+
"tmprod95058780int.b2clogin.com"
|
|
173
|
+
],
|
|
174
|
+
"authorityMetadata": "{\"authorization_endpoint\":\"https://tmprod95058780int.b2clogin.com/91dc7b59-21d9-4345-a053-a57f4ebddea8/B2C_1A_User_V3_SignIn_OIDC/oauth2/v2.0/authorize\",\"token_endpoint\":\"https://TMPROD95058780int.b2clogin.com/91dc7b59-21d9-4345-a053-a57f4ebddea8/B2C_1A_User_V3_SignIn_OIDC/oauth2/v2.0/token\",\"issuer\":\"https://tmprod95058780int.b2clogin.com/tfp/91dc7b59-21d9-4345-a053-a57f4ebddea8/B2C_1A_User_V3_SignIn_OIDC/v2.0/\",\"jwks_uri\":\"https://tmprod95058780int.b2clogin.com/91dc7b59-21d9-4345-a053-a57f4ebddea8/B2C_1A_User_V3_SignIn_OIDC/discovery/v2.0/keys\"}"
|
|
175
|
+
},
|
|
176
|
+
"cache": {
|
|
177
|
+
"cacheLocation": "sessionStorage",
|
|
178
|
+
"storeAuthStateInCookie": false,
|
|
179
|
+
"claimsBasedCachingEnabled": true
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
*/
|
|
183
|
+
// Build MSAL configuration
|
|
184
|
+
const msalConfig = {
|
|
185
|
+
auth: {
|
|
186
|
+
navigateToLoginRequestUrl: true,
|
|
187
|
+
clientId: this.config.clientId,
|
|
188
|
+
redirectUri: this.config.redirectUri,
|
|
189
|
+
authority: this.config.authorizationUrl,
|
|
190
|
+
knownAuthorities: this.config.knownAuthorities,
|
|
191
|
+
authorityMetadata: this.config.authorityMetadata,
|
|
192
|
+
},
|
|
193
|
+
cache: {
|
|
194
|
+
cacheLocation: this.config.cacheLocation || 'sessionStorage',
|
|
195
|
+
storeAuthStateInCookie: false,
|
|
196
|
+
claimsBasedCachingEnabled: true,
|
|
197
|
+
},
|
|
198
|
+
system: {
|
|
199
|
+
allowRedirectInIframe: true,
|
|
200
|
+
},
|
|
201
|
+
};
|
|
202
|
+
// Add OIDC options if tenantAlias or tenantId is present (similar to egAuthentication.js)
|
|
203
|
+
const tenantAlias = this.deploymentInfo?.tenant_identifier;
|
|
204
|
+
if (tenantAlias) {
|
|
205
|
+
msalConfig.auth.protocolMode = "OIDC";
|
|
206
|
+
msalConfig.auth.OIDCOptions = {
|
|
207
|
+
serverResponseType: "query"
|
|
208
|
+
};
|
|
209
|
+
}
|
|
210
|
+
// Create MSAL instance
|
|
211
|
+
this.msalInstance = new window.msal.PublicClientApplication(msalConfig);
|
|
212
|
+
// Initialize MSAL
|
|
213
|
+
await this.msalInstance.initialize();
|
|
214
|
+
// Handle redirect callback if using redirect flow
|
|
215
|
+
if (this.authScheme === 'redirect') {
|
|
216
|
+
await this.handleRedirectPromise();
|
|
217
|
+
}
|
|
218
|
+
// Check for existing accounts
|
|
219
|
+
const accounts = this.msalInstance.getAllAccounts();
|
|
220
|
+
if (accounts.length > 0) {
|
|
221
|
+
this.account = accounts[0];
|
|
222
|
+
this.msalInstance.setActiveAccount(this.account);
|
|
223
|
+
this.isAuthenticatedFlag = true;
|
|
224
|
+
}
|
|
225
|
+
this.isInitialized = true;
|
|
226
|
+
}
|
|
227
|
+
/**
|
|
228
|
+
* Handle redirect promise after OAuth redirect
|
|
229
|
+
*/
|
|
230
|
+
async handleRedirectPromise() {
|
|
231
|
+
try {
|
|
232
|
+
const response = await this.msalInstance.handleRedirectPromise();
|
|
233
|
+
if (response) {
|
|
234
|
+
this.account = response.account;
|
|
235
|
+
this.msalInstance.setActiveAccount(this.account);
|
|
236
|
+
this.accessToken = response.accessToken;
|
|
237
|
+
this.isAuthenticatedFlag = true;
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
catch (error) {
|
|
241
|
+
console.error('Error handling redirect promise:', error);
|
|
242
|
+
throw error;
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
/**
|
|
246
|
+
* Authenticate using PKCE flow
|
|
247
|
+
*/
|
|
248
|
+
async authenticate() {
|
|
249
|
+
if (!this.isInitialized) {
|
|
250
|
+
await this.initialize();
|
|
251
|
+
}
|
|
252
|
+
// If we have an account from a previous redirect but no cached token,
|
|
253
|
+
// acquire one silently from MSAL's cache before proceeding
|
|
254
|
+
if (this.isAuthenticatedFlag && this.account && !this.accessToken) {
|
|
255
|
+
const silentRequest = {
|
|
256
|
+
scopes: this.config.scopes || ['openid', 'profile', 'offline_access'],
|
|
257
|
+
account: this.account,
|
|
258
|
+
};
|
|
259
|
+
const response = await this.msalInstance.acquireTokenSilent(silentRequest);
|
|
260
|
+
this.accessToken = response.accessToken;
|
|
261
|
+
}
|
|
262
|
+
// Check if already authenticated
|
|
263
|
+
if (this.isAuthenticatedFlag && this.accessToken) {
|
|
264
|
+
if (this.postAuthentication) {
|
|
265
|
+
await this.postAuthentication(this.accessToken);
|
|
266
|
+
}
|
|
267
|
+
return;
|
|
268
|
+
}
|
|
269
|
+
// Build login request
|
|
270
|
+
const loginRequest = {
|
|
271
|
+
scopes: this.config.scopes || ['openid', 'profile', 'offline_access'],
|
|
272
|
+
};
|
|
273
|
+
// Add state parameter from nextRoute if available (similar to egAuthentication.js)
|
|
274
|
+
if (this.config.nextRoute) {
|
|
275
|
+
// Remove hash from URL if present (similar to #removeHashFromURL in egAuthentication.js)
|
|
276
|
+
const relayState = this.config.nextRoute.split('#')[0];
|
|
277
|
+
loginRequest.state = relayState;
|
|
278
|
+
}
|
|
279
|
+
// Add extraQueryParameters for identity provider routing (matches cc-widget behavior)
|
|
280
|
+
const extraQueryParameters = {};
|
|
281
|
+
if (this.deploymentInfo?.domainHint) {
|
|
282
|
+
extraQueryParameters.domain_hint = this.deploymentInfo.domainHint;
|
|
283
|
+
}
|
|
284
|
+
if (this.config.localLogin) {
|
|
285
|
+
extraQueryParameters.localLogin = 'true';
|
|
286
|
+
}
|
|
287
|
+
if (Object.keys(extraQueryParameters).length > 0) {
|
|
288
|
+
loginRequest.extraQueryParameters = extraQueryParameters;
|
|
289
|
+
}
|
|
290
|
+
try {
|
|
291
|
+
let response;
|
|
292
|
+
if (this.authScheme === 'popup') {
|
|
293
|
+
// Use popup flow
|
|
294
|
+
response = await this.msalInstance.loginPopup(loginRequest);
|
|
295
|
+
}
|
|
296
|
+
else {
|
|
297
|
+
// Use redirect flow — page will navigate to the identity provider.
|
|
298
|
+
await this.msalInstance.loginRedirect(loginRequest);
|
|
299
|
+
// Block the caller until the browser navigates away.
|
|
300
|
+
// The promise is garbage-collected when the page unloads.
|
|
301
|
+
return new Promise(() => { });
|
|
302
|
+
}
|
|
303
|
+
// Handle popup response
|
|
304
|
+
if (response && response.account) {
|
|
305
|
+
this.account = response.account;
|
|
306
|
+
this.msalInstance.setActiveAccount(this.account);
|
|
307
|
+
this.accessToken = response.accessToken;
|
|
308
|
+
this.isAuthenticatedFlag = true;
|
|
309
|
+
// Call postAuthentication callback
|
|
310
|
+
if (this.postAuthentication) {
|
|
311
|
+
await this.postAuthentication(response.accessToken);
|
|
312
|
+
}
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
catch (error) {
|
|
316
|
+
console.error('Authentication error:', error);
|
|
317
|
+
throw error;
|
|
318
|
+
}
|
|
319
|
+
}
|
|
320
|
+
/**
|
|
321
|
+
* Check if the user is currently authenticated
|
|
322
|
+
*/
|
|
323
|
+
isAuthenticated() {
|
|
324
|
+
return this.isAuthenticatedFlag && this.account !== null;
|
|
325
|
+
}
|
|
326
|
+
/**
|
|
327
|
+
* Get authentication token using PKCE flow
|
|
328
|
+
*/
|
|
329
|
+
async getToken() {
|
|
330
|
+
if (!this.isInitialized) {
|
|
331
|
+
await this.initialize();
|
|
332
|
+
}
|
|
333
|
+
// If we have a cached token and account, try to get it silently
|
|
334
|
+
if (this.account) {
|
|
335
|
+
try {
|
|
336
|
+
const silentRequest = {
|
|
337
|
+
scopes: this.config.scopes || ['openid', 'profile', 'offline_access'],
|
|
338
|
+
account: this.account,
|
|
339
|
+
};
|
|
340
|
+
const response = await this.msalInstance.acquireTokenSilent(silentRequest);
|
|
341
|
+
this.accessToken = response.accessToken;
|
|
342
|
+
return response.accessToken;
|
|
343
|
+
}
|
|
344
|
+
catch (error) {
|
|
345
|
+
// If silent acquisition fails, we may need to re-authenticate
|
|
346
|
+
// For now, if we have a stored token, return it
|
|
347
|
+
if (this.accessToken) {
|
|
348
|
+
return this.accessToken;
|
|
349
|
+
}
|
|
350
|
+
// Otherwise, throw the error
|
|
351
|
+
throw error;
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
// No account, need to authenticate
|
|
355
|
+
if (!this.accessToken) {
|
|
356
|
+
throw new Error('No access token available. Please call authenticate() first.');
|
|
357
|
+
}
|
|
358
|
+
return this.accessToken;
|
|
359
|
+
}
|
|
360
|
+
/**
|
|
361
|
+
* Start the PKCE authorization flow
|
|
362
|
+
* Redirects user to authorization server
|
|
363
|
+
*/
|
|
364
|
+
async startAuthorizationFlow() {
|
|
365
|
+
await this.authenticate();
|
|
366
|
+
}
|
|
367
|
+
/**
|
|
368
|
+
* Handle the OAuth callback with authorization code
|
|
369
|
+
* This is handled automatically by MSAL's handleRedirectPromise
|
|
370
|
+
*/
|
|
371
|
+
async handleCallback(code, state) {
|
|
372
|
+
// MSAL handles this automatically via handleRedirectPromise
|
|
373
|
+
// This method is kept for compatibility but redirects are handled internally
|
|
374
|
+
await this.handleRedirectPromise();
|
|
375
|
+
}
|
|
376
|
+
/**
|
|
377
|
+
* Refresh the access token using refresh token
|
|
378
|
+
*/
|
|
379
|
+
async refreshToken() {
|
|
380
|
+
if (!this.account) {
|
|
381
|
+
throw new Error('No account available for token refresh');
|
|
382
|
+
}
|
|
383
|
+
const silentRequest = {
|
|
384
|
+
scopes: this.config.scopes || ['openid', 'profile', 'offline_access'],
|
|
385
|
+
account: this.account,
|
|
386
|
+
forceRefresh: true,
|
|
387
|
+
};
|
|
388
|
+
try {
|
|
389
|
+
const response = await this.msalInstance.acquireTokenSilent(silentRequest);
|
|
390
|
+
this.accessToken = response.accessToken;
|
|
391
|
+
return response.accessToken;
|
|
392
|
+
}
|
|
393
|
+
catch (error) {
|
|
394
|
+
// If silent refresh fails, may need interactive login
|
|
395
|
+
throw error;
|
|
396
|
+
}
|
|
397
|
+
}
|
|
398
|
+
/**
|
|
399
|
+
* Cleanup resources
|
|
400
|
+
*/
|
|
401
|
+
async cleanup() {
|
|
402
|
+
this.accessToken = null;
|
|
403
|
+
this.account = null;
|
|
404
|
+
this.isAuthenticatedFlag = false;
|
|
405
|
+
this.isInitialized = false;
|
|
406
|
+
// MSAL handles its own cleanup, but we can clear our references
|
|
407
|
+
}
|
|
408
|
+
}
|
|
409
|
+
//# sourceMappingURL=PKCEAuthStrategy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"PKCEAuthStrategy.js","sourceRoot":"","sources":["../../../src/core/auth/PKCEAuthStrategy.ts"],"names":[],"mappings":"AAEA,OAAO,kBAAkB,CAAC,CAAC,wCAAwC;AA+EnE;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IAC3B;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,KAAK,CAAC,6BAA6B,CACxC,cAAmB,EACnB,YAAiB,EACjB,QAAgB,EAChB,MAAgB,EAChB,MAAe,EACf,UAAiC,EACjC,UAAmB,EACnB,UAAoB;QAEpB,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC;QAC/C,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC;QAC/C,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;QACzC,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;QACzC,MAAM,QAAQ,GAAG,YAAY,EAAE,QAAQ,CAAC;QAExC,2DAA2D;QAC3D,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,WAAW,CAAC;YACvC,CAAC,QAAQ,KAAK,UAAU,IAAI,WAAW,CAAC,EAAE,CAAC;YAC3C,WAAW,GAAG,cAAc,CAAC,SAAS,GAAG,mCAAmC,GAAG,QAAQ,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,WAAW,GAAG,cAAc,CAAC,SAAS,GAAG,sCAAsC,CAAC;QAClF,CAAC;QAED,wBAAwB;QACxB,WAAW,GAAG,WAAW,IAAI,WAAW,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,GAAG,WAAW,CAAC;QAEzG,iBAAiB;QACjB,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;YAClD,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,6BAA6B,gBAAgB,CAAC,MAAM,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;YACzG,CAAC;YACD,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,MAAM,EAAE,KAAK,CAAC,yCAAyC,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;YACpI,MAAM,IAAI,KAAK,CAAC,gDAAgD,WAAW,KAAK,YAAY,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,IAAI,eAAe,GAAG,EAAE,CAAC;QACzB,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,iBAAiB,GAAQ,EAAE,CAAC;QAChC,IAAI,MAAM,CAAC;QACX,IAAI,cAAc,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,oCAAoC;QAEtE,8CAA8C;QAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,QAAQ,EAAE,WAAW,EAAE,gBAAgB,CAAC;YACjD,MAAM,OAAO,GAAG,QAAQ,EAAE,qBAAqB,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;YACvE,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;gBACvC,eAAe,GAAG,aAAa,CAAC,QAAQ,CAAC;gBACzC,YAAY,GAAG,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,+FAA+F;gBAC/F,iBAAiB,CAAC,sBAAsB,GAAG,aAAa,CAAC,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC;YAC3F,CAAC;YAED,iBAAiB,CAAC,cAAc,GAAG,QAAQ,EAAE,qBAAqB,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC;YACjG,iBAAiB,CAAC,MAAM,GAAG,CAAC,UAAU,GAAG,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1G,iBAAiB,CAAC,QAAQ,GAAG,CAAC,UAAU,GAAG,eAAe,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrH,CAAC;aAAM,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YACnC,MAAM,GAAG,QAAQ,EAAE,WAAW,EAAE,oBAAoB,CAAC;YACrD,MAAM,OAAO,GAAG,QAAQ,EAAE,qBAAqB,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;YAC3E,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;gBACvC,eAAe,GAAG,aAAa,CAAC,QAAQ,CAAC;gBACzC,YAAY,GAAG,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,+FAA+F;gBAC/F,iBAAiB,CAAC,sBAAsB,GAAG,aAAa,CAAC,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC;YAC3F,CAAC;YAED,iBAAiB,CAAC,cAAc,GAAG,QAAQ,EAAE,qBAAqB,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC;YACrG,iBAAiB,CAAC,MAAM,GAAG,CAAC,UAAU,GAAG,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1G,iBAAiB,CAAC,QAAQ,GAAG,CAAC,UAAU,GAAG,eAAe,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,mCAAmC,CAAC,CAAC;QACpF,CAAC;QAED,sCAAsC;QACtC,MAAM,gBAAgB,GAAG,CAAC,UAAU,GAAG,eAAe,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAExF,oCAAoC;QACpC,MAAM,mBAAmB,GACvB,QAAQ,KAAK,OAAO,IAAI,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,oBAAoB;YACvE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB;YAChD,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,oBAAoB;gBAC5E,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB;gBAChD,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,mBAAmB,IAAI,EAAE,CAAC;QAE/D,IAAI,mBAAmB,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACzD,cAAc,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,KAAa,EAAE,EAAE,CAAC,mBAAmB,GAAG,KAAK,CAAC,CAAC;QACtF,CAAC;QAED,2EAA2E;QAC3E,IAAI,gBAAgB,GAAG,UAAU,IAAI,QAAQ,CAAC;QAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,QAAQ,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;gBACxC,gBAAgB,GAAG,WAAW,CAAC;YACjC,CAAC;iBAAM,IAAI,QAAQ,KAAK,UAAU,IAAI,WAAW,EAAE,CAAC;gBAClD,gBAAgB,GAAG,WAAW,CAAC;YACjC,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,MAAM,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC;QAC7C,MAAM,WAAW,GAAG,UAAU,GAAG,UAAU,GAAG,kDAAkD,CAAC;QAEjG,uFAAuF;QACvF,IAAI,SAAS,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEhF,+BAA+B;QAC/B,OAAO;YACL,QAAQ,EAAE,gBAAgB;YAC1B,WAAW,EAAE,WAAW,EAAE,+BAA+B;YACzD,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,CAAC,eAAe,CAAC;YACnC,iBAAiB,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC;YACpD,MAAM,EAAE,cAAc;YACtB,UAAU,EAAE,UAAU,IAAI,OAAO;YACjC,aAAa,EAAE,gBAAgB;YAC/B,SAAS,EAAE,SAAS;YACpB,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,EAAE,UAAU,EAAE,CAAC;SAC1C,CAAC;IACJ,CAAC;IAUD,YAA6B,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;QAR3C,wBAAmB,GAAY,KAAK,CAAC;QAGrC,eAAU,GAAyB,UAAU,CAAC;QAC9C,gBAAW,GAAkB,IAAI,CAAC;QAClC,YAAO,GAAQ,IAAI,CAAC;QACpB,kBAAa,GAAY,KAAK,CAAC;QAGrC,+BAA+B;QAC/B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAC/E,CAAC;QAED,qEAAqE;QACrE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,UAAU,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,OAAuC;QACtD,iEAAiE;QACjE,iGAAiG;QACjG,IAAI,OAAO,EAAE,kBAAkB,EAAE,CAAC;YAChC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACvD,CAAC;QAED,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,iEAAiE;YACjE,IAAI,OAAO,EAAE,cAAc,EAAE,CAAC;gBAC5B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC/C,CAAC;YACD,OAAO;QACT,CAAC;QAED,+EAA+E;QAC/E,6FAA6F;QAC7F,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,0KAA0K,CAAC,CAAC;QAC9L,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,CAAC;QAE9C;;;;;;;;;;;;;;;;;;WAkBG;QAEH,2BAA2B;QAC3B,MAAM,UAAU,GAAQ;YACtB,IAAI,EAAE;gBACJ,yBAAyB,EAAE,IAAI;gBAC/B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;gBACpC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;gBACvC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;gBAC9C,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aACjD;YACD,KAAK,EAAE;gBACL,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,gBAAgB;gBAC5D,sBAAsB,EAAE,KAAK;gBAC7B,yBAAyB,EAAE,IAAI;aAChC;YACD,MAAM,EAAE;gBACN,qBAAqB,EAAE,IAAI;aAC5B;SACF,CAAC;QAEF,0FAA0F;QAC1F,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,iBAAiB,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC,WAAW,GAAG;gBAC5B,kBAAkB,EAAE,OAAO;aAC5B,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,YAAY,GAAG,IAAI,MAAM,CAAC,IAAK,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAEzE,kBAAkB;QAClB,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;QAErC,kDAAkD;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACrC,CAAC;QAED,8BAA8B;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QACpD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACjD,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB;QACjC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC;YACjE,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;gBAChC,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;gBACxC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;YACzD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,sEAAsE;QACtE,2DAA2D;QAC3D,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAClE,MAAM,aAAa,GAAG;gBACpB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,gBAAgB,CAAC;gBACrE,OAAO,EAAE,IAAI,CAAC,OAAO;aACtB,CAAC;YACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;YAC3E,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;QAC1C,CAAC;QAED,iCAAiC;QACjC,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC5B,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAClD,CAAC;YACD,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,YAAY,GAAQ;YACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,gBAAgB,CAAC;SACtE,CAAC;QAEF,mFAAmF;QACnF,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1B,yFAAyF;YACzF,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACvD,YAAY,CAAC,KAAK,GAAG,UAAU,CAAC;QAClC,CAAC;QAED,sFAAsF;QACtF,MAAM,oBAAoB,GAA2B,EAAE,CAAC;QACxD,IAAI,IAAI,CAAC,cAAc,EAAE,UAAU,EAAE,CAAC;YACpC,oBAAoB,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;QACpE,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC3B,oBAAoB,CAAC,UAAU,GAAG,MAAM,CAAC;QAC3C,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjD,YAAY,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC;YACH,IAAI,QAAa,CAAC;YAElB,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,EAAE,CAAC;gBAChC,iBAAiB;gBACjB,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC9D,CAAC;iBAAM,CAAC;gBACN,mEAAmE;gBACnE,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACpD,qDAAqD;gBACrD,0DAA0D;gBAC1D,OAAO,IAAI,OAAO,CAAO,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrC,CAAC;YAED,wBAAwB;YACxB,IAAI,QAAQ,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACjC,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;gBAChC,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;gBACxC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;gBAEhC,mCAAmC;gBACnC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC5B,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC9C,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,gEAAgE;QAChE,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG;oBACpB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,gBAAgB,CAAC;oBACrE,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC;gBAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBAC3E,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;gBACxC,OAAO,QAAQ,CAAC,WAAW,CAAC;YAC9B,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,8DAA8D;gBAC9D,gDAAgD;gBAChD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;gBACD,6BAA6B;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAClF,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB;QAC1B,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,KAAa;QAC9C,4DAA4D;QAC5D,6EAA6E;QAC7E,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,aAAa,GAAG;YACpB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,gBAAgB,CAAC;YACrE,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,YAAY,EAAE,IAAI;SACnB,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;YAC3E,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;YACxC,OAAO,QAAQ,CAAC,WAAW,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,sDAAsD;YACtD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,mBAAmB,GAAG,KAAK,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;QAC3B,gEAAgE;IAClE,CAAC;CACF"}
|