@frontegg/rest-api 2.10.46 → 2.10.50

package/src/auth/index.ts

@@ -1,3 +1,5 @@
+import {getTenants} from "../tenants";
+
 export * from './secutiry-poilicy';
 export * from './enums';
 
@@ -21,7 +23,8 @@ import {
   IGetUserPasswordConfig,
   ILogin,
   ILoginResponse,
-  ILoginViaSocialLogin, ILoginViaSocialLoginResponse,
+  ILoginViaSocialLogin,
+  ILoginViaSocialLoginResponse,
   ILoginWithMfa,
   IOidcPostLogin,
   IOidcConfiguration,
@@ -46,7 +49,20 @@ import {
   IUserIdResponse,
   IVendorConfig,
   IVerifyMfa,
-  IVerifyMfaResponse, TestConfig, ISSOPublicConfiguration, IPreLoginWithIdpTypeResponse, IPasswordlessPreLogin, IPasswordlessPostLogin, ICreateSSODomain, IVerifyInviteToken, ISSODomain, ISSOConfigurationDefaultRoles, ISSOConfiguration, IUpdateSSOConfiguration, IOidcPostLoginV2
+  IVerifyMfaResponse,
+  TestConfig,
+  ISSOPublicConfiguration,
+  IPreLoginWithIdpTypeResponse,
+  IPasswordlessPreLogin,
+  IPasswordlessPostLogin,
+  ICreateSSODomain,
+  IVerifyInviteToken,
+  ISSODomain,
+  ISSOConfigurationDefaultRoles,
+  ISSOConfiguration,
+  IUpdateSSOConfiguration,
+  IOidcPostLoginV2,
+  IExchangeOAuthTokens, IOAuthTokenResponse, ISocialLoginProviderConfigurationV2, ILoginResponseV2,
 } from './interfaces';
 
 /*****************************************
@@ -69,6 +85,37 @@ export async function generateLoginResponse(loginResponse: ILoginResponse): Prom
   return user;
 }
 
+export async function generateLoginResponseV2(loginResponse: ILoginResponse): Promise<ILoginResponseV2> {
+    if (!loginResponse.accessToken) {
+        return {user: loginResponse};
+    }
+    ContextHolder.setAccessToken(loginResponse.accessToken);
+    const [me, tenants] = await Promise.all([Get(`${urls.identity.users.v2}/me`), getTenants()]);
+    const decodedContent: any = loginResponse.accessToken ? jwtDecode(loginResponse.accessToken) : {};
+    const user = {
+        ...loginResponse,
+        ...decodedContent,
+        ...me,
+    };
+    ContextHolder.setUser(user);
+    return {user, tenants};
+}
+
+export async function generateLoginResponseFromOAuthResponse(oauthResponse: IOAuthTokenResponse): Promise<ILoginResponse> {
+  ContextHolder.setAccessToken(oauthResponse.id_token);
+  const me = await Get(`${urls.identity.users.v2}/me`);
+  const decodedContent: any = oauthResponse.id_token ? jwtDecode(oauthResponse.id_token) : {};
+  const user = {
+    mfaRequired: false,
+    accessToken: oauthResponse.id_token,
+    refreshToken: oauthResponse.refresh_token,
+    ...decodedContent,
+    ...me,
+  };
+  ContextHolder.setUser(user);
+  return user;
+}
+
 /**
  * Check if requested email address has sso configuration
  * If true, this function will return the sso address to navigate to
@@ -196,6 +243,16 @@ export async function refreshToken(): Promise<ILoginResponse> {
   return generateLoginResponse(data);
 }
 
+/**
+ * refresh token called as authenticated use, access and refresh tokens resolved by the cookies.
+ * the server will return ILoginResponseV2 with new access Token and refresh token and store it in the browser cookies, as well as the tenants.
+ */
+export async function refreshTokenV2(): Promise<ILoginResponseV2> {
+  console.debug('refreshTokenV2()');
+  const data = await Post(`${urls.identity.auth.v1}/user/token/refresh`);
+  return generateLoginResponseV2(data);
+}
+
 /**
  * logout from server, invalidate access and refresh token, remove it from cookies.
  */
@@ -422,6 +479,15 @@ export async function getSocialLoginProviders(): Promise<ISocialLoginProviderCon
   return Get(urls.identity.sso.v1);
 }
 
+/**
+ *  Get social logins providers configurations V2 supports dev credentials as well
+ * @return array of providers configurations
+ */
+export async function getSocialLoginProvidersV2(): Promise<ISocialLoginProviderConfigurationV2[]> {
+  console.debug('getSocialLoginProvidersV2()');
+  return Get(urls.identity.sso.v2);
+}
+
 /**
  * Login using social login
  * @return cookie with refresh token
@@ -433,12 +499,14 @@ export async function loginViaSocialLogin({
                                             codeVerifier,
                                             metadata,
                                             invitationToken,
+                                            state,
                                           }: ILoginViaSocialLogin): Promise<ILoginViaSocialLoginResponse> {
   console.debug('loginViaSocialLogin()');
   const params: {
     code: string;
     redirectUri?: string;
     code_verifier?: string;
+    state?: string;
   } = {code};
   if (redirectUri) {
     params.redirectUri = redirectUri;
@@ -446,6 +514,9 @@ export async function loginViaSocialLogin({
   if (codeVerifier) {
     params.code_verifier = codeVerifier;
   }
+  if(state) {
+    params.state = state
+  }
 
   return Post(`${urls.identity.auth.v1}/user/sso/${provider}/postlogin`, {metadata, invitationToken}, {params});
 }
@@ -728,3 +799,9 @@ export async function oidcPostLoginV2(body: IOidcPostLoginV2): Promise<ILoginRes
   const data = await Post(`${urls.identity.auth.v2}/user/oidc/postlogin`, body);
   return generateLoginResponse(data);
 }
+
+export async function exchangeOAuthTokens(body: IExchangeOAuthTokens): Promise<ILoginResponse> {
+  console.debug('exchangeOauthTokens()');
+  const data = await Post(`${urls.oauth.v1}/token`, body);
+  return generateLoginResponseFromOAuthResponse(data);
+}

package/src/auth/interfaces.ts

@@ -1,4 +1,4 @@
-import {IUserProfile} from '..';
+import {ITenantsResponse, IUserProfile} from '..';
 import {AuthStrategyEnum, SocialLoginProviders} from "./enums";
 import { ISamlRolesGroup } from '../teams/interfaces';
 
@@ -42,6 +42,11 @@ export type ILoginResponse = IUserProfile & {
   redirectLocation?: string;
 };
 
+export type ILoginResponseV2 = {
+  user: ILoginResponse,
+  tenants?: ITenantsResponse[]
+}
+
 export type ILoginWithMfa = {
   mfaToken: string;
   value: string;
@@ -143,6 +148,15 @@ export interface ISocialLoginProviderConfiguration {
   active: boolean;
 }
 
+export interface ISocialLoginProviderConfigurationV2 {
+  type: SocialLoginProviders;
+  clientId?: string | null;
+  redirectUrl: string;
+  active: boolean;
+  authorizationUrl?: string | null;
+  customised: boolean;
+}
+
 export interface ILoginViaSocialLogin {
   code: string;
   redirectUri?: string;
@@ -151,6 +165,7 @@ export interface ILoginViaSocialLogin {
   codeVerifier?: string;
   metadata?: string;
   invitationToken?: string;
+  state?: string
 }
 
 export interface ILoginViaSocialLoginResponse {
@@ -315,4 +330,17 @@ export interface ISSOConfiguration {
   groups: ISamlRolesGroup[]
 }
 
+export interface IExchangeOAuthTokens {
+  code: string;
+  redirect_uri: string;
+  code_verifier: string;
+}
+
+export interface IOAuthTokenResponse {
+  access_token: string;
+  expires_in?: number;
+  id_token: string;
+  refresh_token: string;
+}
+
 export type IUpdateSSOConfiguration = Partial<Omit<ISSOConfiguration, 'id' | 'createdAt' | 'updatedAt' | 'domains'>>

package/src/constants.ts

@@ -16,7 +16,8 @@ export const urls = {
       v1: '/identity/resources/configurations/v1'
     },
     sso: {
-      v1: '/identity/resources/sso/v1'
+      v1: '/identity/resources/sso/v1',
+      v2: '/identity/resources/sso/v2'
     },
     permissions: {
       v1: '/identity/resources/permissions/v1'
@@ -137,5 +138,8 @@ export const urls = {
   },
   webhooks: {
     v1: '/webhook'
-  }
+  },
+  oauth: {
+    v1: '/oauth'
+  },
 }

package/src/fetch.ts

@@ -13,7 +13,7 @@ interface RequestOptions {
   credentials?: RequestCredentials;
 }
 
-async function getBaseUrl(context: ContextOptions): Promise<string> {
+export function getBaseUrl(context: ContextOptions): string {
   let baseUrl = context.baseUrl;
   const prefix = context.urlPrefix || 'frontegg';
   if (!baseUrl.endsWith('/')) {
@@ -26,7 +26,7 @@ async function getBaseUrl(context: ContextOptions): Promise<string> {
 }
 
 async function prepareUrl(context: ContextOptions, url: string, params?: any): Promise<string> {
-  const baseUrl = await getBaseUrl(context);
+  const baseUrl = getBaseUrl(context);
   const paramsToSend = await buildQueryParams(context, params);
 
   let finalUrl = url.startsWith('http') ? url : `${baseUrl}${url}`;

package/src/interfaces.ts

@@ -17,6 +17,7 @@ export type LogLevel = 'warn' | 'error';
 
 export interface ContextOptions {
   baseUrl: string;
+  clientId?: string;
   tokenResolver?: () => Promise<string> | string; // custom resolve Authorization Header value
   additionalQueryParamsResolver?: () => Promise<KeyValuePair[]> | KeyValuePair[];
   additionalHeadersResolver?: () => Promise<KeyValuePair[]> | KeyValuePair[];

package/src/jwt.ts

@@ -87,6 +87,6 @@ export const jwtDecode = (token: string, options: { header?: boolean } = {}) =>
   try {
     return JSON.parse(base64UrlDecode(token.split('.')[pos]));
   } catch (e) {
-    throw new InvalidTokenError('Invalid token specified: ' + e.message);
+    throw new InvalidTokenError('Invalid token specified: ' + (e as Error).message);
   }
 };