@itwin/map-layers-auth 3.5.0-dev.4 → 3.5.0-dev.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/lib/cjs/ArcGis/ArcGisAccessClient.d.ts +66 -66
  2. package/lib/cjs/ArcGis/ArcGisAccessClient.js +294 -294
  3. package/lib/cjs/ArcGis/ArcGisAccessClient.js.map +1 -1
  4. package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.d.ts +22 -22
  5. package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.js +46 -46
  6. package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.js.map +1 -1
  7. package/lib/cjs/ArcGis/ArcGisTokenGenerator.d.ts +41 -41
  8. package/lib/cjs/ArcGis/ArcGisTokenGenerator.js +110 -110
  9. package/lib/cjs/ArcGis/ArcGisTokenGenerator.js.map +1 -1
  10. package/lib/cjs/ArcGis/ArcGisTokenManager.d.ts +20 -20
  11. package/lib/cjs/ArcGis/ArcGisTokenManager.js +109 -109
  12. package/lib/cjs/ArcGis/ArcGisTokenManager.js.map +1 -1
  13. package/lib/cjs/ArcGis/ArcGisUrl.d.ts +6 -6
  14. package/lib/cjs/ArcGis/ArcGisUrl.js +49 -49
  15. package/lib/cjs/ArcGis/ArcGisUrl.js.map +1 -1
  16. package/lib/cjs/map-layers-auth.d.ts +5 -5
  17. package/lib/cjs/map-layers-auth.js +21 -21
  18. package/lib/cjs/map-layers-auth.js.map +1 -1
  19. package/lib/esm/ArcGis/ArcGisAccessClient.d.ts +66 -66
  20. package/lib/esm/ArcGis/ArcGisAccessClient.js +290 -290
  21. package/lib/esm/ArcGis/ArcGisAccessClient.js.map +1 -1
  22. package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.d.ts +22 -22
  23. package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.js +42 -42
  24. package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.js.map +1 -1
  25. package/lib/esm/ArcGis/ArcGisTokenGenerator.d.ts +41 -41
  26. package/lib/esm/ArcGis/ArcGisTokenGenerator.js +106 -106
  27. package/lib/esm/ArcGis/ArcGisTokenGenerator.js.map +1 -1
  28. package/lib/esm/ArcGis/ArcGisTokenManager.d.ts +20 -20
  29. package/lib/esm/ArcGis/ArcGisTokenManager.js +105 -105
  30. package/lib/esm/ArcGis/ArcGisTokenManager.js.map +1 -1
  31. package/lib/esm/ArcGis/ArcGisUrl.d.ts +6 -6
  32. package/lib/esm/ArcGis/ArcGisUrl.js +45 -45
  33. package/lib/esm/ArcGis/ArcGisUrl.js.map +1 -1
  34. package/lib/esm/map-layers-auth.d.ts +5 -5
  35. package/lib/esm/map-layers-auth.js +9 -9
  36. package/lib/esm/map-layers-auth.js.map +1 -1
  37. package/package.json +7 -7
package/lib/esm/ArcGis/ArcGisAccessClient.js CHANGED
@@ -1,291 +1,291 @@
1
- /*---------------------------------------------------------------------------------------------
2
- * Copyright (c) Bentley Systems, Incorporated. All rights reserved.
3
- * See LICENSE.md in the project root for license terms and full copyright notice.
4
- *--------------------------------------------------------------------------------------------*/
5
- /** @packageDocumentation
6
- * @module Tiles
7
- */
8
- import { assert, BeEvent } from "@itwin/core-bentley";
9
- import { ArcGisTokenClientType } from "./ArcGisTokenGenerator";
10
- import { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from "./ArcGisOAuth2Endpoint";
11
- import { ArcGisTokenManager } from "./ArcGisTokenManager";
12
- import { ArcGisUrl } from "./ArcGisUrl";
13
- /** @beta */
14
- export class ArcGisAccessClient {
15
- constructor() {
16
- this.onOAuthProcessEnd = new BeEvent();
17
- // Derive the Oauth URL from a typical MapLayerURL
18
- // i.e. https://hostname/server/rest/services/NewYork/NewYork3857/MapServer
19
- // => https://hostname/portal/sharing/oauth2/authorize
20
- this._oauthAuthorizeEndPointsCache = new Map();
21
- this._oauthTokenEndPointsCache = new Map();
22
- }
23
- initialize(oAuthConfig) {
24
- if (oAuthConfig) {
25
- this._redirectUri = oAuthConfig.redirectUri;
26
- this._expiration = oAuthConfig.tokenExpiration;
27
- this._clientIds = oAuthConfig.clientIds;
28
- this.initOauthCallbackFunction();
29
- }
30
- return true;
31
- }
32
- initOauthCallbackFunction() {
33
- window.arcGisOAuth2Callback = (redirectLocation) => {
34
- var _a, _b, _c, _d;
35
- let eventSuccess = false;
36
- let stateData;
37
- if (redirectLocation && redirectLocation.hash.length > 0) {
38
- const locationHash = redirectLocation.hash;
39
- const hashParams = new URLSearchParams(locationHash.substring(1));
40
- const token = (_a = hashParams.get("access_token")) !== null && _a !== void 0 ? _a : undefined;
41
- const expiresInStr = (_b = hashParams.get("expires_in")) !== null && _b !== void 0 ? _b : undefined;
42
- const userName = (_c = hashParams.get("username")) !== null && _c !== void 0 ? _c : undefined;
43
- const ssl = hashParams.get("ssl") === "true";
44
- const stateStr = (_d = hashParams.get("state")) !== null && _d !== void 0 ? _d : undefined;
45
- const persist = hashParams.get("persist") === "true";
46
- if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {
47
- let endpointOrigin;
48
- try {
49
- const state = JSON.parse(stateStr);
50
- stateData = state === null || state === void 0 ? void 0 : state.customData;
51
- endpointOrigin = state === null || state === void 0 ? void 0 : state.endpointOrigin;
52
- }
53
- catch {
54
- }
55
- const expiresIn = Number(expiresInStr);
56
- const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)
57
- if (endpointOrigin !== undefined) {
58
- ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });
59
- eventSuccess = true;
60
- }
61
- }
62
- }
63
- this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);
64
- };
65
- }
66
- unInitialize() {
67
- this._redirectUri = undefined;
68
- this._expiration = undefined;
69
- window.arcGisOAuth2Callback = undefined;
70
- }
71
- async getAccessToken(params) {
72
- // First lookup Oauth2 tokens, otherwise check try "legacy tokens" if credentials were provided
73
- try {
74
- const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());
75
- if (oauth2Token)
76
- return oauth2Token;
77
- if (params.userName && params.password) {
78
- return await ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });
79
- }
80
- }
81
- catch {
82
- }
83
- return undefined;
84
- }
85
- async getTokenServiceEndPoint(mapLayerUrl) {
86
- let tokenEndpoint;
87
- try {
88
- tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);
89
- if (tokenEndpoint) {
90
- }
91
- }
92
- catch { }
93
- return tokenEndpoint;
94
- }
95
- invalidateToken(token) {
96
- let found = ArcGisTokenManager.invalidateToken(token);
97
- if (!found) {
98
- found = ArcGisTokenManager.invalidateOAuth2Token(token);
99
- }
100
- return found;
101
- }
102
- get redirectUri() {
103
- return this._redirectUri;
104
- }
105
- getMatchingEnterpriseClientId(url) {
106
- let clientId;
107
- const clientIds = this.arcGisEnterpriseClientIds;
108
- if (!clientIds) {
109
- return undefined;
110
- }
111
- for (const entry of clientIds) {
112
- if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {
113
- clientId = entry.clientId;
114
- }
115
- }
116
- return clientId;
117
- }
118
- get expiration() {
119
- return this._expiration;
120
- }
121
- get arcGisOnlineClientId() {
122
- var _a;
123
- return (_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.arcgisOnlineClientId;
124
- }
125
- set arcGisOnlineClientId(clientId) {
126
- if (this._clientIds === undefined) {
127
- this._clientIds = { arcgisOnlineClientId: clientId };
128
- }
129
- this._clientIds.arcgisOnlineClientId = clientId;
130
- }
131
- get arcGisEnterpriseClientIds() {
132
- var _a;
133
- return (_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds;
134
- }
135
- setEnterpriseClientId(serviceBaseUrl, clientId) {
136
- var _a;
137
- if ((_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds) {
138
- const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);
139
- if (foundIdx !== -1) {
140
- this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;
141
- }
142
- else {
143
- this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });
144
- }
145
- }
146
- else {
147
- if (this._clientIds === undefined) {
148
- this._clientIds = {};
149
- }
150
- this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];
151
- }
152
- }
153
- removeEnterpriseClientId(clientId) {
154
- var _a, _b, _c;
155
- if ((_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds) {
156
- this._clientIds.enterpriseClientIds = (_c = (_b = this._clientIds) === null || _b === void 0 ? void 0 : _b.enterpriseClientIds) === null || _c === void 0 ? void 0 : _c.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);
157
- }
158
- }
159
- /// //////////
160
- /** @internal */
161
- async getOAuthTokenForMapLayerUrl(mapLayerUrl) {
162
- try {
163
- const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);
164
- if (oauthEndpoint !== undefined) {
165
- const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());
166
- return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);
167
- }
168
- }
169
- catch { }
170
- return undefined;
171
- }
172
- /**
173
- * Test if Oauth2 endpoint is accessible and has an associated appId
174
- * @internal
175
- */
176
- async validateOAuth2Endpoint(endpointUrl) {
177
- // Check if we got a matching appId for that endpoint, otherwise its not worth going further
178
- if (undefined === this.getMatchingEnterpriseClientId(endpointUrl)) {
179
- return false;
180
- }
181
- let status;
182
- try {
183
- const data = await fetch(endpointUrl, { method: "GET" });
184
- status = data.status;
185
- }
186
- catch (error) {
187
- status = error.status;
188
- }
189
- return status === 400; // Oauth2 API returns 400 (Bad Request) when there are missing parameters
190
- }
191
- /**
192
- * Get OAuth2 endpoint that must be cause to get the Oauth2 token
193
- * @internal
194
- */
195
- async getOAuth2Endpoint(url, endpoint) {
196
- // Return from cache if available
197
- const cachedEndpoint = (endpoint === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));
198
- if (cachedEndpoint !== undefined) {
199
- return cachedEndpoint;
200
- }
201
- const cacheResult = (obj) => {
202
- if (endpoint === ArcGisOAuth2EndpointType.Authorize) {
203
- this._oauthAuthorizeEndPointsCache.set(url, obj);
204
- }
205
- else {
206
- this._oauthTokenEndPointsCache.set(url, obj);
207
- }
208
- };
209
- const endpointStr = (endpoint === ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
210
- const urlObj = new URL(url);
211
- if (urlObj.hostname.toLowerCase().endsWith("arcgis.com")) {
212
- // ArcGIS Online (fixed)
213
- // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/
214
- if (this.arcGisOnlineClientId === undefined) {
215
- return undefined;
216
- }
217
- const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;
218
- return new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(oauth2Url, true), true);
219
- }
220
- else {
221
- // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'
222
- let restUrlFromTokenService;
223
- try {
224
- restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
225
- }
226
- catch { }
227
- if (restUrlFromTokenService !== undefined) {
228
- // Validate the URL we just composed
229
- try {
230
- const oauth2Url = `${restUrlFromTokenService.toString()}oauth2/${endpointStr}`;
231
- if (await this.validateOAuth2Endpoint(oauth2Url)) {
232
- const oauthEndpoint = new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, false), false);
233
- cacheResult(oauthEndpoint);
234
- return oauthEndpoint;
235
- }
236
- }
237
- catch { }
238
- }
239
- // If reach this point, that means we could not derive the token endpoint from 'tokenServicesUrl'
240
- // lets use another approach.
241
- // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize
242
- const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
243
- if (regExMatch !== null && regExMatch.length >= 2) {
244
- const subdirectory = regExMatch[1];
245
- const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
246
- const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
247
- // Check again the URL we just composed
248
- try {
249
- const newUrl = newUrlObj.toString();
250
- if (await this.validateOAuth2Endpoint(newUrl)) {
251
- const oauthEndpoint = new ArcGisOAuth2Endpoint(newUrl, this.constructLoginUrl(newUrl, false), false);
252
- cacheResult(oauthEndpoint);
253
- return oauthEndpoint;
254
- }
255
- }
256
- catch { }
257
- }
258
- }
259
- return undefined; // we could not find any valid oauth2 endpoint
260
- }
261
- /**
262
- * Construct the complete Authorize url to starts the Oauth process
263
- * @internal
264
- */
265
- constructLoginUrl(url, isArcgisOnline) {
266
- const urlObj = new URL(url);
267
- // Set the client id
268
- if (isArcgisOnline) {
269
- const clientId = this.arcGisOnlineClientId;
270
- assert(clientId !== undefined);
271
- if (clientId !== undefined) {
272
- urlObj.searchParams.set("client_id", clientId);
273
- }
274
- }
275
- else {
276
- const clientId = this.getMatchingEnterpriseClientId(url);
277
- assert(clientId !== undefined);
278
- if (undefined !== clientId) {
279
- urlObj.searchParams.set("client_id", clientId);
280
- }
281
- }
282
- urlObj.searchParams.set("response_type", "token");
283
- if (this.expiration !== undefined) {
284
- urlObj.searchParams.set("expiration", `${this.expiration}`);
285
- }
286
- if (this.redirectUri)
287
- urlObj.searchParams.set("redirect_uri", this.redirectUri);
288
- return urlObj.toString();
289
- }
290
- }
1
+ /*---------------------------------------------------------------------------------------------
2
+ * Copyright (c) Bentley Systems, Incorporated. All rights reserved.
3
+ * See LICENSE.md in the project root for license terms and full copyright notice.
4
+ *--------------------------------------------------------------------------------------------*/
5
+ /** @packageDocumentation
6
+ * @module Tiles
7
+ */
8
+ import { assert, BeEvent } from "@itwin/core-bentley";
9
+ import { ArcGisTokenClientType } from "./ArcGisTokenGenerator";
10
+ import { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from "./ArcGisOAuth2Endpoint";
11
+ import { ArcGisTokenManager } from "./ArcGisTokenManager";
12
+ import { ArcGisUrl } from "./ArcGisUrl";
13
+ /** @beta */
14
+ export class ArcGisAccessClient {
15
+ constructor() {
16
+ this.onOAuthProcessEnd = new BeEvent();
17
+ // Derive the Oauth URL from a typical MapLayerURL
18
+ // i.e. https://hostname/server/rest/services/NewYork/NewYork3857/MapServer
19
+ // => https://hostname/portal/sharing/oauth2/authorize
20
+ this._oauthAuthorizeEndPointsCache = new Map();
21
+ this._oauthTokenEndPointsCache = new Map();
22
+ }
23
+ initialize(oAuthConfig) {
24
+ if (oAuthConfig) {
25
+ this._redirectUri = oAuthConfig.redirectUri;
26
+ this._expiration = oAuthConfig.tokenExpiration;
27
+ this._clientIds = oAuthConfig.clientIds;
28
+ this.initOauthCallbackFunction();
29
+ }
30
+ return true;
31
+ }
32
+ initOauthCallbackFunction() {
33
+ window.arcGisOAuth2Callback = (redirectLocation) => {
34
+ var _a, _b, _c, _d;
35
+ let eventSuccess = false;
36
+ let stateData;
37
+ if (redirectLocation && redirectLocation.hash.length > 0) {
38
+ const locationHash = redirectLocation.hash;
39
+ const hashParams = new URLSearchParams(locationHash.substring(1));
40
+ const token = (_a = hashParams.get("access_token")) !== null && _a !== void 0 ? _a : undefined;
41
+ const expiresInStr = (_b = hashParams.get("expires_in")) !== null && _b !== void 0 ? _b : undefined;
42
+ const userName = (_c = hashParams.get("username")) !== null && _c !== void 0 ? _c : undefined;
43
+ const ssl = hashParams.get("ssl") === "true";
44
+ const stateStr = (_d = hashParams.get("state")) !== null && _d !== void 0 ? _d : undefined;
45
+ const persist = hashParams.get("persist") === "true";
46
+ if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {
47
+ let endpointOrigin;
48
+ try {
49
+ const state = JSON.parse(stateStr);
50
+ stateData = state === null || state === void 0 ? void 0 : state.customData;
51
+ endpointOrigin = state === null || state === void 0 ? void 0 : state.endpointOrigin;
52
+ }
53
+ catch {
54
+ }
55
+ const expiresIn = Number(expiresInStr);
56
+ const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)
57
+ if (endpointOrigin !== undefined) {
58
+ ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });
59
+ eventSuccess = true;
60
+ }
61
+ }
62
+ }
63
+ this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);
64
+ };
65
+ }
66
+ unInitialize() {
67
+ this._redirectUri = undefined;
68
+ this._expiration = undefined;
69
+ window.arcGisOAuth2Callback = undefined;
70
+ }
71
+ async getAccessToken(params) {
72
+ // First lookup Oauth2 tokens, otherwise check try "legacy tokens" if credentials were provided
73
+ try {
74
+ const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());
75
+ if (oauth2Token)
76
+ return oauth2Token;
77
+ if (params.userName && params.password) {
78
+ return await ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });
79
+ }
80
+ }
81
+ catch {
82
+ }
83
+ return undefined;
84
+ }
85
+ async getTokenServiceEndPoint(mapLayerUrl) {
86
+ let tokenEndpoint;
87
+ try {
88
+ tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);
89
+ if (tokenEndpoint) {
90
+ }
91
+ }
92
+ catch { }
93
+ return tokenEndpoint;
94
+ }
95
+ invalidateToken(token) {
96
+ let found = ArcGisTokenManager.invalidateToken(token);
97
+ if (!found) {
98
+ found = ArcGisTokenManager.invalidateOAuth2Token(token);
99
+ }
100
+ return found;
101
+ }
102
+ get redirectUri() {
103
+ return this._redirectUri;
104
+ }
105
+ getMatchingEnterpriseClientId(url) {
106
+ let clientId;
107
+ const clientIds = this.arcGisEnterpriseClientIds;
108
+ if (!clientIds) {
109
+ return undefined;
110
+ }
111
+ for (const entry of clientIds) {
112
+ if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {
113
+ clientId = entry.clientId;
114
+ }
115
+ }
116
+ return clientId;
117
+ }
118
+ get expiration() {
119
+ return this._expiration;
120
+ }
121
+ get arcGisOnlineClientId() {
122
+ var _a;
123
+ return (_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.arcgisOnlineClientId;
124
+ }
125
+ set arcGisOnlineClientId(clientId) {
126
+ if (this._clientIds === undefined) {
127
+ this._clientIds = { arcgisOnlineClientId: clientId };
128
+ }
129
+ this._clientIds.arcgisOnlineClientId = clientId;
130
+ }
131
+ get arcGisEnterpriseClientIds() {
132
+ var _a;
133
+ return (_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds;
134
+ }
135
+ setEnterpriseClientId(serviceBaseUrl, clientId) {
136
+ var _a;
137
+ if ((_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds) {
138
+ const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);
139
+ if (foundIdx !== -1) {
140
+ this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;
141
+ }
142
+ else {
143
+ this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });
144
+ }
145
+ }
146
+ else {
147
+ if (this._clientIds === undefined) {
148
+ this._clientIds = {};
149
+ }
150
+ this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];
151
+ }
152
+ }
153
+ removeEnterpriseClientId(clientId) {
154
+ var _a, _b, _c;
155
+ if ((_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds) {
156
+ this._clientIds.enterpriseClientIds = (_c = (_b = this._clientIds) === null || _b === void 0 ? void 0 : _b.enterpriseClientIds) === null || _c === void 0 ? void 0 : _c.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);
157
+ }
158
+ }
159
+ /// //////////
160
+ /** @internal */
161
+ async getOAuthTokenForMapLayerUrl(mapLayerUrl) {
162
+ try {
163
+ const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);
164
+ if (oauthEndpoint !== undefined) {
165
+ const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());
166
+ return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);
167
+ }
168
+ }
169
+ catch { }
170
+ return undefined;
171
+ }
172
+ /**
173
+ * Test if Oauth2 endpoint is accessible and has an associated appId
174
+ * @internal
175
+ */
176
+ async validateOAuth2Endpoint(endpointUrl) {
177
+ // Check if we got a matching appId for that endpoint, otherwise its not worth going further
178
+ if (undefined === this.getMatchingEnterpriseClientId(endpointUrl)) {
179
+ return false;
180
+ }
181
+ let status;
182
+ try {
183
+ const data = await fetch(endpointUrl, { method: "GET" });
184
+ status = data.status;
185
+ }
186
+ catch (error) {
187
+ status = error.status;
188
+ }
189
+ return status === 400; // Oauth2 API returns 400 (Bad Request) when there are missing parameters
190
+ }
191
+ /**
192
+ * Get OAuth2 endpoint that must be cause to get the Oauth2 token
193
+ * @internal
194
+ */
195
+ async getOAuth2Endpoint(url, endpoint) {
196
+ // Return from cache if available
197
+ const cachedEndpoint = (endpoint === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));
198
+ if (cachedEndpoint !== undefined) {
199
+ return cachedEndpoint;
200
+ }
201
+ const cacheResult = (obj) => {
202
+ if (endpoint === ArcGisOAuth2EndpointType.Authorize) {
203
+ this._oauthAuthorizeEndPointsCache.set(url, obj);
204
+ }
205
+ else {
206
+ this._oauthTokenEndPointsCache.set(url, obj);
207
+ }
208
+ };
209
+ const endpointStr = (endpoint === ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
210
+ const urlObj = new URL(url);
211
+ if (urlObj.hostname.toLowerCase().endsWith("arcgis.com")) {
212
+ // ArcGIS Online (fixed)
213
+ // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/
214
+ if (this.arcGisOnlineClientId === undefined) {
215
+ return undefined;
216
+ }
217
+ const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;
218
+ return new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(oauth2Url, true), true);
219
+ }
220
+ else {
221
+ // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'
222
+ let restUrlFromTokenService;
223
+ try {
224
+ restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
225
+ }
226
+ catch { }
227
+ if (restUrlFromTokenService !== undefined) {
228
+ // Validate the URL we just composed
229
+ try {
230
+ const oauth2Url = `${restUrlFromTokenService.toString()}oauth2/${endpointStr}`;
231
+ if (await this.validateOAuth2Endpoint(oauth2Url)) {
232
+ const oauthEndpoint = new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, false), false);
233
+ cacheResult(oauthEndpoint);
234
+ return oauthEndpoint;
235
+ }
236
+ }
237
+ catch { }
238
+ }
239
+ // If reach this point, that means we could not derive the token endpoint from 'tokenServicesUrl'
240
+ // lets use another approach.
241
+ // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize
242
+ const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
243
+ if (regExMatch !== null && regExMatch.length >= 2) {
244
+ const subdirectory = regExMatch[1];
245
+ const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
246
+ const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
247
+ // Check again the URL we just composed
248
+ try {
249
+ const newUrl = newUrlObj.toString();
250
+ if (await this.validateOAuth2Endpoint(newUrl)) {
251
+ const oauthEndpoint = new ArcGisOAuth2Endpoint(newUrl, this.constructLoginUrl(newUrl, false), false);
252
+ cacheResult(oauthEndpoint);
253
+ return oauthEndpoint;
254
+ }
255
+ }
256
+ catch { }
257
+ }
258
+ }
259
+ return undefined; // we could not find any valid oauth2 endpoint
260
+ }
261
+ /**
262
+ * Construct the complete Authorize url to starts the Oauth process
263
+ * @internal
264
+ */
265
+ constructLoginUrl(url, isArcgisOnline) {
266
+ const urlObj = new URL(url);
267
+ // Set the client id
268
+ if (isArcgisOnline) {
269
+ const clientId = this.arcGisOnlineClientId;
270
+ assert(clientId !== undefined);
271
+ if (clientId !== undefined) {
272
+ urlObj.searchParams.set("client_id", clientId);
273
+ }
274
+ }
275
+ else {
276
+ const clientId = this.getMatchingEnterpriseClientId(url);
277
+ assert(clientId !== undefined);
278
+ if (undefined !== clientId) {
279
+ urlObj.searchParams.set("client_id", clientId);
280
+ }
281
+ }
282
+ urlObj.searchParams.set("response_type", "token");
283
+ if (this.expiration !== undefined) {
284
+ urlObj.searchParams.set("expiration", `${this.expiration}`);
285
+ }
286
+ if (this.redirectUri)
287
+ urlObj.searchParams.set("redirect_uri", this.redirectUri);
288
+ return urlObj.toString();
289
+ }
290
+ }
291
291
  //# sourceMappingURL=ArcGisAccessClient.js.map