@itwin/map-layers-auth 3.6.0-dev.8 → 4.0.0-dev.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +26 -1
- package/lib/cjs/ArcGis/ArcGisAccessClient.d.ts +10 -6
- package/lib/cjs/ArcGis/ArcGisAccessClient.d.ts.map +1 -1
- package/lib/cjs/ArcGis/ArcGisAccessClient.js +49 -73
- package/lib/cjs/ArcGis/ArcGisAccessClient.js.map +1 -1
- package/lib/cjs/ArcGis/ArcGisTokenManager.d.ts.map +1 -1
- package/lib/cjs/ArcGis/ArcGisTokenManager.js +5 -2
- package/lib/cjs/ArcGis/ArcGisTokenManager.js.map +1 -1
- package/lib/esm/ArcGis/ArcGisAccessClient.d.ts +10 -6
- package/lib/esm/ArcGis/ArcGisAccessClient.d.ts.map +1 -1
- package/lib/esm/ArcGis/ArcGisAccessClient.js +49 -73
- package/lib/esm/ArcGis/ArcGisAccessClient.js.map +1 -1
- package/lib/esm/ArcGis/ArcGisTokenManager.d.ts.map +1 -1
- package/lib/esm/ArcGis/ArcGisTokenManager.js +5 -2
- package/lib/esm/ArcGis/ArcGisTokenManager.js.map +1 -1
- package/package.json +7 -7
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,31 @@
|
|
|
1
1
|
# Change Log - @itwin/map-layers-auth
|
|
2
2
|
|
|
3
|
-
This log was last generated on
|
|
3
|
+
This log was last generated on Thu, 26 Jan 2023 22:53:27 GMT and should not be manually modified.
|
|
4
|
+
|
|
5
|
+
## 3.5.5
|
|
6
|
+
Thu, 26 Jan 2023 22:53:27 GMT
|
|
7
|
+
|
|
8
|
+
_Version update only_
|
|
9
|
+
|
|
10
|
+
## 3.5.4
|
|
11
|
+
Wed, 18 Jan 2023 15:27:15 GMT
|
|
12
|
+
|
|
13
|
+
_Version update only_
|
|
14
|
+
|
|
15
|
+
## 3.5.3
|
|
16
|
+
Fri, 13 Jan 2023 17:23:07 GMT
|
|
17
|
+
|
|
18
|
+
_Version update only_
|
|
19
|
+
|
|
20
|
+
## 3.5.2
|
|
21
|
+
Wed, 11 Jan 2023 16:46:30 GMT
|
|
22
|
+
|
|
23
|
+
_Version update only_
|
|
24
|
+
|
|
25
|
+
## 3.5.1
|
|
26
|
+
Thu, 15 Dec 2022 16:38:29 GMT
|
|
27
|
+
|
|
28
|
+
_Version update only_
|
|
4
29
|
|
|
5
30
|
## 3.5.0
|
|
6
31
|
Wed, 07 Dec 2022 19:12:37 GMT
|
|
@@ -47,17 +47,21 @@ export declare class ArcGisAccessClient implements MapLayerAccessClient {
|
|
|
47
47
|
removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId): void;
|
|
48
48
|
/** @internal */
|
|
49
49
|
private getOAuthTokenForMapLayerUrl;
|
|
50
|
-
/**
|
|
51
|
-
* Test if Oauth2 endpoint is accessible and has an associated appId
|
|
52
|
-
* @return true/false if validation succeeded, undefined if validation could not be performed (i.e CORS/network error)
|
|
53
|
-
* @internal
|
|
54
|
-
*/
|
|
55
|
-
private validateOAuth2Endpoint;
|
|
56
50
|
private _oauthAuthorizeEndPointsCache;
|
|
57
51
|
private _oauthTokenEndPointsCache;
|
|
58
52
|
/**
|
|
59
53
|
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
60
54
|
* @internal
|
|
55
|
+
*/
|
|
56
|
+
private cacheEndpoint;
|
|
57
|
+
/**
|
|
58
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
59
|
+
* @internal
|
|
60
|
+
*/
|
|
61
|
+
private createEndpoint;
|
|
62
|
+
/**
|
|
63
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
64
|
+
* @internal
|
|
61
65
|
*/
|
|
62
66
|
private getOAuth2Endpoint;
|
|
63
67
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisAccessClient.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAU,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAMnI,YAAY;AACZ,MAAM,WAAW,wBAAwB;IAGvC,cAAc,EAAE,MAAM,CAAC;IAGvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,YAAY;AACZ,MAAM,WAAW,oBAAoB;IAEnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,mBAAmB,CAAC,EAAE,wBAAwB,EAAE,CAAC;CAClD;AAED;;;;EAIE;AACF,MAAM,WAAW,iBAAiB;IAIhC,WAAW,EAAE,MAAM,CAAC;IAGpB,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,SAAS,EAAE,oBAAoB,CAAC;CACjC;AAED,YAAY;AACZ,qBAAa,kBAAmB,YAAW,oBAAoB;IAC7D,SAAgB,iBAAiB,kDAAiB;IAClD,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,UAAU,CAAmC;IAGrD,OAAO,CAAC,iBAAiB,CAAS;;IAK3B,UAAU,CAAC,WAAW,CAAC,EAAE,iBAAiB,GAAG,OAAO;IAW3D,OAAO,CAAC,yBAAyB;IAoC1B,YAAY;IAMN,cAAc,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"ArcGisAccessClient.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAU,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAMnI,YAAY;AACZ,MAAM,WAAW,wBAAwB;IAGvC,cAAc,EAAE,MAAM,CAAC;IAGvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,YAAY;AACZ,MAAM,WAAW,oBAAoB;IAEnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,mBAAmB,CAAC,EAAE,wBAAwB,EAAE,CAAC;CAClD;AAED;;;;EAIE;AACF,MAAM,WAAW,iBAAiB;IAIhC,WAAW,EAAE,MAAM,CAAC;IAGpB,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,SAAS,EAAE,oBAAoB,CAAC;CACjC;AAED,YAAY;AACZ,qBAAa,kBAAmB,YAAW,oBAAoB;IAC7D,SAAgB,iBAAiB,kDAAiB;IAClD,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,UAAU,CAAmC;IAGrD,OAAO,CAAC,iBAAiB,CAAS;;IAK3B,UAAU,CAAC,WAAW,CAAC,EAAE,iBAAiB,GAAG,OAAO;IAW3D,OAAO,CAAC,yBAAyB;IAoC1B,YAAY;IAMN,cAAc,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAgB3F,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,SAAS,CAAC;IAkB9F,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO;IAQ3D,IAAW,WAAW,uBAErB;IAEM,6BAA6B,CAAC,GAAG,EAAE,MAAM;IA0BhD,IAAW,UAAU,uBAEpB;IAED,IAAW,oBAAoB,IAIW,MAAM,GAAG,SAAS,CAF3D;IAED,IAAW,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAK3D;IAED,IAAW,yBAAyB,2CAEnC;IAEM,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAiB9D,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB;IASlE,gBAAgB;YACF,2BAA2B;IAczC,OAAO,CAAC,6BAA6B,CAA0B;IAC/D,OAAO,CAAC,yBAAyB,CAA0B;IAE3D;;;KAGC;IACD,OAAO,CAAE,aAAa;IAQtB;;;KAGC;YACa,cAAc;IAO5B;;;KAGC;YACa,iBAAiB;IAiD/B;;;KAGC;IACD,OAAO,CAAC,iBAAiB;CA8B1B"}
|
|
@@ -75,29 +75,28 @@ class ArcGisAccessClient {
|
|
|
75
75
|
}
|
|
76
76
|
async getAccessToken(params) {
|
|
77
77
|
// First lookup Oauth2 tokens, otherwise check try "legacy tokens" if credentials were provided
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
return oauth2Token;
|
|
83
|
-
}
|
|
84
|
-
if (params.userName && params.password) {
|
|
85
|
-
return await ArcGisTokenManager_1.ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenGenerator_1.ArcGisTokenClientType.referer });
|
|
86
|
-
}
|
|
78
|
+
if (!this._forceLegacyToken) {
|
|
79
|
+
const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());
|
|
80
|
+
if (oauth2Token)
|
|
81
|
+
return oauth2Token;
|
|
87
82
|
}
|
|
88
|
-
|
|
83
|
+
if (params.userName && params.password) {
|
|
84
|
+
return ArcGisTokenManager_1.ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenGenerator_1.ArcGisTokenClientType.referer });
|
|
89
85
|
}
|
|
90
86
|
return undefined;
|
|
91
87
|
}
|
|
92
88
|
async getTokenServiceEndPoint(mapLayerUrl) {
|
|
93
89
|
let tokenEndpoint;
|
|
94
90
|
if (!this._forceLegacyToken) {
|
|
91
|
+
// Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers
|
|
92
|
+
// we could not make a reliable validation.
|
|
95
93
|
try {
|
|
96
94
|
tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize);
|
|
97
95
|
if (tokenEndpoint) {
|
|
98
96
|
}
|
|
99
97
|
}
|
|
100
|
-
catch {
|
|
98
|
+
catch {
|
|
99
|
+
}
|
|
101
100
|
}
|
|
102
101
|
return tokenEndpoint;
|
|
103
102
|
}
|
|
@@ -190,46 +189,38 @@ class ArcGisAccessClient {
|
|
|
190
189
|
return undefined;
|
|
191
190
|
}
|
|
192
191
|
/**
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
if (undefined === this.getMatchingEnterpriseClientId(endpointUrl)) {
|
|
200
|
-
return false;
|
|
201
|
-
}
|
|
202
|
-
let status;
|
|
203
|
-
try {
|
|
204
|
-
const data = await fetch(endpointUrl, { method: "GET" });
|
|
205
|
-
status = data.status;
|
|
192
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
193
|
+
* @internal
|
|
194
|
+
*/
|
|
195
|
+
cacheEndpoint(url, endpoint, obj) {
|
|
196
|
+
if (endpoint === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize) {
|
|
197
|
+
this._oauthAuthorizeEndPointsCache.set(url, obj);
|
|
206
198
|
}
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
// we cannot confirm if the oauth2 endpoint is valid or not, we return undefined
|
|
210
|
-
return undefined;
|
|
199
|
+
else {
|
|
200
|
+
this._oauthTokenEndPointsCache.set(url, obj);
|
|
211
201
|
}
|
|
212
|
-
return status === 400; // Oauth2 API returns 400 (Bad Request) when there are missing parameters
|
|
213
202
|
}
|
|
214
203
|
/**
|
|
215
204
|
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
216
205
|
* @internal
|
|
217
206
|
*/
|
|
218
|
-
async
|
|
207
|
+
async createEndpoint(url, endpoint) {
|
|
208
|
+
// Validate the URL we just composed
|
|
209
|
+
const oauthEndpoint = new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);
|
|
210
|
+
this.cacheEndpoint(url, endpoint, oauthEndpoint);
|
|
211
|
+
return oauthEndpoint;
|
|
212
|
+
}
|
|
213
|
+
/**
|
|
214
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
215
|
+
* @internal
|
|
216
|
+
*/
|
|
217
|
+
async getOAuth2Endpoint(url, endpointType) {
|
|
219
218
|
// Return from cache if available
|
|
220
|
-
const cachedEndpoint = (
|
|
219
|
+
const cachedEndpoint = (endpointType === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));
|
|
221
220
|
if (cachedEndpoint !== undefined) {
|
|
222
221
|
return cachedEndpoint;
|
|
223
222
|
}
|
|
224
|
-
const
|
|
225
|
-
if (endpoint === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize) {
|
|
226
|
-
this._oauthAuthorizeEndPointsCache.set(url, obj);
|
|
227
|
-
}
|
|
228
|
-
else {
|
|
229
|
-
this._oauthTokenEndPointsCache.set(url, obj);
|
|
230
|
-
}
|
|
231
|
-
};
|
|
232
|
-
const endpointStr = (endpoint === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
|
|
223
|
+
const endpointStr = (endpointType === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
|
|
233
224
|
const urlObj = new URL(url);
|
|
234
225
|
if (urlObj.hostname.toLowerCase().endsWith("arcgis.com")) {
|
|
235
226
|
// ArcGIS Online (fixed)
|
|
@@ -238,46 +229,31 @@ class ArcGisAccessClient {
|
|
|
238
229
|
return undefined;
|
|
239
230
|
}
|
|
240
231
|
const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;
|
|
241
|
-
return new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(
|
|
232
|
+
return new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);
|
|
242
233
|
}
|
|
243
234
|
else {
|
|
244
235
|
// First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'
|
|
245
|
-
let restUrlFromTokenService;
|
|
246
236
|
try {
|
|
247
|
-
restUrlFromTokenService = await ArcGisUrl_1.ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
cacheResult(oauthEndpoint);
|
|
259
|
-
return oauthEndpoint;
|
|
237
|
+
const restUrlFromTokenService = await ArcGisUrl_1.ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
|
|
238
|
+
if (restUrlFromTokenService === undefined) {
|
|
239
|
+
// We could not derive the token endpoint from 'tokenServicesUrl'.
|
|
240
|
+
// ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize
|
|
241
|
+
const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
|
|
242
|
+
if (regExMatch !== null && regExMatch.length >= 2) {
|
|
243
|
+
const subdirectory = regExMatch[1];
|
|
244
|
+
const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
|
|
245
|
+
const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
|
|
246
|
+
// Check again the URL we just composed
|
|
247
|
+
return await this.createEndpoint(newUrlObj.toString(), endpointType);
|
|
260
248
|
}
|
|
261
249
|
}
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
|
|
267
|
-
if (regExMatch !== null && regExMatch.length >= 2) {
|
|
268
|
-
const subdirectory = regExMatch[1];
|
|
269
|
-
const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
|
|
270
|
-
const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
|
|
271
|
-
// Check again the URL we just composed
|
|
272
|
-
try {
|
|
273
|
-
const newUrl = newUrlObj.toString();
|
|
274
|
-
if (await this.validateOAuth2Endpoint(newUrl)) {
|
|
275
|
-
const oauthEndpoint = new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(newUrl, this.constructLoginUrl(newUrl, false), false);
|
|
276
|
-
cacheResult(oauthEndpoint);
|
|
277
|
-
return oauthEndpoint;
|
|
278
|
-
}
|
|
250
|
+
else {
|
|
251
|
+
const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);
|
|
252
|
+
if (endpoint)
|
|
253
|
+
return endpoint;
|
|
279
254
|
}
|
|
280
|
-
|
|
255
|
+
}
|
|
256
|
+
catch {
|
|
281
257
|
}
|
|
282
258
|
}
|
|
283
259
|
return undefined; // we could not find any valid oauth2 endpoint
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisAccessClient.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":";AAAA;;;+FAG+F;AAC/F;;GAEG;;;AAEH,sDAAsD;AAEtD,iEAAkF;AAClF,iEAAwF;AACxF,6DAA0D;AAC1D,2CAAwC;AAuCxC,YAAY;AACZ,MAAa,kBAAkB;IAS7B;QARgB,sBAAiB,GAAG,IAAI,sBAAO,EAAE,CAAC;QAKlD,sDAAsD;QAC9C,sBAAiB,GAAG,KAAK,CAAC;QAkNlC,kDAAkD;QAClD,8EAA8E;QAC9E,4DAA4D;QACpD,kCAA6B,GAAG,IAAI,GAAG,EAAe,CAAC;QACvD,8BAAyB,GAAG,IAAI,GAAG,EAAe,CAAC;IAnN3D,CAAC;IAEM,UAAU,CAAC,WAA+B;QAC/C,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC;YAExC,IAAI,CAAC,yBAAyB,EAAE,CAAC;SAClC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB;QAC9B,MAAc,CAAC,oBAAoB,GAAG,CAAC,gBAA2B,EAAE,EAAE;;YACrE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,SAAS,CAAC;YAEd,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,mCAAI,SAAS,CAAC;gBAC1D,MAAM,YAAY,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,mCAAI,SAAS,CAAC;gBAC/D,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,SAAS,CAAC;gBACzD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC7C,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,mCAAI,SAAS,CAAC;gBACtD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;gBACrD,IAAI,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE;oBAC9H,IAAI,cAAc,CAAC;oBACnB,IAAI;wBACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACnC,SAAS,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,UAAU,CAAC;wBAC9B,cAAc,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,CAAC;qBAExC;oBAAC,MAAM;qBACP;oBACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;oBACvC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAG,6EAA6E;oBACrI,IAAI,cAAc,KAAK,SAAS,EAAE;wBAChC,uCAAkB,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChG,YAAY,GAAG,IAAI,CAAC;qBACrB;iBAEF;aACF;YACD,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC5B,MAAc,CAAC,oBAAoB,GAAG,SAAS,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAiC;QAC3D,+FAA+F;QAC/F,IAAI;YAEF,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1F,IAAI,WAAW;oBACb,OAAO,WAAW,CAAC;aACtB;YAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;gBACtC,OAAO,MAAM,uCAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,4CAAqB,CAAC,OAAO,EAAE,CAAC,CAAC;aACtJ;SACF;QAAC,MAAM;SAEP;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QACtD,IAAI,aAA+C,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,IAAI;gBACF,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;gBAC9F,IAAI,aAAa,EAAE;iBAElB;aACF;YAAC,MAAM,GAAG;SACZ;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,eAAe,CAAC,KAA0B;QAC/C,IAAI,KAAK,GAAG,uCAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,uCAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;SACzD;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,6BAA6B,CAAC,GAAW;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE;YACd,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAA4B,CAAC;QACjC,IAAI,eAAmC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE;YAC7B,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;aAClC;iBAAM;gBACL,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;oBACtD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;iBAC3B;aACF;SACF;QAED,2EAA2E;QAC3E,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE;YAC3D,QAAQ,GAAG,eAAe,CAAC;SAC5B;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAW,oBAAoB;;QAC7B,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,oBAAoB,CAAC;IAC/C,CAAC;IAED,IAAW,oBAAoB,CAAC,QAA4B;QAC1D,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,IAAI,CAAC,UAAU,GAAG,EAAE,oBAAoB,EAAE,QAAQ,EAAE,CAAC;SACtD;QACD,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,QAAQ,CAAC;IAClD,CAAC;IAED,IAAW,yBAAyB;;QAClC,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,CAAC;IAC9C,CAAC;IAEM,qBAAqB,CAAC,cAAsB,EAAE,QAAgB;;QAEnE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACnH,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;aACnE;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxE;SACF;aAAM;YACL,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;gBACjC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;aACtB;YACD,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAEM,wBAAwB,CAAC,QAAkC;;QAEhE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,MAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,0CAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,cAAc,CAAC,CAAC;SAC/I;IAEH,CAAC;IAED,cAAc;IACd,gBAAgB;IACR,KAAK,CAAC,2BAA2B,CAAC,WAAmB;QAC3D,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;YACpG,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzD,OAAO,uCAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;aACnE;SACF;QAAC,MAAM,GAAG;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;MAIE;IACM,KAAK,CAAC,sBAAsB,CAAC,WAAmB;QAEtD,4FAA4F;QAC5F,IAAI,SAAS,KAAK,IAAI,CAAC,6BAA6B,CAAC,WAAW,CAAC,EAAE;YACjE,OAAO,KAAK,CAAC;SACd;QAED,IAAI,MAA0B,CAAC;QAC/B,IAAI;YACF,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;SACtB;QAAC,OAAO,KAAU,EAAE;YACnB,6DAA6D;YAC7D,gFAAgF;YAChF,OAAO,SAAS,CAAC;SAClB;QACD,OAAO,MAAM,KAAK,GAAG,CAAC,CAAI,yEAAyE;IACrG,CAAC;IAQD;;;KAGC;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,QAAkC;QAE7E,iCAAiC;QACjC,MAAM,cAAc,GAAG,CAAC,QAAQ,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACjK,IAAI,cAAc,KAAK,SAAS,EAAE;YAChC,OAAO,cAAc,CAAC;SACvB;QAED,MAAM,WAAW,GAAG,CAAC,GAAyB,EAAE,EAAE;YAChD,IAAI,QAAQ,KAAK,+CAAwB,CAAC,SAAS,EAAE;gBACnD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;aAClD;iBAAM;gBACL,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;aAC9C;QACH,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,CAAC,QAAQ,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC9F,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YACxD,wBAAwB;YACxB,iGAAiG;YAEjG,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE;gBAC3C,OAAO,SAAS,CAAC;aAClB;YAED,MAAM,SAAS,GAAG,8CAA8C,WAAW,EAAE,CAAC;YAC9E,OAAO,IAAI,2CAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;SACrF;aAAM;YAEL,wGAAwG;YACxG,IAAI,uBAAwC,CAAC;YAC7C,IAAI;gBACF,uBAAuB,GAAG,MAAM,qBAAS,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;aAClF;YAAC,MAAM,GAAG;YAEX,IAAI,uBAAuB,KAAK,SAAS,EAAE;gBACzC,oCAAoC;gBACpC,IAAI;oBACF,MAAM,SAAS,GAAG,GAAG,uBAAuB,CAAC,QAAQ,EAAE,UAAU,WAAW,EAAE,CAAC;oBAC/E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;oBAC3D,qGAAqG;oBACrG,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,EAAE;wBAChC,MAAM,aAAa,GAAG,IAAI,2CAAoB,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;wBAC3G,WAAW,CAAC,aAAa,CAAC,CAAC;wBAC3B,OAAO,aAAa,CAAC;qBACtB;iBACF;gBAAC,MAAM,GAAG;aACZ;YAED,2HAA2H;YAC3H,8FAA8F;YAC9F,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;gBACjD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBACnC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,YAAY,wBAAwB,WAAW,EAAE,CAAC,CAAC;gBAE9H,uCAAuC;gBACvC,IAAI;oBACF,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;oBACpC,IAAI,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE;wBAC7C,MAAM,aAAa,GAAG,IAAI,2CAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;wBACrG,WAAW,CAAC,aAAa,CAAC,CAAC;wBAC3B,OAAO,aAAa,CAAC;qBACtB;iBACF;gBAAC,MAAM,GAAG;aACZ;SAEF;QACD,OAAO,SAAS,CAAC,CAAG,8CAA8C;IACpE,CAAC;IAED;;;KAGC;IACO,iBAAiB,CAAC,GAAW,EAAE,cAAuB;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,oBAAoB;QACpB,IAAI,cAAc,EAAE;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC3C,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,QAAQ,KAAK,SAAS,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SAEF;aAAM;YACL,MAAM,QAAQ,GAAG,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACzD,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SACF;QAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;SAC7D;QAED,IAAI,IAAI,CAAC,WAAW;YAClB,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;CAEF;AA9UD,gDA8UC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { assert, BeEvent } from \"@itwin/core-bentley\";\r\nimport { MapLayerAccessClient, MapLayerAccessToken, MapLayerAccessTokenParams, MapLayerTokenEndpoint } from \"@itwin/core-frontend\";\r\nimport { ArcGisOAuth2Token, ArcGisTokenClientType } from \"./ArcGisTokenGenerator\";\r\nimport { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from \"./ArcGisOAuth2Endpoint\";\r\nimport { ArcGisTokenManager } from \"./ArcGisTokenManager\";\r\nimport { ArcGisUrl } from \"./ArcGisUrl\";\r\n\r\n/** @beta */\r\nexport interface ArcGisEnterpriseClientId {\r\n /* Oauth API endpoint base URL (i.e. https://hostname/portal/sharing/oauth2/authorize)\r\n used to identify uniquely each enterprise server. */\r\n serviceBaseUrl: string;\r\n\r\n /* Application's clientId for this enterprise server.*/\r\n clientId: string;\r\n}\r\n\r\n/** @beta */\r\nexport interface ArcGisOAuthClientIds {\r\n /* Application's OAuth clientId in ArcGIS online */\r\n arcgisOnlineClientId?: string;\r\n\r\n /* Application's OAuth clientId for each enterprise server used. */\r\n enterpriseClientIds?: ArcGisEnterpriseClientId[];\r\n}\r\n\r\n/** @beta\r\n * ArcGIS OAuth configurations parameters.\r\n * See https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serverless-web-apps/\r\n * more details.\r\n*/\r\nexport interface ArcGisOAuthConfig {\r\n /* URL to which a user is sent once they complete sign in authorization.\r\n Must match a URI you define in the developer dashboard, otherwise, the authorization will be rejected.\r\n */\r\n redirectUri: string;\r\n\r\n /* Optional expiration after which the token will expire. Defined in minutes with a maximum of two weeks (20160 minutes)*/\r\n tokenExpiration?: number;\r\n\r\n /* Application client Ids */\r\n clientIds: ArcGisOAuthClientIds;\r\n}\r\n\r\n/** @beta */\r\nexport class ArcGisAccessClient implements MapLayerAccessClient {\r\n public readonly onOAuthProcessEnd = new BeEvent();\r\n private _redirectUri: string | undefined;\r\n private _expiration: number | undefined;\r\n private _clientIds: ArcGisOAuthClientIds | undefined;\r\n\r\n // Should be kept to 'false'. Debugging purposes only.\r\n private _forceLegacyToken = false;\r\n\r\n public constructor() {\r\n }\r\n\r\n public initialize(oAuthConfig?: ArcGisOAuthConfig): boolean {\r\n if (oAuthConfig) {\r\n this._redirectUri = oAuthConfig.redirectUri;\r\n this._expiration = oAuthConfig.tokenExpiration;\r\n this._clientIds = oAuthConfig.clientIds;\r\n\r\n this.initOauthCallbackFunction();\r\n }\r\n return true;\r\n }\r\n\r\n private initOauthCallbackFunction() {\r\n (window as any).arcGisOAuth2Callback = (redirectLocation?: Location) => {\r\n let eventSuccess = false;\r\n let stateData;\r\n\r\n if (redirectLocation && redirectLocation.hash.length > 0) {\r\n const locationHash = redirectLocation.hash;\r\n const hashParams = new URLSearchParams(locationHash.substring(1));\r\n const token = hashParams.get(\"access_token\") ?? undefined;\r\n const expiresInStr = hashParams.get(\"expires_in\") ?? undefined;\r\n const userName = hashParams.get(\"username\") ?? undefined;\r\n const ssl = hashParams.get(\"ssl\") === \"true\";\r\n const stateStr = hashParams.get(\"state\") ?? undefined;\r\n const persist = hashParams.get(\"persist\") === \"true\";\r\n if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {\r\n let endpointOrigin;\r\n try {\r\n const state = JSON.parse(stateStr);\r\n stateData = state?.customData;\r\n endpointOrigin = state?.endpointOrigin;\r\n\r\n } catch {\r\n }\r\n const expiresIn = Number(expiresInStr);\r\n const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)\r\n if (endpointOrigin !== undefined) {\r\n ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });\r\n eventSuccess = true;\r\n }\r\n\r\n }\r\n }\r\n this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);\r\n };\r\n }\r\n\r\n public unInitialize() {\r\n this._redirectUri = undefined;\r\n this._expiration = undefined;\r\n (window as any).arcGisOAuth2Callback = undefined;\r\n }\r\n\r\n public async getAccessToken(params: MapLayerAccessTokenParams): Promise<MapLayerAccessToken | undefined> {\r\n // First lookup Oauth2 tokens, otherwise check try \"legacy tokens\" if credentials were provided\r\n try {\r\n\r\n if (!this._forceLegacyToken) {\r\n const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());\r\n if (oauth2Token)\r\n return oauth2Token;\r\n }\r\n\r\n if (params.userName && params.password) {\r\n return await ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });\r\n }\r\n } catch {\r\n\r\n }\r\n return undefined;\r\n }\r\n\r\n public async getTokenServiceEndPoint(mapLayerUrl: string): Promise<MapLayerTokenEndpoint | undefined> {\r\n let tokenEndpoint: ArcGisOAuth2Endpoint | undefined;\r\n if (!this._forceLegacyToken) {\r\n try {\r\n tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (tokenEndpoint) {\r\n\r\n }\r\n } catch { }\r\n }\r\n\r\n return tokenEndpoint;\r\n }\r\n\r\n public invalidateToken(token: MapLayerAccessToken): boolean {\r\n let found = ArcGisTokenManager.invalidateToken(token);\r\n if (!found) {\r\n found = ArcGisTokenManager.invalidateOAuth2Token(token);\r\n }\r\n return found;\r\n }\r\n\r\n public get redirectUri() {\r\n return this._redirectUri;\r\n }\r\n\r\n public getMatchingEnterpriseClientId(url: string) {\r\n const clientIds = this.arcGisEnterpriseClientIds;\r\n if (!clientIds) {\r\n return undefined;\r\n }\r\n\r\n let clientId: string | undefined;\r\n let defaultClientId: string | undefined;\r\n for (const entry of clientIds) {\r\n if (entry.serviceBaseUrl === \"\") {\r\n defaultClientId = entry.clientId;\r\n } else {\r\n if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {\r\n clientId = entry.clientId;\r\n }\r\n }\r\n }\r\n\r\n // If we could not find a match with serviceBaseUrl, and a default clientId\r\n // was specified (i.e empty url), then use default clientId\r\n if (clientId === undefined && defaultClientId !== undefined) {\r\n clientId = defaultClientId;\r\n }\r\n return clientId;\r\n }\r\n\r\n public get expiration() {\r\n return this._expiration;\r\n }\r\n\r\n public get arcGisOnlineClientId() {\r\n return this._clientIds?.arcgisOnlineClientId;\r\n }\r\n\r\n public set arcGisOnlineClientId(clientId: string | undefined) {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = { arcgisOnlineClientId: clientId };\r\n }\r\n this._clientIds.arcgisOnlineClientId = clientId;\r\n }\r\n\r\n public get arcGisEnterpriseClientIds() {\r\n return this._clientIds?.enterpriseClientIds;\r\n }\r\n\r\n public setEnterpriseClientId(serviceBaseUrl: string, clientId: string) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);\r\n if (foundIdx !== -1) {\r\n this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;\r\n } else {\r\n this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });\r\n }\r\n } else {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = {};\r\n }\r\n this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];\r\n }\r\n }\r\n\r\n public removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);\r\n }\r\n\r\n }\r\n\r\n /// //////////\r\n /** @internal */\r\n private async getOAuthTokenForMapLayerUrl(mapLayerUrl: string): Promise<ArcGisOAuth2Token | undefined> {\r\n try {\r\n const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (oauthEndpoint !== undefined) {\r\n const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());\r\n return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);\r\n }\r\n } catch { }\r\n return undefined;\r\n }\r\n\r\n /**\r\n * Test if Oauth2 endpoint is accessible and has an associated appId\r\n * @return true/false if validation succeeded, undefined if validation could not be performed (i.e CORS/network error)\r\n * @internal\r\n */\r\n private async validateOAuth2Endpoint(endpointUrl: string): Promise<boolean | undefined> {\r\n\r\n // Check if we got a matching appId for that endpoint, otherwise its not worth going further\r\n if (undefined === this.getMatchingEnterpriseClientId(endpointUrl)) {\r\n return false;\r\n }\r\n\r\n let status: number | undefined;\r\n try {\r\n const data = await fetch(endpointUrl, { method: \"GET\" });\r\n status = data.status;\r\n } catch (error: any) {\r\n // fetch() throws when there is a CORS error, so in that case\r\n // we cannot confirm if the oauth2 endpoint is valid or not, we return undefined\r\n return undefined;\r\n }\r\n return status === 400; // Oauth2 API returns 400 (Bad Request) when there are missing parameters\r\n }\r\n\r\n // Derive the Oauth URL from a typical MapLayerURL\r\n // i.e. \t https://hostname/server/rest/services/NewYork/NewYork3857/MapServer\r\n // => https://hostname/portal/sharing/oauth2/authorize\r\n private _oauthAuthorizeEndPointsCache = new Map<string, any>();\r\n private _oauthTokenEndPointsCache = new Map<string, any>();\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async getOAuth2Endpoint(url: string, endpoint: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n\r\n // Return from cache if available\r\n const cachedEndpoint = (endpoint === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));\r\n if (cachedEndpoint !== undefined) {\r\n return cachedEndpoint;\r\n }\r\n\r\n const cacheResult = (obj: ArcGisOAuth2Endpoint) => {\r\n if (endpoint === ArcGisOAuth2EndpointType.Authorize) {\r\n this._oauthAuthorizeEndPointsCache.set(url, obj);\r\n } else {\r\n this._oauthTokenEndPointsCache.set(url, obj);\r\n }\r\n };\r\n\r\n const endpointStr = (endpoint === ArcGisOAuth2EndpointType.Authorize ? \"authorize\" : \"token\");\r\n const urlObj = new URL(url);\r\n if (urlObj.hostname.toLowerCase().endsWith(\"arcgis.com\")) {\r\n // ArcGIS Online (fixed)\r\n // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/\r\n\r\n if (this.arcGisOnlineClientId === undefined) {\r\n return undefined;\r\n }\r\n\r\n const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;\r\n return new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(oauth2Url, true), true);\r\n } else {\r\n\r\n // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'\r\n let restUrlFromTokenService: URL | undefined;\r\n try {\r\n restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);\r\n } catch { }\r\n\r\n if (restUrlFromTokenService !== undefined) {\r\n // Validate the URL we just composed\r\n try {\r\n const oauth2Url = `${restUrlFromTokenService.toString()}oauth2/${endpointStr}`;\r\n const valid = await this.validateOAuth2Endpoint(oauth2Url);\r\n // We assume undefined means CORS error, that shouldn't prevent popup from displaying the login page.\r\n if (valid === undefined || valid) {\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, false), false);\r\n cacheResult(oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n } catch { }\r\n }\r\n\r\n // If reach this point, that means we could not derive the token endpoint from 'tokenServicesUrl', lets try something else.\r\n // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize\r\n const regExMatch = url.match(new RegExp(/([^&\\/]+)\\/rest\\/services\\/.*/, \"i\"));\r\n if (regExMatch !== null && regExMatch.length >= 2) {\r\n const subdirectory = regExMatch[1];\r\n const port = (urlObj.port !== \"80\" && urlObj.port !== \"443\") ? `:${urlObj.port}` : \"\";\r\n const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);\r\n\r\n // Check again the URL we just composed\r\n try {\r\n const newUrl = newUrlObj.toString();\r\n if (await this.validateOAuth2Endpoint(newUrl)) {\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(newUrl, this.constructLoginUrl(newUrl, false), false);\r\n cacheResult(oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n } catch { }\r\n }\r\n\r\n }\r\n return undefined; // we could not find any valid oauth2 endpoint\r\n }\r\n\r\n /**\r\n * Construct the complete Authorize url to starts the Oauth process\r\n * @internal\r\n */\r\n private constructLoginUrl(url: string, isArcgisOnline: boolean) {\r\n const urlObj = new URL(url);\r\n\r\n // Set the client id\r\n if (isArcgisOnline) {\r\n const clientId = this.arcGisOnlineClientId;\r\n assert(clientId !== undefined);\r\n if (clientId !== undefined) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n\r\n } else {\r\n const clientId = this.getMatchingEnterpriseClientId(url);\r\n assert(clientId !== undefined);\r\n if (undefined !== clientId) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n }\r\n\r\n urlObj.searchParams.set(\"response_type\", \"token\");\r\n if (this.expiration !== undefined) {\r\n urlObj.searchParams.set(\"expiration\", `${this.expiration}`);\r\n }\r\n\r\n if (this.redirectUri)\r\n urlObj.searchParams.set(\"redirect_uri\", this.redirectUri);\r\n\r\n return urlObj.toString();\r\n }\r\n\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"ArcGisAccessClient.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":";AAAA;;;+FAG+F;AAC/F;;GAEG;;;AAEH,sDAAsD;AAEtD,iEAAkF;AAClF,iEAAwF;AACxF,6DAA0D;AAC1D,2CAAwC;AAuCxC,YAAY;AACZ,MAAa,kBAAkB;IAS7B;QARgB,sBAAiB,GAAG,IAAI,sBAAO,EAAE,CAAC;QAKlD,sDAAsD;QAC9C,sBAAiB,GAAG,KAAK,CAAC;QA2LlC,kDAAkD;QAClD,8EAA8E;QAC9E,4DAA4D;QACpD,kCAA6B,GAAG,IAAI,GAAG,EAAe,CAAC;QACvD,8BAAyB,GAAG,IAAI,GAAG,EAAe,CAAC;IA5L3D,CAAC;IAEM,UAAU,CAAC,WAA+B;QAC/C,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC;YAExC,IAAI,CAAC,yBAAyB,EAAE,CAAC;SAClC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB;QAC9B,MAAc,CAAC,oBAAoB,GAAG,CAAC,gBAA2B,EAAE,EAAE;;YACrE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,SAAS,CAAC;YAEd,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,mCAAI,SAAS,CAAC;gBAC1D,MAAM,YAAY,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,mCAAI,SAAS,CAAC;gBAC/D,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,SAAS,CAAC;gBACzD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC7C,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,mCAAI,SAAS,CAAC;gBACtD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;gBACrD,IAAI,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE;oBAC9H,IAAI,cAAc,CAAC;oBACnB,IAAI;wBACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACnC,SAAS,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,UAAU,CAAC;wBAC9B,cAAc,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,CAAC;qBAExC;oBAAC,MAAM;qBACP;oBACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;oBACvC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAG,6EAA6E;oBACrI,IAAI,cAAc,KAAK,SAAS,EAAE;wBAChC,uCAAkB,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChG,YAAY,GAAG,IAAI,CAAC;qBACrB;iBAEF;aACF;YACD,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC5B,MAAc,CAAC,oBAAoB,GAAG,SAAS,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAiC;QAC3D,+FAA+F;QAE/F,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1F,IAAI,WAAW;gBACb,OAAO,WAAW,CAAC;SACtB;QAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;YACtC,OAAO,uCAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,4CAAqB,CAAC,OAAO,EAAE,CAAC,CAAC;SAChJ;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QACtD,IAAI,aAA+C,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,4GAA4G;YAC5G,2CAA2C;YAC3C,IAAI;gBACF,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;gBAC9F,IAAI,aAAa,EAAE;iBAElB;aACF;YAAC,MAAM;aAEP;SACF;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,eAAe,CAAC,KAA0B;QAC/C,IAAI,KAAK,GAAG,uCAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,uCAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;SACzD;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,6BAA6B,CAAC,GAAW;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE;YACd,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAA4B,CAAC;QACjC,IAAI,eAAmC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE;YAC7B,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;aAClC;iBAAM;gBACL,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;oBACtD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;iBAC3B;aACF;SACF;QAED,2EAA2E;QAC3E,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE;YAC3D,QAAQ,GAAG,eAAe,CAAC;SAC5B;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAW,oBAAoB;;QAC7B,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,oBAAoB,CAAC;IAC/C,CAAC;IAED,IAAW,oBAAoB,CAAC,QAA4B;QAC1D,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,IAAI,CAAC,UAAU,GAAG,EAAE,oBAAoB,EAAE,QAAQ,EAAE,CAAC;SACtD;QACD,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,QAAQ,CAAC;IAClD,CAAC;IAED,IAAW,yBAAyB;;QAClC,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,CAAC;IAC9C,CAAC;IAEM,qBAAqB,CAAC,cAAsB,EAAE,QAAgB;;QAEnE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACnH,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;aACnE;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxE;SACF;aAAM;YACL,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;gBACjC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;aACtB;YACD,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAEM,wBAAwB,CAAC,QAAkC;;QAEhE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,MAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,0CAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,cAAc,CAAC,CAAC;SAC/I;IAEH,CAAC;IAED,cAAc;IACd,gBAAgB;IACR,KAAK,CAAC,2BAA2B,CAAC,WAAmB;QAC3D,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;YACpG,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzD,OAAO,uCAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;aACnE;SACF;QAAC,MAAM,GAAG;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAQD;;;KAGC;IACQ,aAAa,CAAC,GAAW,EAAE,QAAkC,EAAE,GAAyB;QAC/F,IAAI,QAAQ,KAAK,+CAAwB,CAAC,SAAS,EAAE;YACnD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAClD;aAAM;YACL,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,QAAkC;QAC1E,oCAAoC;QACpC,MAAM,aAAa,GAAG,IAAI,2CAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QAC/F,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QACjD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,YAAsC;QACjF,iCAAiC;QACjC,MAAM,cAAc,GAAG,CAAC,YAAY,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACrK,IAAI,cAAc,KAAK,SAAS,EAAE;YAChC,OAAO,cAAc,CAAC;SACvB;QAED,MAAM,WAAW,GAAG,CAAC,YAAY,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAClG,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YACxD,wBAAwB;YACxB,iGAAiG;YAEjG,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE;gBAC3C,OAAO,SAAS,CAAC;aAClB;YAED,MAAM,SAAS,GAAG,8CAA8C,WAAW,EAAE,CAAC;YAC9E,OAAO,IAAI,2CAAoB,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;SAC3F;aAAM;YAEL,wGAAwG;YACxG,IAAI;gBACF,MAAM,uBAAuB,GAAG,MAAM,qBAAS,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;gBACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE;oBACzC,kEAAkE;oBAClE,8FAA8F;oBAC9F,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACjD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBACnC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACtF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,YAAY,wBAAwB,WAAW,EAAE,CAAC,CAAC;wBAE9H,uCAAuC;wBACvC,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;qBACtE;iBACF;qBAAM;oBACL,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,uBAAuB,CAAC,QAAQ,EAAE,UAAU,WAAW,EAAE,EAAE,YAAY,CAAC,CAAC;oBACvH,IAAI,QAAQ;wBACV,OAAO,QAAQ,CAAC;iBACnB;aACF;YAAC,MAAM;aAEP;SAEF;QACD,OAAO,SAAS,CAAC,CAAG,8CAA8C;IACpE,CAAC;IAED;;;KAGC;IACO,iBAAiB,CAAC,GAAW,EAAE,cAAuB;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,oBAAoB;QACpB,IAAI,cAAc,EAAE;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC3C,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,QAAQ,KAAK,SAAS,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SAEF;aAAM;YACL,MAAM,QAAQ,GAAG,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACzD,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SACF;QAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;SAC7D;QAED,IAAI,IAAI,CAAC,WAAW;YAClB,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;CAEF;AAtTD,gDAsTC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { assert, BeEvent } from \"@itwin/core-bentley\";\r\nimport { MapLayerAccessClient, MapLayerAccessToken, MapLayerAccessTokenParams, MapLayerTokenEndpoint } from \"@itwin/core-frontend\";\r\nimport { ArcGisOAuth2Token, ArcGisTokenClientType } from \"./ArcGisTokenGenerator\";\r\nimport { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from \"./ArcGisOAuth2Endpoint\";\r\nimport { ArcGisTokenManager } from \"./ArcGisTokenManager\";\r\nimport { ArcGisUrl } from \"./ArcGisUrl\";\r\n\r\n/** @beta */\r\nexport interface ArcGisEnterpriseClientId {\r\n /* Oauth API endpoint base URL (i.e. https://hostname/portal/sharing/oauth2/authorize)\r\n used to identify uniquely each enterprise server. */\r\n serviceBaseUrl: string;\r\n\r\n /* Application's clientId for this enterprise server.*/\r\n clientId: string;\r\n}\r\n\r\n/** @beta */\r\nexport interface ArcGisOAuthClientIds {\r\n /* Application's OAuth clientId in ArcGIS online */\r\n arcgisOnlineClientId?: string;\r\n\r\n /* Application's OAuth clientId for each enterprise server used. */\r\n enterpriseClientIds?: ArcGisEnterpriseClientId[];\r\n}\r\n\r\n/** @beta\r\n * ArcGIS OAuth configurations parameters.\r\n * See https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serverless-web-apps/\r\n * more details.\r\n*/\r\nexport interface ArcGisOAuthConfig {\r\n /* URL to which a user is sent once they complete sign in authorization.\r\n Must match a URI you define in the developer dashboard, otherwise, the authorization will be rejected.\r\n */\r\n redirectUri: string;\r\n\r\n /* Optional expiration after which the token will expire. Defined in minutes with a maximum of two weeks (20160 minutes)*/\r\n tokenExpiration?: number;\r\n\r\n /* Application client Ids */\r\n clientIds: ArcGisOAuthClientIds;\r\n}\r\n\r\n/** @beta */\r\nexport class ArcGisAccessClient implements MapLayerAccessClient {\r\n public readonly onOAuthProcessEnd = new BeEvent();\r\n private _redirectUri: string | undefined;\r\n private _expiration: number | undefined;\r\n private _clientIds: ArcGisOAuthClientIds | undefined;\r\n\r\n // Should be kept to 'false'. Debugging purposes only.\r\n private _forceLegacyToken = false;\r\n\r\n public constructor() {\r\n }\r\n\r\n public initialize(oAuthConfig?: ArcGisOAuthConfig): boolean {\r\n if (oAuthConfig) {\r\n this._redirectUri = oAuthConfig.redirectUri;\r\n this._expiration = oAuthConfig.tokenExpiration;\r\n this._clientIds = oAuthConfig.clientIds;\r\n\r\n this.initOauthCallbackFunction();\r\n }\r\n return true;\r\n }\r\n\r\n private initOauthCallbackFunction() {\r\n (window as any).arcGisOAuth2Callback = (redirectLocation?: Location) => {\r\n let eventSuccess = false;\r\n let stateData;\r\n\r\n if (redirectLocation && redirectLocation.hash.length > 0) {\r\n const locationHash = redirectLocation.hash;\r\n const hashParams = new URLSearchParams(locationHash.substring(1));\r\n const token = hashParams.get(\"access_token\") ?? undefined;\r\n const expiresInStr = hashParams.get(\"expires_in\") ?? undefined;\r\n const userName = hashParams.get(\"username\") ?? undefined;\r\n const ssl = hashParams.get(\"ssl\") === \"true\";\r\n const stateStr = hashParams.get(\"state\") ?? undefined;\r\n const persist = hashParams.get(\"persist\") === \"true\";\r\n if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {\r\n let endpointOrigin;\r\n try {\r\n const state = JSON.parse(stateStr);\r\n stateData = state?.customData;\r\n endpointOrigin = state?.endpointOrigin;\r\n\r\n } catch {\r\n }\r\n const expiresIn = Number(expiresInStr);\r\n const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)\r\n if (endpointOrigin !== undefined) {\r\n ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });\r\n eventSuccess = true;\r\n }\r\n\r\n }\r\n }\r\n this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);\r\n };\r\n }\r\n\r\n public unInitialize() {\r\n this._redirectUri = undefined;\r\n this._expiration = undefined;\r\n (window as any).arcGisOAuth2Callback = undefined;\r\n }\r\n\r\n public async getAccessToken(params: MapLayerAccessTokenParams): Promise<MapLayerAccessToken | undefined> {\r\n // First lookup Oauth2 tokens, otherwise check try \"legacy tokens\" if credentials were provided\r\n\r\n if (!this._forceLegacyToken) {\r\n const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());\r\n if (oauth2Token)\r\n return oauth2Token;\r\n }\r\n\r\n if (params.userName && params.password) {\r\n return ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });\r\n }\r\n\r\n return undefined;\r\n }\r\n\r\n public async getTokenServiceEndPoint(mapLayerUrl: string): Promise<MapLayerTokenEndpoint | undefined> {\r\n let tokenEndpoint: ArcGisOAuth2Endpoint | undefined;\r\n if (!this._forceLegacyToken) {\r\n // Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers\r\n // we could not make a reliable validation.\r\n try {\r\n tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (tokenEndpoint) {\r\n\r\n }\r\n } catch {\r\n\r\n }\r\n }\r\n\r\n return tokenEndpoint;\r\n }\r\n\r\n public invalidateToken(token: MapLayerAccessToken): boolean {\r\n let found = ArcGisTokenManager.invalidateToken(token);\r\n if (!found) {\r\n found = ArcGisTokenManager.invalidateOAuth2Token(token);\r\n }\r\n return found;\r\n }\r\n\r\n public get redirectUri() {\r\n return this._redirectUri;\r\n }\r\n\r\n public getMatchingEnterpriseClientId(url: string) {\r\n const clientIds = this.arcGisEnterpriseClientIds;\r\n if (!clientIds) {\r\n return undefined;\r\n }\r\n\r\n let clientId: string | undefined;\r\n let defaultClientId: string | undefined;\r\n for (const entry of clientIds) {\r\n if (entry.serviceBaseUrl === \"\") {\r\n defaultClientId = entry.clientId;\r\n } else {\r\n if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {\r\n clientId = entry.clientId;\r\n }\r\n }\r\n }\r\n\r\n // If we could not find a match with serviceBaseUrl, and a default clientId\r\n // was specified (i.e empty url), then use default clientId\r\n if (clientId === undefined && defaultClientId !== undefined) {\r\n clientId = defaultClientId;\r\n }\r\n return clientId;\r\n }\r\n\r\n public get expiration() {\r\n return this._expiration;\r\n }\r\n\r\n public get arcGisOnlineClientId() {\r\n return this._clientIds?.arcgisOnlineClientId;\r\n }\r\n\r\n public set arcGisOnlineClientId(clientId: string | undefined) {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = { arcgisOnlineClientId: clientId };\r\n }\r\n this._clientIds.arcgisOnlineClientId = clientId;\r\n }\r\n\r\n public get arcGisEnterpriseClientIds() {\r\n return this._clientIds?.enterpriseClientIds;\r\n }\r\n\r\n public setEnterpriseClientId(serviceBaseUrl: string, clientId: string) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);\r\n if (foundIdx !== -1) {\r\n this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;\r\n } else {\r\n this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });\r\n }\r\n } else {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = {};\r\n }\r\n this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];\r\n }\r\n }\r\n\r\n public removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);\r\n }\r\n\r\n }\r\n\r\n /// //////////\r\n /** @internal */\r\n private async getOAuthTokenForMapLayerUrl(mapLayerUrl: string): Promise<ArcGisOAuth2Token | undefined> {\r\n try {\r\n const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (oauthEndpoint !== undefined) {\r\n const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());\r\n return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);\r\n }\r\n } catch { }\r\n return undefined;\r\n }\r\n\r\n // Derive the Oauth URL from a typical MapLayerURL\r\n // i.e. \t https://hostname/server/rest/services/NewYork/NewYork3857/MapServer\r\n // => https://hostname/portal/sharing/oauth2/authorize\r\n private _oauthAuthorizeEndPointsCache = new Map<string, any>();\r\n private _oauthTokenEndPointsCache = new Map<string, any>();\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private cacheEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType, obj: ArcGisOAuth2Endpoint) {\r\n if (endpoint === ArcGisOAuth2EndpointType.Authorize) {\r\n this._oauthAuthorizeEndPointsCache.set(url, obj);\r\n } else {\r\n this._oauthTokenEndPointsCache.set(url, obj);\r\n }\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async createEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Validate the URL we just composed\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);\r\n this.cacheEndpoint(url, endpoint, oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async getOAuth2Endpoint(url: string, endpointType: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Return from cache if available\r\n const cachedEndpoint = (endpointType === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));\r\n if (cachedEndpoint !== undefined) {\r\n return cachedEndpoint;\r\n }\r\n\r\n const endpointStr = (endpointType === ArcGisOAuth2EndpointType.Authorize ? \"authorize\" : \"token\");\r\n const urlObj = new URL(url);\r\n if (urlObj.hostname.toLowerCase().endsWith(\"arcgis.com\")) {\r\n // ArcGIS Online (fixed)\r\n // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/\r\n\r\n if (this.arcGisOnlineClientId === undefined) {\r\n return undefined;\r\n }\r\n\r\n const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;\r\n return new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);\r\n } else {\r\n\r\n // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'\r\n try {\r\n const restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);\r\n if (restUrlFromTokenService === undefined) {\r\n // We could not derive the token endpoint from 'tokenServicesUrl'.\r\n // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize\r\n const regExMatch = url.match(new RegExp(/([^&\\/]+)\\/rest\\/services\\/.*/, \"i\"));\r\n if (regExMatch !== null && regExMatch.length >= 2) {\r\n const subdirectory = regExMatch[1];\r\n const port = (urlObj.port !== \"80\" && urlObj.port !== \"443\") ? `:${urlObj.port}` : \"\";\r\n const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);\r\n\r\n // Check again the URL we just composed\r\n return await this.createEndpoint(newUrlObj.toString(), endpointType);\r\n }\r\n } else {\r\n const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);\r\n if (endpoint)\r\n return endpoint;\r\n }\r\n } catch {\r\n\r\n }\r\n\r\n }\r\n return undefined; // we could not find any valid oauth2 endpoint\r\n }\r\n\r\n /**\r\n * Construct the complete Authorize url to starts the Oauth process\r\n * @internal\r\n */\r\n private constructLoginUrl(url: string, isArcgisOnline: boolean) {\r\n const urlObj = new URL(url);\r\n\r\n // Set the client id\r\n if (isArcgisOnline) {\r\n const clientId = this.arcGisOnlineClientId;\r\n assert(clientId !== undefined);\r\n if (clientId !== undefined) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n\r\n } else {\r\n const clientId = this.getMatchingEnterpriseClientId(url);\r\n assert(clientId !== undefined);\r\n if (undefined !== clientId) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n }\r\n\r\n urlObj.searchParams.set(\"response_type\", \"token\");\r\n if (this.expiration !== undefined) {\r\n urlObj.searchParams.set(\"expiration\", `${this.expiration}`);\r\n }\r\n\r\n if (this.redirectUri)\r\n urlObj.searchParams.set(\"redirect_uri\", this.redirectUri);\r\n\r\n return urlObj.toString();\r\n }\r\n\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisTokenManager.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,WAAW,EAAwB,MAAM,wBAAwB,CAAC;AAO1H,gBAAgB;AAChB,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAU;IACtD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAkC;IACvD,OAAO,CAAC,MAAM,CAAC,YAAY,CAA6C;IACxE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAmC;IAC5D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAiB;WAEvC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;WAyBvJ,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO;WAUpD,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS;WAiB1D,qBAAqB,CAAC,KAAK,EAAE,mBAAmB;
|
|
1
|
+
{"version":3,"file":"ArcGisTokenManager.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,WAAW,EAAwB,MAAM,wBAAwB,CAAC;AAO1H,gBAAgB;AAChB,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAU;IACtD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAkC;IACvD,OAAO,CAAC,MAAM,CAAC,YAAY,CAA6C;IACxE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAmC;IAC5D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAiB;WAEvC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;WAyBvJ,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO;WAUpD,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS;WAiB1D,qBAAqB,CAAC,KAAK,EAAE,mBAAmB;WAehD,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB;WAWpD,sBAAsB;WAoBtB,oBAAoB;CAqBnC"}
|
|
@@ -53,8 +53,11 @@ class ArcGisTokenManager {
|
|
|
53
53
|
static invalidateOAuth2Token(token) {
|
|
54
54
|
if (ArcGisTokenManager._oauth2Cache) {
|
|
55
55
|
for (const [key, value] of ArcGisTokenManager._oauth2Cache) {
|
|
56
|
-
if (value.token === token.token)
|
|
57
|
-
|
|
56
|
+
if (value.token === token.token) {
|
|
57
|
+
const deleted = ArcGisTokenManager._oauth2Cache.delete(key);
|
|
58
|
+
ArcGisTokenManager.saveToBrowserStorage();
|
|
59
|
+
return deleted;
|
|
60
|
+
}
|
|
58
61
|
}
|
|
59
62
|
}
|
|
60
63
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisTokenManager.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":";AAAA;;;+FAG+F;AAC/F;;GAEG;;;AAGH,iEAA0H;AAO1H,gBAAgB;AAChB,MAAa,kBAAkB;IAOtB,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAA4B,EAAE,QAAgB,EAAE,QAAgB,EAAE,OAAmC;QAChI,IAAI,CAAC,kBAAkB,CAAC,UAAU;YAChC,kBAAkB,CAAC,UAAU,GAAG,IAAI,2CAAoB,EAAE,CAAC;QAE7D,MAAM,aAAa,GAAG,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,oBAAoB,EAAE,CAAC;QAEhF,mCAAmC;QACnC,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAEjE,2GAA2G;QAC3G,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAChH,OAAO,WAAW,CAAC;SACpB;QAED,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjH,IAAI,QAAQ,CAAC,KAAK,EAAE;YAClB,MAAM,KAAK,GAAG,QAAuB,CAAC;YACtC,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;YACpD,OAAO,KAAK,CAAC;SACd;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,MAAM,CAAC,eAAe,CAAC,KAA0B;QAEtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,MAAM,EAAE;YACpD,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;gBAC7B,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SAChD;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAW;QACtC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,kBAAkB,CAAC,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;YACvE,kBAAkB,CAAC,sBAAsB,EAAE,CAAC;SAC7C;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE7D,gFAAgF;QAChF,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAClH,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,OAAO,SAAS,CAAC;SAClB;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEM,MAAM,CAAC,qBAAqB,CAAC,KAA0B;QAE5D,IAAI,kBAAkB,CAAC,YAAY,EAAE;YACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,YAAY,EAAE;gBAC1D,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;
|
|
1
|
+
{"version":3,"file":"ArcGisTokenManager.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":";AAAA;;;+FAG+F;AAC/F;;GAEG;;;AAGH,iEAA0H;AAO1H,gBAAgB;AAChB,MAAa,kBAAkB;IAOtB,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAA4B,EAAE,QAAgB,EAAE,QAAgB,EAAE,OAAmC;QAChI,IAAI,CAAC,kBAAkB,CAAC,UAAU;YAChC,kBAAkB,CAAC,UAAU,GAAG,IAAI,2CAAoB,EAAE,CAAC;QAE7D,MAAM,aAAa,GAAG,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,oBAAoB,EAAE,CAAC;QAEhF,mCAAmC;QACnC,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAEjE,2GAA2G;QAC3G,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAChH,OAAO,WAAW,CAAC;SACpB;QAED,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjH,IAAI,QAAQ,CAAC,KAAK,EAAE;YAClB,MAAM,KAAK,GAAG,QAAuB,CAAC;YACtC,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;YACpD,OAAO,KAAK,CAAC;SACd;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,MAAM,CAAC,eAAe,CAAC,KAA0B;QAEtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,MAAM,EAAE;YACpD,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;gBAC7B,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SAChD;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAW;QACtC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,kBAAkB,CAAC,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;YACvE,kBAAkB,CAAC,sBAAsB,EAAE,CAAC;SAC7C;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE7D,gFAAgF;QAChF,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAClH,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,OAAO,SAAS,CAAC;SAClB;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEM,MAAM,CAAC,qBAAqB,CAAC,KAA0B;QAE5D,IAAI,kBAAkB,CAAC,YAAY,EAAE;YACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,YAAY,EAAE;gBAC1D,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,EAAC;oBAC9B,MAAM,OAAO,GAAG,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAC5D,kBAAkB,CAAC,oBAAoB,EAAE,CAAC;oBAC1C,OAAO,OAAO,CAAC;iBAChB;aACF;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAW,EAAE,KAAwB;QAEhE,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,kBAAkB,CAAC,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;SAExE;QACD,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAEhD,kBAAkB,CAAC,oBAAoB,EAAE,CAAC;IAC5C,CAAC;IAEM,MAAM,CAAC,sBAAsB;;QAClC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,OAAO;SACR;QAED,MAAM,WAAW,GAAG,CAAC,IAAwB,EAAE,EAAE;YAC/C,IAAI,IAAI,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;gBACzD,MAAM,MAAM,GAAiC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC9D,IAAI,MAAM,EAAE;oBACV,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;wBACjD,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;qBACjD;iBACF;aACF;QACH,CAAC,CAAC;QAEF,WAAW,CAAC,MAAA,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,mCAAI,SAAS,CAAC,CAAC;QACjF,WAAW,CAAC,MAAA,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,mCAAI,SAAS,CAAC,CAAC;IACjF,CAAC;IAEM,MAAM,CAAC,oBAAoB;QAEhC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,OAAO;SACR;QACD,MAAM,aAAa,GAAqB,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAqB,EAAE,CAAC;QAE3C,kBAAkB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,KAAwB,EAAE,GAAW,EAAE,EAAE;YAChF,oEAAoE;YACpE,gCAAgC;YAChC,gCAAgC;YAChC,WAAW;YACX,gCAAgC;YAChC,IAAI;YACJ,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC7B,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IACtF,CAAC;;AA5HH,gDA8HC;AA7HyB,uCAAoB,GAAG,MAAM,CAAC,CAAE,4BAA4B;AACrE,yBAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;AAG/B,qCAAkB,GAAG,aAAa,CAAC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { MapLayerAccessToken } from \"@itwin/core-frontend\";\r\nimport { ArcGisGenerateTokenOptions, ArcGisOAuth2Token, ArcGisToken, ArcGisTokenGenerator } from \"./ArcGisTokenGenerator\";\r\n\r\n/** @internal */\r\ninterface ArcGisTokenProps {\r\n [hostname: string]: ArcGisOAuth2Token;\r\n}\r\n\r\n/** @internal */\r\nexport class ArcGisTokenManager {\r\n private static readonly tokenExpiryThreshold = 300000; // 5 minutes in milliseconds\r\n private static _cache = new Map<string, ArcGisToken>();\r\n private static _oauth2Cache: Map<string, ArcGisOAuth2Token> | undefined;\r\n private static _generator: ArcGisTokenGenerator | undefined;\r\n private static readonly _browserStorageKey = \"arcGisOAuth\";\r\n\r\n public static async getToken(arcGisRestServiceUrl: string, userName: string, password: string, options: ArcGisGenerateTokenOptions): Promise<ArcGisToken | undefined> {\r\n if (!ArcGisTokenManager._generator)\r\n ArcGisTokenManager._generator = new ArcGisTokenGenerator();\r\n\r\n const tokenCacheKey = `${encodeURIComponent(userName)}@${arcGisRestServiceUrl}`;\r\n\r\n // First check in the session cache\r\n const cachedToken = ArcGisTokenManager._cache.get(tokenCacheKey);\r\n\r\n // Check if token is in cached and is valid within the threshold, if not, generate a new token immediately.\r\n if (cachedToken !== undefined && (cachedToken.expires - (+new Date()) > ArcGisTokenManager.tokenExpiryThreshold)) {\r\n return cachedToken;\r\n }\r\n\r\n // Nothing in cache, generate a new token\r\n const newToken = await ArcGisTokenManager._generator.generate(arcGisRestServiceUrl, userName, password, options);\r\n if (newToken.token) {\r\n const token = newToken as ArcGisToken;\r\n ArcGisTokenManager._cache.set(tokenCacheKey, token);\r\n return token;\r\n }\r\n\r\n return undefined;\r\n }\r\n\r\n public static invalidateToken(token: MapLayerAccessToken): boolean {\r\n\r\n for (const [key, value] of ArcGisTokenManager._cache) {\r\n if (value.token === token.token)\r\n return ArcGisTokenManager._cache.delete(key);\r\n }\r\n\r\n return false;\r\n }\r\n\r\n public static getOAuth2Token(key: string): ArcGisOAuth2Token | undefined {\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n ArcGisTokenManager._oauth2Cache = new Map<string, ArcGisOAuth2Token>();\r\n ArcGisTokenManager.loadFromBrowserStorage();\r\n }\r\n\r\n const cachedToken = ArcGisTokenManager._oauth2Cache.get(key);\r\n\r\n // If cached token has expired (or about to expire), invalidate don't return it.\r\n if (cachedToken !== undefined && (cachedToken.expiresAt - (+new Date()) < ArcGisTokenManager.tokenExpiryThreshold)) {\r\n ArcGisTokenManager._oauth2Cache.delete(key);\r\n return undefined;\r\n }\r\n\r\n return cachedToken;\r\n }\r\n\r\n public static invalidateOAuth2Token(token: MapLayerAccessToken) {\r\n\r\n if (ArcGisTokenManager._oauth2Cache) {\r\n for (const [key, value] of ArcGisTokenManager._oauth2Cache) {\r\n if (value.token === token.token){\r\n const deleted = ArcGisTokenManager._oauth2Cache.delete(key);\r\n ArcGisTokenManager.saveToBrowserStorage();\r\n return deleted;\r\n }\r\n }\r\n }\r\n\r\n return false;\r\n }\r\n\r\n public static setOAuth2Token(key: string, token: ArcGisOAuth2Token) {\r\n\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n ArcGisTokenManager._oauth2Cache = new Map<string, ArcGisOAuth2Token>();\r\n\r\n }\r\n ArcGisTokenManager._oauth2Cache.set(key, token);\r\n\r\n ArcGisTokenManager.saveToBrowserStorage();\r\n }\r\n\r\n public static loadFromBrowserStorage() {\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n return;\r\n }\r\n\r\n const loadEntries = (json: string | undefined) => {\r\n if (json && ArcGisTokenManager._oauth2Cache !== undefined) {\r\n const tokens: ArcGisTokenProps | undefined = JSON.parse(json);\r\n if (tokens) {\r\n for (const [key, value] of Object.entries(tokens)) {\r\n ArcGisTokenManager._oauth2Cache.set(key, value);\r\n }\r\n }\r\n }\r\n };\r\n\r\n loadEntries(window.sessionStorage.getItem(this._browserStorageKey) ?? undefined);\r\n loadEntries(window.localStorage.getItem(this._browserStorageKey) ?? undefined);\r\n }\r\n\r\n public static saveToBrowserStorage() {\r\n\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n return;\r\n }\r\n const sessionTokens: ArcGisTokenProps = {};\r\n const storageTokens: ArcGisTokenProps = {};\r\n\r\n ArcGisTokenManager._oauth2Cache.forEach((value: ArcGisOAuth2Token, key: string) => {\r\n // ignore the persist flag for now, and only save to session storage\r\n // if (value.persist === true) {\r\n // storageTokens[key] = value;\r\n // } else {\r\n // sessionTokens[key] = value;\r\n // }\r\n sessionTokens[key] = value;\r\n });\r\n window.sessionStorage.setItem(this._browserStorageKey, JSON.stringify(sessionTokens));\r\n window.localStorage.setItem(this._browserStorageKey, JSON.stringify(storageTokens));\r\n }\r\n\r\n}\r\n"]}
|
|
@@ -47,17 +47,21 @@ export declare class ArcGisAccessClient implements MapLayerAccessClient {
|
|
|
47
47
|
removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId): void;
|
|
48
48
|
/** @internal */
|
|
49
49
|
private getOAuthTokenForMapLayerUrl;
|
|
50
|
-
/**
|
|
51
|
-
* Test if Oauth2 endpoint is accessible and has an associated appId
|
|
52
|
-
* @return true/false if validation succeeded, undefined if validation could not be performed (i.e CORS/network error)
|
|
53
|
-
* @internal
|
|
54
|
-
*/
|
|
55
|
-
private validateOAuth2Endpoint;
|
|
56
50
|
private _oauthAuthorizeEndPointsCache;
|
|
57
51
|
private _oauthTokenEndPointsCache;
|
|
58
52
|
/**
|
|
59
53
|
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
60
54
|
* @internal
|
|
55
|
+
*/
|
|
56
|
+
private cacheEndpoint;
|
|
57
|
+
/**
|
|
58
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
59
|
+
* @internal
|
|
60
|
+
*/
|
|
61
|
+
private createEndpoint;
|
|
62
|
+
/**
|
|
63
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
64
|
+
* @internal
|
|
61
65
|
*/
|
|
62
66
|
private getOAuth2Endpoint;
|
|
63
67
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisAccessClient.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAU,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAMnI,YAAY;AACZ,MAAM,WAAW,wBAAwB;IAGvC,cAAc,EAAE,MAAM,CAAC;IAGvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,YAAY;AACZ,MAAM,WAAW,oBAAoB;IAEnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,mBAAmB,CAAC,EAAE,wBAAwB,EAAE,CAAC;CAClD;AAED;;;;EAIE;AACF,MAAM,WAAW,iBAAiB;IAIhC,WAAW,EAAE,MAAM,CAAC;IAGpB,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,SAAS,EAAE,oBAAoB,CAAC;CACjC;AAED,YAAY;AACZ,qBAAa,kBAAmB,YAAW,oBAAoB;IAC7D,SAAgB,iBAAiB,kDAAiB;IAClD,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,UAAU,CAAmC;IAGrD,OAAO,CAAC,iBAAiB,CAAS;;IAK3B,UAAU,CAAC,WAAW,CAAC,EAAE,iBAAiB,GAAG,OAAO;IAW3D,OAAO,CAAC,yBAAyB;IAoC1B,YAAY;IAMN,cAAc,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"ArcGisAccessClient.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAU,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAMnI,YAAY;AACZ,MAAM,WAAW,wBAAwB;IAGvC,cAAc,EAAE,MAAM,CAAC;IAGvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,YAAY;AACZ,MAAM,WAAW,oBAAoB;IAEnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,mBAAmB,CAAC,EAAE,wBAAwB,EAAE,CAAC;CAClD;AAED;;;;EAIE;AACF,MAAM,WAAW,iBAAiB;IAIhC,WAAW,EAAE,MAAM,CAAC;IAGpB,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,SAAS,EAAE,oBAAoB,CAAC;CACjC;AAED,YAAY;AACZ,qBAAa,kBAAmB,YAAW,oBAAoB;IAC7D,SAAgB,iBAAiB,kDAAiB;IAClD,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,UAAU,CAAmC;IAGrD,OAAO,CAAC,iBAAiB,CAAS;;IAK3B,UAAU,CAAC,WAAW,CAAC,EAAE,iBAAiB,GAAG,OAAO;IAW3D,OAAO,CAAC,yBAAyB;IAoC1B,YAAY;IAMN,cAAc,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAgB3F,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,SAAS,CAAC;IAkB9F,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO;IAQ3D,IAAW,WAAW,uBAErB;IAEM,6BAA6B,CAAC,GAAG,EAAE,MAAM;IA0BhD,IAAW,UAAU,uBAEpB;IAED,IAAW,oBAAoB,IAIW,MAAM,GAAG,SAAS,CAF3D;IAED,IAAW,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAK3D;IAED,IAAW,yBAAyB,2CAEnC;IAEM,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAiB9D,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB;IASlE,gBAAgB;YACF,2BAA2B;IAczC,OAAO,CAAC,6BAA6B,CAA0B;IAC/D,OAAO,CAAC,yBAAyB,CAA0B;IAE3D;;;KAGC;IACD,OAAO,CAAE,aAAa;IAQtB;;;KAGC;YACa,cAAc;IAO5B;;;KAGC;YACa,iBAAiB;IAiD/B;;;KAGC;IACD,OAAO,CAAC,iBAAiB;CA8B1B"}
|
|
@@ -72,29 +72,28 @@ export class ArcGisAccessClient {
|
|
|
72
72
|
}
|
|
73
73
|
async getAccessToken(params) {
|
|
74
74
|
// First lookup Oauth2 tokens, otherwise check try "legacy tokens" if credentials were provided
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
return oauth2Token;
|
|
80
|
-
}
|
|
81
|
-
if (params.userName && params.password) {
|
|
82
|
-
return await ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });
|
|
83
|
-
}
|
|
75
|
+
if (!this._forceLegacyToken) {
|
|
76
|
+
const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());
|
|
77
|
+
if (oauth2Token)
|
|
78
|
+
return oauth2Token;
|
|
84
79
|
}
|
|
85
|
-
|
|
80
|
+
if (params.userName && params.password) {
|
|
81
|
+
return ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });
|
|
86
82
|
}
|
|
87
83
|
return undefined;
|
|
88
84
|
}
|
|
89
85
|
async getTokenServiceEndPoint(mapLayerUrl) {
|
|
90
86
|
let tokenEndpoint;
|
|
91
87
|
if (!this._forceLegacyToken) {
|
|
88
|
+
// Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers
|
|
89
|
+
// we could not make a reliable validation.
|
|
92
90
|
try {
|
|
93
91
|
tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);
|
|
94
92
|
if (tokenEndpoint) {
|
|
95
93
|
}
|
|
96
94
|
}
|
|
97
|
-
catch {
|
|
95
|
+
catch {
|
|
96
|
+
}
|
|
98
97
|
}
|
|
99
98
|
return tokenEndpoint;
|
|
100
99
|
}
|
|
@@ -187,46 +186,38 @@ export class ArcGisAccessClient {
|
|
|
187
186
|
return undefined;
|
|
188
187
|
}
|
|
189
188
|
/**
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
if (undefined === this.getMatchingEnterpriseClientId(endpointUrl)) {
|
|
197
|
-
return false;
|
|
198
|
-
}
|
|
199
|
-
let status;
|
|
200
|
-
try {
|
|
201
|
-
const data = await fetch(endpointUrl, { method: "GET" });
|
|
202
|
-
status = data.status;
|
|
189
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
190
|
+
* @internal
|
|
191
|
+
*/
|
|
192
|
+
cacheEndpoint(url, endpoint, obj) {
|
|
193
|
+
if (endpoint === ArcGisOAuth2EndpointType.Authorize) {
|
|
194
|
+
this._oauthAuthorizeEndPointsCache.set(url, obj);
|
|
203
195
|
}
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
// we cannot confirm if the oauth2 endpoint is valid or not, we return undefined
|
|
207
|
-
return undefined;
|
|
196
|
+
else {
|
|
197
|
+
this._oauthTokenEndPointsCache.set(url, obj);
|
|
208
198
|
}
|
|
209
|
-
return status === 400; // Oauth2 API returns 400 (Bad Request) when there are missing parameters
|
|
210
199
|
}
|
|
211
200
|
/**
|
|
212
201
|
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
213
202
|
* @internal
|
|
214
203
|
*/
|
|
215
|
-
async
|
|
204
|
+
async createEndpoint(url, endpoint) {
|
|
205
|
+
// Validate the URL we just composed
|
|
206
|
+
const oauthEndpoint = new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);
|
|
207
|
+
this.cacheEndpoint(url, endpoint, oauthEndpoint);
|
|
208
|
+
return oauthEndpoint;
|
|
209
|
+
}
|
|
210
|
+
/**
|
|
211
|
+
* Get OAuth2 endpoint that must be cause to get the Oauth2 token
|
|
212
|
+
* @internal
|
|
213
|
+
*/
|
|
214
|
+
async getOAuth2Endpoint(url, endpointType) {
|
|
216
215
|
// Return from cache if available
|
|
217
|
-
const cachedEndpoint = (
|
|
216
|
+
const cachedEndpoint = (endpointType === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));
|
|
218
217
|
if (cachedEndpoint !== undefined) {
|
|
219
218
|
return cachedEndpoint;
|
|
220
219
|
}
|
|
221
|
-
const
|
|
222
|
-
if (endpoint === ArcGisOAuth2EndpointType.Authorize) {
|
|
223
|
-
this._oauthAuthorizeEndPointsCache.set(url, obj);
|
|
224
|
-
}
|
|
225
|
-
else {
|
|
226
|
-
this._oauthTokenEndPointsCache.set(url, obj);
|
|
227
|
-
}
|
|
228
|
-
};
|
|
229
|
-
const endpointStr = (endpoint === ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
|
|
220
|
+
const endpointStr = (endpointType === ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
|
|
230
221
|
const urlObj = new URL(url);
|
|
231
222
|
if (urlObj.hostname.toLowerCase().endsWith("arcgis.com")) {
|
|
232
223
|
// ArcGIS Online (fixed)
|
|
@@ -235,46 +226,31 @@ export class ArcGisAccessClient {
|
|
|
235
226
|
return undefined;
|
|
236
227
|
}
|
|
237
228
|
const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;
|
|
238
|
-
return new ArcGisOAuth2Endpoint(
|
|
229
|
+
return new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);
|
|
239
230
|
}
|
|
240
231
|
else {
|
|
241
232
|
// First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'
|
|
242
|
-
let restUrlFromTokenService;
|
|
243
233
|
try {
|
|
244
|
-
restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
cacheResult(oauthEndpoint);
|
|
256
|
-
return oauthEndpoint;
|
|
234
|
+
const restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
|
|
235
|
+
if (restUrlFromTokenService === undefined) {
|
|
236
|
+
// We could not derive the token endpoint from 'tokenServicesUrl'.
|
|
237
|
+
// ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize
|
|
238
|
+
const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
|
|
239
|
+
if (regExMatch !== null && regExMatch.length >= 2) {
|
|
240
|
+
const subdirectory = regExMatch[1];
|
|
241
|
+
const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
|
|
242
|
+
const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
|
|
243
|
+
// Check again the URL we just composed
|
|
244
|
+
return await this.createEndpoint(newUrlObj.toString(), endpointType);
|
|
257
245
|
}
|
|
258
246
|
}
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
|
|
264
|
-
if (regExMatch !== null && regExMatch.length >= 2) {
|
|
265
|
-
const subdirectory = regExMatch[1];
|
|
266
|
-
const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
|
|
267
|
-
const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
|
|
268
|
-
// Check again the URL we just composed
|
|
269
|
-
try {
|
|
270
|
-
const newUrl = newUrlObj.toString();
|
|
271
|
-
if (await this.validateOAuth2Endpoint(newUrl)) {
|
|
272
|
-
const oauthEndpoint = new ArcGisOAuth2Endpoint(newUrl, this.constructLoginUrl(newUrl, false), false);
|
|
273
|
-
cacheResult(oauthEndpoint);
|
|
274
|
-
return oauthEndpoint;
|
|
275
|
-
}
|
|
247
|
+
else {
|
|
248
|
+
const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);
|
|
249
|
+
if (endpoint)
|
|
250
|
+
return endpoint;
|
|
276
251
|
}
|
|
277
|
-
|
|
252
|
+
}
|
|
253
|
+
catch {
|
|
278
254
|
}
|
|
279
255
|
}
|
|
280
256
|
return undefined; // we could not find any valid oauth2 endpoint
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisAccessClient.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":"AAAA;;;+FAG+F;AAC/F;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAEtD,OAAO,EAAqB,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAuCxC,YAAY;AACZ,MAAM,OAAO,kBAAkB;IAS7B;QARgB,sBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;QAKlD,sDAAsD;QAC9C,sBAAiB,GAAG,KAAK,CAAC;QAkNlC,kDAAkD;QAClD,8EAA8E;QAC9E,4DAA4D;QACpD,kCAA6B,GAAG,IAAI,GAAG,EAAe,CAAC;QACvD,8BAAyB,GAAG,IAAI,GAAG,EAAe,CAAC;IAnN3D,CAAC;IAEM,UAAU,CAAC,WAA+B;QAC/C,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC;YAExC,IAAI,CAAC,yBAAyB,EAAE,CAAC;SAClC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB;QAC9B,MAAc,CAAC,oBAAoB,GAAG,CAAC,gBAA2B,EAAE,EAAE;;YACrE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,SAAS,CAAC;YAEd,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,mCAAI,SAAS,CAAC;gBAC1D,MAAM,YAAY,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,mCAAI,SAAS,CAAC;gBAC/D,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,SAAS,CAAC;gBACzD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC7C,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,mCAAI,SAAS,CAAC;gBACtD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;gBACrD,IAAI,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE;oBAC9H,IAAI,cAAc,CAAC;oBACnB,IAAI;wBACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACnC,SAAS,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,UAAU,CAAC;wBAC9B,cAAc,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,CAAC;qBAExC;oBAAC,MAAM;qBACP;oBACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;oBACvC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAG,6EAA6E;oBACrI,IAAI,cAAc,KAAK,SAAS,EAAE;wBAChC,kBAAkB,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChG,YAAY,GAAG,IAAI,CAAC;qBACrB;iBAEF;aACF;YACD,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC5B,MAAc,CAAC,oBAAoB,GAAG,SAAS,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAiC;QAC3D,+FAA+F;QAC/F,IAAI;YAEF,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1F,IAAI,WAAW;oBACb,OAAO,WAAW,CAAC;aACtB;YAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;gBACtC,OAAO,MAAM,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,qBAAqB,CAAC,OAAO,EAAE,CAAC,CAAC;aACtJ;SACF;QAAC,MAAM;SAEP;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QACtD,IAAI,aAA+C,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,IAAI;gBACF,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;gBAC9F,IAAI,aAAa,EAAE;iBAElB;aACF;YAAC,MAAM,GAAG;SACZ;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,eAAe,CAAC,KAA0B;QAC/C,IAAI,KAAK,GAAG,kBAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,kBAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;SACzD;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,6BAA6B,CAAC,GAAW;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE;YACd,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAA4B,CAAC;QACjC,IAAI,eAAmC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE;YAC7B,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;aAClC;iBAAM;gBACL,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;oBACtD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;iBAC3B;aACF;SACF;QAED,2EAA2E;QAC3E,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE;YAC3D,QAAQ,GAAG,eAAe,CAAC;SAC5B;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAW,oBAAoB;;QAC7B,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,oBAAoB,CAAC;IAC/C,CAAC;IAED,IAAW,oBAAoB,CAAC,QAA4B;QAC1D,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,IAAI,CAAC,UAAU,GAAG,EAAE,oBAAoB,EAAE,QAAQ,EAAE,CAAC;SACtD;QACD,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,QAAQ,CAAC;IAClD,CAAC;IAED,IAAW,yBAAyB;;QAClC,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,CAAC;IAC9C,CAAC;IAEM,qBAAqB,CAAC,cAAsB,EAAE,QAAgB;;QAEnE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACnH,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;aACnE;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxE;SACF;aAAM;YACL,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;gBACjC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;aACtB;YACD,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAEM,wBAAwB,CAAC,QAAkC;;QAEhE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,MAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,0CAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,cAAc,CAAC,CAAC;SAC/I;IAEH,CAAC;IAED,cAAc;IACd,gBAAgB;IACR,KAAK,CAAC,2BAA2B,CAAC,WAAmB;QAC3D,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;YACpG,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzD,OAAO,kBAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;aACnE;SACF;QAAC,MAAM,GAAG;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;MAIE;IACM,KAAK,CAAC,sBAAsB,CAAC,WAAmB;QAEtD,4FAA4F;QAC5F,IAAI,SAAS,KAAK,IAAI,CAAC,6BAA6B,CAAC,WAAW,CAAC,EAAE;YACjE,OAAO,KAAK,CAAC;SACd;QAED,IAAI,MAA0B,CAAC;QAC/B,IAAI;YACF,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;SACtB;QAAC,OAAO,KAAU,EAAE;YACnB,6DAA6D;YAC7D,gFAAgF;YAChF,OAAO,SAAS,CAAC;SAClB;QACD,OAAO,MAAM,KAAK,GAAG,CAAC,CAAI,yEAAyE;IACrG,CAAC;IAQD;;;KAGC;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,QAAkC;QAE7E,iCAAiC;QACjC,MAAM,cAAc,GAAG,CAAC,QAAQ,KAAK,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACjK,IAAI,cAAc,KAAK,SAAS,EAAE;YAChC,OAAO,cAAc,CAAC;SACvB;QAED,MAAM,WAAW,GAAG,CAAC,GAAyB,EAAE,EAAE;YAChD,IAAI,QAAQ,KAAK,wBAAwB,CAAC,SAAS,EAAE;gBACnD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;aAClD;iBAAM;gBACL,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;aAC9C;QACH,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,CAAC,QAAQ,KAAK,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC9F,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YACxD,wBAAwB;YACxB,iGAAiG;YAEjG,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE;gBAC3C,OAAO,SAAS,CAAC;aAClB;YAED,MAAM,SAAS,GAAG,8CAA8C,WAAW,EAAE,CAAC;YAC9E,OAAO,IAAI,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;SACrF;aAAM;YAEL,wGAAwG;YACxG,IAAI,uBAAwC,CAAC;YAC7C,IAAI;gBACF,uBAAuB,GAAG,MAAM,SAAS,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;aAClF;YAAC,MAAM,GAAG;YAEX,IAAI,uBAAuB,KAAK,SAAS,EAAE;gBACzC,oCAAoC;gBACpC,IAAI;oBACF,MAAM,SAAS,GAAG,GAAG,uBAAuB,CAAC,QAAQ,EAAE,UAAU,WAAW,EAAE,CAAC;oBAC/E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;oBAC3D,qGAAqG;oBACrG,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,EAAE;wBAChC,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;wBAC3G,WAAW,CAAC,aAAa,CAAC,CAAC;wBAC3B,OAAO,aAAa,CAAC;qBACtB;iBACF;gBAAC,MAAM,GAAG;aACZ;YAED,2HAA2H;YAC3H,8FAA8F;YAC9F,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;gBACjD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBACnC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,YAAY,wBAAwB,WAAW,EAAE,CAAC,CAAC;gBAE9H,uCAAuC;gBACvC,IAAI;oBACF,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;oBACpC,IAAI,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE;wBAC7C,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;wBACrG,WAAW,CAAC,aAAa,CAAC,CAAC;wBAC3B,OAAO,aAAa,CAAC;qBACtB;iBACF;gBAAC,MAAM,GAAG;aACZ;SAEF;QACD,OAAO,SAAS,CAAC,CAAG,8CAA8C;IACpE,CAAC;IAED;;;KAGC;IACO,iBAAiB,CAAC,GAAW,EAAE,cAAuB;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,oBAAoB;QACpB,IAAI,cAAc,EAAE;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC3C,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,QAAQ,KAAK,SAAS,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SAEF;aAAM;YACL,MAAM,QAAQ,GAAG,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACzD,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SACF;QAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;SAC7D;QAED,IAAI,IAAI,CAAC,WAAW;YAClB,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;CAEF","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { assert, BeEvent } from \"@itwin/core-bentley\";\r\nimport { MapLayerAccessClient, MapLayerAccessToken, MapLayerAccessTokenParams, MapLayerTokenEndpoint } from \"@itwin/core-frontend\";\r\nimport { ArcGisOAuth2Token, ArcGisTokenClientType } from \"./ArcGisTokenGenerator\";\r\nimport { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from \"./ArcGisOAuth2Endpoint\";\r\nimport { ArcGisTokenManager } from \"./ArcGisTokenManager\";\r\nimport { ArcGisUrl } from \"./ArcGisUrl\";\r\n\r\n/** @beta */\r\nexport interface ArcGisEnterpriseClientId {\r\n /* Oauth API endpoint base URL (i.e. https://hostname/portal/sharing/oauth2/authorize)\r\n used to identify uniquely each enterprise server. */\r\n serviceBaseUrl: string;\r\n\r\n /* Application's clientId for this enterprise server.*/\r\n clientId: string;\r\n}\r\n\r\n/** @beta */\r\nexport interface ArcGisOAuthClientIds {\r\n /* Application's OAuth clientId in ArcGIS online */\r\n arcgisOnlineClientId?: string;\r\n\r\n /* Application's OAuth clientId for each enterprise server used. */\r\n enterpriseClientIds?: ArcGisEnterpriseClientId[];\r\n}\r\n\r\n/** @beta\r\n * ArcGIS OAuth configurations parameters.\r\n * See https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serverless-web-apps/\r\n * more details.\r\n*/\r\nexport interface ArcGisOAuthConfig {\r\n /* URL to which a user is sent once they complete sign in authorization.\r\n Must match a URI you define in the developer dashboard, otherwise, the authorization will be rejected.\r\n */\r\n redirectUri: string;\r\n\r\n /* Optional expiration after which the token will expire. Defined in minutes with a maximum of two weeks (20160 minutes)*/\r\n tokenExpiration?: number;\r\n\r\n /* Application client Ids */\r\n clientIds: ArcGisOAuthClientIds;\r\n}\r\n\r\n/** @beta */\r\nexport class ArcGisAccessClient implements MapLayerAccessClient {\r\n public readonly onOAuthProcessEnd = new BeEvent();\r\n private _redirectUri: string | undefined;\r\n private _expiration: number | undefined;\r\n private _clientIds: ArcGisOAuthClientIds | undefined;\r\n\r\n // Should be kept to 'false'. Debugging purposes only.\r\n private _forceLegacyToken = false;\r\n\r\n public constructor() {\r\n }\r\n\r\n public initialize(oAuthConfig?: ArcGisOAuthConfig): boolean {\r\n if (oAuthConfig) {\r\n this._redirectUri = oAuthConfig.redirectUri;\r\n this._expiration = oAuthConfig.tokenExpiration;\r\n this._clientIds = oAuthConfig.clientIds;\r\n\r\n this.initOauthCallbackFunction();\r\n }\r\n return true;\r\n }\r\n\r\n private initOauthCallbackFunction() {\r\n (window as any).arcGisOAuth2Callback = (redirectLocation?: Location) => {\r\n let eventSuccess = false;\r\n let stateData;\r\n\r\n if (redirectLocation && redirectLocation.hash.length > 0) {\r\n const locationHash = redirectLocation.hash;\r\n const hashParams = new URLSearchParams(locationHash.substring(1));\r\n const token = hashParams.get(\"access_token\") ?? undefined;\r\n const expiresInStr = hashParams.get(\"expires_in\") ?? undefined;\r\n const userName = hashParams.get(\"username\") ?? undefined;\r\n const ssl = hashParams.get(\"ssl\") === \"true\";\r\n const stateStr = hashParams.get(\"state\") ?? undefined;\r\n const persist = hashParams.get(\"persist\") === \"true\";\r\n if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {\r\n let endpointOrigin;\r\n try {\r\n const state = JSON.parse(stateStr);\r\n stateData = state?.customData;\r\n endpointOrigin = state?.endpointOrigin;\r\n\r\n } catch {\r\n }\r\n const expiresIn = Number(expiresInStr);\r\n const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)\r\n if (endpointOrigin !== undefined) {\r\n ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });\r\n eventSuccess = true;\r\n }\r\n\r\n }\r\n }\r\n this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);\r\n };\r\n }\r\n\r\n public unInitialize() {\r\n this._redirectUri = undefined;\r\n this._expiration = undefined;\r\n (window as any).arcGisOAuth2Callback = undefined;\r\n }\r\n\r\n public async getAccessToken(params: MapLayerAccessTokenParams): Promise<MapLayerAccessToken | undefined> {\r\n // First lookup Oauth2 tokens, otherwise check try \"legacy tokens\" if credentials were provided\r\n try {\r\n\r\n if (!this._forceLegacyToken) {\r\n const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());\r\n if (oauth2Token)\r\n return oauth2Token;\r\n }\r\n\r\n if (params.userName && params.password) {\r\n return await ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });\r\n }\r\n } catch {\r\n\r\n }\r\n return undefined;\r\n }\r\n\r\n public async getTokenServiceEndPoint(mapLayerUrl: string): Promise<MapLayerTokenEndpoint | undefined> {\r\n let tokenEndpoint: ArcGisOAuth2Endpoint | undefined;\r\n if (!this._forceLegacyToken) {\r\n try {\r\n tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (tokenEndpoint) {\r\n\r\n }\r\n } catch { }\r\n }\r\n\r\n return tokenEndpoint;\r\n }\r\n\r\n public invalidateToken(token: MapLayerAccessToken): boolean {\r\n let found = ArcGisTokenManager.invalidateToken(token);\r\n if (!found) {\r\n found = ArcGisTokenManager.invalidateOAuth2Token(token);\r\n }\r\n return found;\r\n }\r\n\r\n public get redirectUri() {\r\n return this._redirectUri;\r\n }\r\n\r\n public getMatchingEnterpriseClientId(url: string) {\r\n const clientIds = this.arcGisEnterpriseClientIds;\r\n if (!clientIds) {\r\n return undefined;\r\n }\r\n\r\n let clientId: string | undefined;\r\n let defaultClientId: string | undefined;\r\n for (const entry of clientIds) {\r\n if (entry.serviceBaseUrl === \"\") {\r\n defaultClientId = entry.clientId;\r\n } else {\r\n if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {\r\n clientId = entry.clientId;\r\n }\r\n }\r\n }\r\n\r\n // If we could not find a match with serviceBaseUrl, and a default clientId\r\n // was specified (i.e empty url), then use default clientId\r\n if (clientId === undefined && defaultClientId !== undefined) {\r\n clientId = defaultClientId;\r\n }\r\n return clientId;\r\n }\r\n\r\n public get expiration() {\r\n return this._expiration;\r\n }\r\n\r\n public get arcGisOnlineClientId() {\r\n return this._clientIds?.arcgisOnlineClientId;\r\n }\r\n\r\n public set arcGisOnlineClientId(clientId: string | undefined) {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = { arcgisOnlineClientId: clientId };\r\n }\r\n this._clientIds.arcgisOnlineClientId = clientId;\r\n }\r\n\r\n public get arcGisEnterpriseClientIds() {\r\n return this._clientIds?.enterpriseClientIds;\r\n }\r\n\r\n public setEnterpriseClientId(serviceBaseUrl: string, clientId: string) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);\r\n if (foundIdx !== -1) {\r\n this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;\r\n } else {\r\n this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });\r\n }\r\n } else {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = {};\r\n }\r\n this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];\r\n }\r\n }\r\n\r\n public removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);\r\n }\r\n\r\n }\r\n\r\n /// //////////\r\n /** @internal */\r\n private async getOAuthTokenForMapLayerUrl(mapLayerUrl: string): Promise<ArcGisOAuth2Token | undefined> {\r\n try {\r\n const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (oauthEndpoint !== undefined) {\r\n const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());\r\n return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);\r\n }\r\n } catch { }\r\n return undefined;\r\n }\r\n\r\n /**\r\n * Test if Oauth2 endpoint is accessible and has an associated appId\r\n * @return true/false if validation succeeded, undefined if validation could not be performed (i.e CORS/network error)\r\n * @internal\r\n */\r\n private async validateOAuth2Endpoint(endpointUrl: string): Promise<boolean | undefined> {\r\n\r\n // Check if we got a matching appId for that endpoint, otherwise its not worth going further\r\n if (undefined === this.getMatchingEnterpriseClientId(endpointUrl)) {\r\n return false;\r\n }\r\n\r\n let status: number | undefined;\r\n try {\r\n const data = await fetch(endpointUrl, { method: \"GET\" });\r\n status = data.status;\r\n } catch (error: any) {\r\n // fetch() throws when there is a CORS error, so in that case\r\n // we cannot confirm if the oauth2 endpoint is valid or not, we return undefined\r\n return undefined;\r\n }\r\n return status === 400; // Oauth2 API returns 400 (Bad Request) when there are missing parameters\r\n }\r\n\r\n // Derive the Oauth URL from a typical MapLayerURL\r\n // i.e. \t https://hostname/server/rest/services/NewYork/NewYork3857/MapServer\r\n // => https://hostname/portal/sharing/oauth2/authorize\r\n private _oauthAuthorizeEndPointsCache = new Map<string, any>();\r\n private _oauthTokenEndPointsCache = new Map<string, any>();\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async getOAuth2Endpoint(url: string, endpoint: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n\r\n // Return from cache if available\r\n const cachedEndpoint = (endpoint === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));\r\n if (cachedEndpoint !== undefined) {\r\n return cachedEndpoint;\r\n }\r\n\r\n const cacheResult = (obj: ArcGisOAuth2Endpoint) => {\r\n if (endpoint === ArcGisOAuth2EndpointType.Authorize) {\r\n this._oauthAuthorizeEndPointsCache.set(url, obj);\r\n } else {\r\n this._oauthTokenEndPointsCache.set(url, obj);\r\n }\r\n };\r\n\r\n const endpointStr = (endpoint === ArcGisOAuth2EndpointType.Authorize ? \"authorize\" : \"token\");\r\n const urlObj = new URL(url);\r\n if (urlObj.hostname.toLowerCase().endsWith(\"arcgis.com\")) {\r\n // ArcGIS Online (fixed)\r\n // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/\r\n\r\n if (this.arcGisOnlineClientId === undefined) {\r\n return undefined;\r\n }\r\n\r\n const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;\r\n return new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(oauth2Url, true), true);\r\n } else {\r\n\r\n // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'\r\n let restUrlFromTokenService: URL | undefined;\r\n try {\r\n restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);\r\n } catch { }\r\n\r\n if (restUrlFromTokenService !== undefined) {\r\n // Validate the URL we just composed\r\n try {\r\n const oauth2Url = `${restUrlFromTokenService.toString()}oauth2/${endpointStr}`;\r\n const valid = await this.validateOAuth2Endpoint(oauth2Url);\r\n // We assume undefined means CORS error, that shouldn't prevent popup from displaying the login page.\r\n if (valid === undefined || valid) {\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, false), false);\r\n cacheResult(oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n } catch { }\r\n }\r\n\r\n // If reach this point, that means we could not derive the token endpoint from 'tokenServicesUrl', lets try something else.\r\n // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize\r\n const regExMatch = url.match(new RegExp(/([^&\\/]+)\\/rest\\/services\\/.*/, \"i\"));\r\n if (regExMatch !== null && regExMatch.length >= 2) {\r\n const subdirectory = regExMatch[1];\r\n const port = (urlObj.port !== \"80\" && urlObj.port !== \"443\") ? `:${urlObj.port}` : \"\";\r\n const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);\r\n\r\n // Check again the URL we just composed\r\n try {\r\n const newUrl = newUrlObj.toString();\r\n if (await this.validateOAuth2Endpoint(newUrl)) {\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(newUrl, this.constructLoginUrl(newUrl, false), false);\r\n cacheResult(oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n } catch { }\r\n }\r\n\r\n }\r\n return undefined; // we could not find any valid oauth2 endpoint\r\n }\r\n\r\n /**\r\n * Construct the complete Authorize url to starts the Oauth process\r\n * @internal\r\n */\r\n private constructLoginUrl(url: string, isArcgisOnline: boolean) {\r\n const urlObj = new URL(url);\r\n\r\n // Set the client id\r\n if (isArcgisOnline) {\r\n const clientId = this.arcGisOnlineClientId;\r\n assert(clientId !== undefined);\r\n if (clientId !== undefined) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n\r\n } else {\r\n const clientId = this.getMatchingEnterpriseClientId(url);\r\n assert(clientId !== undefined);\r\n if (undefined !== clientId) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n }\r\n\r\n urlObj.searchParams.set(\"response_type\", \"token\");\r\n if (this.expiration !== undefined) {\r\n urlObj.searchParams.set(\"expiration\", `${this.expiration}`);\r\n }\r\n\r\n if (this.redirectUri)\r\n urlObj.searchParams.set(\"redirect_uri\", this.redirectUri);\r\n\r\n return urlObj.toString();\r\n }\r\n\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"ArcGisAccessClient.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":"AAAA;;;+FAG+F;AAC/F;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAEtD,OAAO,EAAqB,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAuCxC,YAAY;AACZ,MAAM,OAAO,kBAAkB;IAS7B;QARgB,sBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;QAKlD,sDAAsD;QAC9C,sBAAiB,GAAG,KAAK,CAAC;QA2LlC,kDAAkD;QAClD,8EAA8E;QAC9E,4DAA4D;QACpD,kCAA6B,GAAG,IAAI,GAAG,EAAe,CAAC;QACvD,8BAAyB,GAAG,IAAI,GAAG,EAAe,CAAC;IA5L3D,CAAC;IAEM,UAAU,CAAC,WAA+B;QAC/C,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC;YAExC,IAAI,CAAC,yBAAyB,EAAE,CAAC;SAClC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB;QAC9B,MAAc,CAAC,oBAAoB,GAAG,CAAC,gBAA2B,EAAE,EAAE;;YACrE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,SAAS,CAAC;YAEd,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,mCAAI,SAAS,CAAC;gBAC1D,MAAM,YAAY,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,mCAAI,SAAS,CAAC;gBAC/D,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,SAAS,CAAC;gBACzD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC7C,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,mCAAI,SAAS,CAAC;gBACtD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;gBACrD,IAAI,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE;oBAC9H,IAAI,cAAc,CAAC;oBACnB,IAAI;wBACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACnC,SAAS,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,UAAU,CAAC;wBAC9B,cAAc,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,CAAC;qBAExC;oBAAC,MAAM;qBACP;oBACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;oBACvC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAG,6EAA6E;oBACrI,IAAI,cAAc,KAAK,SAAS,EAAE;wBAChC,kBAAkB,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChG,YAAY,GAAG,IAAI,CAAC;qBACrB;iBAEF;aACF;YACD,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC5B,MAAc,CAAC,oBAAoB,GAAG,SAAS,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAiC;QAC3D,+FAA+F;QAE/F,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1F,IAAI,WAAW;gBACb,OAAO,WAAW,CAAC;SACtB;QAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;YACtC,OAAO,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,qBAAqB,CAAC,OAAO,EAAE,CAAC,CAAC;SAChJ;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QACtD,IAAI,aAA+C,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,4GAA4G;YAC5G,2CAA2C;YAC3C,IAAI;gBACF,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;gBAC9F,IAAI,aAAa,EAAE;iBAElB;aACF;YAAC,MAAM;aAEP;SACF;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,eAAe,CAAC,KAA0B;QAC/C,IAAI,KAAK,GAAG,kBAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,kBAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;SACzD;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,6BAA6B,CAAC,GAAW;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE;YACd,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAA4B,CAAC;QACjC,IAAI,eAAmC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE;YAC7B,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;aAClC;iBAAM;gBACL,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;oBACtD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;iBAC3B;aACF;SACF;QAED,2EAA2E;QAC3E,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE;YAC3D,QAAQ,GAAG,eAAe,CAAC;SAC5B;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAW,oBAAoB;;QAC7B,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,oBAAoB,CAAC;IAC/C,CAAC;IAED,IAAW,oBAAoB,CAAC,QAA4B;QAC1D,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,IAAI,CAAC,UAAU,GAAG,EAAE,oBAAoB,EAAE,QAAQ,EAAE,CAAC;SACtD;QACD,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,QAAQ,CAAC;IAClD,CAAC;IAED,IAAW,yBAAyB;;QAClC,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,CAAC;IAC9C,CAAC;IAEM,qBAAqB,CAAC,cAAsB,EAAE,QAAgB;;QAEnE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACnH,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;aACnE;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxE;SACF;aAAM;YACL,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;gBACjC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;aACtB;YACD,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAEM,wBAAwB,CAAC,QAAkC;;QAEhE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,MAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,0CAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,cAAc,CAAC,CAAC;SAC/I;IAEH,CAAC;IAED,cAAc;IACd,gBAAgB;IACR,KAAK,CAAC,2BAA2B,CAAC,WAAmB;QAC3D,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;YACpG,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzD,OAAO,kBAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;aACnE;SACF;QAAC,MAAM,GAAG;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAQD;;;KAGC;IACQ,aAAa,CAAC,GAAW,EAAE,QAAkC,EAAE,GAAyB;QAC/F,IAAI,QAAQ,KAAK,wBAAwB,CAAC,SAAS,EAAE;YACnD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAClD;aAAM;YACL,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,QAAkC;QAC1E,oCAAoC;QACpC,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QAC/F,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QACjD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,YAAsC;QACjF,iCAAiC;QACjC,MAAM,cAAc,GAAG,CAAC,YAAY,KAAK,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACrK,IAAI,cAAc,KAAK,SAAS,EAAE;YAChC,OAAO,cAAc,CAAC;SACvB;QAED,MAAM,WAAW,GAAG,CAAC,YAAY,KAAK,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAClG,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YACxD,wBAAwB;YACxB,iGAAiG;YAEjG,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE;gBAC3C,OAAO,SAAS,CAAC;aAClB;YAED,MAAM,SAAS,GAAG,8CAA8C,WAAW,EAAE,CAAC;YAC9E,OAAO,IAAI,oBAAoB,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;SAC3F;aAAM;YAEL,wGAAwG;YACxG,IAAI;gBACF,MAAM,uBAAuB,GAAG,MAAM,SAAS,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;gBACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE;oBACzC,kEAAkE;oBAClE,8FAA8F;oBAC9F,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACjD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBACnC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACtF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,YAAY,wBAAwB,WAAW,EAAE,CAAC,CAAC;wBAE9H,uCAAuC;wBACvC,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;qBACtE;iBACF;qBAAM;oBACL,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,uBAAuB,CAAC,QAAQ,EAAE,UAAU,WAAW,EAAE,EAAE,YAAY,CAAC,CAAC;oBACvH,IAAI,QAAQ;wBACV,OAAO,QAAQ,CAAC;iBACnB;aACF;YAAC,MAAM;aAEP;SAEF;QACD,OAAO,SAAS,CAAC,CAAG,8CAA8C;IACpE,CAAC;IAED;;;KAGC;IACO,iBAAiB,CAAC,GAAW,EAAE,cAAuB;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,oBAAoB;QACpB,IAAI,cAAc,EAAE;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC3C,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,QAAQ,KAAK,SAAS,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SAEF;aAAM;YACL,MAAM,QAAQ,GAAG,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACzD,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SACF;QAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;SAC7D;QAED,IAAI,IAAI,CAAC,WAAW;YAClB,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;CAEF","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { assert, BeEvent } from \"@itwin/core-bentley\";\r\nimport { MapLayerAccessClient, MapLayerAccessToken, MapLayerAccessTokenParams, MapLayerTokenEndpoint } from \"@itwin/core-frontend\";\r\nimport { ArcGisOAuth2Token, ArcGisTokenClientType } from \"./ArcGisTokenGenerator\";\r\nimport { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from \"./ArcGisOAuth2Endpoint\";\r\nimport { ArcGisTokenManager } from \"./ArcGisTokenManager\";\r\nimport { ArcGisUrl } from \"./ArcGisUrl\";\r\n\r\n/** @beta */\r\nexport interface ArcGisEnterpriseClientId {\r\n /* Oauth API endpoint base URL (i.e. https://hostname/portal/sharing/oauth2/authorize)\r\n used to identify uniquely each enterprise server. */\r\n serviceBaseUrl: string;\r\n\r\n /* Application's clientId for this enterprise server.*/\r\n clientId: string;\r\n}\r\n\r\n/** @beta */\r\nexport interface ArcGisOAuthClientIds {\r\n /* Application's OAuth clientId in ArcGIS online */\r\n arcgisOnlineClientId?: string;\r\n\r\n /* Application's OAuth clientId for each enterprise server used. */\r\n enterpriseClientIds?: ArcGisEnterpriseClientId[];\r\n}\r\n\r\n/** @beta\r\n * ArcGIS OAuth configurations parameters.\r\n * See https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serverless-web-apps/\r\n * more details.\r\n*/\r\nexport interface ArcGisOAuthConfig {\r\n /* URL to which a user is sent once they complete sign in authorization.\r\n Must match a URI you define in the developer dashboard, otherwise, the authorization will be rejected.\r\n */\r\n redirectUri: string;\r\n\r\n /* Optional expiration after which the token will expire. Defined in minutes with a maximum of two weeks (20160 minutes)*/\r\n tokenExpiration?: number;\r\n\r\n /* Application client Ids */\r\n clientIds: ArcGisOAuthClientIds;\r\n}\r\n\r\n/** @beta */\r\nexport class ArcGisAccessClient implements MapLayerAccessClient {\r\n public readonly onOAuthProcessEnd = new BeEvent();\r\n private _redirectUri: string | undefined;\r\n private _expiration: number | undefined;\r\n private _clientIds: ArcGisOAuthClientIds | undefined;\r\n\r\n // Should be kept to 'false'. Debugging purposes only.\r\n private _forceLegacyToken = false;\r\n\r\n public constructor() {\r\n }\r\n\r\n public initialize(oAuthConfig?: ArcGisOAuthConfig): boolean {\r\n if (oAuthConfig) {\r\n this._redirectUri = oAuthConfig.redirectUri;\r\n this._expiration = oAuthConfig.tokenExpiration;\r\n this._clientIds = oAuthConfig.clientIds;\r\n\r\n this.initOauthCallbackFunction();\r\n }\r\n return true;\r\n }\r\n\r\n private initOauthCallbackFunction() {\r\n (window as any).arcGisOAuth2Callback = (redirectLocation?: Location) => {\r\n let eventSuccess = false;\r\n let stateData;\r\n\r\n if (redirectLocation && redirectLocation.hash.length > 0) {\r\n const locationHash = redirectLocation.hash;\r\n const hashParams = new URLSearchParams(locationHash.substring(1));\r\n const token = hashParams.get(\"access_token\") ?? undefined;\r\n const expiresInStr = hashParams.get(\"expires_in\") ?? undefined;\r\n const userName = hashParams.get(\"username\") ?? undefined;\r\n const ssl = hashParams.get(\"ssl\") === \"true\";\r\n const stateStr = hashParams.get(\"state\") ?? undefined;\r\n const persist = hashParams.get(\"persist\") === \"true\";\r\n if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {\r\n let endpointOrigin;\r\n try {\r\n const state = JSON.parse(stateStr);\r\n stateData = state?.customData;\r\n endpointOrigin = state?.endpointOrigin;\r\n\r\n } catch {\r\n }\r\n const expiresIn = Number(expiresInStr);\r\n const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)\r\n if (endpointOrigin !== undefined) {\r\n ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });\r\n eventSuccess = true;\r\n }\r\n\r\n }\r\n }\r\n this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);\r\n };\r\n }\r\n\r\n public unInitialize() {\r\n this._redirectUri = undefined;\r\n this._expiration = undefined;\r\n (window as any).arcGisOAuth2Callback = undefined;\r\n }\r\n\r\n public async getAccessToken(params: MapLayerAccessTokenParams): Promise<MapLayerAccessToken | undefined> {\r\n // First lookup Oauth2 tokens, otherwise check try \"legacy tokens\" if credentials were provided\r\n\r\n if (!this._forceLegacyToken) {\r\n const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());\r\n if (oauth2Token)\r\n return oauth2Token;\r\n }\r\n\r\n if (params.userName && params.password) {\r\n return ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });\r\n }\r\n\r\n return undefined;\r\n }\r\n\r\n public async getTokenServiceEndPoint(mapLayerUrl: string): Promise<MapLayerTokenEndpoint | undefined> {\r\n let tokenEndpoint: ArcGisOAuth2Endpoint | undefined;\r\n if (!this._forceLegacyToken) {\r\n // Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers\r\n // we could not make a reliable validation.\r\n try {\r\n tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (tokenEndpoint) {\r\n\r\n }\r\n } catch {\r\n\r\n }\r\n }\r\n\r\n return tokenEndpoint;\r\n }\r\n\r\n public invalidateToken(token: MapLayerAccessToken): boolean {\r\n let found = ArcGisTokenManager.invalidateToken(token);\r\n if (!found) {\r\n found = ArcGisTokenManager.invalidateOAuth2Token(token);\r\n }\r\n return found;\r\n }\r\n\r\n public get redirectUri() {\r\n return this._redirectUri;\r\n }\r\n\r\n public getMatchingEnterpriseClientId(url: string) {\r\n const clientIds = this.arcGisEnterpriseClientIds;\r\n if (!clientIds) {\r\n return undefined;\r\n }\r\n\r\n let clientId: string | undefined;\r\n let defaultClientId: string | undefined;\r\n for (const entry of clientIds) {\r\n if (entry.serviceBaseUrl === \"\") {\r\n defaultClientId = entry.clientId;\r\n } else {\r\n if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {\r\n clientId = entry.clientId;\r\n }\r\n }\r\n }\r\n\r\n // If we could not find a match with serviceBaseUrl, and a default clientId\r\n // was specified (i.e empty url), then use default clientId\r\n if (clientId === undefined && defaultClientId !== undefined) {\r\n clientId = defaultClientId;\r\n }\r\n return clientId;\r\n }\r\n\r\n public get expiration() {\r\n return this._expiration;\r\n }\r\n\r\n public get arcGisOnlineClientId() {\r\n return this._clientIds?.arcgisOnlineClientId;\r\n }\r\n\r\n public set arcGisOnlineClientId(clientId: string | undefined) {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = { arcgisOnlineClientId: clientId };\r\n }\r\n this._clientIds.arcgisOnlineClientId = clientId;\r\n }\r\n\r\n public get arcGisEnterpriseClientIds() {\r\n return this._clientIds?.enterpriseClientIds;\r\n }\r\n\r\n public setEnterpriseClientId(serviceBaseUrl: string, clientId: string) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);\r\n if (foundIdx !== -1) {\r\n this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;\r\n } else {\r\n this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });\r\n }\r\n } else {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = {};\r\n }\r\n this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];\r\n }\r\n }\r\n\r\n public removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);\r\n }\r\n\r\n }\r\n\r\n /// //////////\r\n /** @internal */\r\n private async getOAuthTokenForMapLayerUrl(mapLayerUrl: string): Promise<ArcGisOAuth2Token | undefined> {\r\n try {\r\n const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (oauthEndpoint !== undefined) {\r\n const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());\r\n return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);\r\n }\r\n } catch { }\r\n return undefined;\r\n }\r\n\r\n // Derive the Oauth URL from a typical MapLayerURL\r\n // i.e. \t https://hostname/server/rest/services/NewYork/NewYork3857/MapServer\r\n // => https://hostname/portal/sharing/oauth2/authorize\r\n private _oauthAuthorizeEndPointsCache = new Map<string, any>();\r\n private _oauthTokenEndPointsCache = new Map<string, any>();\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private cacheEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType, obj: ArcGisOAuth2Endpoint) {\r\n if (endpoint === ArcGisOAuth2EndpointType.Authorize) {\r\n this._oauthAuthorizeEndPointsCache.set(url, obj);\r\n } else {\r\n this._oauthTokenEndPointsCache.set(url, obj);\r\n }\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async createEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Validate the URL we just composed\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);\r\n this.cacheEndpoint(url, endpoint, oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async getOAuth2Endpoint(url: string, endpointType: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Return from cache if available\r\n const cachedEndpoint = (endpointType === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));\r\n if (cachedEndpoint !== undefined) {\r\n return cachedEndpoint;\r\n }\r\n\r\n const endpointStr = (endpointType === ArcGisOAuth2EndpointType.Authorize ? \"authorize\" : \"token\");\r\n const urlObj = new URL(url);\r\n if (urlObj.hostname.toLowerCase().endsWith(\"arcgis.com\")) {\r\n // ArcGIS Online (fixed)\r\n // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/\r\n\r\n if (this.arcGisOnlineClientId === undefined) {\r\n return undefined;\r\n }\r\n\r\n const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;\r\n return new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);\r\n } else {\r\n\r\n // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'\r\n try {\r\n const restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);\r\n if (restUrlFromTokenService === undefined) {\r\n // We could not derive the token endpoint from 'tokenServicesUrl'.\r\n // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize\r\n const regExMatch = url.match(new RegExp(/([^&\\/]+)\\/rest\\/services\\/.*/, \"i\"));\r\n if (regExMatch !== null && regExMatch.length >= 2) {\r\n const subdirectory = regExMatch[1];\r\n const port = (urlObj.port !== \"80\" && urlObj.port !== \"443\") ? `:${urlObj.port}` : \"\";\r\n const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);\r\n\r\n // Check again the URL we just composed\r\n return await this.createEndpoint(newUrlObj.toString(), endpointType);\r\n }\r\n } else {\r\n const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);\r\n if (endpoint)\r\n return endpoint;\r\n }\r\n } catch {\r\n\r\n }\r\n\r\n }\r\n return undefined; // we could not find any valid oauth2 endpoint\r\n }\r\n\r\n /**\r\n * Construct the complete Authorize url to starts the Oauth process\r\n * @internal\r\n */\r\n private constructLoginUrl(url: string, isArcgisOnline: boolean) {\r\n const urlObj = new URL(url);\r\n\r\n // Set the client id\r\n if (isArcgisOnline) {\r\n const clientId = this.arcGisOnlineClientId;\r\n assert(clientId !== undefined);\r\n if (clientId !== undefined) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n\r\n } else {\r\n const clientId = this.getMatchingEnterpriseClientId(url);\r\n assert(clientId !== undefined);\r\n if (undefined !== clientId) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n }\r\n\r\n urlObj.searchParams.set(\"response_type\", \"token\");\r\n if (this.expiration !== undefined) {\r\n urlObj.searchParams.set(\"expiration\", `${this.expiration}`);\r\n }\r\n\r\n if (this.redirectUri)\r\n urlObj.searchParams.set(\"redirect_uri\", this.redirectUri);\r\n\r\n return urlObj.toString();\r\n }\r\n\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisTokenManager.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,WAAW,EAAwB,MAAM,wBAAwB,CAAC;AAO1H,gBAAgB;AAChB,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAU;IACtD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAkC;IACvD,OAAO,CAAC,MAAM,CAAC,YAAY,CAA6C;IACxE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAmC;IAC5D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAiB;WAEvC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;WAyBvJ,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO;WAUpD,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS;WAiB1D,qBAAqB,CAAC,KAAK,EAAE,mBAAmB;
|
|
1
|
+
{"version":3,"file":"ArcGisTokenManager.d.ts","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":"AAIA;;GAEG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,WAAW,EAAwB,MAAM,wBAAwB,CAAC;AAO1H,gBAAgB;AAChB,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAU;IACtD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAkC;IACvD,OAAO,CAAC,MAAM,CAAC,YAAY,CAA6C;IACxE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAmC;IAC5D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAiB;WAEvC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;WAyBvJ,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO;WAUpD,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS;WAiB1D,qBAAqB,CAAC,KAAK,EAAE,mBAAmB;WAehD,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB;WAWpD,sBAAsB;WAoBtB,oBAAoB;CAqBnC"}
|
|
@@ -50,8 +50,11 @@ export class ArcGisTokenManager {
|
|
|
50
50
|
static invalidateOAuth2Token(token) {
|
|
51
51
|
if (ArcGisTokenManager._oauth2Cache) {
|
|
52
52
|
for (const [key, value] of ArcGisTokenManager._oauth2Cache) {
|
|
53
|
-
if (value.token === token.token)
|
|
54
|
-
|
|
53
|
+
if (value.token === token.token) {
|
|
54
|
+
const deleted = ArcGisTokenManager._oauth2Cache.delete(key);
|
|
55
|
+
ArcGisTokenManager.saveToBrowserStorage();
|
|
56
|
+
return deleted;
|
|
57
|
+
}
|
|
55
58
|
}
|
|
56
59
|
}
|
|
57
60
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisTokenManager.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":"AAAA;;;+FAG+F;AAC/F;;GAEG;AAGH,OAAO,EAA8D,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAO1H,gBAAgB;AAChB,MAAM,OAAO,kBAAkB;IAOtB,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAA4B,EAAE,QAAgB,EAAE,QAAgB,EAAE,OAAmC;QAChI,IAAI,CAAC,kBAAkB,CAAC,UAAU;YAChC,kBAAkB,CAAC,UAAU,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAE7D,MAAM,aAAa,GAAG,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,oBAAoB,EAAE,CAAC;QAEhF,mCAAmC;QACnC,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAEjE,2GAA2G;QAC3G,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAChH,OAAO,WAAW,CAAC;SACpB;QAED,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjH,IAAI,QAAQ,CAAC,KAAK,EAAE;YAClB,MAAM,KAAK,GAAG,QAAuB,CAAC;YACtC,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;YACpD,OAAO,KAAK,CAAC;SACd;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,MAAM,CAAC,eAAe,CAAC,KAA0B;QAEtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,MAAM,EAAE;YACpD,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;gBAC7B,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SAChD;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAW;QACtC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,kBAAkB,CAAC,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;YACvE,kBAAkB,CAAC,sBAAsB,EAAE,CAAC;SAC7C;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE7D,gFAAgF;QAChF,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAClH,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,OAAO,SAAS,CAAC;SAClB;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEM,MAAM,CAAC,qBAAqB,CAAC,KAA0B;QAE5D,IAAI,kBAAkB,CAAC,YAAY,EAAE;YACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,YAAY,EAAE;gBAC1D,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;
|
|
1
|
+
{"version":3,"file":"ArcGisTokenManager.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenManager.ts"],"names":[],"mappings":"AAAA;;;+FAG+F;AAC/F;;GAEG;AAGH,OAAO,EAA8D,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAO1H,gBAAgB;AAChB,MAAM,OAAO,kBAAkB;IAOtB,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAA4B,EAAE,QAAgB,EAAE,QAAgB,EAAE,OAAmC;QAChI,IAAI,CAAC,kBAAkB,CAAC,UAAU;YAChC,kBAAkB,CAAC,UAAU,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAE7D,MAAM,aAAa,GAAG,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,oBAAoB,EAAE,CAAC;QAEhF,mCAAmC;QACnC,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAEjE,2GAA2G;QAC3G,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAChH,OAAO,WAAW,CAAC;SACpB;QAED,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjH,IAAI,QAAQ,CAAC,KAAK,EAAE;YAClB,MAAM,KAAK,GAAG,QAAuB,CAAC;YACtC,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;YACpD,OAAO,KAAK,CAAC;SACd;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,MAAM,CAAC,eAAe,CAAC,KAA0B;QAEtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,MAAM,EAAE;YACpD,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;gBAC7B,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SAChD;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAW;QACtC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,kBAAkB,CAAC,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;YACvE,kBAAkB,CAAC,sBAAsB,EAAE,CAAC;SAC7C;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE7D,gFAAgF;QAChF,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;YAClH,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,OAAO,SAAS,CAAC;SAClB;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEM,MAAM,CAAC,qBAAqB,CAAC,KAA0B;QAE5D,IAAI,kBAAkB,CAAC,YAAY,EAAE;YACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,kBAAkB,CAAC,YAAY,EAAE;gBAC1D,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,EAAC;oBAC9B,MAAM,OAAO,GAAG,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAC5D,kBAAkB,CAAC,oBAAoB,EAAE,CAAC;oBAC1C,OAAO,OAAO,CAAC;iBAChB;aACF;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAW,EAAE,KAAwB;QAEhE,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,kBAAkB,CAAC,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;SAExE;QACD,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAEhD,kBAAkB,CAAC,oBAAoB,EAAE,CAAC;IAC5C,CAAC;IAEM,MAAM,CAAC,sBAAsB;;QAClC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,OAAO;SACR;QAED,MAAM,WAAW,GAAG,CAAC,IAAwB,EAAE,EAAE;YAC/C,IAAI,IAAI,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;gBACzD,MAAM,MAAM,GAAiC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC9D,IAAI,MAAM,EAAE;oBACV,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;wBACjD,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;qBACjD;iBACF;aACF;QACH,CAAC,CAAC;QAEF,WAAW,CAAC,MAAA,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,mCAAI,SAAS,CAAC,CAAC;QACjF,WAAW,CAAC,MAAA,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,mCAAI,SAAS,CAAC,CAAC;IACjF,CAAC;IAEM,MAAM,CAAC,oBAAoB;QAEhC,IAAI,kBAAkB,CAAC,YAAY,KAAK,SAAS,EAAE;YACjD,OAAO;SACR;QACD,MAAM,aAAa,GAAqB,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAqB,EAAE,CAAC;QAE3C,kBAAkB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,KAAwB,EAAE,GAAW,EAAE,EAAE;YAChF,oEAAoE;YACpE,gCAAgC;YAChC,gCAAgC;YAChC,WAAW;YACX,gCAAgC;YAChC,IAAI;YACJ,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC7B,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IACtF,CAAC;;AA3HuB,uCAAoB,GAAG,MAAM,CAAC,CAAE,4BAA4B;AACrE,yBAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;AAG/B,qCAAkB,GAAG,aAAa,CAAC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { MapLayerAccessToken } from \"@itwin/core-frontend\";\r\nimport { ArcGisGenerateTokenOptions, ArcGisOAuth2Token, ArcGisToken, ArcGisTokenGenerator } from \"./ArcGisTokenGenerator\";\r\n\r\n/** @internal */\r\ninterface ArcGisTokenProps {\r\n [hostname: string]: ArcGisOAuth2Token;\r\n}\r\n\r\n/** @internal */\r\nexport class ArcGisTokenManager {\r\n private static readonly tokenExpiryThreshold = 300000; // 5 minutes in milliseconds\r\n private static _cache = new Map<string, ArcGisToken>();\r\n private static _oauth2Cache: Map<string, ArcGisOAuth2Token> | undefined;\r\n private static _generator: ArcGisTokenGenerator | undefined;\r\n private static readonly _browserStorageKey = \"arcGisOAuth\";\r\n\r\n public static async getToken(arcGisRestServiceUrl: string, userName: string, password: string, options: ArcGisGenerateTokenOptions): Promise<ArcGisToken | undefined> {\r\n if (!ArcGisTokenManager._generator)\r\n ArcGisTokenManager._generator = new ArcGisTokenGenerator();\r\n\r\n const tokenCacheKey = `${encodeURIComponent(userName)}@${arcGisRestServiceUrl}`;\r\n\r\n // First check in the session cache\r\n const cachedToken = ArcGisTokenManager._cache.get(tokenCacheKey);\r\n\r\n // Check if token is in cached and is valid within the threshold, if not, generate a new token immediately.\r\n if (cachedToken !== undefined && (cachedToken.expires - (+new Date()) > ArcGisTokenManager.tokenExpiryThreshold)) {\r\n return cachedToken;\r\n }\r\n\r\n // Nothing in cache, generate a new token\r\n const newToken = await ArcGisTokenManager._generator.generate(arcGisRestServiceUrl, userName, password, options);\r\n if (newToken.token) {\r\n const token = newToken as ArcGisToken;\r\n ArcGisTokenManager._cache.set(tokenCacheKey, token);\r\n return token;\r\n }\r\n\r\n return undefined;\r\n }\r\n\r\n public static invalidateToken(token: MapLayerAccessToken): boolean {\r\n\r\n for (const [key, value] of ArcGisTokenManager._cache) {\r\n if (value.token === token.token)\r\n return ArcGisTokenManager._cache.delete(key);\r\n }\r\n\r\n return false;\r\n }\r\n\r\n public static getOAuth2Token(key: string): ArcGisOAuth2Token | undefined {\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n ArcGisTokenManager._oauth2Cache = new Map<string, ArcGisOAuth2Token>();\r\n ArcGisTokenManager.loadFromBrowserStorage();\r\n }\r\n\r\n const cachedToken = ArcGisTokenManager._oauth2Cache.get(key);\r\n\r\n // If cached token has expired (or about to expire), invalidate don't return it.\r\n if (cachedToken !== undefined && (cachedToken.expiresAt - (+new Date()) < ArcGisTokenManager.tokenExpiryThreshold)) {\r\n ArcGisTokenManager._oauth2Cache.delete(key);\r\n return undefined;\r\n }\r\n\r\n return cachedToken;\r\n }\r\n\r\n public static invalidateOAuth2Token(token: MapLayerAccessToken) {\r\n\r\n if (ArcGisTokenManager._oauth2Cache) {\r\n for (const [key, value] of ArcGisTokenManager._oauth2Cache) {\r\n if (value.token === token.token){\r\n const deleted = ArcGisTokenManager._oauth2Cache.delete(key);\r\n ArcGisTokenManager.saveToBrowserStorage();\r\n return deleted;\r\n }\r\n }\r\n }\r\n\r\n return false;\r\n }\r\n\r\n public static setOAuth2Token(key: string, token: ArcGisOAuth2Token) {\r\n\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n ArcGisTokenManager._oauth2Cache = new Map<string, ArcGisOAuth2Token>();\r\n\r\n }\r\n ArcGisTokenManager._oauth2Cache.set(key, token);\r\n\r\n ArcGisTokenManager.saveToBrowserStorage();\r\n }\r\n\r\n public static loadFromBrowserStorage() {\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n return;\r\n }\r\n\r\n const loadEntries = (json: string | undefined) => {\r\n if (json && ArcGisTokenManager._oauth2Cache !== undefined) {\r\n const tokens: ArcGisTokenProps | undefined = JSON.parse(json);\r\n if (tokens) {\r\n for (const [key, value] of Object.entries(tokens)) {\r\n ArcGisTokenManager._oauth2Cache.set(key, value);\r\n }\r\n }\r\n }\r\n };\r\n\r\n loadEntries(window.sessionStorage.getItem(this._browserStorageKey) ?? undefined);\r\n loadEntries(window.localStorage.getItem(this._browserStorageKey) ?? undefined);\r\n }\r\n\r\n public static saveToBrowserStorage() {\r\n\r\n if (ArcGisTokenManager._oauth2Cache === undefined) {\r\n return;\r\n }\r\n const sessionTokens: ArcGisTokenProps = {};\r\n const storageTokens: ArcGisTokenProps = {};\r\n\r\n ArcGisTokenManager._oauth2Cache.forEach((value: ArcGisOAuth2Token, key: string) => {\r\n // ignore the persist flag for now, and only save to session storage\r\n // if (value.persist === true) {\r\n // storageTokens[key] = value;\r\n // } else {\r\n // sessionTokens[key] = value;\r\n // }\r\n sessionTokens[key] = value;\r\n });\r\n window.sessionStorage.setItem(this._browserStorageKey, JSON.stringify(sessionTokens));\r\n window.localStorage.setItem(this._browserStorageKey, JSON.stringify(storageTokens));\r\n }\r\n\r\n}\r\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@itwin/map-layers-auth",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "4.0.0-dev.2",
|
|
4
4
|
"description": "Extension that adds a Map Layers Widget",
|
|
5
5
|
"main": "lib/cjs/map-layers-auth.js",
|
|
6
6
|
"module": "lib/esm/map-layers-auth.js",
|
|
@@ -21,11 +21,11 @@
|
|
|
21
21
|
"url": "http://www.bentley.com"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
|
-
"@itwin/build-tools": "
|
|
25
|
-
"@itwin/core-bentley": "
|
|
26
|
-
"@itwin/core-common": "
|
|
27
|
-
"@itwin/core-frontend": "
|
|
28
|
-
"@itwin/eslint-plugin": "
|
|
24
|
+
"@itwin/build-tools": "4.0.0-dev.2",
|
|
25
|
+
"@itwin/core-bentley": "4.0.0-dev.2",
|
|
26
|
+
"@itwin/core-common": "4.0.0-dev.2",
|
|
27
|
+
"@itwin/core-frontend": "4.0.0-dev.2",
|
|
28
|
+
"@itwin/eslint-plugin": "4.0.0-dev.2",
|
|
29
29
|
"@types/chai": "4.3.1",
|
|
30
30
|
"@types/mocha": "^8.2.2",
|
|
31
31
|
"@types/sinon": "^9.0.0",
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
"typescript": "~4.4.0"
|
|
44
44
|
},
|
|
45
45
|
"peerDependencies": {
|
|
46
|
-
"@itwin/core-bentley": "
|
|
46
|
+
"@itwin/core-bentley": "4.0.0-dev.2"
|
|
47
47
|
},
|
|
48
48
|
"nyc": {
|
|
49
49
|
"extends": "./node_modules/@itwin/build-tools/.nycrc",
|