@itwin/map-layers-auth 4.0.0-dev.7 → 4.0.0-dev.72
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +43 -1
- package/lib/cjs/ArcGis/ArcGisAccessClient.d.ts +72 -72
- package/lib/cjs/ArcGis/ArcGisAccessClient.js +286 -291
- package/lib/cjs/ArcGis/ArcGisAccessClient.js.map +1 -1
- package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.d.ts +22 -22
- package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.js +46 -46
- package/lib/cjs/ArcGis/ArcGisTokenGenerator.d.ts +41 -41
- package/lib/cjs/ArcGis/ArcGisTokenGenerator.js +109 -110
- package/lib/cjs/ArcGis/ArcGisTokenGenerator.js.map +1 -1
- package/lib/cjs/ArcGis/ArcGisTokenManager.d.ts +20 -20
- package/lib/cjs/ArcGis/ArcGisTokenManager.js +111 -112
- package/lib/cjs/ArcGis/ArcGisTokenManager.js.map +1 -1
- package/lib/cjs/ArcGis/ArcGisUrl.d.ts +6 -6
- package/lib/cjs/ArcGis/ArcGisUrl.js +48 -49
- package/lib/cjs/ArcGis/ArcGisUrl.js.map +1 -1
- package/lib/cjs/map-layers-auth.d.ts +5 -5
- package/lib/cjs/map-layers-auth.js +25 -21
- package/lib/cjs/map-layers-auth.js.map +1 -1
- package/lib/esm/ArcGis/ArcGisAccessClient.d.ts +72 -72
- package/lib/esm/ArcGis/ArcGisAccessClient.js +282 -287
- package/lib/esm/ArcGis/ArcGisAccessClient.js.map +1 -1
- package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.d.ts +22 -22
- package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.js +42 -42
- package/lib/esm/ArcGis/ArcGisTokenGenerator.d.ts +41 -41
- package/lib/esm/ArcGis/ArcGisTokenGenerator.js +106 -106
- package/lib/esm/ArcGis/ArcGisTokenGenerator.js.map +1 -1
- package/lib/esm/ArcGis/ArcGisTokenManager.d.ts +20 -20
- package/lib/esm/ArcGis/ArcGisTokenManager.js +108 -108
- package/lib/esm/ArcGis/ArcGisTokenManager.js.map +1 -1
- package/lib/esm/ArcGis/ArcGisUrl.d.ts +6 -6
- package/lib/esm/ArcGis/ArcGisUrl.js +44 -45
- package/lib/esm/ArcGis/ArcGisUrl.js.map +1 -1
- package/lib/esm/map-layers-auth.d.ts +5 -5
- package/lib/esm/map-layers-auth.js +9 -9
- package/package.json +12 -12
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisAccessClient.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":";AAAA;;;+FAG+F;AAC/F;;GAEG;;;AAEH,sDAAsD;AAEtD,iEAAkF;AAClF,iEAAwF;AACxF,6DAA0D;AAC1D,2CAAwC;AAuCxC,YAAY;AACZ,MAAa,kBAAkB;IAS7B;QARgB,sBAAiB,GAAG,IAAI,sBAAO,EAAE,CAAC;QAKlD,sDAAsD;QAC9C,sBAAiB,GAAG,KAAK,CAAC;QA2LlC,kDAAkD;QAClD,8EAA8E;QAC9E,4DAA4D;QACpD,kCAA6B,GAAG,IAAI,GAAG,EAAe,CAAC;QACvD,8BAAyB,GAAG,IAAI,GAAG,EAAe,CAAC;IA5L3D,CAAC;IAEM,UAAU,CAAC,WAA+B;QAC/C,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC;YAExC,IAAI,CAAC,yBAAyB,EAAE,CAAC;SAClC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB;QAC9B,MAAc,CAAC,oBAAoB,GAAG,CAAC,gBAA2B,EAAE,EAAE;;YACrE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,SAAS,CAAC;YAEd,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,mCAAI,SAAS,CAAC;gBAC1D,MAAM,YAAY,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,mCAAI,SAAS,CAAC;gBAC/D,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,SAAS,CAAC;gBACzD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC7C,MAAM,QAAQ,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,mCAAI,SAAS,CAAC;gBACtD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;gBACrD,IAAI,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE;oBAC9H,IAAI,cAAc,CAAC;oBACnB,IAAI;wBACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACnC,SAAS,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,UAAU,CAAC;wBAC9B,cAAc,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,CAAC;qBAExC;oBAAC,MAAM;qBACP;oBACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;oBACvC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAG,6EAA6E;oBACrI,IAAI,cAAc,KAAK,SAAS,EAAE;wBAChC,uCAAkB,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChG,YAAY,GAAG,IAAI,CAAC;qBACrB;iBAEF;aACF;YACD,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC5B,MAAc,CAAC,oBAAoB,GAAG,SAAS,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAiC;QAC3D,+FAA+F;QAE/F,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1F,IAAI,WAAW;gBACb,OAAO,WAAW,CAAC;SACtB;QAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;YACtC,OAAO,uCAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,4CAAqB,CAAC,OAAO,EAAE,CAAC,CAAC;SAChJ;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QACtD,IAAI,aAA+C,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,4GAA4G;YAC5G,2CAA2C;YAC3C,IAAI;gBACF,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;gBAC9F,IAAI,aAAa,EAAE;iBAElB;aACF;YAAC,MAAM;aAEP;SACF;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,eAAe,CAAC,KAA0B;QAC/C,IAAI,KAAK,GAAG,uCAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,uCAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;SACzD;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,6BAA6B,CAAC,GAAW;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE;YACd,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAA4B,CAAC;QACjC,IAAI,eAAmC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE;YAC7B,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;aAClC;iBAAM;gBACL,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;oBACtD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;iBAC3B;aACF;SACF;QAED,2EAA2E;QAC3E,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE;YAC3D,QAAQ,GAAG,eAAe,CAAC;SAC5B;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAW,oBAAoB;;QAC7B,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,oBAAoB,CAAC;IAC/C,CAAC;IAED,IAAW,oBAAoB,CAAC,QAA4B;QAC1D,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,IAAI,CAAC,UAAU,GAAG,EAAE,oBAAoB,EAAE,QAAQ,EAAE,CAAC;SACtD;QACD,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,QAAQ,CAAC;IAClD,CAAC;IAED,IAAW,yBAAyB;;QAClC,OAAO,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,CAAC;IAC9C,CAAC;IAEM,qBAAqB,CAAC,cAAsB,EAAE,QAAgB;;QAEnE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACnH,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;aACnE;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxE;SACF;aAAM;YACL,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;gBACjC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;aACtB;YACD,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAEM,wBAAwB,CAAC,QAAkC;;QAEhE,IAAI,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,MAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,mBAAmB,0CAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,cAAc,CAAC,CAAC;SAC/I;IAEH,CAAC;IAED,cAAc;IACd,gBAAgB;IACR,KAAK,CAAC,2BAA2B,CAAC,WAAmB;QAC3D,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;YACpG,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzD,OAAO,uCAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;aACnE;SACF;QAAC,MAAM,GAAG;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAQD;;;KAGC;IACQ,aAAa,CAAC,GAAW,EAAE,QAAkC,EAAE,GAAyB;QAC/F,IAAI,QAAQ,KAAK,+CAAwB,CAAC,SAAS,EAAE;YACnD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAClD;aAAM;YACL,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,QAAkC;QAC1E,oCAAoC;QACpC,MAAM,aAAa,GAAG,IAAI,2CAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QAC/F,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QACjD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,YAAsC;QACjF,iCAAiC;QACjC,MAAM,cAAc,GAAG,CAAC,YAAY,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACrK,IAAI,cAAc,KAAK,SAAS,EAAE;YAChC,OAAO,cAAc,CAAC;SACvB;QAED,MAAM,WAAW,GAAG,CAAC,YAAY,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAClG,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YACxD,wBAAwB;YACxB,iGAAiG;YAEjG,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE;gBAC3C,OAAO,SAAS,CAAC;aAClB;YAED,MAAM,SAAS,GAAG,8CAA8C,WAAW,EAAE,CAAC;YAC9E,OAAO,IAAI,2CAAoB,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;SAC3F;aAAM;YAEL,wGAAwG;YACxG,IAAI;gBACF,MAAM,uBAAuB,GAAG,MAAM,qBAAS,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;gBACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE;oBACzC,kEAAkE;oBAClE,8FAA8F;oBAC9F,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACjD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBACnC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACtF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,YAAY,wBAAwB,WAAW,EAAE,CAAC,CAAC;wBAE9H,uCAAuC;wBACvC,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;qBACtE;iBACF;qBAAM;oBACL,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,uBAAuB,CAAC,QAAQ,EAAE,UAAU,WAAW,EAAE,EAAE,YAAY,CAAC,CAAC;oBACvH,IAAI,QAAQ;wBACV,OAAO,QAAQ,CAAC;iBACnB;aACF;YAAC,MAAM;aAEP;SAEF;QACD,OAAO,SAAS,CAAC,CAAG,8CAA8C;IACpE,CAAC;IAED;;;KAGC;IACO,iBAAiB,CAAC,GAAW,EAAE,cAAuB;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,oBAAoB;QACpB,IAAI,cAAc,EAAE;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC3C,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,QAAQ,KAAK,SAAS,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SAEF;aAAM;YACL,MAAM,QAAQ,GAAG,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACzD,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SACF;QAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;SAC7D;QAED,IAAI,IAAI,CAAC,WAAW;YAClB,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;CAEF;AAtTD,gDAsTC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { assert, BeEvent } from \"@itwin/core-bentley\";\r\nimport { MapLayerAccessClient, MapLayerAccessToken, MapLayerAccessTokenParams, MapLayerTokenEndpoint } from \"@itwin/core-frontend\";\r\nimport { ArcGisOAuth2Token, ArcGisTokenClientType } from \"./ArcGisTokenGenerator\";\r\nimport { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from \"./ArcGisOAuth2Endpoint\";\r\nimport { ArcGisTokenManager } from \"./ArcGisTokenManager\";\r\nimport { ArcGisUrl } from \"./ArcGisUrl\";\r\n\r\n/** @beta */\r\nexport interface ArcGisEnterpriseClientId {\r\n /* Oauth API endpoint base URL (i.e. https://hostname/portal/sharing/oauth2/authorize)\r\n used to identify uniquely each enterprise server. */\r\n serviceBaseUrl: string;\r\n\r\n /* Application's clientId for this enterprise server.*/\r\n clientId: string;\r\n}\r\n\r\n/** @beta */\r\nexport interface ArcGisOAuthClientIds {\r\n /* Application's OAuth clientId in ArcGIS online */\r\n arcgisOnlineClientId?: string;\r\n\r\n /* Application's OAuth clientId for each enterprise server used. */\r\n enterpriseClientIds?: ArcGisEnterpriseClientId[];\r\n}\r\n\r\n/** @beta\r\n * ArcGIS OAuth configurations parameters.\r\n * See https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serverless-web-apps/\r\n * more details.\r\n*/\r\nexport interface ArcGisOAuthConfig {\r\n /* URL to which a user is sent once they complete sign in authorization.\r\n Must match a URI you define in the developer dashboard, otherwise, the authorization will be rejected.\r\n */\r\n redirectUri: string;\r\n\r\n /* Optional expiration after which the token will expire. Defined in minutes with a maximum of two weeks (20160 minutes)*/\r\n tokenExpiration?: number;\r\n\r\n /* Application client Ids */\r\n clientIds: ArcGisOAuthClientIds;\r\n}\r\n\r\n/** @beta */\r\nexport class ArcGisAccessClient implements MapLayerAccessClient {\r\n public readonly onOAuthProcessEnd = new BeEvent();\r\n private _redirectUri: string | undefined;\r\n private _expiration: number | undefined;\r\n private _clientIds: ArcGisOAuthClientIds | undefined;\r\n\r\n // Should be kept to 'false'. Debugging purposes only.\r\n private _forceLegacyToken = false;\r\n\r\n public constructor() {\r\n }\r\n\r\n public initialize(oAuthConfig?: ArcGisOAuthConfig): boolean {\r\n if (oAuthConfig) {\r\n this._redirectUri = oAuthConfig.redirectUri;\r\n this._expiration = oAuthConfig.tokenExpiration;\r\n this._clientIds = oAuthConfig.clientIds;\r\n\r\n this.initOauthCallbackFunction();\r\n }\r\n return true;\r\n }\r\n\r\n private initOauthCallbackFunction() {\r\n (window as any).arcGisOAuth2Callback = (redirectLocation?: Location) => {\r\n let eventSuccess = false;\r\n let stateData;\r\n\r\n if (redirectLocation && redirectLocation.hash.length > 0) {\r\n const locationHash = redirectLocation.hash;\r\n const hashParams = new URLSearchParams(locationHash.substring(1));\r\n const token = hashParams.get(\"access_token\") ?? undefined;\r\n const expiresInStr = hashParams.get(\"expires_in\") ?? undefined;\r\n const userName = hashParams.get(\"username\") ?? undefined;\r\n const ssl = hashParams.get(\"ssl\") === \"true\";\r\n const stateStr = hashParams.get(\"state\") ?? undefined;\r\n const persist = hashParams.get(\"persist\") === \"true\";\r\n if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {\r\n let endpointOrigin;\r\n try {\r\n const state = JSON.parse(stateStr);\r\n stateData = state?.customData;\r\n endpointOrigin = state?.endpointOrigin;\r\n\r\n } catch {\r\n }\r\n const expiresIn = Number(expiresInStr);\r\n const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)\r\n if (endpointOrigin !== undefined) {\r\n ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });\r\n eventSuccess = true;\r\n }\r\n\r\n }\r\n }\r\n this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);\r\n };\r\n }\r\n\r\n public unInitialize() {\r\n this._redirectUri = undefined;\r\n this._expiration = undefined;\r\n (window as any).arcGisOAuth2Callback = undefined;\r\n }\r\n\r\n public async getAccessToken(params: MapLayerAccessTokenParams): Promise<MapLayerAccessToken | undefined> {\r\n // First lookup Oauth2 tokens, otherwise check try \"legacy tokens\" if credentials were provided\r\n\r\n if (!this._forceLegacyToken) {\r\n const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());\r\n if (oauth2Token)\r\n return oauth2Token;\r\n }\r\n\r\n if (params.userName && params.password) {\r\n return ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });\r\n }\r\n\r\n return undefined;\r\n }\r\n\r\n public async getTokenServiceEndPoint(mapLayerUrl: string): Promise<MapLayerTokenEndpoint | undefined> {\r\n let tokenEndpoint: ArcGisOAuth2Endpoint | undefined;\r\n if (!this._forceLegacyToken) {\r\n // Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers\r\n // we could not make a reliable validation.\r\n try {\r\n tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (tokenEndpoint) {\r\n\r\n }\r\n } catch {\r\n\r\n }\r\n }\r\n\r\n return tokenEndpoint;\r\n }\r\n\r\n public invalidateToken(token: MapLayerAccessToken): boolean {\r\n let found = ArcGisTokenManager.invalidateToken(token);\r\n if (!found) {\r\n found = ArcGisTokenManager.invalidateOAuth2Token(token);\r\n }\r\n return found;\r\n }\r\n\r\n public get redirectUri() {\r\n return this._redirectUri;\r\n }\r\n\r\n public getMatchingEnterpriseClientId(url: string) {\r\n const clientIds = this.arcGisEnterpriseClientIds;\r\n if (!clientIds) {\r\n return undefined;\r\n }\r\n\r\n let clientId: string | undefined;\r\n let defaultClientId: string | undefined;\r\n for (const entry of clientIds) {\r\n if (entry.serviceBaseUrl === \"\") {\r\n defaultClientId = entry.clientId;\r\n } else {\r\n if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {\r\n clientId = entry.clientId;\r\n }\r\n }\r\n }\r\n\r\n // If we could not find a match with serviceBaseUrl, and a default clientId\r\n // was specified (i.e empty url), then use default clientId\r\n if (clientId === undefined && defaultClientId !== undefined) {\r\n clientId = defaultClientId;\r\n }\r\n return clientId;\r\n }\r\n\r\n public get expiration() {\r\n return this._expiration;\r\n }\r\n\r\n public get arcGisOnlineClientId() {\r\n return this._clientIds?.arcgisOnlineClientId;\r\n }\r\n\r\n public set arcGisOnlineClientId(clientId: string | undefined) {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = { arcgisOnlineClientId: clientId };\r\n }\r\n this._clientIds.arcgisOnlineClientId = clientId;\r\n }\r\n\r\n public get arcGisEnterpriseClientIds() {\r\n return this._clientIds?.enterpriseClientIds;\r\n }\r\n\r\n public setEnterpriseClientId(serviceBaseUrl: string, clientId: string) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);\r\n if (foundIdx !== -1) {\r\n this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;\r\n } else {\r\n this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });\r\n }\r\n } else {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = {};\r\n }\r\n this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];\r\n }\r\n }\r\n\r\n public removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);\r\n }\r\n\r\n }\r\n\r\n /// //////////\r\n /** @internal */\r\n private async getOAuthTokenForMapLayerUrl(mapLayerUrl: string): Promise<ArcGisOAuth2Token | undefined> {\r\n try {\r\n const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (oauthEndpoint !== undefined) {\r\n const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());\r\n return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);\r\n }\r\n } catch { }\r\n return undefined;\r\n }\r\n\r\n // Derive the Oauth URL from a typical MapLayerURL\r\n // i.e. \t https://hostname/server/rest/services/NewYork/NewYork3857/MapServer\r\n // => https://hostname/portal/sharing/oauth2/authorize\r\n private _oauthAuthorizeEndPointsCache = new Map<string, any>();\r\n private _oauthTokenEndPointsCache = new Map<string, any>();\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private cacheEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType, obj: ArcGisOAuth2Endpoint) {\r\n if (endpoint === ArcGisOAuth2EndpointType.Authorize) {\r\n this._oauthAuthorizeEndPointsCache.set(url, obj);\r\n } else {\r\n this._oauthTokenEndPointsCache.set(url, obj);\r\n }\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async createEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Validate the URL we just composed\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);\r\n this.cacheEndpoint(url, endpoint, oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async getOAuth2Endpoint(url: string, endpointType: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Return from cache if available\r\n const cachedEndpoint = (endpointType === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));\r\n if (cachedEndpoint !== undefined) {\r\n return cachedEndpoint;\r\n }\r\n\r\n const endpointStr = (endpointType === ArcGisOAuth2EndpointType.Authorize ? \"authorize\" : \"token\");\r\n const urlObj = new URL(url);\r\n if (urlObj.hostname.toLowerCase().endsWith(\"arcgis.com\")) {\r\n // ArcGIS Online (fixed)\r\n // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/\r\n\r\n if (this.arcGisOnlineClientId === undefined) {\r\n return undefined;\r\n }\r\n\r\n const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;\r\n return new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);\r\n } else {\r\n\r\n // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'\r\n try {\r\n const restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);\r\n if (restUrlFromTokenService === undefined) {\r\n // We could not derive the token endpoint from 'tokenServicesUrl'.\r\n // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize\r\n const regExMatch = url.match(new RegExp(/([^&\\/]+)\\/rest\\/services\\/.*/, \"i\"));\r\n if (regExMatch !== null && regExMatch.length >= 2) {\r\n const subdirectory = regExMatch[1];\r\n const port = (urlObj.port !== \"80\" && urlObj.port !== \"443\") ? `:${urlObj.port}` : \"\";\r\n const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);\r\n\r\n // Check again the URL we just composed\r\n return await this.createEndpoint(newUrlObj.toString(), endpointType);\r\n }\r\n } else {\r\n const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);\r\n if (endpoint)\r\n return endpoint;\r\n }\r\n } catch {\r\n\r\n }\r\n\r\n }\r\n return undefined; // we could not find any valid oauth2 endpoint\r\n }\r\n\r\n /**\r\n * Construct the complete Authorize url to starts the Oauth process\r\n * @internal\r\n */\r\n private constructLoginUrl(url: string, isArcgisOnline: boolean) {\r\n const urlObj = new URL(url);\r\n\r\n // Set the client id\r\n if (isArcgisOnline) {\r\n const clientId = this.arcGisOnlineClientId;\r\n assert(clientId !== undefined);\r\n if (clientId !== undefined) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n\r\n } else {\r\n const clientId = this.getMatchingEnterpriseClientId(url);\r\n assert(clientId !== undefined);\r\n if (undefined !== clientId) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n }\r\n\r\n urlObj.searchParams.set(\"response_type\", \"token\");\r\n if (this.expiration !== undefined) {\r\n urlObj.searchParams.set(\"expiration\", `${this.expiration}`);\r\n }\r\n\r\n if (this.redirectUri)\r\n urlObj.searchParams.set(\"redirect_uri\", this.redirectUri);\r\n\r\n return urlObj.toString();\r\n }\r\n\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"ArcGisAccessClient.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisAccessClient.ts"],"names":[],"mappings":";AAAA;;;+FAG+F;AAC/F;;GAEG;;;AAEH,sDAAsD;AAEtD,iEAAkF;AAClF,iEAAwF;AACxF,6DAA0D;AAC1D,2CAAwC;AAuCxC,YAAY;AACZ,MAAa,kBAAkB;IAS7B;QARgB,sBAAiB,GAAG,IAAI,sBAAO,EAAE,CAAC;QAKlD,sDAAsD;QAC9C,sBAAiB,GAAG,KAAK,CAAC;QA2LlC,kDAAkD;QAClD,8EAA8E;QAC9E,4DAA4D;QACpD,kCAA6B,GAAG,IAAI,GAAG,EAAe,CAAC;QACvD,8BAAyB,GAAG,IAAI,GAAG,EAAe,CAAC;IA5L3D,CAAC;IAEM,UAAU,CAAC,WAA+B;QAC/C,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC;YAExC,IAAI,CAAC,yBAAyB,EAAE,CAAC;SAClC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB;QAC9B,MAAc,CAAC,oBAAoB,GAAG,CAAC,gBAA2B,EAAE,EAAE;YACrE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,SAAS,CAAC;YAEd,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC;gBAC1D,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC;gBAC/D,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC;gBACzD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC7C,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;gBACtD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;gBACrD,IAAI,KAAK,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE;oBAC9H,IAAI,cAAc,CAAC;oBACnB,IAAI;wBACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACnC,SAAS,GAAG,KAAK,EAAE,UAAU,CAAC;wBAC9B,cAAc,GAAG,KAAK,EAAE,cAAc,CAAC;qBAExC;oBAAC,MAAM;qBACP;oBACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;oBACvC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAG,6EAA6E;oBACrI,IAAI,cAAc,KAAK,SAAS,EAAE;wBAChC,uCAAkB,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChG,YAAY,GAAG,IAAI,CAAC;qBACrB;iBAEF;aACF;YACD,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC5B,MAAc,CAAC,oBAAoB,GAAG,SAAS,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAiC;QAC3D,+FAA+F;QAE/F,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1F,IAAI,WAAW;gBACb,OAAO,WAAW,CAAC;SACtB;QAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;YACtC,OAAO,uCAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,4CAAqB,CAAC,OAAO,EAAE,CAAC,CAAC;SAChJ;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QACtD,IAAI,aAA+C,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,4GAA4G;YAC5G,2CAA2C;YAC3C,IAAI;gBACF,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;gBAC9F,IAAI,aAAa,EAAE;iBAElB;aACF;YAAC,MAAM;aAEP;SACF;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,eAAe,CAAC,KAA0B;QAC/C,IAAI,KAAK,GAAG,uCAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,uCAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;SACzD;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,6BAA6B,CAAC,GAAW;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE;YACd,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAA4B,CAAC;QACjC,IAAI,eAAmC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE;YAC7B,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;aAClC;iBAAM;gBACL,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;oBACtD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;iBAC3B;aACF;SACF;QAED,2EAA2E;QAC3E,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE;YAC3D,QAAQ,GAAG,eAAe,CAAC;SAC5B;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAW,oBAAoB;QAC7B,OAAO,IAAI,CAAC,UAAU,EAAE,oBAAoB,CAAC;IAC/C,CAAC;IAED,IAAW,oBAAoB,CAAC,QAA4B;QAC1D,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,IAAI,CAAC,UAAU,GAAG,EAAE,oBAAoB,EAAE,QAAQ,EAAE,CAAC;SACtD;QACD,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,QAAQ,CAAC;IAClD,CAAC;IAED,IAAW,yBAAyB;QAClC,OAAO,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC;IAC9C,CAAC;IAEM,qBAAqB,CAAC,cAAsB,EAAE,QAAgB;QAEnE,IAAI,IAAI,CAAC,UAAU,EAAE,mBAAmB,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACnH,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;aACnE;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxE;SACF;aAAM;YACL,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;gBACjC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;aACtB;YACD,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAEM,wBAAwB,CAAC,QAAkC;QAEhE,IAAI,IAAI,CAAC,UAAU,EAAE,mBAAmB,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,IAAI,CAAC,UAAU,EAAE,mBAAmB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,cAAc,CAAC,CAAC;SAC/I;IAEH,CAAC;IAED,cAAc;IACd,gBAAgB;IACR,KAAK,CAAC,2BAA2B,CAAC,WAAmB;QAC3D,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,+CAAwB,CAAC,SAAS,CAAC,CAAC;YACpG,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzD,OAAO,uCAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;aACnE;SACF;QAAC,MAAM,GAAG;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAQD;;;KAGC;IACQ,aAAa,CAAC,GAAW,EAAE,QAAkC,EAAE,GAAyB;QAC/F,IAAI,QAAQ,KAAK,+CAAwB,CAAC,SAAS,EAAE;YACnD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAClD;aAAM;YACL,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,QAAkC;QAC1E,oCAAoC;QACpC,MAAM,aAAa,GAAG,IAAI,2CAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QAC/F,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QACjD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;KAGC;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,YAAsC;QACjF,iCAAiC;QACjC,MAAM,cAAc,GAAG,CAAC,YAAY,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACrK,IAAI,cAAc,KAAK,SAAS,EAAE;YAChC,OAAO,cAAc,CAAC;SACvB;QAED,MAAM,WAAW,GAAG,CAAC,YAAY,KAAK,+CAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAClG,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YACxD,wBAAwB;YACxB,iGAAiG;YAEjG,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE;gBAC3C,OAAO,SAAS,CAAC;aAClB;YAED,MAAM,SAAS,GAAG,8CAA8C,WAAW,EAAE,CAAC;YAC9E,OAAO,IAAI,2CAAoB,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;SAC3F;aAAM;YAEL,wGAAwG;YACxG,IAAI;gBACF,MAAM,uBAAuB,GAAG,MAAM,qBAAS,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;gBACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE;oBACzC,kEAAkE;oBAClE,8FAA8F;oBAC9F,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACjD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBACnC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACtF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,YAAY,wBAAwB,WAAW,EAAE,CAAC,CAAC;wBAE9H,uCAAuC;wBACvC,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;qBACtE;iBACF;qBAAM;oBACL,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,uBAAuB,CAAC,QAAQ,EAAE,UAAU,WAAW,EAAE,EAAE,YAAY,CAAC,CAAC;oBACvH,IAAI,QAAQ;wBACV,OAAO,QAAQ,CAAC;iBACnB;aACF;YAAC,MAAM;aAEP;SAEF;QACD,OAAO,SAAS,CAAC,CAAG,8CAA8C;IACpE,CAAC;IAED;;;KAGC;IACO,iBAAiB,CAAC,GAAW,EAAE,cAAuB;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,oBAAoB;QACpB,IAAI,cAAc,EAAE;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC3C,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,QAAQ,KAAK,SAAS,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SAEF;aAAM;YACL,MAAM,QAAQ,GAAG,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACzD,IAAA,qBAAM,EAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;YAC/B,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;aAChD;SACF;QAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE;YACjC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;SAC7D;QAED,IAAI,IAAI,CAAC,WAAW;YAClB,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;CAEF;AAtTD,gDAsTC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\nimport { assert, BeEvent } from \"@itwin/core-bentley\";\r\nimport { MapLayerAccessClient, MapLayerAccessToken, MapLayerAccessTokenParams, MapLayerTokenEndpoint } from \"@itwin/core-frontend\";\r\nimport { ArcGisOAuth2Token, ArcGisTokenClientType } from \"./ArcGisTokenGenerator\";\r\nimport { ArcGisOAuth2Endpoint, ArcGisOAuth2EndpointType } from \"./ArcGisOAuth2Endpoint\";\r\nimport { ArcGisTokenManager } from \"./ArcGisTokenManager\";\r\nimport { ArcGisUrl } from \"./ArcGisUrl\";\r\n\r\n/** @beta */\r\nexport interface ArcGisEnterpriseClientId {\r\n /* Oauth API endpoint base URL (i.e. https://hostname/portal/sharing/oauth2/authorize)\r\n used to identify uniquely each enterprise server. */\r\n serviceBaseUrl: string;\r\n\r\n /* Application's clientId for this enterprise server.*/\r\n clientId: string;\r\n}\r\n\r\n/** @beta */\r\nexport interface ArcGisOAuthClientIds {\r\n /* Application's OAuth clientId in ArcGIS online */\r\n arcgisOnlineClientId?: string;\r\n\r\n /* Application's OAuth clientId for each enterprise server used. */\r\n enterpriseClientIds?: ArcGisEnterpriseClientId[];\r\n}\r\n\r\n/** @beta\r\n * ArcGIS OAuth configurations parameters.\r\n * See https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serverless-web-apps/\r\n * more details.\r\n*/\r\nexport interface ArcGisOAuthConfig {\r\n /* URL to which a user is sent once they complete sign in authorization.\r\n Must match a URI you define in the developer dashboard, otherwise, the authorization will be rejected.\r\n */\r\n redirectUri: string;\r\n\r\n /* Optional expiration after which the token will expire. Defined in minutes with a maximum of two weeks (20160 minutes)*/\r\n tokenExpiration?: number;\r\n\r\n /* Application client Ids */\r\n clientIds: ArcGisOAuthClientIds;\r\n}\r\n\r\n/** @beta */\r\nexport class ArcGisAccessClient implements MapLayerAccessClient {\r\n public readonly onOAuthProcessEnd = new BeEvent();\r\n private _redirectUri: string | undefined;\r\n private _expiration: number | undefined;\r\n private _clientIds: ArcGisOAuthClientIds | undefined;\r\n\r\n // Should be kept to 'false'. Debugging purposes only.\r\n private _forceLegacyToken = false;\r\n\r\n public constructor() {\r\n }\r\n\r\n public initialize(oAuthConfig?: ArcGisOAuthConfig): boolean {\r\n if (oAuthConfig) {\r\n this._redirectUri = oAuthConfig.redirectUri;\r\n this._expiration = oAuthConfig.tokenExpiration;\r\n this._clientIds = oAuthConfig.clientIds;\r\n\r\n this.initOauthCallbackFunction();\r\n }\r\n return true;\r\n }\r\n\r\n private initOauthCallbackFunction() {\r\n (window as any).arcGisOAuth2Callback = (redirectLocation?: Location) => {\r\n let eventSuccess = false;\r\n let stateData;\r\n\r\n if (redirectLocation && redirectLocation.hash.length > 0) {\r\n const locationHash = redirectLocation.hash;\r\n const hashParams = new URLSearchParams(locationHash.substring(1));\r\n const token = hashParams.get(\"access_token\") ?? undefined;\r\n const expiresInStr = hashParams.get(\"expires_in\") ?? undefined;\r\n const userName = hashParams.get(\"username\") ?? undefined;\r\n const ssl = hashParams.get(\"ssl\") === \"true\";\r\n const stateStr = hashParams.get(\"state\") ?? undefined;\r\n const persist = hashParams.get(\"persist\") === \"true\";\r\n if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {\r\n let endpointOrigin;\r\n try {\r\n const state = JSON.parse(stateStr);\r\n stateData = state?.customData;\r\n endpointOrigin = state?.endpointOrigin;\r\n\r\n } catch {\r\n }\r\n const expiresIn = Number(expiresInStr);\r\n const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)\r\n if (endpointOrigin !== undefined) {\r\n ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });\r\n eventSuccess = true;\r\n }\r\n\r\n }\r\n }\r\n this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);\r\n };\r\n }\r\n\r\n public unInitialize() {\r\n this._redirectUri = undefined;\r\n this._expiration = undefined;\r\n (window as any).arcGisOAuth2Callback = undefined;\r\n }\r\n\r\n public async getAccessToken(params: MapLayerAccessTokenParams): Promise<MapLayerAccessToken | undefined> {\r\n // First lookup Oauth2 tokens, otherwise check try \"legacy tokens\" if credentials were provided\r\n\r\n if (!this._forceLegacyToken) {\r\n const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());\r\n if (oauth2Token)\r\n return oauth2Token;\r\n }\r\n\r\n if (params.userName && params.password) {\r\n return ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenClientType.referer });\r\n }\r\n\r\n return undefined;\r\n }\r\n\r\n public async getTokenServiceEndPoint(mapLayerUrl: string): Promise<MapLayerTokenEndpoint | undefined> {\r\n let tokenEndpoint: ArcGisOAuth2Endpoint | undefined;\r\n if (!this._forceLegacyToken) {\r\n // Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers\r\n // we could not make a reliable validation.\r\n try {\r\n tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (tokenEndpoint) {\r\n\r\n }\r\n } catch {\r\n\r\n }\r\n }\r\n\r\n return tokenEndpoint;\r\n }\r\n\r\n public invalidateToken(token: MapLayerAccessToken): boolean {\r\n let found = ArcGisTokenManager.invalidateToken(token);\r\n if (!found) {\r\n found = ArcGisTokenManager.invalidateOAuth2Token(token);\r\n }\r\n return found;\r\n }\r\n\r\n public get redirectUri() {\r\n return this._redirectUri;\r\n }\r\n\r\n public getMatchingEnterpriseClientId(url: string) {\r\n const clientIds = this.arcGisEnterpriseClientIds;\r\n if (!clientIds) {\r\n return undefined;\r\n }\r\n\r\n let clientId: string | undefined;\r\n let defaultClientId: string | undefined;\r\n for (const entry of clientIds) {\r\n if (entry.serviceBaseUrl === \"\") {\r\n defaultClientId = entry.clientId;\r\n } else {\r\n if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {\r\n clientId = entry.clientId;\r\n }\r\n }\r\n }\r\n\r\n // If we could not find a match with serviceBaseUrl, and a default clientId\r\n // was specified (i.e empty url), then use default clientId\r\n if (clientId === undefined && defaultClientId !== undefined) {\r\n clientId = defaultClientId;\r\n }\r\n return clientId;\r\n }\r\n\r\n public get expiration() {\r\n return this._expiration;\r\n }\r\n\r\n public get arcGisOnlineClientId() {\r\n return this._clientIds?.arcgisOnlineClientId;\r\n }\r\n\r\n public set arcGisOnlineClientId(clientId: string | undefined) {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = { arcgisOnlineClientId: clientId };\r\n }\r\n this._clientIds.arcgisOnlineClientId = clientId;\r\n }\r\n\r\n public get arcGisEnterpriseClientIds() {\r\n return this._clientIds?.enterpriseClientIds;\r\n }\r\n\r\n public setEnterpriseClientId(serviceBaseUrl: string, clientId: string) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);\r\n if (foundIdx !== -1) {\r\n this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;\r\n } else {\r\n this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });\r\n }\r\n } else {\r\n if (this._clientIds === undefined) {\r\n this._clientIds = {};\r\n }\r\n this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];\r\n }\r\n }\r\n\r\n public removeEnterpriseClientId(clientId: ArcGisEnterpriseClientId) {\r\n\r\n if (this._clientIds?.enterpriseClientIds) {\r\n this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);\r\n }\r\n\r\n }\r\n\r\n /// //////////\r\n /** @internal */\r\n private async getOAuthTokenForMapLayerUrl(mapLayerUrl: string): Promise<ArcGisOAuth2Token | undefined> {\r\n try {\r\n const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2EndpointType.Authorize);\r\n if (oauthEndpoint !== undefined) {\r\n const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());\r\n return ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);\r\n }\r\n } catch { }\r\n return undefined;\r\n }\r\n\r\n // Derive the Oauth URL from a typical MapLayerURL\r\n // i.e. \t https://hostname/server/rest/services/NewYork/NewYork3857/MapServer\r\n // => https://hostname/portal/sharing/oauth2/authorize\r\n private _oauthAuthorizeEndPointsCache = new Map<string, any>();\r\n private _oauthTokenEndPointsCache = new Map<string, any>();\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private cacheEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType, obj: ArcGisOAuth2Endpoint) {\r\n if (endpoint === ArcGisOAuth2EndpointType.Authorize) {\r\n this._oauthAuthorizeEndPointsCache.set(url, obj);\r\n } else {\r\n this._oauthTokenEndPointsCache.set(url, obj);\r\n }\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async createEndpoint(url: string, endpoint: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Validate the URL we just composed\r\n const oauthEndpoint = new ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);\r\n this.cacheEndpoint(url, endpoint, oauthEndpoint);\r\n return oauthEndpoint;\r\n }\r\n\r\n /**\r\n * Get OAuth2 endpoint that must be cause to get the Oauth2 token\r\n * @internal\r\n */\r\n private async getOAuth2Endpoint(url: string, endpointType: ArcGisOAuth2EndpointType): Promise<ArcGisOAuth2Endpoint | undefined> {\r\n // Return from cache if available\r\n const cachedEndpoint = (endpointType === ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));\r\n if (cachedEndpoint !== undefined) {\r\n return cachedEndpoint;\r\n }\r\n\r\n const endpointStr = (endpointType === ArcGisOAuth2EndpointType.Authorize ? \"authorize\" : \"token\");\r\n const urlObj = new URL(url);\r\n if (urlObj.hostname.toLowerCase().endsWith(\"arcgis.com\")) {\r\n // ArcGIS Online (fixed)\r\n // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/\r\n\r\n if (this.arcGisOnlineClientId === undefined) {\r\n return undefined;\r\n }\r\n\r\n const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;\r\n return new ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);\r\n } else {\r\n\r\n // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'\r\n try {\r\n const restUrlFromTokenService = await ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);\r\n if (restUrlFromTokenService === undefined) {\r\n // We could not derive the token endpoint from 'tokenServicesUrl'.\r\n // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize\r\n const regExMatch = url.match(new RegExp(/([^&\\/]+)\\/rest\\/services\\/.*/, \"i\"));\r\n if (regExMatch !== null && regExMatch.length >= 2) {\r\n const subdirectory = regExMatch[1];\r\n const port = (urlObj.port !== \"80\" && urlObj.port !== \"443\") ? `:${urlObj.port}` : \"\";\r\n const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);\r\n\r\n // Check again the URL we just composed\r\n return await this.createEndpoint(newUrlObj.toString(), endpointType);\r\n }\r\n } else {\r\n const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);\r\n if (endpoint)\r\n return endpoint;\r\n }\r\n } catch {\r\n\r\n }\r\n\r\n }\r\n return undefined; // we could not find any valid oauth2 endpoint\r\n }\r\n\r\n /**\r\n * Construct the complete Authorize url to starts the Oauth process\r\n * @internal\r\n */\r\n private constructLoginUrl(url: string, isArcgisOnline: boolean) {\r\n const urlObj = new URL(url);\r\n\r\n // Set the client id\r\n if (isArcgisOnline) {\r\n const clientId = this.arcGisOnlineClientId;\r\n assert(clientId !== undefined);\r\n if (clientId !== undefined) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n\r\n } else {\r\n const clientId = this.getMatchingEnterpriseClientId(url);\r\n assert(clientId !== undefined);\r\n if (undefined !== clientId) {\r\n urlObj.searchParams.set(\"client_id\", clientId);\r\n }\r\n }\r\n\r\n urlObj.searchParams.set(\"response_type\", \"token\");\r\n if (this.expiration !== undefined) {\r\n urlObj.searchParams.set(\"expiration\", `${this.expiration}`);\r\n }\r\n\r\n if (this.redirectUri)\r\n urlObj.searchParams.set(\"redirect_uri\", this.redirectUri);\r\n\r\n return urlObj.toString();\r\n }\r\n\r\n}\r\n"]}
|
|
@@ -1,23 +1,23 @@
|
|
|
1
|
-
import { MapLayerTokenEndpoint } from "@itwin/core-frontend";
|
|
2
|
-
/** @internal */
|
|
3
|
-
export declare enum ArcGisOAuth2EndpointType {
|
|
4
|
-
Authorize = 0,
|
|
5
|
-
Token = 1
|
|
6
|
-
}
|
|
7
|
-
/** @internal */
|
|
8
|
-
export declare class ArcGisOAuth2Endpoint implements MapLayerTokenEndpoint {
|
|
9
|
-
private _url;
|
|
10
|
-
private _loginUrl;
|
|
11
|
-
private _isArcgisOnline;
|
|
12
|
-
constructor(url: string, loginUrl: string, isArcgisOnline: boolean);
|
|
13
|
-
getUrl(): string;
|
|
14
|
-
/**
|
|
15
|
-
* Returns the URL used to login and generate the Oauth token.
|
|
16
|
-
* @param stateData Custom JSON data that will sent back by once the Oauth process completes
|
|
17
|
-
* @returns Promise resolves after the defaults are setup.
|
|
18
|
-
* @internal
|
|
19
|
-
*/
|
|
20
|
-
getLoginUrl(stateData?: any): string;
|
|
21
|
-
get isArcgisOnline(): boolean;
|
|
22
|
-
}
|
|
1
|
+
import { MapLayerTokenEndpoint } from "@itwin/core-frontend";
|
|
2
|
+
/** @internal */
|
|
3
|
+
export declare enum ArcGisOAuth2EndpointType {
|
|
4
|
+
Authorize = 0,
|
|
5
|
+
Token = 1
|
|
6
|
+
}
|
|
7
|
+
/** @internal */
|
|
8
|
+
export declare class ArcGisOAuth2Endpoint implements MapLayerTokenEndpoint {
|
|
9
|
+
private _url;
|
|
10
|
+
private _loginUrl;
|
|
11
|
+
private _isArcgisOnline;
|
|
12
|
+
constructor(url: string, loginUrl: string, isArcgisOnline: boolean);
|
|
13
|
+
getUrl(): string;
|
|
14
|
+
/**
|
|
15
|
+
* Returns the URL used to login and generate the Oauth token.
|
|
16
|
+
* @param stateData Custom JSON data that will sent back by once the Oauth process completes
|
|
17
|
+
* @returns Promise resolves after the defaults are setup.
|
|
18
|
+
* @internal
|
|
19
|
+
*/
|
|
20
|
+
getLoginUrl(stateData?: any): string;
|
|
21
|
+
get isArcgisOnline(): boolean;
|
|
22
|
+
}
|
|
23
23
|
//# sourceMappingURL=ArcGisOAuth2Endpoint.d.ts.map
|
|
@@ -1,47 +1,47 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ArcGisOAuth2Endpoint = exports.ArcGisOAuth2EndpointType = void 0;
|
|
4
|
-
/** @internal */
|
|
5
|
-
var ArcGisOAuth2EndpointType;
|
|
6
|
-
(function (ArcGisOAuth2EndpointType) {
|
|
7
|
-
ArcGisOAuth2EndpointType[ArcGisOAuth2EndpointType["Authorize"] = 0] = "Authorize";
|
|
8
|
-
ArcGisOAuth2EndpointType[ArcGisOAuth2EndpointType["Token"] = 1] = "Token";
|
|
9
|
-
})(ArcGisOAuth2EndpointType = exports.ArcGisOAuth2EndpointType || (exports.ArcGisOAuth2EndpointType = {}));
|
|
10
|
-
/** @internal */
|
|
11
|
-
class ArcGisOAuth2Endpoint {
|
|
12
|
-
constructor(url, loginUrl, isArcgisOnline) {
|
|
13
|
-
this._url = url;
|
|
14
|
-
this._loginUrl = loginUrl;
|
|
15
|
-
this._isArcgisOnline = isArcgisOnline;
|
|
16
|
-
}
|
|
17
|
-
// Returns the actual endpoint url
|
|
18
|
-
getUrl() {
|
|
19
|
-
return this._url;
|
|
20
|
-
}
|
|
21
|
-
/**
|
|
22
|
-
* Returns the URL used to login and generate the Oauth token.
|
|
23
|
-
* @param stateData Custom JSON data that will sent back by once the Oauth process completes
|
|
24
|
-
* @returns Promise resolves after the defaults are setup.
|
|
25
|
-
* @internal
|
|
26
|
-
*/
|
|
27
|
-
getLoginUrl(stateData) {
|
|
28
|
-
const urlObj = new URL(this._loginUrl);
|
|
29
|
-
const data = {
|
|
30
|
-
endpointOrigin: new URL(this._url).origin,
|
|
31
|
-
customData: stateData, // caller's data
|
|
32
|
-
};
|
|
33
|
-
let stateStr;
|
|
34
|
-
try {
|
|
35
|
-
stateStr = JSON.stringify(data);
|
|
36
|
-
}
|
|
37
|
-
catch {
|
|
38
|
-
}
|
|
39
|
-
if (stateStr !== undefined) {
|
|
40
|
-
urlObj.searchParams.set("state", stateStr);
|
|
41
|
-
}
|
|
42
|
-
return urlObj.toString();
|
|
43
|
-
}
|
|
44
|
-
get isArcgisOnline() { return this._isArcgisOnline; }
|
|
45
|
-
}
|
|
46
|
-
exports.ArcGisOAuth2Endpoint = ArcGisOAuth2Endpoint;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ArcGisOAuth2Endpoint = exports.ArcGisOAuth2EndpointType = void 0;
|
|
4
|
+
/** @internal */
|
|
5
|
+
var ArcGisOAuth2EndpointType;
|
|
6
|
+
(function (ArcGisOAuth2EndpointType) {
|
|
7
|
+
ArcGisOAuth2EndpointType[ArcGisOAuth2EndpointType["Authorize"] = 0] = "Authorize";
|
|
8
|
+
ArcGisOAuth2EndpointType[ArcGisOAuth2EndpointType["Token"] = 1] = "Token";
|
|
9
|
+
})(ArcGisOAuth2EndpointType = exports.ArcGisOAuth2EndpointType || (exports.ArcGisOAuth2EndpointType = {}));
|
|
10
|
+
/** @internal */
|
|
11
|
+
class ArcGisOAuth2Endpoint {
|
|
12
|
+
constructor(url, loginUrl, isArcgisOnline) {
|
|
13
|
+
this._url = url;
|
|
14
|
+
this._loginUrl = loginUrl;
|
|
15
|
+
this._isArcgisOnline = isArcgisOnline;
|
|
16
|
+
}
|
|
17
|
+
// Returns the actual endpoint url
|
|
18
|
+
getUrl() {
|
|
19
|
+
return this._url;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Returns the URL used to login and generate the Oauth token.
|
|
23
|
+
* @param stateData Custom JSON data that will sent back by once the Oauth process completes
|
|
24
|
+
* @returns Promise resolves after the defaults are setup.
|
|
25
|
+
* @internal
|
|
26
|
+
*/
|
|
27
|
+
getLoginUrl(stateData) {
|
|
28
|
+
const urlObj = new URL(this._loginUrl);
|
|
29
|
+
const data = {
|
|
30
|
+
endpointOrigin: new URL(this._url).origin,
|
|
31
|
+
customData: stateData, // caller's data
|
|
32
|
+
};
|
|
33
|
+
let stateStr;
|
|
34
|
+
try {
|
|
35
|
+
stateStr = JSON.stringify(data);
|
|
36
|
+
}
|
|
37
|
+
catch {
|
|
38
|
+
}
|
|
39
|
+
if (stateStr !== undefined) {
|
|
40
|
+
urlObj.searchParams.set("state", stateStr);
|
|
41
|
+
}
|
|
42
|
+
return urlObj.toString();
|
|
43
|
+
}
|
|
44
|
+
get isArcgisOnline() { return this._isArcgisOnline; }
|
|
45
|
+
}
|
|
46
|
+
exports.ArcGisOAuth2Endpoint = ArcGisOAuth2Endpoint;
|
|
47
47
|
//# sourceMappingURL=ArcGisOAuth2Endpoint.js.map
|
|
@@ -1,42 +1,42 @@
|
|
|
1
|
-
import { MapLayerAccessToken } from "@itwin/core-frontend";
|
|
2
|
-
/** @packageDocumentation
|
|
3
|
-
* @module Tiles
|
|
4
|
-
*/
|
|
5
|
-
/** @internal */
|
|
6
|
-
export interface ArcGisOAuth2Token extends MapLayerAccessToken {
|
|
7
|
-
expiresAt: number;
|
|
8
|
-
ssl: boolean;
|
|
9
|
-
userName: string;
|
|
10
|
-
persist?: boolean;
|
|
11
|
-
}
|
|
12
|
-
/** @internal */
|
|
13
|
-
export interface ArcGisToken extends MapLayerAccessToken {
|
|
14
|
-
expires: number;
|
|
15
|
-
ssl: boolean;
|
|
16
|
-
}
|
|
17
|
-
/** @internal */
|
|
18
|
-
export declare enum ArcGisTokenClientType {
|
|
19
|
-
ip = 0,
|
|
20
|
-
referer = 1,
|
|
21
|
-
requestIp = 2
|
|
22
|
-
}
|
|
23
|
-
/** @internal */
|
|
24
|
-
export interface ArcGisGenerateTokenOptions {
|
|
25
|
-
client: ArcGisTokenClientType;
|
|
26
|
-
ip?: string;
|
|
27
|
-
referer?: string;
|
|
28
|
-
expiration?: number;
|
|
29
|
-
}
|
|
30
|
-
/** @internal */
|
|
31
|
-
export declare class ArcGisTokenGenerator {
|
|
32
|
-
private static readonly restApiPath;
|
|
33
|
-
private static readonly restApiInfoPath;
|
|
34
|
-
private static _tokenServiceUrlCache;
|
|
35
|
-
static fetchTokenServiceUrl(arcGisRestServiceUrl: string): Promise<string | undefined>;
|
|
36
|
-
static getTokenServiceFromInfoJson(json: any): string | undefined;
|
|
37
|
-
getTokenServiceUrl(baseUrl: string): Promise<string | undefined>;
|
|
38
|
-
generate(arcGisRestServiceUrl: string, userName: string, password: string, options: ArcGisGenerateTokenOptions): Promise<any>;
|
|
39
|
-
static formEncode(str: string): string;
|
|
40
|
-
static rfc1738Encode(str: string): string;
|
|
41
|
-
}
|
|
1
|
+
import { MapLayerAccessToken } from "@itwin/core-frontend";
|
|
2
|
+
/** @packageDocumentation
|
|
3
|
+
* @module Tiles
|
|
4
|
+
*/
|
|
5
|
+
/** @internal */
|
|
6
|
+
export interface ArcGisOAuth2Token extends MapLayerAccessToken {
|
|
7
|
+
expiresAt: number;
|
|
8
|
+
ssl: boolean;
|
|
9
|
+
userName: string;
|
|
10
|
+
persist?: boolean;
|
|
11
|
+
}
|
|
12
|
+
/** @internal */
|
|
13
|
+
export interface ArcGisToken extends MapLayerAccessToken {
|
|
14
|
+
expires: number;
|
|
15
|
+
ssl: boolean;
|
|
16
|
+
}
|
|
17
|
+
/** @internal */
|
|
18
|
+
export declare enum ArcGisTokenClientType {
|
|
19
|
+
ip = 0,
|
|
20
|
+
referer = 1,
|
|
21
|
+
requestIp = 2
|
|
22
|
+
}
|
|
23
|
+
/** @internal */
|
|
24
|
+
export interface ArcGisGenerateTokenOptions {
|
|
25
|
+
client: ArcGisTokenClientType;
|
|
26
|
+
ip?: string;
|
|
27
|
+
referer?: string;
|
|
28
|
+
expiration?: number;
|
|
29
|
+
}
|
|
30
|
+
/** @internal */
|
|
31
|
+
export declare class ArcGisTokenGenerator {
|
|
32
|
+
private static readonly restApiPath;
|
|
33
|
+
private static readonly restApiInfoPath;
|
|
34
|
+
private static _tokenServiceUrlCache;
|
|
35
|
+
static fetchTokenServiceUrl(arcGisRestServiceUrl: string): Promise<string | undefined>;
|
|
36
|
+
static getTokenServiceFromInfoJson(json: any): string | undefined;
|
|
37
|
+
getTokenServiceUrl(baseUrl: string): Promise<string | undefined>;
|
|
38
|
+
generate(arcGisRestServiceUrl: string, userName: string, password: string, options: ArcGisGenerateTokenOptions): Promise<any>;
|
|
39
|
+
static formEncode(str: string): string;
|
|
40
|
+
static rfc1738Encode(str: string): string;
|
|
41
|
+
}
|
|
42
42
|
//# sourceMappingURL=ArcGisTokenGenerator.d.ts.map
|
|
@@ -1,111 +1,110 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ArcGisTokenGenerator = exports.ArcGisTokenClientType = void 0;
|
|
4
|
-
// client application's base URL, a user-specified IP address, or the IP address that is making the request.
|
|
5
|
-
/** @internal */
|
|
6
|
-
var ArcGisTokenClientType;
|
|
7
|
-
(function (ArcGisTokenClientType) {
|
|
8
|
-
ArcGisTokenClientType[ArcGisTokenClientType["ip"] = 0] = "ip";
|
|
9
|
-
ArcGisTokenClientType[ArcGisTokenClientType["referer"] = 1] = "referer";
|
|
10
|
-
ArcGisTokenClientType[ArcGisTokenClientType["requestIp"] = 2] = "requestIp";
|
|
11
|
-
})(ArcGisTokenClientType = exports.ArcGisTokenClientType || (exports.ArcGisTokenClientType = {}));
|
|
12
|
-
/** @internal */
|
|
13
|
-
class ArcGisTokenGenerator {
|
|
14
|
-
static async fetchTokenServiceUrl(arcGisRestServiceUrl) {
|
|
15
|
-
const lowerUrl = arcGisRestServiceUrl.toLowerCase();
|
|
16
|
-
const restApiIdx = lowerUrl.indexOf(ArcGisTokenGenerator.restApiPath);
|
|
17
|
-
if (restApiIdx === -1)
|
|
18
|
-
return undefined;
|
|
19
|
-
const infoUrl = arcGisRestServiceUrl.substring(0, restApiIdx + ArcGisTokenGenerator.restApiPath.length) + ArcGisTokenGenerator.restApiInfoPath;
|
|
20
|
-
let tokenServicesUrl;
|
|
21
|
-
try {
|
|
22
|
-
const response = await fetch(infoUrl, { method: "GET" });
|
|
23
|
-
const json = await response.json();
|
|
24
|
-
tokenServicesUrl = ArcGisTokenGenerator.getTokenServiceFromInfoJson(json);
|
|
25
|
-
}
|
|
26
|
-
catch (_error) {
|
|
27
|
-
}
|
|
28
|
-
return tokenServicesUrl;
|
|
29
|
-
}
|
|
30
|
-
static getTokenServiceFromInfoJson(json) {
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
const
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
//
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
//
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
.replace(
|
|
100
|
-
.replace(/
|
|
101
|
-
.replace(/\
|
|
102
|
-
.replace(
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
ArcGisTokenGenerator.
|
|
109
|
-
|
|
110
|
-
ArcGisTokenGenerator._tokenServiceUrlCache = new Map();
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ArcGisTokenGenerator = exports.ArcGisTokenClientType = void 0;
|
|
4
|
+
// client application's base URL, a user-specified IP address, or the IP address that is making the request.
|
|
5
|
+
/** @internal */
|
|
6
|
+
var ArcGisTokenClientType;
|
|
7
|
+
(function (ArcGisTokenClientType) {
|
|
8
|
+
ArcGisTokenClientType[ArcGisTokenClientType["ip"] = 0] = "ip";
|
|
9
|
+
ArcGisTokenClientType[ArcGisTokenClientType["referer"] = 1] = "referer";
|
|
10
|
+
ArcGisTokenClientType[ArcGisTokenClientType["requestIp"] = 2] = "requestIp";
|
|
11
|
+
})(ArcGisTokenClientType = exports.ArcGisTokenClientType || (exports.ArcGisTokenClientType = {}));
|
|
12
|
+
/** @internal */
|
|
13
|
+
class ArcGisTokenGenerator {
|
|
14
|
+
static async fetchTokenServiceUrl(arcGisRestServiceUrl) {
|
|
15
|
+
const lowerUrl = arcGisRestServiceUrl.toLowerCase();
|
|
16
|
+
const restApiIdx = lowerUrl.indexOf(ArcGisTokenGenerator.restApiPath);
|
|
17
|
+
if (restApiIdx === -1)
|
|
18
|
+
return undefined;
|
|
19
|
+
const infoUrl = arcGisRestServiceUrl.substring(0, restApiIdx + ArcGisTokenGenerator.restApiPath.length) + ArcGisTokenGenerator.restApiInfoPath;
|
|
20
|
+
let tokenServicesUrl;
|
|
21
|
+
try {
|
|
22
|
+
const response = await fetch(infoUrl, { method: "GET" });
|
|
23
|
+
const json = await response.json();
|
|
24
|
+
tokenServicesUrl = ArcGisTokenGenerator.getTokenServiceFromInfoJson(json);
|
|
25
|
+
}
|
|
26
|
+
catch (_error) {
|
|
27
|
+
}
|
|
28
|
+
return tokenServicesUrl;
|
|
29
|
+
}
|
|
30
|
+
static getTokenServiceFromInfoJson(json) {
|
|
31
|
+
return json.authInfo?.isTokenBasedSecurity ? json?.authInfo?.tokenServicesUrl : undefined;
|
|
32
|
+
}
|
|
33
|
+
async getTokenServiceUrl(baseUrl) {
|
|
34
|
+
const cached = ArcGisTokenGenerator._tokenServiceUrlCache.get(baseUrl);
|
|
35
|
+
if (cached !== undefined)
|
|
36
|
+
return cached;
|
|
37
|
+
const tokenServiceUrl = await ArcGisTokenGenerator.fetchTokenServiceUrl(baseUrl);
|
|
38
|
+
if (tokenServiceUrl !== undefined)
|
|
39
|
+
ArcGisTokenGenerator._tokenServiceUrlCache.set(baseUrl, tokenServiceUrl);
|
|
40
|
+
return tokenServiceUrl;
|
|
41
|
+
}
|
|
42
|
+
// base url: ArcGis REST service base URL (format must be "https://<host>/<instance>/rest/")
|
|
43
|
+
async generate(arcGisRestServiceUrl, userName, password, options) {
|
|
44
|
+
const tokenServiceUrl = await this.getTokenServiceUrl(arcGisRestServiceUrl);
|
|
45
|
+
if (!tokenServiceUrl)
|
|
46
|
+
return undefined;
|
|
47
|
+
let token;
|
|
48
|
+
try {
|
|
49
|
+
const encodedUsername = encodeURIComponent(userName);
|
|
50
|
+
const encodedPassword = encodeURIComponent(password);
|
|
51
|
+
// Compose the expiration param
|
|
52
|
+
let expirationStr = "";
|
|
53
|
+
if (options.expiration) {
|
|
54
|
+
expirationStr = `&expiration=${options.expiration}`;
|
|
55
|
+
}
|
|
56
|
+
// Compose the client param
|
|
57
|
+
let clientStr = "";
|
|
58
|
+
if (options.client === ArcGisTokenClientType.referer) {
|
|
59
|
+
let refererStr = "";
|
|
60
|
+
if (options.referer === undefined) {
|
|
61
|
+
refererStr = encodeURIComponent(location.origin); // default to application origin
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
refererStr = encodeURIComponent(options.referer);
|
|
65
|
+
}
|
|
66
|
+
clientStr = `&client=referer&referer=${refererStr}`;
|
|
67
|
+
}
|
|
68
|
+
else if (options.client === ArcGisTokenClientType.ip) {
|
|
69
|
+
if (options.ip === undefined)
|
|
70
|
+
return token;
|
|
71
|
+
clientStr = `&client=ip&ip=${options.ip}`;
|
|
72
|
+
}
|
|
73
|
+
else if (options.client === ArcGisTokenClientType.requestIp) {
|
|
74
|
+
clientStr = `&client=requestip&ip=`;
|
|
75
|
+
}
|
|
76
|
+
const httpRequestOptions = {
|
|
77
|
+
method: "POST",
|
|
78
|
+
body: `username=${encodedUsername}&password=${encodedPassword}${clientStr}${expirationStr}&f=pjson`,
|
|
79
|
+
headers: { "content-type": "application/x-www-form-urlencoded" },
|
|
80
|
+
};
|
|
81
|
+
const response = await fetch(tokenServiceUrl, httpRequestOptions);
|
|
82
|
+
// Check a token was really generated (an error could be part of the body)
|
|
83
|
+
token = await response.json();
|
|
84
|
+
}
|
|
85
|
+
catch (_error) {
|
|
86
|
+
}
|
|
87
|
+
return token;
|
|
88
|
+
}
|
|
89
|
+
// Encode following 'application/x-www-form-urlencoded' standard (https://www.w3.org/TR/html401/interact/forms.html#h-17.13.3.3)
|
|
90
|
+
// Also mentioned here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
|
|
91
|
+
static formEncode(str) {
|
|
92
|
+
return ArcGisTokenGenerator.rfc1738Encode(str).replace(/%20/g, "+");
|
|
93
|
+
}
|
|
94
|
+
// Encode following RFC1738 standard (https://www.ietf.org/rfc/rfc1738.txt)
|
|
95
|
+
// Code from https://locutus.io/php/url/rawurlencode/
|
|
96
|
+
static rfc1738Encode(str) {
|
|
97
|
+
return encodeURIComponent(str)
|
|
98
|
+
.replace(/!/g, "%21")
|
|
99
|
+
.replace(/'/g, "%27")
|
|
100
|
+
.replace(/\(/g, "%28")
|
|
101
|
+
.replace(/\)/g, "%29")
|
|
102
|
+
.replace(/\*/g, "%2A");
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
ArcGisTokenGenerator.restApiPath = "/rest/";
|
|
106
|
+
ArcGisTokenGenerator.restApiInfoPath = "info?f=pjson";
|
|
107
|
+
// Cache info url to avoid fetching/parsing twice for the same base url.
|
|
108
|
+
ArcGisTokenGenerator._tokenServiceUrlCache = new Map();
|
|
109
|
+
exports.ArcGisTokenGenerator = ArcGisTokenGenerator;
|
|
111
110
|
//# sourceMappingURL=ArcGisTokenGenerator.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArcGisTokenGenerator.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenGenerator.ts"],"names":[],"mappings":";;;AAmCA,4GAA4G;AAC5G,gBAAgB;AAChB,IAAY,qBAIX;AAJD,WAAY,qBAAqB;IAC/B,6DAAE,CAAA;IACF,uEAAO,CAAA;IACP,2EAAS,CAAA;AACX,CAAC,EAJW,qBAAqB,GAArB,6BAAqB,KAArB,6BAAqB,QAIhC;AA8BD,gBAAgB;AAChB,MAAa,oBAAoB;IAOxB,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,oBAA4B;QACnE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACtE,IAAI,UAAU,KAAK,CAAC,CAAC;YACnB,OAAO,SAAS,CAAC;QACnB,MAAM,OAAO,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,GAAG,oBAAoB,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,oBAAoB,CAAC,eAAe,CAAC;QAE/I,IAAI,gBAAoC,CAAC;QACzC,IAAI;YACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,gBAAgB,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC;SAC3E;QAAC,OAAO,MAAM,EAAE;SAChB;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAEM,MAAM,CAAC,2BAA2B,CAAC,IAAS;;QACjD,OAAO,CAAA,MAAA,IAAI,CAAC,QAAQ,0CAAE,oBAAoB,EAAC,CAAC,CAAC,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,QAAQ,0CAAE,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAAC,OAAe;QAC7C,MAAM,MAAM,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,MAAM,KAAK,SAAS;YACtB,OAAO,MAAM,CAAC;QAEhB,MAAM,eAAe,GAAG,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACjF,IAAI,eAAe,KAAK,SAAS;YAC/B,oBAAoB,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAE3E,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,6FAA6F;IACtF,KAAK,CAAC,QAAQ,CAAC,oBAA4B,EAAE,QAAgB,EAAE,QAAgB,EAAE,OAAmC;QACzH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;QAC5E,IAAI,CAAC,eAAe;YAClB,OAAO,SAAS,CAAC;QAEnB,IAAI,KAAgB,CAAC;QACrB,IAAI;YACF,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAErD,+BAA+B;YAC/B,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,OAAO,CAAC,UAAU,EAAE;gBACtB,aAAa,GAAG,eAAe,OAAO,CAAC,UAAU,EAAE,CAAC;aACrD;YAED,2BAA2B;YAC3B,IAAI,SAAS,GAAG,EAAE,CAAC;YACnB,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,CAAC,OAAO,EAAE;gBACpD,IAAI,UAAU,GAAG,EAAE,CAAC;gBACpB,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE;oBACjC,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAK,gCAAgC;iBACvF;qBAAM;oBACL,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClD;gBAED,SAAS,GAAG,2BAA2B,UAAU,EAAE,CAAC;aACrD;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,CAAC,EAAE,EAAE;gBACtD,IAAI,OAAO,CAAC,EAAE,KAAK,SAAS;oBAC1B,OAAO,KAAK,CAAC;gBACf,SAAS,GAAG,iBAAiB,OAAO,CAAC,EAAE,EAAE,CAAC;aAC3C;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,CAAC,SAAS,EAAE;gBAC7D,SAAS,GAAG,uBAAuB,CAAC;aACrC;YAED,MAAM,kBAAkB,GAAgB;gBACtC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,YAAY,eAAe,aAAa,eAAe,GAAG,SAAS,GAAG,aAAa,UAAU;gBACnG,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;aACjE,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;YAElE,0EAA0E;YAC1E,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;SAE/B;QAAC,OAAO,MAAM,EAAE;SAChB;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gIAAgI;IAChI,2HAA2H;IACpH,MAAM,CAAC,UAAU,CAAC,GAAW;QAClC,OAAO,oBAAoB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtE,CAAC;IAED,2EAA2E;IAC3E,qDAAqD;IAC9C,MAAM,CAAC,aAAa,CAAC,GAAW;QACrC,OAAO,kBAAkB,CAAC,GAAG,CAAC;aAC3B,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;aACpB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;aACpB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;aACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;aACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;;AA3GH,oDA4GC;AA3GyB,gCAAW,GAAG,QAAQ,CAAC;AACvB,oCAAe,GAAG,cAAc,CAAC;AAEzD,wEAAwE;AACzD,0CAAqB,GAAG,IAAI,GAAG,EAAkB,CAAC","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\nimport { MapLayerAccessToken } from \"@itwin/core-frontend\";\r\n\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\n/** @internal */\r\nexport interface ArcGisOAuth2Token extends MapLayerAccessToken {\r\n\r\n // The expiration time of the token in milliseconds (UNIX time)\r\n expiresAt: number;\r\n\r\n // This property will show as true if the token must always pass over ssl.\r\n ssl: boolean;\r\n\r\n // Username associated with this token\r\n userName: string;\r\n\r\n // A Binary value that, if true, implies that the user had checked \"Keep me signed in\"\r\n persist?: boolean;\r\n}\r\n\r\n/** @internal */\r\nexport interface ArcGisToken extends MapLayerAccessToken {\r\n // The expiration time of the token in milliseconds since January 1, 1970 (UTC).\r\n expires: number;\r\n\r\n // This property will show as true if the token must always pass over ssl.\r\n ssl: boolean;\r\n}\r\n\r\n// client application's base URL, a user-specified IP address, or the IP address that is making the request.\r\n/** @internal */\r\nexport enum ArcGisTokenClientType {\r\n ip,\r\n referer,\r\n requestIp,\r\n}\r\n\r\n/** @internal */\r\nexport interface ArcGisGenerateTokenOptions {\r\n\r\n // The client type that will be granted access to the token.\r\n // Users will be able to specify whether the token will be generated for a client application's base URL,\r\n // a user-specified IP address, or the IP address that is making the request.\r\n client: ArcGisTokenClientType;\r\n\r\n // The IP address that will be using the created token for access.\r\n // On the Generate Token page, the IP address is specified in the IP Address field. This is required when client has been set as ip.\r\n // Example ip=11.11.111.111\r\n ip?: string;\r\n\r\n // The base URL of the client application that will use the token.\r\n // On the Generate Token page, the referrer URL is specified in the Webapp URL field.\r\n // Defaults to location.origin if undefined and client = referer.\r\n // This is required when client has been set as referer.\r\n // Example : referer=https://myserver/mywebapp\r\n referer?: string;\r\n\r\n // The token expiration time in minutes. The default is 60 minutes (one hour).\r\n // The maximum expiration period is 15 days. The maximum value of the expiration time is controlled by the server.\r\n // Requests for tokens larger than this time will be rejected.\r\n // Applications are responsible for renewing expired tokens;\r\n // expired tokens will be rejected by the server on subsequent requests that use the token.\r\n expiration?: number; // in minutes, defaults to 60 minutes\r\n}\r\n\r\n/** @internal */\r\nexport class ArcGisTokenGenerator {\r\n private static readonly restApiPath = \"/rest/\";\r\n private static readonly restApiInfoPath = \"info?f=pjson\";\r\n\r\n // Cache info url to avoid fetching/parsing twice for the same base url.\r\n private static _tokenServiceUrlCache = new Map<string, string>();\r\n\r\n public static async fetchTokenServiceUrl(arcGisRestServiceUrl: string): Promise<string | undefined> {\r\n const lowerUrl = arcGisRestServiceUrl.toLowerCase();\r\n const restApiIdx = lowerUrl.indexOf(ArcGisTokenGenerator.restApiPath);\r\n if (restApiIdx === -1)\r\n return undefined;\r\n const infoUrl = arcGisRestServiceUrl.substring(0, restApiIdx + ArcGisTokenGenerator.restApiPath.length) + ArcGisTokenGenerator.restApiInfoPath;\r\n\r\n let tokenServicesUrl: string | undefined;\r\n try {\r\n const response = await fetch(infoUrl, { method: \"GET\" });\r\n const json = await response.json();\r\n tokenServicesUrl = ArcGisTokenGenerator.getTokenServiceFromInfoJson(json);\r\n } catch (_error) {\r\n }\r\n return tokenServicesUrl;\r\n }\r\n\r\n public static getTokenServiceFromInfoJson(json: any): string | undefined {\r\n return json.authInfo?.isTokenBasedSecurity ? json?.authInfo?.tokenServicesUrl : undefined;\r\n }\r\n\r\n public async getTokenServiceUrl(baseUrl: string): Promise<string | undefined> {\r\n const cached = ArcGisTokenGenerator._tokenServiceUrlCache.get(baseUrl);\r\n if (cached !== undefined)\r\n return cached;\r\n\r\n const tokenServiceUrl = await ArcGisTokenGenerator.fetchTokenServiceUrl(baseUrl);\r\n if (tokenServiceUrl !== undefined)\r\n ArcGisTokenGenerator._tokenServiceUrlCache.set(baseUrl, tokenServiceUrl);\r\n\r\n return tokenServiceUrl;\r\n }\r\n\r\n // base url: ArcGis REST service base URL (format must be \"https://<host>/<instance>/rest/\")\r\n public async generate(arcGisRestServiceUrl: string, userName: string, password: string, options: ArcGisGenerateTokenOptions): Promise<any> {\r\n const tokenServiceUrl = await this.getTokenServiceUrl(arcGisRestServiceUrl);\r\n if (!tokenServiceUrl)\r\n return undefined;\r\n\r\n let token: undefined;\r\n try {\r\n const encodedUsername = encodeURIComponent(userName);\r\n const encodedPassword = encodeURIComponent(password);\r\n\r\n // Compose the expiration param\r\n let expirationStr = \"\";\r\n if (options.expiration) {\r\n expirationStr = `&expiration=${options.expiration}`;\r\n }\r\n\r\n // Compose the client param\r\n let clientStr = \"\";\r\n if (options.client === ArcGisTokenClientType.referer) {\r\n let refererStr = \"\";\r\n if (options.referer === undefined) {\r\n refererStr = encodeURIComponent(location.origin); // default to application origin\r\n } else {\r\n refererStr = encodeURIComponent(options.referer);\r\n }\r\n\r\n clientStr = `&client=referer&referer=${refererStr}`;\r\n } else if (options.client === ArcGisTokenClientType.ip) {\r\n if (options.ip === undefined)\r\n return token;\r\n clientStr = `&client=ip&ip=${options.ip}`;\r\n } else if (options.client === ArcGisTokenClientType.requestIp) {\r\n clientStr = `&client=requestip&ip=`;\r\n }\r\n\r\n const httpRequestOptions: RequestInit = {\r\n method: \"POST\",\r\n body: `username=${encodedUsername}&password=${encodedPassword}${clientStr}${expirationStr}&f=pjson`,\r\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\r\n };\r\n\r\n const response = await fetch(tokenServiceUrl, httpRequestOptions);\r\n\r\n // Check a token was really generated (an error could be part of the body)\r\n token = await response.json();\r\n\r\n } catch (_error) {\r\n }\r\n return token;\r\n }\r\n\r\n // Encode following 'application/x-www-form-urlencoded' standard (https://www.w3.org/TR/html401/interact/forms.html#h-17.13.3.3)\r\n // Also mentioned here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent\r\n public static formEncode(str: string): string {\r\n return ArcGisTokenGenerator.rfc1738Encode(str).replace(/%20/g, \"+\");\r\n }\r\n\r\n // Encode following RFC1738 standard (https://www.ietf.org/rfc/rfc1738.txt)\r\n // Code from https://locutus.io/php/url/rawurlencode/\r\n public static rfc1738Encode(str: string): string {\r\n return encodeURIComponent(str)\r\n .replace(/!/g, \"%21\")\r\n .replace(/'/g, \"%27\")\r\n .replace(/\\(/g, \"%28\")\r\n .replace(/\\)/g, \"%29\")\r\n .replace(/\\*/g, \"%2A\");\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"ArcGisTokenGenerator.js","sourceRoot":"","sources":["../../../src/ArcGis/ArcGisTokenGenerator.ts"],"names":[],"mappings":";;;AAmCA,4GAA4G;AAC5G,gBAAgB;AAChB,IAAY,qBAIX;AAJD,WAAY,qBAAqB;IAC/B,6DAAE,CAAA;IACF,uEAAO,CAAA;IACP,2EAAS,CAAA;AACX,CAAC,EAJW,qBAAqB,GAArB,6BAAqB,KAArB,6BAAqB,QAIhC;AA8BD,gBAAgB;AAChB,MAAa,oBAAoB;IAOxB,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,oBAA4B;QACnE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACtE,IAAI,UAAU,KAAK,CAAC,CAAC;YACnB,OAAO,SAAS,CAAC;QACnB,MAAM,OAAO,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,GAAG,oBAAoB,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,oBAAoB,CAAC,eAAe,CAAC;QAE/I,IAAI,gBAAoC,CAAC;QACzC,IAAI;YACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,gBAAgB,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC;SAC3E;QAAC,OAAO,MAAM,EAAE;SAChB;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAEM,MAAM,CAAC,2BAA2B,CAAC,IAAS;QACjD,OAAO,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAAC,OAAe;QAC7C,MAAM,MAAM,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,MAAM,KAAK,SAAS;YACtB,OAAO,MAAM,CAAC;QAEhB,MAAM,eAAe,GAAG,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACjF,IAAI,eAAe,KAAK,SAAS;YAC/B,oBAAoB,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAE3E,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,6FAA6F;IACtF,KAAK,CAAC,QAAQ,CAAC,oBAA4B,EAAE,QAAgB,EAAE,QAAgB,EAAE,OAAmC;QACzH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;QAC5E,IAAI,CAAC,eAAe;YAClB,OAAO,SAAS,CAAC;QAEnB,IAAI,KAAgB,CAAC;QACrB,IAAI;YACF,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAErD,+BAA+B;YAC/B,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,OAAO,CAAC,UAAU,EAAE;gBACtB,aAAa,GAAG,eAAe,OAAO,CAAC,UAAU,EAAE,CAAC;aACrD;YAED,2BAA2B;YAC3B,IAAI,SAAS,GAAG,EAAE,CAAC;YACnB,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,CAAC,OAAO,EAAE;gBACpD,IAAI,UAAU,GAAG,EAAE,CAAC;gBACpB,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE;oBACjC,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAK,gCAAgC;iBACvF;qBAAM;oBACL,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClD;gBAED,SAAS,GAAG,2BAA2B,UAAU,EAAE,CAAC;aACrD;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,CAAC,EAAE,EAAE;gBACtD,IAAI,OAAO,CAAC,EAAE,KAAK,SAAS;oBAC1B,OAAO,KAAK,CAAC;gBACf,SAAS,GAAG,iBAAiB,OAAO,CAAC,EAAE,EAAE,CAAC;aAC3C;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,CAAC,SAAS,EAAE;gBAC7D,SAAS,GAAG,uBAAuB,CAAC;aACrC;YAED,MAAM,kBAAkB,GAAgB;gBACtC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,YAAY,eAAe,aAAa,eAAe,GAAG,SAAS,GAAG,aAAa,UAAU;gBACnG,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;aACjE,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;YAElE,0EAA0E;YAC1E,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;SAE/B;QAAC,OAAO,MAAM,EAAE;SAChB;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gIAAgI;IAChI,2HAA2H;IACpH,MAAM,CAAC,UAAU,CAAC,GAAW;QAClC,OAAO,oBAAoB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtE,CAAC;IAED,2EAA2E;IAC3E,qDAAqD;IAC9C,MAAM,CAAC,aAAa,CAAC,GAAW;QACrC,OAAO,kBAAkB,CAAC,GAAG,CAAC;aAC3B,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;aACpB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;aACpB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;aACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;aACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;;AA1GuB,gCAAW,GAAG,QAAQ,CAAC;AACvB,oCAAe,GAAG,cAAc,CAAC;AAEzD,wEAAwE;AACzD,0CAAqB,GAAG,IAAI,GAAG,EAAkB,CAAC;AALtD,oDAAoB","sourcesContent":["/*---------------------------------------------------------------------------------------------\r\n* Copyright (c) Bentley Systems, Incorporated. All rights reserved.\r\n* See LICENSE.md in the project root for license terms and full copyright notice.\r\n*--------------------------------------------------------------------------------------------*/\r\nimport { MapLayerAccessToken } from \"@itwin/core-frontend\";\r\n\r\n/** @packageDocumentation\r\n * @module Tiles\r\n */\r\n\r\n/** @internal */\r\nexport interface ArcGisOAuth2Token extends MapLayerAccessToken {\r\n\r\n // The expiration time of the token in milliseconds (UNIX time)\r\n expiresAt: number;\r\n\r\n // This property will show as true if the token must always pass over ssl.\r\n ssl: boolean;\r\n\r\n // Username associated with this token\r\n userName: string;\r\n\r\n // A Binary value that, if true, implies that the user had checked \"Keep me signed in\"\r\n persist?: boolean;\r\n}\r\n\r\n/** @internal */\r\nexport interface ArcGisToken extends MapLayerAccessToken {\r\n // The expiration time of the token in milliseconds since January 1, 1970 (UTC).\r\n expires: number;\r\n\r\n // This property will show as true if the token must always pass over ssl.\r\n ssl: boolean;\r\n}\r\n\r\n// client application's base URL, a user-specified IP address, or the IP address that is making the request.\r\n/** @internal */\r\nexport enum ArcGisTokenClientType {\r\n ip,\r\n referer,\r\n requestIp,\r\n}\r\n\r\n/** @internal */\r\nexport interface ArcGisGenerateTokenOptions {\r\n\r\n // The client type that will be granted access to the token.\r\n // Users will be able to specify whether the token will be generated for a client application's base URL,\r\n // a user-specified IP address, or the IP address that is making the request.\r\n client: ArcGisTokenClientType;\r\n\r\n // The IP address that will be using the created token for access.\r\n // On the Generate Token page, the IP address is specified in the IP Address field. This is required when client has been set as ip.\r\n // Example ip=11.11.111.111\r\n ip?: string;\r\n\r\n // The base URL of the client application that will use the token.\r\n // On the Generate Token page, the referrer URL is specified in the Webapp URL field.\r\n // Defaults to location.origin if undefined and client = referer.\r\n // This is required when client has been set as referer.\r\n // Example : referer=https://myserver/mywebapp\r\n referer?: string;\r\n\r\n // The token expiration time in minutes. The default is 60 minutes (one hour).\r\n // The maximum expiration period is 15 days. The maximum value of the expiration time is controlled by the server.\r\n // Requests for tokens larger than this time will be rejected.\r\n // Applications are responsible for renewing expired tokens;\r\n // expired tokens will be rejected by the server on subsequent requests that use the token.\r\n expiration?: number; // in minutes, defaults to 60 minutes\r\n}\r\n\r\n/** @internal */\r\nexport class ArcGisTokenGenerator {\r\n private static readonly restApiPath = \"/rest/\";\r\n private static readonly restApiInfoPath = \"info?f=pjson\";\r\n\r\n // Cache info url to avoid fetching/parsing twice for the same base url.\r\n private static _tokenServiceUrlCache = new Map<string, string>();\r\n\r\n public static async fetchTokenServiceUrl(arcGisRestServiceUrl: string): Promise<string | undefined> {\r\n const lowerUrl = arcGisRestServiceUrl.toLowerCase();\r\n const restApiIdx = lowerUrl.indexOf(ArcGisTokenGenerator.restApiPath);\r\n if (restApiIdx === -1)\r\n return undefined;\r\n const infoUrl = arcGisRestServiceUrl.substring(0, restApiIdx + ArcGisTokenGenerator.restApiPath.length) + ArcGisTokenGenerator.restApiInfoPath;\r\n\r\n let tokenServicesUrl: string | undefined;\r\n try {\r\n const response = await fetch(infoUrl, { method: \"GET\" });\r\n const json = await response.json();\r\n tokenServicesUrl = ArcGisTokenGenerator.getTokenServiceFromInfoJson(json);\r\n } catch (_error) {\r\n }\r\n return tokenServicesUrl;\r\n }\r\n\r\n public static getTokenServiceFromInfoJson(json: any): string | undefined {\r\n return json.authInfo?.isTokenBasedSecurity ? json?.authInfo?.tokenServicesUrl : undefined;\r\n }\r\n\r\n public async getTokenServiceUrl(baseUrl: string): Promise<string | undefined> {\r\n const cached = ArcGisTokenGenerator._tokenServiceUrlCache.get(baseUrl);\r\n if (cached !== undefined)\r\n return cached;\r\n\r\n const tokenServiceUrl = await ArcGisTokenGenerator.fetchTokenServiceUrl(baseUrl);\r\n if (tokenServiceUrl !== undefined)\r\n ArcGisTokenGenerator._tokenServiceUrlCache.set(baseUrl, tokenServiceUrl);\r\n\r\n return tokenServiceUrl;\r\n }\r\n\r\n // base url: ArcGis REST service base URL (format must be \"https://<host>/<instance>/rest/\")\r\n public async generate(arcGisRestServiceUrl: string, userName: string, password: string, options: ArcGisGenerateTokenOptions): Promise<any> {\r\n const tokenServiceUrl = await this.getTokenServiceUrl(arcGisRestServiceUrl);\r\n if (!tokenServiceUrl)\r\n return undefined;\r\n\r\n let token: undefined;\r\n try {\r\n const encodedUsername = encodeURIComponent(userName);\r\n const encodedPassword = encodeURIComponent(password);\r\n\r\n // Compose the expiration param\r\n let expirationStr = \"\";\r\n if (options.expiration) {\r\n expirationStr = `&expiration=${options.expiration}`;\r\n }\r\n\r\n // Compose the client param\r\n let clientStr = \"\";\r\n if (options.client === ArcGisTokenClientType.referer) {\r\n let refererStr = \"\";\r\n if (options.referer === undefined) {\r\n refererStr = encodeURIComponent(location.origin); // default to application origin\r\n } else {\r\n refererStr = encodeURIComponent(options.referer);\r\n }\r\n\r\n clientStr = `&client=referer&referer=${refererStr}`;\r\n } else if (options.client === ArcGisTokenClientType.ip) {\r\n if (options.ip === undefined)\r\n return token;\r\n clientStr = `&client=ip&ip=${options.ip}`;\r\n } else if (options.client === ArcGisTokenClientType.requestIp) {\r\n clientStr = `&client=requestip&ip=`;\r\n }\r\n\r\n const httpRequestOptions: RequestInit = {\r\n method: \"POST\",\r\n body: `username=${encodedUsername}&password=${encodedPassword}${clientStr}${expirationStr}&f=pjson`,\r\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\r\n };\r\n\r\n const response = await fetch(tokenServiceUrl, httpRequestOptions);\r\n\r\n // Check a token was really generated (an error could be part of the body)\r\n token = await response.json();\r\n\r\n } catch (_error) {\r\n }\r\n return token;\r\n }\r\n\r\n // Encode following 'application/x-www-form-urlencoded' standard (https://www.w3.org/TR/html401/interact/forms.html#h-17.13.3.3)\r\n // Also mentioned here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent\r\n public static formEncode(str: string): string {\r\n return ArcGisTokenGenerator.rfc1738Encode(str).replace(/%20/g, \"+\");\r\n }\r\n\r\n // Encode following RFC1738 standard (https://www.ietf.org/rfc/rfc1738.txt)\r\n // Code from https://locutus.io/php/url/rawurlencode/\r\n public static rfc1738Encode(str: string): string {\r\n return encodeURIComponent(str)\r\n .replace(/!/g, \"%21\")\r\n .replace(/'/g, \"%27\")\r\n .replace(/\\(/g, \"%28\")\r\n .replace(/\\)/g, \"%29\")\r\n .replace(/\\*/g, \"%2A\");\r\n }\r\n}\r\n"]}
|