@itwin/map-layers-auth 4.0.0-dev.8 → 4.0.0-dev.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/CHANGELOG.md +43 -1
  2. package/lib/cjs/ArcGis/ArcGisAccessClient.d.ts +72 -72
  3. package/lib/cjs/ArcGis/ArcGisAccessClient.js +286 -291
  4. package/lib/cjs/ArcGis/ArcGisAccessClient.js.map +1 -1
  5. package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.d.ts +22 -22
  6. package/lib/cjs/ArcGis/ArcGisOAuth2Endpoint.js +46 -46
  7. package/lib/cjs/ArcGis/ArcGisTokenGenerator.d.ts +41 -41
  8. package/lib/cjs/ArcGis/ArcGisTokenGenerator.js +109 -110
  9. package/lib/cjs/ArcGis/ArcGisTokenGenerator.js.map +1 -1
  10. package/lib/cjs/ArcGis/ArcGisTokenManager.d.ts +20 -20
  11. package/lib/cjs/ArcGis/ArcGisTokenManager.js +111 -112
  12. package/lib/cjs/ArcGis/ArcGisTokenManager.js.map +1 -1
  13. package/lib/cjs/ArcGis/ArcGisUrl.d.ts +6 -6
  14. package/lib/cjs/ArcGis/ArcGisUrl.js +48 -49
  15. package/lib/cjs/ArcGis/ArcGisUrl.js.map +1 -1
  16. package/lib/cjs/map-layers-auth.d.ts +5 -5
  17. package/lib/cjs/map-layers-auth.js +25 -21
  18. package/lib/cjs/map-layers-auth.js.map +1 -1
  19. package/lib/esm/ArcGis/ArcGisAccessClient.d.ts +72 -72
  20. package/lib/esm/ArcGis/ArcGisAccessClient.js +282 -287
  21. package/lib/esm/ArcGis/ArcGisAccessClient.js.map +1 -1
  22. package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.d.ts +22 -22
  23. package/lib/esm/ArcGis/ArcGisOAuth2Endpoint.js +42 -42
  24. package/lib/esm/ArcGis/ArcGisTokenGenerator.d.ts +41 -41
  25. package/lib/esm/ArcGis/ArcGisTokenGenerator.js +106 -106
  26. package/lib/esm/ArcGis/ArcGisTokenGenerator.js.map +1 -1
  27. package/lib/esm/ArcGis/ArcGisTokenManager.d.ts +20 -20
  28. package/lib/esm/ArcGis/ArcGisTokenManager.js +108 -108
  29. package/lib/esm/ArcGis/ArcGisTokenManager.js.map +1 -1
  30. package/lib/esm/ArcGis/ArcGisUrl.d.ts +6 -6
  31. package/lib/esm/ArcGis/ArcGisUrl.js +44 -45
  32. package/lib/esm/ArcGis/ArcGisUrl.js.map +1 -1
  33. package/lib/esm/map-layers-auth.d.ts +5 -5
  34. package/lib/esm/map-layers-auth.js +9 -9
  35. package/package.json +12 -12
package/lib/cjs/ArcGis/ArcGisAccessClient.js CHANGED
@@ -1,292 +1,287 @@
1
- "use strict";
2
- /*---------------------------------------------------------------------------------------------
3
- * Copyright (c) Bentley Systems, Incorporated. All rights reserved.
4
- * See LICENSE.md in the project root for license terms and full copyright notice.
5
- *--------------------------------------------------------------------------------------------*/
6
- /** @packageDocumentation
7
- * @module Tiles
8
- */
9
- Object.defineProperty(exports, "__esModule", { value: true });
10
- exports.ArcGisAccessClient = void 0;
11
- const core_bentley_1 = require("@itwin/core-bentley");
12
- const ArcGisTokenGenerator_1 = require("./ArcGisTokenGenerator");
13
- const ArcGisOAuth2Endpoint_1 = require("./ArcGisOAuth2Endpoint");
14
- const ArcGisTokenManager_1 = require("./ArcGisTokenManager");
15
- const ArcGisUrl_1 = require("./ArcGisUrl");
16
- /** @beta */
17
- class ArcGisAccessClient {
18
- constructor() {
19
- this.onOAuthProcessEnd = new core_bentley_1.BeEvent();
20
- // Should be kept to 'false'. Debugging purposes only.
21
- this._forceLegacyToken = false;
22
- // Derive the Oauth URL from a typical MapLayerURL
23
- // i.e. https://hostname/server/rest/services/NewYork/NewYork3857/MapServer
24
- // => https://hostname/portal/sharing/oauth2/authorize
25
- this._oauthAuthorizeEndPointsCache = new Map();
26
- this._oauthTokenEndPointsCache = new Map();
27
- }
28
- initialize(oAuthConfig) {
29
- if (oAuthConfig) {
30
- this._redirectUri = oAuthConfig.redirectUri;
31
- this._expiration = oAuthConfig.tokenExpiration;
32
- this._clientIds = oAuthConfig.clientIds;
33
- this.initOauthCallbackFunction();
34
- }
35
- return true;
36
- }
37
- initOauthCallbackFunction() {
38
- window.arcGisOAuth2Callback = (redirectLocation) => {
39
- var _a, _b, _c, _d;
40
- let eventSuccess = false;
41
- let stateData;
42
- if (redirectLocation && redirectLocation.hash.length > 0) {
43
- const locationHash = redirectLocation.hash;
44
- const hashParams = new URLSearchParams(locationHash.substring(1));
45
- const token = (_a = hashParams.get("access_token")) !== null && _a !== void 0 ? _a : undefined;
46
- const expiresInStr = (_b = hashParams.get("expires_in")) !== null && _b !== void 0 ? _b : undefined;
47
- const userName = (_c = hashParams.get("username")) !== null && _c !== void 0 ? _c : undefined;
48
- const ssl = hashParams.get("ssl") === "true";
49
- const stateStr = (_d = hashParams.get("state")) !== null && _d !== void 0 ? _d : undefined;
50
- const persist = hashParams.get("persist") === "true";
51
- if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {
52
- let endpointOrigin;
53
- try {
54
- const state = JSON.parse(stateStr);
55
- stateData = state === null || state === void 0 ? void 0 : state.customData;
56
- endpointOrigin = state === null || state === void 0 ? void 0 : state.endpointOrigin;
57
- }
58
- catch {
59
- }
60
- const expiresIn = Number(expiresInStr);
61
- const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)
62
- if (endpointOrigin !== undefined) {
63
- ArcGisTokenManager_1.ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });
64
- eventSuccess = true;
65
- }
66
- }
67
- }
68
- this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);
69
- };
70
- }
71
- unInitialize() {
72
- this._redirectUri = undefined;
73
- this._expiration = undefined;
74
- window.arcGisOAuth2Callback = undefined;
75
- }
76
- async getAccessToken(params) {
77
- // First lookup Oauth2 tokens, otherwise check try "legacy tokens" if credentials were provided
78
- if (!this._forceLegacyToken) {
79
- const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());
80
- if (oauth2Token)
81
- return oauth2Token;
82
- }
83
- if (params.userName && params.password) {
84
- return ArcGisTokenManager_1.ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenGenerator_1.ArcGisTokenClientType.referer });
85
- }
86
- return undefined;
87
- }
88
- async getTokenServiceEndPoint(mapLayerUrl) {
89
- let tokenEndpoint;
90
- if (!this._forceLegacyToken) {
91
- // Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers
92
- // we could not make a reliable validation.
93
- try {
94
- tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize);
95
- if (tokenEndpoint) {
96
- }
97
- }
98
- catch {
99
- }
100
- }
101
- return tokenEndpoint;
102
- }
103
- invalidateToken(token) {
104
- let found = ArcGisTokenManager_1.ArcGisTokenManager.invalidateToken(token);
105
- if (!found) {
106
- found = ArcGisTokenManager_1.ArcGisTokenManager.invalidateOAuth2Token(token);
107
- }
108
- return found;
109
- }
110
- get redirectUri() {
111
- return this._redirectUri;
112
- }
113
- getMatchingEnterpriseClientId(url) {
114
- const clientIds = this.arcGisEnterpriseClientIds;
115
- if (!clientIds) {
116
- return undefined;
117
- }
118
- let clientId;
119
- let defaultClientId;
120
- for (const entry of clientIds) {
121
- if (entry.serviceBaseUrl === "") {
122
- defaultClientId = entry.clientId;
123
- }
124
- else {
125
- if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {
126
- clientId = entry.clientId;
127
- }
128
- }
129
- }
130
- // If we could not find a match with serviceBaseUrl, and a default clientId
131
- // was specified (i.e empty url), then use default clientId
132
- if (clientId === undefined && defaultClientId !== undefined) {
133
- clientId = defaultClientId;
134
- }
135
- return clientId;
136
- }
137
- get expiration() {
138
- return this._expiration;
139
- }
140
- get arcGisOnlineClientId() {
141
- var _a;
142
- return (_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.arcgisOnlineClientId;
143
- }
144
- set arcGisOnlineClientId(clientId) {
145
- if (this._clientIds === undefined) {
146
- this._clientIds = { arcgisOnlineClientId: clientId };
147
- }
148
- this._clientIds.arcgisOnlineClientId = clientId;
149
- }
150
- get arcGisEnterpriseClientIds() {
151
- var _a;
152
- return (_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds;
153
- }
154
- setEnterpriseClientId(serviceBaseUrl, clientId) {
155
- var _a;
156
- if ((_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds) {
157
- const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);
158
- if (foundIdx !== -1) {
159
- this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;
160
- }
161
- else {
162
- this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });
163
- }
164
- }
165
- else {
166
- if (this._clientIds === undefined) {
167
- this._clientIds = {};
168
- }
169
- this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];
170
- }
171
- }
172
- removeEnterpriseClientId(clientId) {
173
- var _a, _b, _c;
174
- if ((_a = this._clientIds) === null || _a === void 0 ? void 0 : _a.enterpriseClientIds) {
175
- this._clientIds.enterpriseClientIds = (_c = (_b = this._clientIds) === null || _b === void 0 ? void 0 : _b.enterpriseClientIds) === null || _c === void 0 ? void 0 : _c.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);
176
- }
177
- }
178
- /// //////////
179
- /** @internal */
180
- async getOAuthTokenForMapLayerUrl(mapLayerUrl) {
181
- try {
182
- const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize);
183
- if (oauthEndpoint !== undefined) {
184
- const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());
185
- return ArcGisTokenManager_1.ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);
186
- }
187
- }
188
- catch { }
189
- return undefined;
190
- }
191
- /**
192
- * Get OAuth2 endpoint that must be cause to get the Oauth2 token
193
- * @internal
194
- */
195
- cacheEndpoint(url, endpoint, obj) {
196
- if (endpoint === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize) {
197
- this._oauthAuthorizeEndPointsCache.set(url, obj);
198
- }
199
- else {
200
- this._oauthTokenEndPointsCache.set(url, obj);
201
- }
202
- }
203
- /**
204
- * Get OAuth2 endpoint that must be cause to get the Oauth2 token
205
- * @internal
206
- */
207
- async createEndpoint(url, endpoint) {
208
- // Validate the URL we just composed
209
- const oauthEndpoint = new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);
210
- this.cacheEndpoint(url, endpoint, oauthEndpoint);
211
- return oauthEndpoint;
212
- }
213
- /**
214
- * Get OAuth2 endpoint that must be cause to get the Oauth2 token
215
- * @internal
216
- */
217
- async getOAuth2Endpoint(url, endpointType) {
218
- // Return from cache if available
219
- const cachedEndpoint = (endpointType === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));
220
- if (cachedEndpoint !== undefined) {
221
- return cachedEndpoint;
222
- }
223
- const endpointStr = (endpointType === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
224
- const urlObj = new URL(url);
225
- if (urlObj.hostname.toLowerCase().endsWith("arcgis.com")) {
226
- // ArcGIS Online (fixed)
227
- // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/
228
- if (this.arcGisOnlineClientId === undefined) {
229
- return undefined;
230
- }
231
- const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;
232
- return new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);
233
- }
234
- else {
235
- // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'
236
- try {
237
- const restUrlFromTokenService = await ArcGisUrl_1.ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
238
- if (restUrlFromTokenService === undefined) {
239
- // We could not derive the token endpoint from 'tokenServicesUrl'.
240
- // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize
241
- const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
242
- if (regExMatch !== null && regExMatch.length >= 2) {
243
- const subdirectory = regExMatch[1];
244
- const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
245
- const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
246
- // Check again the URL we just composed
247
- return await this.createEndpoint(newUrlObj.toString(), endpointType);
248
- }
249
- }
250
- else {
251
- const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);
252
- if (endpoint)
253
- return endpoint;
254
- }
255
- }
256
- catch {
257
- }
258
- }
259
- return undefined; // we could not find any valid oauth2 endpoint
260
- }
261
- /**
262
- * Construct the complete Authorize url to starts the Oauth process
263
- * @internal
264
- */
265
- constructLoginUrl(url, isArcgisOnline) {
266
- const urlObj = new URL(url);
267
- // Set the client id
268
- if (isArcgisOnline) {
269
- const clientId = this.arcGisOnlineClientId;
270
- (0, core_bentley_1.assert)(clientId !== undefined);
271
- if (clientId !== undefined) {
272
- urlObj.searchParams.set("client_id", clientId);
273
- }
274
- }
275
- else {
276
- const clientId = this.getMatchingEnterpriseClientId(url);
277
- (0, core_bentley_1.assert)(clientId !== undefined);
278
- if (undefined !== clientId) {
279
- urlObj.searchParams.set("client_id", clientId);
280
- }
281
- }
282
- urlObj.searchParams.set("response_type", "token");
283
- if (this.expiration !== undefined) {
284
- urlObj.searchParams.set("expiration", `${this.expiration}`);
285
- }
286
- if (this.redirectUri)
287
- urlObj.searchParams.set("redirect_uri", this.redirectUri);
288
- return urlObj.toString();
289
- }
290
- }
291
- exports.ArcGisAccessClient = ArcGisAccessClient;
1
+ "use strict";
2
+ /*---------------------------------------------------------------------------------------------
3
+ * Copyright (c) Bentley Systems, Incorporated. All rights reserved.
4
+ * See LICENSE.md in the project root for license terms and full copyright notice.
5
+ *--------------------------------------------------------------------------------------------*/
6
+ /** @packageDocumentation
7
+ * @module Tiles
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.ArcGisAccessClient = void 0;
11
+ const core_bentley_1 = require("@itwin/core-bentley");
12
+ const ArcGisTokenGenerator_1 = require("./ArcGisTokenGenerator");
13
+ const ArcGisOAuth2Endpoint_1 = require("./ArcGisOAuth2Endpoint");
14
+ const ArcGisTokenManager_1 = require("./ArcGisTokenManager");
15
+ const ArcGisUrl_1 = require("./ArcGisUrl");
16
+ /** @beta */
17
+ class ArcGisAccessClient {
18
+ constructor() {
19
+ this.onOAuthProcessEnd = new core_bentley_1.BeEvent();
20
+ // Should be kept to 'false'. Debugging purposes only.
21
+ this._forceLegacyToken = false;
22
+ // Derive the Oauth URL from a typical MapLayerURL
23
+ // i.e. https://hostname/server/rest/services/NewYork/NewYork3857/MapServer
24
+ // => https://hostname/portal/sharing/oauth2/authorize
25
+ this._oauthAuthorizeEndPointsCache = new Map();
26
+ this._oauthTokenEndPointsCache = new Map();
27
+ }
28
+ initialize(oAuthConfig) {
29
+ if (oAuthConfig) {
30
+ this._redirectUri = oAuthConfig.redirectUri;
31
+ this._expiration = oAuthConfig.tokenExpiration;
32
+ this._clientIds = oAuthConfig.clientIds;
33
+ this.initOauthCallbackFunction();
34
+ }
35
+ return true;
36
+ }
37
+ initOauthCallbackFunction() {
38
+ window.arcGisOAuth2Callback = (redirectLocation) => {
39
+ let eventSuccess = false;
40
+ let stateData;
41
+ if (redirectLocation && redirectLocation.hash.length > 0) {
42
+ const locationHash = redirectLocation.hash;
43
+ const hashParams = new URLSearchParams(locationHash.substring(1));
44
+ const token = hashParams.get("access_token") ?? undefined;
45
+ const expiresInStr = hashParams.get("expires_in") ?? undefined;
46
+ const userName = hashParams.get("username") ?? undefined;
47
+ const ssl = hashParams.get("ssl") === "true";
48
+ const stateStr = hashParams.get("state") ?? undefined;
49
+ const persist = hashParams.get("persist") === "true";
50
+ if (token !== undefined && expiresInStr !== undefined && userName !== undefined && ssl !== undefined && stateStr !== undefined) {
51
+ let endpointOrigin;
52
+ try {
53
+ const state = JSON.parse(stateStr);
54
+ stateData = state?.customData;
55
+ endpointOrigin = state?.endpointOrigin;
56
+ }
57
+ catch {
58
+ }
59
+ const expiresIn = Number(expiresInStr);
60
+ const expiresAt = (expiresIn * 1000) + (+new Date()); // Converts the token expiration delay (seconds) into a timestamp (UNIX time)
61
+ if (endpointOrigin !== undefined) {
62
+ ArcGisTokenManager_1.ArcGisTokenManager.setOAuth2Token(endpointOrigin, { token, expiresAt, ssl, userName, persist });
63
+ eventSuccess = true;
64
+ }
65
+ }
66
+ }
67
+ this.onOAuthProcessEnd.raiseEvent(eventSuccess, stateData);
68
+ };
69
+ }
70
+ unInitialize() {
71
+ this._redirectUri = undefined;
72
+ this._expiration = undefined;
73
+ window.arcGisOAuth2Callback = undefined;
74
+ }
75
+ async getAccessToken(params) {
76
+ // First lookup Oauth2 tokens, otherwise check try "legacy tokens" if credentials were provided
77
+ if (!this._forceLegacyToken) {
78
+ const oauth2Token = await this.getOAuthTokenForMapLayerUrl(params.mapLayerUrl.toString());
79
+ if (oauth2Token)
80
+ return oauth2Token;
81
+ }
82
+ if (params.userName && params.password) {
83
+ return ArcGisTokenManager_1.ArcGisTokenManager.getToken(params.mapLayerUrl.toString(), params.userName, params.password, { client: ArcGisTokenGenerator_1.ArcGisTokenClientType.referer });
84
+ }
85
+ return undefined;
86
+ }
87
+ async getTokenServiceEndPoint(mapLayerUrl) {
88
+ let tokenEndpoint;
89
+ if (!this._forceLegacyToken) {
90
+ // Note: we used to validate the endpoint by making a request, but because of CORS isssues with some servers
91
+ // we could not make a reliable validation.
92
+ try {
93
+ tokenEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize);
94
+ if (tokenEndpoint) {
95
+ }
96
+ }
97
+ catch {
98
+ }
99
+ }
100
+ return tokenEndpoint;
101
+ }
102
+ invalidateToken(token) {
103
+ let found = ArcGisTokenManager_1.ArcGisTokenManager.invalidateToken(token);
104
+ if (!found) {
105
+ found = ArcGisTokenManager_1.ArcGisTokenManager.invalidateOAuth2Token(token);
106
+ }
107
+ return found;
108
+ }
109
+ get redirectUri() {
110
+ return this._redirectUri;
111
+ }
112
+ getMatchingEnterpriseClientId(url) {
113
+ const clientIds = this.arcGisEnterpriseClientIds;
114
+ if (!clientIds) {
115
+ return undefined;
116
+ }
117
+ let clientId;
118
+ let defaultClientId;
119
+ for (const entry of clientIds) {
120
+ if (entry.serviceBaseUrl === "") {
121
+ defaultClientId = entry.clientId;
122
+ }
123
+ else {
124
+ if (url.toLowerCase().startsWith(entry.serviceBaseUrl)) {
125
+ clientId = entry.clientId;
126
+ }
127
+ }
128
+ }
129
+ // If we could not find a match with serviceBaseUrl, and a default clientId
130
+ // was specified (i.e empty url), then use default clientId
131
+ if (clientId === undefined && defaultClientId !== undefined) {
132
+ clientId = defaultClientId;
133
+ }
134
+ return clientId;
135
+ }
136
+ get expiration() {
137
+ return this._expiration;
138
+ }
139
+ get arcGisOnlineClientId() {
140
+ return this._clientIds?.arcgisOnlineClientId;
141
+ }
142
+ set arcGisOnlineClientId(clientId) {
143
+ if (this._clientIds === undefined) {
144
+ this._clientIds = { arcgisOnlineClientId: clientId };
145
+ }
146
+ this._clientIds.arcgisOnlineClientId = clientId;
147
+ }
148
+ get arcGisEnterpriseClientIds() {
149
+ return this._clientIds?.enterpriseClientIds;
150
+ }
151
+ setEnterpriseClientId(serviceBaseUrl, clientId) {
152
+ if (this._clientIds?.enterpriseClientIds) {
153
+ const foundIdx = this._clientIds.enterpriseClientIds.findIndex((entry) => entry.serviceBaseUrl === serviceBaseUrl);
154
+ if (foundIdx !== -1) {
155
+ this._clientIds.enterpriseClientIds[foundIdx].clientId = clientId;
156
+ }
157
+ else {
158
+ this._clientIds.enterpriseClientIds.push({ serviceBaseUrl, clientId });
159
+ }
160
+ }
161
+ else {
162
+ if (this._clientIds === undefined) {
163
+ this._clientIds = {};
164
+ }
165
+ this._clientIds.enterpriseClientIds = [{ serviceBaseUrl, clientId }];
166
+ }
167
+ }
168
+ removeEnterpriseClientId(clientId) {
169
+ if (this._clientIds?.enterpriseClientIds) {
170
+ this._clientIds.enterpriseClientIds = this._clientIds?.enterpriseClientIds?.filter((item) => item.serviceBaseUrl !== clientId.serviceBaseUrl);
171
+ }
172
+ }
173
+ /// //////////
174
+ /** @internal */
175
+ async getOAuthTokenForMapLayerUrl(mapLayerUrl) {
176
+ try {
177
+ const oauthEndpoint = await this.getOAuth2Endpoint(mapLayerUrl, ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize);
178
+ if (oauthEndpoint !== undefined) {
179
+ const oauthEndpointUrl = new URL(oauthEndpoint.getUrl());
180
+ return ArcGisTokenManager_1.ArcGisTokenManager.getOAuth2Token(oauthEndpointUrl.origin);
181
+ }
182
+ }
183
+ catch { }
184
+ return undefined;
185
+ }
186
+ /**
187
+ * Get OAuth2 endpoint that must be cause to get the Oauth2 token
188
+ * @internal
189
+ */
190
+ cacheEndpoint(url, endpoint, obj) {
191
+ if (endpoint === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize) {
192
+ this._oauthAuthorizeEndPointsCache.set(url, obj);
193
+ }
194
+ else {
195
+ this._oauthTokenEndPointsCache.set(url, obj);
196
+ }
197
+ }
198
+ /**
199
+ * Get OAuth2 endpoint that must be cause to get the Oauth2 token
200
+ * @internal
201
+ */
202
+ async createEndpoint(url, endpoint) {
203
+ // Validate the URL we just composed
204
+ const oauthEndpoint = new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(url, this.constructLoginUrl(url, false), false);
205
+ this.cacheEndpoint(url, endpoint, oauthEndpoint);
206
+ return oauthEndpoint;
207
+ }
208
+ /**
209
+ * Get OAuth2 endpoint that must be cause to get the Oauth2 token
210
+ * @internal
211
+ */
212
+ async getOAuth2Endpoint(url, endpointType) {
213
+ // Return from cache if available
214
+ const cachedEndpoint = (endpointType === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? this._oauthAuthorizeEndPointsCache.get(url) : this._oauthTokenEndPointsCache.get(url));
215
+ if (cachedEndpoint !== undefined) {
216
+ return cachedEndpoint;
217
+ }
218
+ const endpointStr = (endpointType === ArcGisOAuth2Endpoint_1.ArcGisOAuth2EndpointType.Authorize ? "authorize" : "token");
219
+ const urlObj = new URL(url);
220
+ if (urlObj.hostname.toLowerCase().endsWith("arcgis.com")) {
221
+ // ArcGIS Online (fixed)
222
+ // Doc: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/
223
+ if (this.arcGisOnlineClientId === undefined) {
224
+ return undefined;
225
+ }
226
+ const oauth2Url = `https://www.arcgis.com/sharing/rest/oauth2/${endpointStr}`;
227
+ return new ArcGisOAuth2Endpoint_1.ArcGisOAuth2Endpoint(oauth2Url, this.constructLoginUrl(oauth2Url, true), true);
228
+ }
229
+ else {
230
+ // First attempt: derive the Oauth2 token URL from the 'tokenServicesUrl', exposed by the 'info request'
231
+ try {
232
+ const restUrlFromTokenService = await ArcGisUrl_1.ArcGisUrl.getRestUrlFromGenerateTokenUrl(urlObj);
233
+ if (restUrlFromTokenService === undefined) {
234
+ // We could not derive the token endpoint from 'tokenServicesUrl'.
235
+ // ArcGIS Enterprise Format https://<host>:<port>/<subdirectory>/sharing/rest/oauth2/authorize
236
+ const regExMatch = url.match(new RegExp(/([^&\/]+)\/rest\/services\/.*/, "i"));
237
+ if (regExMatch !== null && regExMatch.length >= 2) {
238
+ const subdirectory = regExMatch[1];
239
+ const port = (urlObj.port !== "80" && urlObj.port !== "443") ? `:${urlObj.port}` : "";
240
+ const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${port}/${subdirectory}/sharing/rest/oauth2/${endpointStr}`);
241
+ // Check again the URL we just composed
242
+ return await this.createEndpoint(newUrlObj.toString(), endpointType);
243
+ }
244
+ }
245
+ else {
246
+ const endpoint = await this.createEndpoint(`${restUrlFromTokenService.toString()}oauth2/${endpointStr}`, endpointType);
247
+ if (endpoint)
248
+ return endpoint;
249
+ }
250
+ }
251
+ catch {
252
+ }
253
+ }
254
+ return undefined; // we could not find any valid oauth2 endpoint
255
+ }
256
+ /**
257
+ * Construct the complete Authorize url to starts the Oauth process
258
+ * @internal
259
+ */
260
+ constructLoginUrl(url, isArcgisOnline) {
261
+ const urlObj = new URL(url);
262
+ // Set the client id
263
+ if (isArcgisOnline) {
264
+ const clientId = this.arcGisOnlineClientId;
265
+ (0, core_bentley_1.assert)(clientId !== undefined);
266
+ if (clientId !== undefined) {
267
+ urlObj.searchParams.set("client_id", clientId);
268
+ }
269
+ }
270
+ else {
271
+ const clientId = this.getMatchingEnterpriseClientId(url);
272
+ (0, core_bentley_1.assert)(clientId !== undefined);
273
+ if (undefined !== clientId) {
274
+ urlObj.searchParams.set("client_id", clientId);
275
+ }
276
+ }
277
+ urlObj.searchParams.set("response_type", "token");
278
+ if (this.expiration !== undefined) {
279
+ urlObj.searchParams.set("expiration", `${this.expiration}`);
280
+ }
281
+ if (this.redirectUri)
282
+ urlObj.searchParams.set("redirect_uri", this.redirectUri);
283
+ return urlObj.toString();
284
+ }
285
+ }
286
+ exports.ArcGisAccessClient = ArcGisAccessClient;
292
287
  //# sourceMappingURL=ArcGisAccessClient.js.map