@node-c/domain-iam 1.0.0-alpha8 → 1.0.0-beta0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/common/definitions/common.constants.d.ts +6 -1
- package/dist/common/definitions/common.constants.js +5 -0
- package/dist/common/definitions/common.constants.js.map +1 -1
- package/dist/module/iam.module.js.map +1 -1
- package/dist/services/authentication/iam.authentication.definitions.d.ts +79 -16
- package/dist/services/authentication/iam.authentication.definitions.js +6 -9
- package/dist/services/authentication/iam.authentication.definitions.js.map +1 -1
- package/dist/services/authentication/iam.authentication.service.d.ts +10 -3
- package/dist/services/authentication/iam.authentication.service.js +30 -2
- package/dist/services/authentication/iam.authentication.service.js.map +1 -1
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.d.ts +38 -0
- package/dist/services/{authenticationLocal/iam.authenticationLocal.definitions.js → authenticationOAuth2/iam.authenticationOAuth2.definitions.js} +1 -1
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.js.map +1 -0
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.service.d.ts +24 -0
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.service.js +299 -0
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.service.js.map +1 -0
- package/dist/services/authenticationOAuth2/index.d.ts +2 -0
- package/dist/services/authenticationOAuth2/index.js +19 -0
- package/dist/services/authenticationOAuth2/index.js.map +1 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.d.ts +12 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.js +3 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.js.map +1 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.d.ts +14 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.js +141 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.js.map +1 -0
- package/dist/services/authenticationUserLocal/index.d.ts +2 -0
- package/dist/services/{authenticationLocal → authenticationUserLocal}/index.js +2 -2
- package/dist/services/authenticationUserLocal/index.js.map +1 -0
- package/dist/services/authorization/iam.authorization.definitions.d.ts +33 -23
- package/dist/services/authorization/iam.authorization.definitions.js +7 -0
- package/dist/services/authorization/iam.authorization.definitions.js.map +1 -1
- package/dist/services/authorization/iam.authorization.service.d.ts +28 -13
- package/dist/services/authorization/iam.authorization.service.js +231 -125
- package/dist/services/authorization/iam.authorization.service.js.map +1 -1
- package/dist/services/index.d.ts +4 -2
- package/dist/services/index.js +4 -2
- package/dist/services/index.js.map +1 -1
- package/dist/services/mfa/iam.mfa.definitions.d.ts +21 -0
- package/dist/services/mfa/iam.mfa.definitions.js +8 -0
- package/dist/services/mfa/iam.mfa.definitions.js.map +1 -0
- package/dist/services/mfa/iam.mfa.service.d.ts +9 -0
- package/dist/services/mfa/iam.mfa.service.js +31 -0
- package/dist/services/mfa/iam.mfa.service.js.map +1 -0
- package/dist/services/mfa/index.d.ts +2 -0
- package/dist/services/{users → mfa}/index.js +2 -2
- package/dist/services/mfa/index.js.map +1 -0
- package/dist/services/tokenManager/iam.tokenManager.definitions.d.ts +14 -3
- package/dist/services/tokenManager/iam.tokenManager.definitions.js.map +1 -1
- package/dist/services/tokenManager/iam.tokenManager.service.d.ts +23 -9
- package/dist/services/tokenManager/iam.tokenManager.service.js +111 -43
- package/dist/services/tokenManager/iam.tokenManager.service.js.map +1 -1
- package/dist/services/userManager/iam.userManager.definitions.d.ts +45 -0
- package/dist/services/userManager/iam.userManager.definitions.js +8 -0
- package/dist/services/userManager/iam.userManager.definitions.js.map +1 -0
- package/dist/services/userManager/iam.userManager.service.d.ts +32 -0
- package/dist/services/userManager/iam.userManager.service.js +331 -0
- package/dist/services/userManager/iam.userManager.service.js.map +1 -0
- package/dist/services/userManager/index.d.ts +2 -0
- package/dist/services/userManager/index.js +19 -0
- package/dist/services/userManager/index.js.map +1 -0
- package/package.json +9 -8
- package/src/common/definitions/common.constants.ts +14 -0
- package/src/common/definitions/index.ts +1 -0
- package/src/index.ts +3 -0
- package/src/module/iam.definitions.ts +15 -0
- package/src/module/iam.module.ts +29 -0
- package/src/module/index.ts +2 -0
- package/src/services/authentication/iam.authentication.definitions.ts +100 -0
- package/src/services/authentication/iam.authentication.service.ts +103 -0
- package/src/services/authentication/index.ts +2 -0
- package/src/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.ts +71 -0
- package/src/services/authenticationOAuth2/iam.authenticationOAuth2.service.ts +350 -0
- package/src/services/authenticationOAuth2/index.ts +2 -0
- package/src/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.ts +29 -0
- package/src/services/authenticationUserLocal/iam.authenticationUserLocal.service.ts +171 -0
- package/src/services/authenticationUserLocal/index.ts +2 -0
- package/src/services/authorization/iam.authorization.definitions.ts +55 -0
- package/src/services/authorization/iam.authorization.service.ts +384 -0
- package/src/services/authorization/index.ts +2 -0
- package/src/services/index.ts +7 -0
- package/src/services/mfa/iam.mfa.definitions.ts +28 -0
- package/src/services/mfa/iam.mfa.service.ts +38 -0
- package/src/services/mfa/index.ts +2 -0
- package/src/services/tokenManager/iam.tokenManager.definitions.ts +61 -0
- package/src/services/tokenManager/iam.tokenManager.service.ts +290 -0
- package/src/services/tokenManager/index.ts +2 -0
- package/src/services/userManager/iam.userManager.definitions.ts +73 -0
- package/src/services/userManager/iam.userManager.service.ts +461 -0
- package/src/services/userManager/index.ts +2 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.d.ts +0 -11
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.js.map +0 -1
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.d.ts +0 -10
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.js +0 -70
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.js.map +0 -1
- package/dist/services/authenticationLocal/index.d.ts +0 -2
- package/dist/services/authenticationLocal/index.js.map +0 -1
- package/dist/services/users/iam.users.definitions.d.ts +0 -30
- package/dist/services/users/iam.users.definitions.js +0 -8
- package/dist/services/users/iam.users.definitions.js.map +0 -1
- package/dist/services/users/iam.users.service.d.ts +0 -16
- package/dist/services/users/iam.users.service.js +0 -93
- package/dist/services/users/iam.users.service.js.map +0 -1
- package/dist/services/users/index.d.ts +0 -2
- package/dist/services/users/index.js.map +0 -1
|
@@ -1,3 +1,8 @@
|
|
|
1
1
|
export declare enum Constants {
|
|
2
|
-
DOMAIN_MODULE_NAME = "DOMAIN_MODULE_NAME"
|
|
2
|
+
DOMAIN_MODULE_NAME = "DOMAIN_MODULE_NAME",
|
|
3
|
+
OAUTH2_CODE_VERIFIER_LENGTH = 128,
|
|
4
|
+
OAUTH2_PKCE_CHALLENGE_HASH_METHOD = "SHA-256",
|
|
5
|
+
TOKEN_EXPIRED_ERROR = "Token expired",
|
|
6
|
+
TOKEN_MISMATCHED_AUDIENCES_ERROR = "Mismatched audiences",
|
|
7
|
+
TOKEN_MISMATCHED_ISSUER_ERROR = "Mismatched issuer"
|
|
3
8
|
}
|
|
@@ -4,5 +4,10 @@ exports.Constants = void 0;
|
|
|
4
4
|
var Constants;
|
|
5
5
|
(function (Constants) {
|
|
6
6
|
Constants["DOMAIN_MODULE_NAME"] = "DOMAIN_MODULE_NAME";
|
|
7
|
+
Constants[Constants["OAUTH2_CODE_VERIFIER_LENGTH"] = 128] = "OAUTH2_CODE_VERIFIER_LENGTH";
|
|
8
|
+
Constants["OAUTH2_PKCE_CHALLENGE_HASH_METHOD"] = "SHA-256";
|
|
9
|
+
Constants["TOKEN_EXPIRED_ERROR"] = "Token expired";
|
|
10
|
+
Constants["TOKEN_MISMATCHED_AUDIENCES_ERROR"] = "Mismatched audiences";
|
|
11
|
+
Constants["TOKEN_MISMATCHED_ISSUER_ERROR"] = "Mismatched issuer";
|
|
7
12
|
})(Constants || (exports.Constants = Constants = {}));
|
|
8
13
|
//# sourceMappingURL=common.constants.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"common.constants.js","sourceRoot":"","sources":["../../../src/common/definitions/common.constants.ts"],"names":[],"mappings":";;;AAAA,IAAY,
|
|
1
|
+
{"version":3,"file":"common.constants.js","sourceRoot":"","sources":["../../../src/common/definitions/common.constants.ts"],"names":[],"mappings":";;;AAAA,IAAY,SAaX;AAbD,WAAY,SAAS;IAEnB,sDAAyC,CAAA;IAEzC,yFAAiC,CAAA;IAEjC,0DAA6C,CAAA;IAE7C,kDAAqC,CAAA;IAErC,sEAAyD,CAAA;IAEzD,gEAAmD,CAAA;AACrD,CAAC,EAbW,SAAS,yBAAT,SAAS,QAapB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.module.js","sourceRoot":"","sources":["../../src/module/iam.module.ts"],"names":[],"mappings":";;;AAEA,uCAAkD;AAIlD,uDAAkD;AAElD,MAAa,eAAe;IAC1B,MAAM,CAAC,QAAQ,CAAC,OAA+B;QAC7C,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;QACxE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,iBAAiB,IAAI,EAAE,CAAC;QACjF,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAA,yBAAkB,EAAC,UAAU,CAAC,CAAC;QACpD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,WAAsC;YAC9C,OAAO,EAAE,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;YAC7D,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,uBAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"iam.module.js","sourceRoot":"","sources":["../../src/module/iam.module.ts"],"names":[],"mappings":";;;AAEA,uCAAkD;AAIlD,uDAAkD;AAElD,MAAa,eAAe;IAC1B,MAAM,CAAC,QAAQ,CAAC,OAA+B;QAC7C,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;QACxE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,iBAAiB,IAAI,EAAE,CAAC;QACjF,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAA,yBAAkB,EAAC,UAAU,CAAC,CAAC;QACpD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,WAAsC;YAC9C,OAAO,EAAE,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;YAC7D,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,uBAAS,CAAC,kBAA4B;oBAC/C,QAAQ,EAAE,OAAO,CAAC,UAAU;iBAC7B;gBACD,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;gBAC5B,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;aACpB;YACD,OAAO,EAAE,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;SAC3D,CAAC;IACJ,CAAC;CACF;AApBD,0CAoBC"}
|
|
@@ -1,20 +1,83 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
1
|
+
import { AppConfigCommonDomainIAMAuthServiceConfigStepSettings, GenericObject } from '@node-c/core';
|
|
2
|
+
import { IAMMFAType } from '../mfa';
|
|
3
|
+
export interface IAMAuthenticationCompleteData {
|
|
4
|
+
mfaData?: unknown;
|
|
5
|
+
mfaType?: IAMMFAType;
|
|
6
|
+
}
|
|
7
|
+
export interface IAMAuthenticationCompleteOptions<Context> {
|
|
8
|
+
context: Context;
|
|
9
|
+
contextIdentifierField?: string;
|
|
10
|
+
mfaOptions?: unknown;
|
|
11
|
+
}
|
|
12
|
+
export declare enum IAMAuthenticationType {
|
|
13
|
+
OAuth2 = "ouath2",
|
|
14
|
+
UserLocal = "userLocal"
|
|
15
|
+
}
|
|
16
|
+
export interface IAMAuthenticationCompleteResult {
|
|
17
|
+
accessToken?: string;
|
|
18
|
+
accessTokenExpiresIn?: number;
|
|
19
|
+
idToken?: string;
|
|
20
|
+
mfaUsed?: boolean;
|
|
21
|
+
mfaValid?: boolean;
|
|
22
|
+
refreshToken?: string;
|
|
23
|
+
refreshTokenExpiresIn?: number;
|
|
11
24
|
valid: boolean;
|
|
12
25
|
}
|
|
13
|
-
export
|
|
14
|
-
|
|
26
|
+
export type IAMAuthenticationGetUserCreateAccessTokenConfigResult = AppConfigCommonDomainIAMAuthServiceConfigStepSettings;
|
|
27
|
+
export interface IAMAuthenticationGetPayloadsFromExternalTokensData {
|
|
28
|
+
accessToken?: string;
|
|
29
|
+
idToken?: string;
|
|
30
|
+
refreshToken?: string;
|
|
31
|
+
}
|
|
32
|
+
export interface IAMAuthenticationGetPayloadsFromExternalTokensResult {
|
|
33
|
+
accessTokenPayload?: unknown;
|
|
34
|
+
idTokenPayload?: unknown;
|
|
35
|
+
refreshTokenPayload?: unknown;
|
|
36
|
+
}
|
|
37
|
+
export interface IAMAuthenticationGetUserDataFromExternalTokenPayloadsData {
|
|
38
|
+
accessTokenPayload?: GenericObject;
|
|
39
|
+
idTokenPayload?: {
|
|
40
|
+
email: string;
|
|
41
|
+
name: string;
|
|
42
|
+
} & GenericObject;
|
|
43
|
+
refreshTokenPayload?: GenericObject;
|
|
44
|
+
}
|
|
45
|
+
export interface IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult {
|
|
46
|
+
email: string;
|
|
47
|
+
firstName: string;
|
|
48
|
+
lastName: string;
|
|
49
|
+
}
|
|
50
|
+
export interface IAMAuthenticationInitiateData {
|
|
51
|
+
mfaData?: unknown;
|
|
52
|
+
mfaType?: IAMMFAType;
|
|
53
|
+
}
|
|
54
|
+
export interface IAMAuthenticationInitiateOptions<Context> {
|
|
55
|
+
context: Context;
|
|
56
|
+
contextIdentifierField?: string;
|
|
57
|
+
mfaOptions?: unknown;
|
|
58
|
+
}
|
|
59
|
+
export interface IAMAuthenticationInitiateResult {
|
|
60
|
+
mfaUsed?: boolean;
|
|
61
|
+
mfaValid?: boolean;
|
|
62
|
+
valid: boolean;
|
|
63
|
+
}
|
|
64
|
+
export interface IAMAuthenticationRefreshExternalAccessTokenData {
|
|
65
|
+
accessToken: string;
|
|
66
|
+
refreshToken: string;
|
|
67
|
+
}
|
|
68
|
+
export interface IAMAuthenticationRefreshExternalAccessTokenResult {
|
|
69
|
+
error?: string;
|
|
70
|
+
newAccessToken?: string;
|
|
71
|
+
newRefreshToken?: string;
|
|
72
|
+
}
|
|
73
|
+
export interface IAMAuthenticationVerifyExternalAccessTokenData {
|
|
74
|
+
accessToken: string;
|
|
75
|
+
refreshToken?: string;
|
|
15
76
|
}
|
|
16
|
-
export
|
|
17
|
-
|
|
18
|
-
|
|
77
|
+
export interface IAMAuthenticationVerifyExternalAccessTokenResult {
|
|
78
|
+
accessTokenPayload?: unknown;
|
|
79
|
+
error?: unknown;
|
|
80
|
+
newAccessToken?: string;
|
|
81
|
+
newRefreshToken?: string;
|
|
82
|
+
refreshTokenPayload?: unknown;
|
|
19
83
|
}
|
|
20
|
-
export type UserMFAType = UserMFAKnownType & string;
|
|
@@ -1,12 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
var
|
|
5
|
-
(function (
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
(function (UserMFAKnownType) {
|
|
10
|
-
UserMFAKnownType["Local"] = "local";
|
|
11
|
-
})(UserMFAKnownType || (exports.UserMFAKnownType = UserMFAKnownType = {}));
|
|
3
|
+
exports.IAMAuthenticationType = void 0;
|
|
4
|
+
var IAMAuthenticationType;
|
|
5
|
+
(function (IAMAuthenticationType) {
|
|
6
|
+
IAMAuthenticationType["OAuth2"] = "ouath2";
|
|
7
|
+
IAMAuthenticationType["UserLocal"] = "userLocal";
|
|
8
|
+
})(IAMAuthenticationType || (exports.IAMAuthenticationType = IAMAuthenticationType = {}));
|
|
12
9
|
//# sourceMappingURL=iam.authentication.definitions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.authentication.definitions.js","sourceRoot":"","sources":["../../../src/services/authentication/iam.authentication.definitions.ts"],"names":[],"mappings":";;;AAeA,IAAY,
|
|
1
|
+
{"version":3,"file":"iam.authentication.definitions.js","sourceRoot":"","sources":["../../../src/services/authentication/iam.authentication.definitions.ts"],"names":[],"mappings":";;;AAeA,IAAY,qBAKX;AALD,WAAY,qBAAqB;IAE/B,0CAAiB,CAAA;IAEjB,gDAAuB,CAAA;AACzB,CAAC,EALW,qBAAqB,qCAArB,qBAAqB,QAKhC"}
|
|
@@ -1,8 +1,15 @@
|
|
|
1
1
|
import { ConfigProviderService } from '@node-c/core';
|
|
2
|
-
import {
|
|
3
|
-
export declare class IAMAuthenticationService<
|
|
2
|
+
import { IAMAuthenticationCompleteData, IAMAuthenticationCompleteOptions, IAMAuthenticationCompleteResult, IAMAuthenticationGetPayloadsFromExternalTokensData, IAMAuthenticationGetPayloadsFromExternalTokensResult, IAMAuthenticationGetUserCreateAccessTokenConfigResult, IAMAuthenticationGetUserDataFromExternalTokenPayloadsData, IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult, IAMAuthenticationInitiateData, IAMAuthenticationInitiateOptions, IAMAuthenticationInitiateResult, IAMAuthenticationRefreshExternalAccessTokenData, IAMAuthenticationRefreshExternalAccessTokenResult, IAMAuthenticationVerifyExternalAccessTokenData, IAMAuthenticationVerifyExternalAccessTokenResult } from './iam.authentication.definitions';
|
|
3
|
+
export declare class IAMAuthenticationService<CompleteContext extends object, InitiateContext extends object> {
|
|
4
4
|
protected configProvider: ConfigProviderService;
|
|
5
5
|
protected moduleName: string;
|
|
6
|
+
protected isLocal: boolean;
|
|
6
7
|
constructor(configProvider: ConfigProviderService, moduleName: string);
|
|
7
|
-
|
|
8
|
+
complete(_data: IAMAuthenticationCompleteData, _options: IAMAuthenticationCompleteOptions<CompleteContext>): Promise<IAMAuthenticationCompleteResult>;
|
|
9
|
+
getUserCreateAccessTokenConfig(): IAMAuthenticationGetUserCreateAccessTokenConfigResult;
|
|
10
|
+
getPayloadsFromExternalTokens(_data: IAMAuthenticationGetPayloadsFromExternalTokensData): Promise<IAMAuthenticationGetPayloadsFromExternalTokensResult>;
|
|
11
|
+
getUserDataFromExternalTokenPayloads(_data: IAMAuthenticationGetUserDataFromExternalTokenPayloadsData): Promise<IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult | null>;
|
|
12
|
+
initiate(_data: IAMAuthenticationInitiateData, _options: IAMAuthenticationInitiateOptions<InitiateContext>): Promise<IAMAuthenticationInitiateResult>;
|
|
13
|
+
refreshExternalAccessToken(_data: IAMAuthenticationRefreshExternalAccessTokenData): Promise<IAMAuthenticationRefreshExternalAccessTokenResult>;
|
|
14
|
+
verifyExternalAccessToken(_data: IAMAuthenticationVerifyExternalAccessTokenData): Promise<IAMAuthenticationVerifyExternalAccessTokenResult>;
|
|
8
15
|
}
|
|
@@ -16,9 +16,37 @@ class IAMAuthenticationService {
|
|
|
16
16
|
this.configProvider = configProvider;
|
|
17
17
|
this.moduleName = moduleName;
|
|
18
18
|
}
|
|
19
|
-
|
|
19
|
+
complete(_data, _options) {
|
|
20
20
|
return __awaiter(this, void 0, void 0, function* () {
|
|
21
|
-
throw new core_1.ApplicationError(
|
|
21
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "complete" not implemented.`);
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
getUserCreateAccessTokenConfig() {
|
|
25
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "getUserAccessTokenConfig" not implemented.`);
|
|
26
|
+
}
|
|
27
|
+
getPayloadsFromExternalTokens(_data) {
|
|
28
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
29
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "getPayloadsFromExternalTokens" not implemented.`);
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
getUserDataFromExternalTokenPayloads(_data) {
|
|
33
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
34
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "getUserDataFromExternalTokenPayloads" not implemented.`);
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
initiate(_data, _options) {
|
|
38
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
39
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "initiate" not implemented.`);
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
refreshExternalAccessToken(_data) {
|
|
43
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
44
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "refreshExternalAccessToken" not implemented.`);
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
verifyExternalAccessToken(_data) {
|
|
48
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
+
throw new core_1.ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "verifyExternalAccessToken" not implemented.`);
|
|
22
50
|
});
|
|
23
51
|
}
|
|
24
52
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.authentication.service.js","sourceRoot":"","sources":["../../../src/services/authentication/iam.authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,uCAAuE;
|
|
1
|
+
{"version":3,"file":"iam.authentication.service.js","sourceRoot":"","sources":["../../../src/services/authentication/iam.authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,uCAAuE;AAoBvE,MAAa,wBAAwB;IAGnC,YAEY,cAAqC,EAErC,UAAkB;QAFlB,mBAAc,GAAd,cAAc,CAAuB;QAErC,eAAU,GAAV,UAAU,CAAQ;IAC3B,CAAC;IAKE,QAAQ,CAEZ,KAAoC,EAEpC,QAA2D;;YAE3D,MAAM,IAAI,uBAAgB,CAAC,IAAI,IAAI,CAAC,UAAU,iEAAiE,CAAC,CAAC;QACnH,CAAC;KAAA;IAED,8BAA8B;QAC5B,MAAM,IAAI,uBAAgB,CACxB,IAAI,IAAI,CAAC,UAAU,iFAAiF,CACrG,CAAC;IACJ,CAAC;IAMK,6BAA6B,CAEjC,KAAyD;;YAEzD,MAAM,IAAI,uBAAgB,CACxB,IAAI,IAAI,CAAC,UAAU,sFAAsF,CAC1G,CAAC;QACJ,CAAC;KAAA;IAKK,oCAAoC,CAExC,KAAgE;;YAEhE,MAAM,IAAI,uBAAgB,CACxB,IAAI,IAAI,CAAC,UAAU,6FAA6F,CACjH,CAAC;QACJ,CAAC;KAAA;IAKK,QAAQ,CAEZ,KAAoC,EAEpC,QAA2D;;YAE3D,MAAM,IAAI,uBAAgB,CAAC,IAAI,IAAI,CAAC,UAAU,iEAAiE,CAAC,CAAC;QACnH,CAAC;KAAA;IAEK,0BAA0B,CAE9B,KAAsD;;YAEtD,MAAM,IAAI,uBAAgB,CACxB,IAAI,IAAI,CAAC,UAAU,mFAAmF,CACvG,CAAC;QACJ,CAAC;KAAA;IAEK,yBAAyB,CAE7B,KAAqD;;YAErD,MAAM,IAAI,uBAAgB,CACxB,IAAI,IAAI,CAAC,UAAU,kFAAkF,CACtG,CAAC;QACJ,CAAC;KAAA;CACF;AAlFD,4DAkFC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { IAMAuthenticationCompleteData, IAMAuthenticationCompleteOptions, IAMAuthenticationCompleteResult, IAMAuthenticationGetPayloadsFromExternalTokensData, IAMAuthenticationGetPayloadsFromExternalTokensResult, IAMAuthenticationGetUserCreateAccessTokenConfigResult, IAMAuthenticationInitiateData, IAMAuthenticationInitiateOptions, IAMAuthenticationInitiateResult, IAMAuthenticationVerifyExternalAccessTokenData, IAMAuthenticationVerifyExternalAccessTokenResult } from '../authentication';
|
|
2
|
+
export interface IAMAuthenticationOAuth2AccessTokenProviderResponseData {
|
|
3
|
+
access_token: string;
|
|
4
|
+
expires_in?: number;
|
|
5
|
+
id_token?: string;
|
|
6
|
+
refresh_token?: string;
|
|
7
|
+
scope: string;
|
|
8
|
+
token_type: string;
|
|
9
|
+
}
|
|
10
|
+
export interface IAMAuthenticationOAuth2CompleteData extends IAMAuthenticationCompleteData {
|
|
11
|
+
code: string;
|
|
12
|
+
codeVerifier: string;
|
|
13
|
+
state: string;
|
|
14
|
+
}
|
|
15
|
+
export type IAMAuthenticationOAuth2CompleteOptions<Context extends object> = IAMAuthenticationCompleteOptions<Context>;
|
|
16
|
+
export interface IAMAuthenticationOAuth2CompleteResult extends IAMAuthenticationCompleteResult {
|
|
17
|
+
accessToken: string;
|
|
18
|
+
scope: string;
|
|
19
|
+
}
|
|
20
|
+
export type IAMAuthenticationOAuth2GetPayloadsFromExternalTokensData = IAMAuthenticationGetPayloadsFromExternalTokensData;
|
|
21
|
+
export type IAMAuthenticationOAuth2GetPayloadsFromExternalTokensResult = IAMAuthenticationGetPayloadsFromExternalTokensResult;
|
|
22
|
+
export type IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult = IAMAuthenticationGetUserCreateAccessTokenConfigResult;
|
|
23
|
+
export interface IAMAuthenticationOAuth2InitiateData extends IAMAuthenticationInitiateData {
|
|
24
|
+
scope?: string;
|
|
25
|
+
}
|
|
26
|
+
export interface IAMAuthenticationOAuth2InitiateOptions<Context extends object> extends IAMAuthenticationInitiateOptions<Context> {
|
|
27
|
+
generateNonce?: boolean;
|
|
28
|
+
withPCKE?: boolean;
|
|
29
|
+
}
|
|
30
|
+
export interface IAMAuthenticationOAuth2InitiateResult extends IAMAuthenticationInitiateResult {
|
|
31
|
+
authorizationCodeRequestURL: string;
|
|
32
|
+
codeChallenge?: string;
|
|
33
|
+
codeVerifier?: string;
|
|
34
|
+
nonce?: string;
|
|
35
|
+
state: string;
|
|
36
|
+
}
|
|
37
|
+
export type IAMAuthenticationOAuth2VerifyExternalAccessTokenData = Pick<IAMAuthenticationVerifyExternalAccessTokenData, 'accessToken'>;
|
|
38
|
+
export type IAMAuthenticationOAuth2VerifyExternalAccessTokenResult = Pick<IAMAuthenticationVerifyExternalAccessTokenResult, 'accessTokenPayload' | 'error'>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iam.authenticationOAuth2.definitions.js","sourceRoot":"","sources":["../../../src/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { ConfigProviderService } from '@node-c/core';
|
|
2
|
+
import { IAMAuthenticationOAuth2CompleteData, IAMAuthenticationOAuth2CompleteOptions, IAMAuthenticationOAuth2CompleteResult, IAMAuthenticationOAuth2GetPayloadsFromExternalTokensData, IAMAuthenticationOAuth2GetPayloadsFromExternalTokensResult, IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult, IAMAuthenticationOAuth2InitiateData, IAMAuthenticationOAuth2InitiateOptions, IAMAuthenticationOAuth2InitiateResult, IAMAuthenticationOAuth2VerifyExternalAccessTokenData, IAMAuthenticationOAuth2VerifyExternalAccessTokenResult } from './iam.authenticationOAuth2.definitions';
|
|
3
|
+
import { IAMAuthenticationService } from '../authentication';
|
|
4
|
+
export declare class IAMAuthenticationOAuth2Service<CompleteContext extends object, InitiateContext extends object> extends IAMAuthenticationService<CompleteContext, InitiateContext> {
|
|
5
|
+
protected configProvider: ConfigProviderService;
|
|
6
|
+
protected moduleName: string;
|
|
7
|
+
protected serviceName: string;
|
|
8
|
+
constructor(configProvider: ConfigProviderService, moduleName: string, serviceName: string);
|
|
9
|
+
complete(data: IAMAuthenticationOAuth2CompleteData, _options: IAMAuthenticationOAuth2CompleteOptions<CompleteContext>): Promise<IAMAuthenticationOAuth2CompleteResult>;
|
|
10
|
+
protected generateChallenge(codeVerifier: string): Promise<string>;
|
|
11
|
+
protected generateUrlEncodedString(length: number): string;
|
|
12
|
+
getPayloadsFromExternalTokens(data: IAMAuthenticationOAuth2GetPayloadsFromExternalTokensData): Promise<IAMAuthenticationOAuth2GetPayloadsFromExternalTokensResult>;
|
|
13
|
+
getUserCreateAccessTokenConfig(): IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult;
|
|
14
|
+
initiate(data: IAMAuthenticationOAuth2InitiateData, options: IAMAuthenticationOAuth2InitiateOptions<InitiateContext>): Promise<IAMAuthenticationOAuth2InitiateResult>;
|
|
15
|
+
verifyExternalAccessToken(data: IAMAuthenticationOAuth2VerifyExternalAccessTokenData): Promise<IAMAuthenticationOAuth2VerifyExternalAccessTokenResult>;
|
|
16
|
+
protected verifyToken<DecodedTokenContent = unknown>(token: string, options?: {
|
|
17
|
+
audiences?: string[];
|
|
18
|
+
issuer?: string;
|
|
19
|
+
secret?: string;
|
|
20
|
+
}): Promise<{
|
|
21
|
+
content?: DecodedTokenContent;
|
|
22
|
+
error?: unknown;
|
|
23
|
+
}>;
|
|
24
|
+
}
|
|
@@ -0,0 +1,299 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
36
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
37
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
38
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
39
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
40
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
41
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
42
|
+
});
|
|
43
|
+
};
|
|
44
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
45
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
46
|
+
};
|
|
47
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
48
|
+
exports.IAMAuthenticationOAuth2Service = void 0;
|
|
49
|
+
const crypto_1 = __importDefault(require("crypto"));
|
|
50
|
+
const core_1 = require("@node-c/core");
|
|
51
|
+
const jwt = __importStar(require("jsonwebtoken"));
|
|
52
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
53
|
+
const definitions_1 = require("../../common/definitions");
|
|
54
|
+
const authentication_1 = require("../authentication");
|
|
55
|
+
class IAMAuthenticationOAuth2Service extends authentication_1.IAMAuthenticationService {
|
|
56
|
+
constructor(configProvider, moduleName, serviceName) {
|
|
57
|
+
super(configProvider, moduleName);
|
|
58
|
+
this.configProvider = configProvider;
|
|
59
|
+
this.moduleName = moduleName;
|
|
60
|
+
this.serviceName = serviceName;
|
|
61
|
+
this.isLocal = false;
|
|
62
|
+
}
|
|
63
|
+
complete(data, _options) {
|
|
64
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
65
|
+
const { configProvider, moduleName, serviceName } = this;
|
|
66
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
67
|
+
const { accessTokenGrantUrl, clientId, clientSecret, redirectUri } = moduleConfig.authServiceSettings[serviceName].oauth2;
|
|
68
|
+
if (!accessTokenGrantUrl) {
|
|
69
|
+
console.error(`[${moduleName}][${serviceName}]: Access token grant URL not configured.`);
|
|
70
|
+
throw new core_1.ApplicationError('Authentication failed.');
|
|
71
|
+
}
|
|
72
|
+
if (!redirectUri) {
|
|
73
|
+
console.error(`[${moduleName}][${serviceName}]: Redirect URI not configured.`);
|
|
74
|
+
throw new core_1.ApplicationError('Authentication failed.');
|
|
75
|
+
}
|
|
76
|
+
const { code, codeVerifier } = data;
|
|
77
|
+
const { data: providerResponseData, hasError } = yield (0, core_1.httpRequest)(accessTokenGrantUrl, {
|
|
78
|
+
body: {
|
|
79
|
+
client_id: clientId,
|
|
80
|
+
client_secret: clientSecret,
|
|
81
|
+
code,
|
|
82
|
+
code_verifier: codeVerifier,
|
|
83
|
+
grant_type: 'authorization_code',
|
|
84
|
+
redirect_uri: redirectUri
|
|
85
|
+
},
|
|
86
|
+
isFormData: true,
|
|
87
|
+
method: core_1.HttpMethod.POST
|
|
88
|
+
});
|
|
89
|
+
if (hasError || !providerResponseData) {
|
|
90
|
+
console.error(`[${moduleName}][${serviceName}]: Auhorization grant attempt failed for code "${code}".`, providerResponseData);
|
|
91
|
+
throw new core_1.ApplicationError('Authentication failed.');
|
|
92
|
+
}
|
|
93
|
+
return {
|
|
94
|
+
accessToken: providerResponseData.access_token,
|
|
95
|
+
accessTokenExpiresIn: providerResponseData.expires_in,
|
|
96
|
+
idToken: providerResponseData.id_token,
|
|
97
|
+
mfaUsed: true,
|
|
98
|
+
mfaValid: true,
|
|
99
|
+
refreshToken: providerResponseData.refresh_token,
|
|
100
|
+
scope: providerResponseData.scope,
|
|
101
|
+
valid: true
|
|
102
|
+
};
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
generateChallenge(codeVerifier) {
|
|
106
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
107
|
+
const buffer = yield crypto_1.default.subtle.digest(definitions_1.Constants.OAUTH2_PKCE_CHALLENGE_HASH_METHOD, new TextEncoder().encode(codeVerifier));
|
|
108
|
+
return (0, core_1.base64UrlEncode)(buffer);
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
generateUrlEncodedString(length) {
|
|
112
|
+
const octetSize = Math.ceil((length * 3) / 4);
|
|
113
|
+
const octets = crypto_1.default.getRandomValues(new Uint8Array(octetSize));
|
|
114
|
+
return (0, core_1.base64UrlEncode)(octets.buffer).slice(0, length);
|
|
115
|
+
}
|
|
116
|
+
getPayloadsFromExternalTokens(data) {
|
|
117
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
118
|
+
const { moduleName, serviceName } = this;
|
|
119
|
+
const { accessToken, idToken } = data;
|
|
120
|
+
const returnData = {};
|
|
121
|
+
if (accessToken) {
|
|
122
|
+
const { accessTokenPayload, error } = yield this.verifyExternalAccessToken({
|
|
123
|
+
accessToken
|
|
124
|
+
});
|
|
125
|
+
if (error) {
|
|
126
|
+
console.error(`[${moduleName}][${serviceName}]: Method "getPayloadsFromExternalTokens" has produced an error:`, error);
|
|
127
|
+
throw new core_1.ApplicationError(`[${moduleName}][${serviceName}]: Error getting data from external tokens.`);
|
|
128
|
+
}
|
|
129
|
+
returnData.accessTokenPayload = accessTokenPayload;
|
|
130
|
+
}
|
|
131
|
+
if (idToken) {
|
|
132
|
+
const idTokenData = yield this.verifyToken(idToken);
|
|
133
|
+
returnData.idTokenPayload = idTokenData.content;
|
|
134
|
+
}
|
|
135
|
+
return returnData;
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
getUserCreateAccessTokenConfig() {
|
|
139
|
+
const { configProvider, moduleName, serviceName } = this;
|
|
140
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
141
|
+
const { steps } = moduleConfig.authServiceSettings[serviceName];
|
|
142
|
+
const defaultConfig = {
|
|
143
|
+
[core_1.AppConfigDomainIAMAuthenticationStep.Complete]: {
|
|
144
|
+
cache: {
|
|
145
|
+
settings: {
|
|
146
|
+
cacheFieldName: 'state',
|
|
147
|
+
inputFieldName: 'data.state'
|
|
148
|
+
},
|
|
149
|
+
use: {
|
|
150
|
+
data: { overwrite: true, use: true }
|
|
151
|
+
}
|
|
152
|
+
},
|
|
153
|
+
createUser: true,
|
|
154
|
+
decodeReturnedTokens: true,
|
|
155
|
+
findUser: true,
|
|
156
|
+
findUserBeforeAuth: false,
|
|
157
|
+
findUserInAuthResultBy: {
|
|
158
|
+
userFieldName: 'email',
|
|
159
|
+
resultFieldName: 'accessTokenPayload.username'
|
|
160
|
+
},
|
|
161
|
+
useReturnedTokens: true,
|
|
162
|
+
validWithoutUser: false
|
|
163
|
+
},
|
|
164
|
+
[core_1.AppConfigDomainIAMAuthenticationStep.Initiate]: {
|
|
165
|
+
cache: {
|
|
166
|
+
populate: {
|
|
167
|
+
data: [{ cacheFieldName: 'codeVerifier', inputFieldName: 'result.codeVerifier' }]
|
|
168
|
+
},
|
|
169
|
+
settings: {
|
|
170
|
+
cacheFieldName: 'state',
|
|
171
|
+
inputFieldName: 'result.state'
|
|
172
|
+
}
|
|
173
|
+
},
|
|
174
|
+
findUser: false,
|
|
175
|
+
stepResultPublicFields: ['authorizationCodeRequestURL'],
|
|
176
|
+
validWithoutUser: true
|
|
177
|
+
}
|
|
178
|
+
};
|
|
179
|
+
return lodash_1.default.merge(defaultConfig, steps || {});
|
|
180
|
+
}
|
|
181
|
+
initiate(data, options) {
|
|
182
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
183
|
+
const { configProvider, moduleName, serviceName } = this;
|
|
184
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
185
|
+
const { authorizationUrl, clientId, codeChallengeMethod, defaultScope, redirectUri } = moduleConfig.authServiceSettings[serviceName].oauth2;
|
|
186
|
+
const { scope } = data;
|
|
187
|
+
const { generateNonce, withPCKE } = options;
|
|
188
|
+
const finalScope = scope || defaultScope;
|
|
189
|
+
if (!authorizationUrl) {
|
|
190
|
+
console.error(`[${moduleName}][${serviceName}]: Authorization URL not configured.`);
|
|
191
|
+
throw new core_1.ApplicationError('Authentication failed.');
|
|
192
|
+
}
|
|
193
|
+
if (!redirectUri) {
|
|
194
|
+
console.error(`[${moduleName}][${serviceName}]: Redirect URI not configured.`);
|
|
195
|
+
throw new core_1.ApplicationError('Authentication failed.');
|
|
196
|
+
}
|
|
197
|
+
if (!finalScope) {
|
|
198
|
+
console.error(`[${moduleName}][${serviceName}]: Either a scope in thwe input, or a configured default scope, is required..`);
|
|
199
|
+
throw new core_1.ApplicationError('Authentication failed.');
|
|
200
|
+
}
|
|
201
|
+
const state = this.generateUrlEncodedString(16);
|
|
202
|
+
let challenge;
|
|
203
|
+
let nonce;
|
|
204
|
+
let verifier;
|
|
205
|
+
let url = `${authorizationUrl}?` +
|
|
206
|
+
'response_type=code&' +
|
|
207
|
+
`client_id=${clientId}&` +
|
|
208
|
+
`redirect_uri=${encodeURIComponent(redirectUri)}&` +
|
|
209
|
+
`scope=${encodeURIComponent(finalScope)}&` +
|
|
210
|
+
`state=${state}`;
|
|
211
|
+
if (withPCKE) {
|
|
212
|
+
verifier = this.generateUrlEncodedString(definitions_1.Constants.OAUTH2_CODE_VERIFIER_LENGTH);
|
|
213
|
+
challenge = yield this.generateChallenge(verifier);
|
|
214
|
+
url += `&code_challenge=${challenge}&code_challenge_method=${codeChallengeMethod}`;
|
|
215
|
+
}
|
|
216
|
+
if (generateNonce) {
|
|
217
|
+
nonce = this.generateUrlEncodedString(16);
|
|
218
|
+
url += `&nonce=${nonce}`;
|
|
219
|
+
}
|
|
220
|
+
return {
|
|
221
|
+
authorizationCodeRequestURL: url,
|
|
222
|
+
codeChallenge: challenge,
|
|
223
|
+
codeVerifier: verifier,
|
|
224
|
+
mfaUsed: true,
|
|
225
|
+
mfaValid: true,
|
|
226
|
+
nonce,
|
|
227
|
+
state,
|
|
228
|
+
valid: true
|
|
229
|
+
};
|
|
230
|
+
});
|
|
231
|
+
}
|
|
232
|
+
verifyExternalAccessToken(data) {
|
|
233
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
234
|
+
const { configProvider, moduleName, serviceName } = this;
|
|
235
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
236
|
+
const { accessTokenAudiences, issuerUri, verifyTokensLocally } = moduleConfig.authServiceSettings[serviceName].oauth2;
|
|
237
|
+
const { accessToken } = data;
|
|
238
|
+
if (!accessTokenAudiences) {
|
|
239
|
+
throw new core_1.ApplicationError(`[${moduleName}][${serviceName}]: In method "verifyExternalAccessToken": accessTokenAudiences not configured.`);
|
|
240
|
+
}
|
|
241
|
+
if (!issuerUri) {
|
|
242
|
+
throw new core_1.ApplicationError(`[${moduleName}][${serviceName}]: In method "verifyExternalAccessToken": issuer URI not configured.`);
|
|
243
|
+
}
|
|
244
|
+
if (verifyTokensLocally) {
|
|
245
|
+
const accessTokenData = yield this.verifyToken(accessToken, {
|
|
246
|
+
audiences: accessTokenAudiences,
|
|
247
|
+
issuer: issuerUri
|
|
248
|
+
});
|
|
249
|
+
if (accessTokenData.error) {
|
|
250
|
+
return { error: accessTokenData.error };
|
|
251
|
+
}
|
|
252
|
+
return { accessTokenPayload: accessTokenData.content };
|
|
253
|
+
}
|
|
254
|
+
throw new core_1.ApplicationError(`[${moduleName}][${serviceName}]: In method "verifyExternalAccessToken": verification via external endpoint not configured.`);
|
|
255
|
+
});
|
|
256
|
+
}
|
|
257
|
+
verifyToken(token, options) {
|
|
258
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
259
|
+
const { audiences, issuer, secret } = options || {};
|
|
260
|
+
let returnData = {};
|
|
261
|
+
if (secret) {
|
|
262
|
+
returnData = yield new Promise(resolve => {
|
|
263
|
+
jwt.verify(token, secret, (err, decoded) => {
|
|
264
|
+
if (err) {
|
|
265
|
+
resolve({ content: decoded, error: err });
|
|
266
|
+
}
|
|
267
|
+
resolve({ content: decoded });
|
|
268
|
+
});
|
|
269
|
+
});
|
|
270
|
+
}
|
|
271
|
+
else {
|
|
272
|
+
const tokenContent = jwt.decode(token);
|
|
273
|
+
if (tokenContent.exp) {
|
|
274
|
+
let currentTimeStamp = `${new Date().valueOf()}`;
|
|
275
|
+
let expString = `${tokenContent.exp}`;
|
|
276
|
+
if (expString.length < currentTimeStamp.length) {
|
|
277
|
+
currentTimeStamp = currentTimeStamp.substring(0, expString.length);
|
|
278
|
+
}
|
|
279
|
+
else if (expString.length > currentTimeStamp.length) {
|
|
280
|
+
expString = expString.substring(0, currentTimeStamp.length);
|
|
281
|
+
}
|
|
282
|
+
if (parseInt(expString, 10) < parseInt(currentTimeStamp, 10)) {
|
|
283
|
+
returnData.error = definitions_1.Constants.TOKEN_EXPIRED_ERROR;
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
if (tokenContent.aud && audiences && !audiences.includes(tokenContent.aud)) {
|
|
287
|
+
returnData.error = definitions_1.Constants.TOKEN_MISMATCHED_AUDIENCES_ERROR;
|
|
288
|
+
}
|
|
289
|
+
if (tokenContent.iss && issuer && issuer !== tokenContent.iss) {
|
|
290
|
+
returnData.error = definitions_1.Constants.TOKEN_MISMATCHED_ISSUER_ERROR;
|
|
291
|
+
}
|
|
292
|
+
returnData.content = tokenContent;
|
|
293
|
+
}
|
|
294
|
+
return returnData;
|
|
295
|
+
});
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
exports.IAMAuthenticationOAuth2Service = IAMAuthenticationOAuth2Service;
|
|
299
|
+
//# sourceMappingURL=iam.authenticationOAuth2.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iam.authenticationOAuth2.service.js","sourceRoot":"","sources":["../../../src/services/authenticationOAuth2/iam.authenticationOAuth2.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAA4B;AAE5B,uCAQsB;AAEtB,kDAAoC;AACpC,oDAAwB;AAiBxB,0DAAqD;AACrD,sDAA6D;AAkB7D,MAAa,8BAGX,SAAQ,yCAA0D;IAClE,YACY,cAAqC,EACrC,UAAkB,EAElB,WAAmB;QAE7B,KAAK,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QALxB,mBAAc,GAAd,cAAc,CAAuB;QACrC,eAAU,GAAV,UAAU,CAAQ;QAElB,gBAAW,GAAX,WAAW,CAAQ;QAG7B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;IACvB,CAAC;IAUK,QAAQ,CACZ,IAAyC,EAEzC,QAAiE;;YAEjE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YACzD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,GAChE,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC,MAAO,CAAC;YACzD,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,OAAO,CAAC,KAAK,CAAC,IAAI,UAAU,KAAK,WAAW,2CAA2C,CAAC,CAAC;gBACzF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,IAAI,UAAU,KAAK,WAAW,iCAAiC,CAAC,CAAC;gBAC/E,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;YACpC,MAAM,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,GAC5C,MAAM,IAAA,kBAAW,EAAyD,mBAAmB,EAAE;gBAC7F,IAAI,EAAE;oBACJ,SAAS,EAAE,QAAQ;oBACnB,aAAa,EAAE,YAAY;oBAC3B,IAAI;oBACJ,aAAa,EAAE,YAAY;oBAC3B,UAAU,EAAE,oBAAoB;oBAChC,YAAY,EAAE,WAAW;iBAC1B;gBACD,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,iBAAU,CAAC,IAAI;aACxB,CAAC,CAAC;YACL,IAAI,QAAQ,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBACtC,OAAO,CAAC,KAAK,CACX,IAAI,UAAU,KAAK,WAAW,kDAAkD,IAAI,IAAI,EACxF,oBAAoB,CACrB,CAAC;gBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,OAAO;gBACL,WAAW,EAAE,oBAAoB,CAAC,YAAY;gBAC9C,oBAAoB,EAAE,oBAAoB,CAAC,UAAU;gBACrD,OAAO,EAAE,oBAAoB,CAAC,QAAQ;gBACtC,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,oBAAoB,CAAC,aAAa;gBAChD,KAAK,EAAE,oBAAoB,CAAC,KAAK;gBACjC,KAAK,EAAE,IAAI;aACZ,CAAC;QACJ,CAAC;KAAA;IAEe,iBAAiB,CAAC,YAAoB;;YACpD,MAAM,MAAM,GAAG,MAAM,gBAAM,CAAC,MAAM,CAAC,MAAM,CACvC,uBAAS,CAAC,iCAAiC,EAC3C,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACvC,CAAC;YACF,OAAO,IAAA,sBAAe,EAAC,MAAM,CAAC,CAAC;QACjC,CAAC;KAAA;IAES,wBAAwB,CAAC,MAAc;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,gBAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QACjE,OAAO,IAAA,sBAAe,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;IAGK,6BAA6B,CACjC,IAA8D;;YAE9D,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YACzC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;YACtC,MAAM,UAAU,GAA+D,EAAE,CAAC;YAClF,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC;oBACzE,WAAW;iBACZ,CAAC,CAAC;gBACH,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,KAAK,CACX,IAAI,UAAU,KAAK,WAAW,kEAAkE,EAChG,KAAK,CACN,CAAC;oBACF,MAAM,IAAI,uBAAgB,CAAC,IAAI,UAAU,KAAK,WAAW,6CAA6C,CAAC,CAAC;gBAC1G,CAAC;gBACD,UAAU,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;YACrD,CAAC;YACD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBACpD,UAAU,CAAC,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC;YAClD,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAGD,8BAA8B;QAC5B,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QACzD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;QACpF,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC;QACjE,MAAM,aAAa,GAAgE;YACjF,CAAC,2CAAoC,CAAC,QAAQ,CAAC,EAAE;gBAC/C,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,cAAc,EAAE,OAAO;wBACvB,cAAc,EAAE,YAAY;qBAC7B;oBACD,GAAG,EAAE;wBACH,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE;qBACrC;iBACF;gBACD,UAAU,EAAE,IAAI;gBAChB,oBAAoB,EAAE,IAAI;gBAC1B,QAAQ,EAAE,IAAI;gBACd,kBAAkB,EAAE,KAAK;gBACzB,sBAAsB,EAAE;oBACtB,aAAa,EAAE,OAAO;oBACtB,eAAe,EAAE,6BAA6B;iBAC/C;gBACD,iBAAiB,EAAE,IAAI;gBACvB,gBAAgB,EAAE,KAAK;aACxB;YACD,CAAC,2CAAoC,CAAC,QAAQ,CAAC,EAAE;gBAC/C,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,IAAI,EAAE,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,qBAAqB,EAAE,CAAC;qBAClF;oBACD,QAAQ,EAAE;wBACR,cAAc,EAAE,OAAO;wBACvB,cAAc,EAAE,cAAc;qBAC/B;iBACF;gBACD,QAAQ,EAAE,KAAK;gBACf,sBAAsB,EAAE,CAAC,6BAA6B,CAAC;gBACvD,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC;QACF,OAAO,gBAAE,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAYK,QAAQ,CACZ,IAAyC,EACzC,OAAgE;;YAEhE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YACzD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,mBAAmB,EAAE,YAAY,EAAE,WAAW,EAAE,GAClF,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC,MAAO,CAAC;YACzD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;YACvB,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;YAC5C,MAAM,UAAU,GAAG,KAAK,IAAI,YAAY,CAAC;YACzC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,IAAI,UAAU,KAAK,WAAW,sCAAsC,CAAC,CAAC;gBACpF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,IAAI,UAAU,KAAK,WAAW,iCAAiC,CAAC,CAAC;gBAC/E,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CACX,IAAI,UAAU,KAAK,WAAW,+EAA+E,CAC9G,CAAC;gBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;YAChD,IAAI,SAA6B,CAAC;YAClC,IAAI,KAAyB,CAAC;YAC9B,IAAI,QAA4B,CAAC;YACjC,IAAI,GAAG,GACL,GAAG,gBAAgB,GAAG;gBACtB,qBAAqB;gBACrB,aAAa,QAAQ,GAAG;gBACxB,gBAAgB,kBAAkB,CAAC,WAAW,CAAC,GAAG;gBAClD,SAAS,kBAAkB,CAAC,UAAU,CAAC,GAAG;gBAC1C,SAAS,KAAK,EAAE,CAAC;YACnB,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,uBAAS,CAAC,2BAA2B,CAAC,CAAC;gBAChF,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;gBACnD,GAAG,IAAI,mBAAmB,SAAS,0BAA0B,mBAAmB,EAAE,CAAC;YACrF,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,KAAK,GAAG,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;gBAC1C,GAAG,IAAI,UAAU,KAAK,EAAE,CAAC;YAC3B,CAAC;YACD,OAAO;gBACL,2BAA2B,EAAE,GAAG;gBAChC,aAAa,EAAE,SAAS;gBACxB,YAAY,EAAE,QAAQ;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,IAAI;gBACd,KAAK;gBACL,KAAK;gBACL,KAAK,EAAE,IAAI;aACZ,CAAC;QACJ,CAAC;KAAA;IAGK,yBAAyB,CAC7B,IAA0D;;YAE1D,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YACzD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,oBAAoB,EAAE,SAAS,EAAE,mBAAmB,EAAE,GAC5D,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC,MAAO,CAAC;YACzD,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC7B,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,MAAM,IAAI,uBAAgB,CACxB,IAAI,UAAU,KAAK,WAAW,gFAAgF,CAC/G,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,uBAAgB,CACxB,IAAI,UAAU,KAAK,WAAW,uEAAuE,CACtG,CAAC;YACJ,CAAC;YACD,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE;oBAC1D,SAAS,EAAE,oBAAoB;oBAC/B,MAAM,EAAE,SAAS;iBAClB,CAAC,CAAC;gBACH,IAAI,eAAe,CAAC,KAAK,EAAE,CAAC;oBAE1B,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,EAAE,CAAC;gBAC1C,CAAC;gBACD,OAAO,EAAE,kBAAkB,EAAE,eAAe,CAAC,OAAO,EAAE,CAAC;YACzD,CAAC;YACD,MAAM,IAAI,uBAAgB,CACxB,IAAI,UAAU,KAAK,WAAW,+FAA+F,CAC9H,CAAC;QACJ,CAAC;KAAA;IAEe,WAAW,CACzB,KAAa,EACb,OAAoE;;YAEpE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;YACpD,IAAI,UAAU,GAAuD,EAAE,CAAC;YACxE,IAAI,MAAM,EAAE,CAAC;gBACX,UAAU,GAAG,MAAM,IAAI,OAAO,CAAqD,OAAO,CAAC,EAAE;oBAC3F,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;wBACzC,IAAI,GAAG,EAAE,CAAC;4BACR,OAAO,CAAC,EAAE,OAAO,EAAE,OAA8B,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;wBACnE,CAAC;wBACD,OAAO,CAAC,EAAE,OAAO,EAAE,OAA8B,EAAE,CAAC,CAAC;oBACvD,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAuE,CAAC;gBAC7G,IAAI,YAAY,CAAC,GAAG,EAAE,CAAC;oBAErB,IAAI,gBAAgB,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC;oBACjD,IAAI,SAAS,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,CAAC;oBACtC,IAAI,SAAS,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC;wBAC/C,gBAAgB,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;oBACrE,CAAC;yBAAM,IAAI,SAAS,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC;wBACtD,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;oBAC9D,CAAC;oBACD,IAAI,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,EAAE,CAAC;wBAC7D,UAAU,CAAC,KAAK,GAAG,uBAAS,CAAC,mBAAmB,CAAC;oBACnD,CAAC;gBACH,CAAC;gBACD,IAAI,YAAY,CAAC,GAAG,IAAI,SAAS,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3E,UAAU,CAAC,KAAK,GAAG,uBAAS,CAAC,gCAAgC,CAAC;gBAChE,CAAC;gBACD,IAAI,YAAY,CAAC,GAAG,IAAI,MAAM,IAAI,MAAM,KAAK,YAAY,CAAC,GAAG,EAAE,CAAC;oBAC9D,UAAU,CAAC,KAAK,GAAG,uBAAS,CAAC,6BAA6B,CAAC;gBAC7D,CAAC;gBACD,UAAU,CAAC,OAAO,GAAG,YAAY,CAAC;YACpC,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;CACF;AA5SD,wEA4SC"}
|