@nsshunt/stsauthclient 1.0.20 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/stsauthclient.mjs +37 -42
  2. package/dist/stsauthclient.mjs.map +1 -1
  3. package/dist/stsauthclient.umd.js +38 -43
  4. package/dist/stsauthclient.umd.js.map +1 -1
  5. package/package.json +9 -11
  6. package/types/authManager.d.ts +1 -2
  7. package/types/authManager.d.ts.map +1 -1
  8. package/types/authutilsnode.d.ts +7 -4
  9. package/types/authutilsnode.d.ts.map +1 -1
  10. package/types/commonTypes.d.ts +3 -9
  11. package/types/commonTypes.d.ts.map +1 -1
  12. package/types/resourceManager.d.ts +2 -3
  13. package/types/resourceManager.d.ts.map +1 -1
  14. package/types/sessionManager.d.ts +1 -2
  15. package/types/sessionManager.d.ts.map +1 -1
package/dist/stsauthclient.mjs CHANGED
@@ -9,14 +9,14 @@ var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read fr
9
9
  var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
10
10
  var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
11
11
  var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
12
- var _options, _logger, _agentManager, _cache, _cacheTimeout, _logger2, _cookiejar, _originRegex, _agentManager2, _AuthUtilsNode_instances, LogDebugMessage_fn;
12
+ var _options, _options2, _cache, _cacheTimeout, _cookiejar, _originRegex, _AuthUtilsNode_instances, LogDebugMessage_fn;
13
13
  import axios from "axios";
14
- import { AgentManager, STSAxiosConfig, goptions } from "@nsshunt/stsconfig";
14
+ import { STSAxiosConfig, GetErrorPayload } from "@nsshunt/stsutils";
15
15
  import tough from "tough-cookie";
16
16
  import jwt from "jsonwebtoken";
17
17
  import { jwtDecode } from "jwt-decode";
18
18
  import jwksClient from "jwks-rsa";
19
- import { GetErrorPayload } from "@nsshunt/stsutils";
19
+ import { goptions } from "@nsshunt/stsconfig";
20
20
  import chalk from "chalk";
21
21
  import { Gauge } from "@nsshunt/stsobservability";
22
22
  const iss = `https://stscore.stsmda.org/oauth2/v2.0`;
@@ -87,12 +87,9 @@ var StatusCodes;
87
87
  StatusCodes2[StatusCodes2["INSUFFICIENT_STORAGE"] = 507] = "INSUFFICIENT_STORAGE";
88
88
  StatusCodes2[StatusCodes2["NETWORK_AUTHENTICATION_REQUIRED"] = 511] = "NETWORK_AUTHENTICATION_REQUIRED";
89
89
  })(StatusCodes || (StatusCodes = {}));
90
- const isNode = Object.prototype.toString.call(typeof process !== "undefined" ? process : 0) === "[object process]";
91
90
  class ResourceManager {
92
- constructor(options, logger) {
91
+ constructor(options) {
93
92
  __privateAdd(this, _options);
94
- __privateAdd(this, _logger);
95
- __privateAdd(this, _agentManager, null);
96
93
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
97
94
  __publicField(this, "GetErrorMessage", (status, error, detail) => {
98
95
  return {
@@ -112,8 +109,8 @@ class ResourceManager {
112
109
  });
113
110
  __publicField(this, "GetResult", async (accessToken, url, method, requestData, errorCb) => {
114
111
  const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
115
- if (__privateGet(this, _agentManager)) {
116
- axiosConfig.withAgentManager(__privateGet(this, _agentManager));
112
+ if (__privateGet(this, _options).agentManager) {
113
+ axiosConfig.withAgentManager(__privateGet(this, _options).agentManager);
117
114
  }
118
115
  if (requestData !== null) {
119
116
  axiosConfig.withData(requestData);
@@ -140,43 +137,35 @@ class ResourceManager {
140
137
  }
141
138
  });
142
139
  __privateSet(this, _options, options);
143
- __privateSet(this, _logger, logger);
144
140
  this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options))}]`);
145
- if (isNode) {
146
- if (__privateGet(this, _options).agentOptions) {
147
- __privateSet(this, _agentManager, new AgentManager({
148
- agentOptions: __privateGet(this, _options).agentOptions
149
- }));
150
- } else {
151
- __privateSet(this, _agentManager, new AgentManager({}));
152
- }
153
- }
154
141
  }
155
142
  get agentManager() {
156
- return __privateGet(this, _agentManager);
143
+ if (__privateGet(this, _options).agentManager) {
144
+ return __privateGet(this, _options).agentManager;
145
+ } else {
146
+ return null;
147
+ }
157
148
  }
158
149
  get options() {
159
150
  return __privateGet(this, _options);
160
151
  }
161
152
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
162
153
  LogDebugMessage(message) {
163
- __privateGet(this, _logger).debug(message);
154
+ __privateGet(this, _options).logger.debug(message);
164
155
  }
165
156
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
166
157
  LogInfoMessage(message) {
167
- __privateGet(this, _logger).info(message);
158
+ __privateGet(this, _options).logger.info(message);
168
159
  }
169
160
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
170
161
  LogErrorMessage(message) {
171
- __privateGet(this, _logger).error(message);
162
+ __privateGet(this, _options).logger.error(message);
172
163
  }
173
164
  }
174
165
  _options = new WeakMap();
175
- _logger = new WeakMap();
176
- _agentManager = new WeakMap();
177
166
  class SessionManager extends ResourceManager {
178
- constructor(options, logger) {
179
- super(options, logger);
167
+ constructor(options) {
168
+ super(options);
180
169
  __publicField(this, "GetSession", async (access_token, sessionId, errorCb) => {
181
170
  try {
182
171
  return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
@@ -200,17 +189,18 @@ class SessionManager extends ResourceManager {
200
189
  }
201
190
  }
202
191
  class AuthUtilsNode {
203
- constructor(logger) {
192
+ constructor(options) {
204
193
  __privateAdd(this, _AuthUtilsNode_instances);
194
+ __privateAdd(this, _options2);
205
195
  __privateAdd(this, _cache, {});
206
196
  __privateAdd(this, _cacheTimeout, 1e3);
207
- __privateAdd(this, _logger2);
208
197
  __privateAdd(this, _cookiejar);
209
198
  // Regular expression to match the origin
210
199
  __privateAdd(this, _originRegex, /^(api:\/\/\w+)/);
211
- __privateAdd(this, _agentManager2, new AgentManager({}));
212
200
  __publicField(this, "ResetAgent", () => {
213
- __privateGet(this, _agentManager2).ResetAgent();
201
+ if (__privateGet(this, _options2).agentManager) {
202
+ __privateGet(this, _options2).agentManager.ResetAgent();
203
+ }
214
204
  });
215
205
  __publicField(this, "VerifyRequestMiddlewareFactory", (options) => {
216
206
  return async (req, res, next) => {
@@ -267,7 +257,7 @@ class AuthUtilsNode {
267
257
  });
268
258
  __publicField(this, "ValidateJWT", async (token, audience, endpoint) => {
269
259
  const jwksClientUri = endpoint ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`;
270
- const jwks = jwksClient({
260
+ const jwksClientOptions = {
271
261
  cache: true,
272
262
  //@@ all config items
273
263
  cacheMaxEntries: 5,
@@ -278,11 +268,13 @@ class AuthUtilsNode {
278
268
  jwksRequestsPerMinute: 10,
279
269
  // Default value
280
270
  jwksUri: jwksClientUri,
281
- timeout: 3e4,
271
+ timeout: 3e4
282
272
  //@@ config
283
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
284
- requestAgent: __privateGet(this, _agentManager2).GetAgent(jwksClientUri)
285
- });
273
+ };
274
+ if (__privateGet(this, _options2).agentManager) {
275
+ jwksClientOptions.requestAgent = __privateGet(this, _options2).agentManager.GetAgent(jwksClientUri);
276
+ }
277
+ const jwks = jwksClient(jwksClientOptions);
286
278
  const decodedRefreshToken = jwtDecode(token, { header: true });
287
279
  const kid = decodedRefreshToken.kid;
288
280
  const key = await jwks.getSigningKey(kid);
@@ -364,7 +356,11 @@ class AuthUtilsNode {
364
356
  stage = "6";
365
357
  const url = endPoint ? `${endPoint}${goptions.asoauthapiroot}/token` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`;
366
358
  stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
367
- const retVal = await axios(new STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload).withAgentManager(__privateGet(this, _agentManager2)).config);
359
+ const axiosConfig = new STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload);
360
+ if (__privateGet(this, _options2).agentManager) {
361
+ axiosConfig.withAgentManager(__privateGet(this, _options2).agentManager);
362
+ }
363
+ const retVal = await axios(axiosConfig.config);
368
364
  stage = "7";
369
365
  if (retVal.status) {
370
366
  if (retVal.status !== 200) {
@@ -413,11 +409,11 @@ class AuthUtilsNode {
413
409
  return "";
414
410
  }
415
411
  });
416
- __privateSet(this, _logger2, logger);
412
+ __privateSet(this, _options2, options);
417
413
  __privateSet(this, _cookiejar, new tough.CookieJar());
418
414
  }
419
415
  get agentManager() {
420
- return __privateGet(this, _agentManager2);
416
+ return __privateGet(this, _options2).agentManager;
421
417
  }
422
418
  /*
423
419
  let cookies = await this.GetCookiesFromJar();
@@ -440,16 +436,15 @@ class AuthUtilsNode {
440
436
  next();
441
437
  }
442
438
  }
439
+ _options2 = new WeakMap();
443
440
  _cache = new WeakMap();
444
441
  _cacheTimeout = new WeakMap();
445
- _logger2 = new WeakMap();
446
442
  _cookiejar = new WeakMap();
447
443
  _originRegex = new WeakMap();
448
- _agentManager2 = new WeakMap();
449
444
  _AuthUtilsNode_instances = new WeakSet();
450
445
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
451
446
  LogDebugMessage_fn = function(message) {
452
- __privateGet(this, _logger2).debug(message);
447
+ __privateGet(this, _options2).logger.debug(message);
453
448
  };
454
449
  export {
455
450
  AuthUtilsNode,
package/dist/stsauthclient.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"stsauthclient.mjs","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../node_modules/detect-node/index.esm.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string;\n\tagentOptions?: {\n\t\tkeepAlive: boolean\n\t\tmaxSockets: number\n\t\tmaxTotalSockets: number\n\t\tmaxFreeSockets: number\n timeout: number\n\t\trejectUnauthorized: boolean\n\t}\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","// Only Node.JS has a process variable that is of [[Class]] process\nexport default Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\n","import isNode from 'detect-node'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { ISTSLogger, JSONObject } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig';\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n #logger: ISTSLogger;\n #agentManager: AgentManager | null = null;\n\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n this.#options = options;\n this.#logger = logger;\n\t\t\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n\n if (isNode) {\n if (this.#options.agentOptions) {\n this.#agentManager = new AgentManager({\n agentOptions: this.#options.agentOptions\n });\n } else {\n this.#agentManager = new AgentManager({});\n }\n }\n }\n\n get agentManager(): AgentManager | null {\n return this.#agentManager;\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string | null): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (access_token) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n GetResult = async <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void): Promise<T | null> => {\n const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken as string), this.options.timeout);\n if (this.#agentManager) {\n axiosConfig.withAgentManager(this.#agentManager)\n }\n if (requestData !== null) {\n axiosConfig.withData(requestData)\n }\n\n const data = await axios(axiosConfig.config as AxiosRequestConfig); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSLogger } from '@nsshunt/stsutils';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n super(options, logger);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get', null, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions, AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport class AuthUtilsNode\n{\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #logger: ISTSLogger\n #cookiejar: tough.CookieJar;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n #agentManager: AgentManager = new AgentManager({});\n\n constructor(logger: ISTSLogger) {\n this.#logger = logger;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n get agentManager(): AgentManager {\n return this.#agentManager;\n }\n\n ResetAgent = () => {\n this.#agentManager.ResetAgent();\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwks = jwksClient({\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n requestAgent: this.#agentManager.GetAgent(jwksClientUri) as any\n });\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const retVal = await axios(new STSAxiosConfig(url, 'post')\n .withDefaultHeaders()\n .withData(payload)\n .withAgentManager(this.#agentManager).config);\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","_logger","_agentManager","error"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAqIO,MAAM,MAAM;AAEN,MAAA,yBAAyB,OAAO,OAAO;AAAA,EAChD,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,aAAa;AAAA,EAAA;AAErB,CAAC;AC3IM,IAAI;AAAA,CACV,SAAUA,cAAa;AAMpB,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,EAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,EAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;ACpWpC,MAAA,SAAe,OAAO,UAAU,SAAS,KAAK,OAAO,YAAY,cAAc,UAAU,CAAC,MAAM;ACWzF,MAAe,gBAAgB;AAAA,EAKlC,YAAY,SAAqC,QAAoB;AAJrE;AACA;AACA,sCAAqC;AA2CrC;AAAA,2CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,aAAA;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ;AAEA,sCAAa,CAAC,iBAA4C;AACtD,YAAM,UAAsB;AAAA,QACxB,gBAAgB;AAAA,MACpB;AACA,UAAI,cAAc;AACN,gBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,MAAA;AAE9C,aAAA;AAAA,IACX;AAEA,qCAAY,OAAU,aAA4B,KAAa,QAAgB,aAAgC,YAA2D;AAChK,YAAA,cAAc,IAAI,eAAe,KAAK,QAAQ,KAAK,WAAW,WAAqB,GAAG,KAAK,QAAQ,OAAO;AAChH,UAAI,mBAAK,gBAAe;AACR,oBAAA,iBAAiB,mBAAK,cAAa;AAAA,MAAA;AAEnD,UAAI,gBAAgB,MAAM;AACtB,oBAAY,SAAS,WAAW;AAAA,MAAA;AAGpC,YAAM,OAAO,MAAM,MAAM,YAAY,MAA4B;AAI7D,UAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,cAAA,iBAAiB,KAAK,KAAK;AACjC,YAAI,gBAAgB;AACZ,cAAA;AACM,kBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,mBAAA;AAAA,mBACD,OAAO;AACb,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,mBAAA;AAAA,UAAA;AAAA,QACX,OACG;AACH,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,iBAAA;AAAA,QAAA;AAAA,MACX,OACG;AACH,cAAM,EAAE,QAAQ,OAAO,WAAW,KAAK;AACvC,gBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,eAAA;AAAA,MAAA;AAAA,IAEf;AA1FI,uBAAK,UAAW;AAChB,uBAAK,SAAW;AAEhB,SAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAE/F,QAAI,QAAQ;AACJ,UAAA,mBAAK,UAAS,cAAc;AACvB,2BAAA,eAAgB,IAAI,aAAa;AAAA,UAClC,cAAc,mBAAK,UAAS;AAAA,QAAA,CAC/B;AAAA,MAAA,OACE;AACH,2BAAK,eAAgB,IAAI,aAAa,EAAE;AAAA,MAAA;AAAA,IAC5C;AAAA,EACJ;AAAA,EAGJ,IAAI,eAAoC;AACpC,WAAO,mBAAK;AAAA,EAAA;AAAA,EAGhB,IAAI,UAAsC;AACtC,WAAO,mBAAK;AAAA,EAAA;AAAA;AAAA,EAIhB,gBAAgB,SAAc;AACrB,uBAAA,SAAQ,MAAM,OAAO;AAAA,EAAA;AAAA;AAAA,EAI9B,eAAe,SAAc;AACpB,uBAAA,SAAQ,KAAK,OAAO;AAAA,EAAA;AAAA;AAAA,EAI7B,gBAAgB,SAAc;AACrB,uBAAA,SAAQ,MAAM,OAAO;AAAA,EAAA;AAuDlC;AAhGI;AACA;AACA;ACPG,MAAM,uBAAuB,gBAAgB;AAAA,EAChD,YAAY,SAAqC,QAAoB;AACjE,UAAM,SAAS,MAAM;AAGzB,sCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,UAAA;AACA,eAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,OAAO,MAAM,OAAO;AAAA,eAE/I,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MAAA;AAAA,IAEf;AAEA,wCAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,UAAA;AACI,YAAA,CAAC,QAAQ,WAAW;AACpB,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,iBAAA;AAAA,QAAA;AAEX,eAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,SAAS,OAAO;AAAA,eAE5J,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MAAA;AAAA,IAEf;AAAA,EAzByB;AA0B7B;ACKO,MAAM,cACb;AAAA,EASI,YAAY,QAAoB;AAV7B;AAEH,+BAAuC,CAAE;AACzC,sCAAwB;AACxB,uBAAAC;AACA;AAEA;AAAA,qCAAe;AACf,uBAAAC,gBAA8B,IAAI,aAAa,EAAE;AAgBjD,sCAAa,MAAM;AACf,yBAAKA,gBAAc,WAAW;AAAA,IAClC;AAEA,0DAAiC,CAAC,YAAmC;AAE1D,aAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,YAAI,QAAQ,aAAa;AAErB,gBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,gBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,cAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE,iBAAA;AACL;AAAA,UAAA;AAGJ,gBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,gBAAM,sBAAsB,CAAE;AAC9B,mBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,kBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,gBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,kCAAoB,KAAK,UAAU;AAAA,YAAA;AAAA,UACvC;AAEA,cAAA,oBAAoB,SAAS,GAAG;AAChC,kBAAM,eAAe,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,gBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAA,CAAc;AACpG;AAAA,UAAA;AAGJ,cAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,+BAAA,QAAO,cAAc,IAAI;AAAA,cAC1B,QAAQ,CAAA;AAAA,YACZ;AAAA,UAAA;AAGJ,6BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,YAC3C,OAAO;AAAA,YACP,SAAS,WAAW,MAAM;AACtB,qBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,YAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,UACjC;AAAA,QAAA;AAEC,aAAA;AAAA,MACT;AAAA,IACJ;AA4CA;AAAA,2CAAkB,OAAO,SAA8B,aACvD;AACQ,UAAA,QAAQ,YAAY,GAAG;AAEvB,gBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,gBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAAA,CACjD;AAAA,MAAA,OACE;AAEH,cAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,2BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,MAAA;AAG3C,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAC9C;AAEA,6CAAoB,OAAO,aAC3B;AACW,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAC9C;AAEA,uCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,YAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc,KAC/D,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc;AAEnG,YAAM,OAAO,WAAW;AAAA,QACpB,OAAO;AAAA;AAAA,QACP,iBAAiB;AAAA;AAAA,QACjB,aAAa;AAAA;AAAA,QACb,WAAW;AAAA,QACX,uBAAuB;AAAA;AAAA,QACvB,SAAS;AAAA,QACT,SAAS;AAAA;AAAA;AAAA,QAET,cAAc,mBAAKA,gBAAc,SAAS,aAAa;AAAA,MAAA,CAC1D;AAGD,YAAM,sBAAsB,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,YAAM,MAAM,oBAAoB;AAEhC,YAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,YAAA,aAAa,IAAI,aAAa;AAEpC,YAAM,gBAAgB;AAAA,QAClB,QAAQ;AAAA;AAAA,QAER;AAAA;AAAA,QAEA,WAAY,CAAC,OAAO;AAAA;AAAA,MACxB;AAEA,aAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,IACtD;AAGA;AAAA,yCAAgB,CAAC,QAAgB;AAC7B,YAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,aAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,IAC9B;AAEA,+DAAsC,OAAO,SAAsD,YAAqD;AACpJ,YAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,0BAA0B;AAErG,UAAI,QAAQ;AAEN,YAAA,gBAAgB,CAAC,UAAiB;AACpC,8BAAK,8CAAL,WAAsB;AACtB,YAAI,sBAAsB;AACD,+BAAA,iBAAiB,MAAM,kCAAkC;AAAA;AAAA,YAC1E,KAAK;AAAA,UAAA,CACR;AAAA,QAAA;AAEL,gBAAQ,KAAK;AAAA,MACjB;AAEI,UAAA;AACQ,gBAAA;AACF,cAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,YAAI,SAAwB;AAC5B,YAAI,QAAsB;AAClB,gBAAA;AACR,iBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,gBAAA,IAAI,OAAO,CAAC;AAClB,cAAI,CAAC,QAAQ;AACA,qBAAA,KAAK,cAAc,CAAC;AAC7B,gBAAI,CAAC,QAAQ;AACT,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YAAA;AAAA,UACJ,OACG;AACG,kBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,gBAAI,CAAC,YAAY;AACb,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YAAA,OACG;AACH,kBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,wBAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,cAAA;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAEI,gBAAA;AACR,YAAI,OAAO;AACP,wBAAc,KAAK;AACZ,iBAAA;AAAA,QAAA;AAGH,gBAAA;AACR,cAAM,UAAU;AAAA;AAAA,UACZ,WAAW;AAAA;AAAA,UACX,eAAe;AAAA;AAAA;AAAA,UAEf;AAAA;AAAA;AAAA;AAAA,UAGA,YAAY;AAAA,QAChB;AACQ,gBAAA;AACR,cAAM,MAAO,WACP,GAAG,QAAQ,GAAG,SAAS,cAAc,WACrC,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc;AAEzE,gBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAE/D,cAAM,SAAS,MAAM,MAAM,IAAI,eAAe,KAAK,MAAM,EACpD,mBAAmB,EACnB,SAAS,OAAO,EAChB,iBAAiB,mBAAKA,eAAa,EAAE,MAAM;AAExC,gBAAA;AACR,YAAI,OAAO,QAAQ;AACX,cAAA,OAAO,WAAW,KAAK;AAEvB,kCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,UAAC;AAAA,QACxI,OACG;AACH,wBAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,iBAAA;AAAA,QAAA;AAEH,gBAAA;AACR,YAAI,OAAO,MAAM;AACL,kBAAA;AACJ,cAAA,OAAO,KAAK,cAAc;AAClB,oBAAA;AACR,gBAAI,sBAAsB;AACd,sBAAA;AACa,mCAAA,iBAAiB,MAAM,4BAA4B;AAAA,gBACpE,KAAK;AAAA,cAAA,CACR;AAAA,YAAA;AAGG,oBAAA;AACR,mBAAO,OAAO,KAAK;AAAA,UAAA,OAChB;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,mBAAA;AAAA,UAAA;AAAA,QACX,OACG;AACK,kBAAA;AACM,wBAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,iBAAA;AAAA,QAAA;AAAA,eAGN,OAAY;AACjB,YAAI,0BAA0B,MAAM;AAChC,kBAAQ,MAAM,KAAK;AAAA,QAAA;AAEvB,YAAI,UAAU;AACd,YAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,cAAA;AACA,sBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,mBAEvCC,QAAO;AACF,sBAAA;AAAA,UAAA;AAAA,QACd;AAEU,sBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,eAAA;AAAA,MAAA;AAAA,IAEf;AAjSI,uBAAKF,UAAU;AACV,uBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,EAAA;AAAA,EAQ1C,IAAI,eAA6B;AAC7B,WAAO,mBAAKC;AAAA,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqEhB,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS,SAAA;AAAA,EAAA;AAiNb;AA3SI;AACA;AACAD,WAAA;AACA;AAEA;AACAC,iBAAA;AARG;AAAA;AAgBH,8BAAiB,SAAc;AACtB,qBAAAD,UAAQ,MAAM,OAAO;AAAA;","x_google_ignoreList":[1,2]}
1
+ {"version":3,"file":"stsauthclient.mjs","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType, ISTSLogger, AgentManager } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string\n logger: ISTSLogger\n agentManager?: AgentManager\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","import { StatusCodes } from 'http-status-codes';\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { JSONObject, AgentManager, STSAxiosConfig } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n\n constructor(options: ISTSResourceManagerOptions) {\n this.#options = options;\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n }\n\n get agentManager(): AgentManager | null {\n if (this.#options.agentManager) {\n return this.#options.agentManager;\n } else {\n return null;\n }\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#options.logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#options.logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#options.logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string | null): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (access_token) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n GetResult = async <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void): Promise<T | null> => {\n const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken as string), this.options.timeout);\n if (this.#options.agentManager) {\n axiosConfig.withAgentManager(this.#options.agentManager)\n }\n if (requestData !== null) {\n axiosConfig.withData(requestData)\n }\n\n const data = await axios(axiosConfig.config as AxiosRequestConfig); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions) {\n super(options);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get', null, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject, AgentManager, STSAxiosConfig } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport interface IAuthUtilsNodeOptions {\n logger: ISTSLogger\n agentManager?: AgentManager\n}\n\nexport class AuthUtilsNode {\n #options: IAuthUtilsNodeOptions;\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #cookiejar: tough.CookieJar;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n\n constructor(options: IAuthUtilsNodeOptions) {\n this.#options = options;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#options.logger.debug(message);\n }\n\n get agentManager(): AgentManager | undefined {\n return this.#options.agentManager;\n }\n\n ResetAgent = () => {\n if (this.#options.agentManager) {\n this.#options.agentManager.ResetAgent();\n }\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwksClientOptions: jwksClient.Options = {\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n }\n if (this.#options.agentManager) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n jwksClientOptions.requestAgent = this.#options.agentManager.GetAgent(jwksClientUri) as any\n }\n\n const jwks = jwksClient(jwksClientOptions);\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const axiosConfig = new STSAxiosConfig(url, 'post')\n .withDefaultHeaders()\n .withData(payload);\n if (this.#options.agentManager) {\n axiosConfig.withAgentManager(this.#options.agentManager)\n }\n\n const retVal = await axios(axiosConfig.config);\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","_options","error"],"mappings":";;;;;;;;;;;;;;;;;;;;;AA+HO,MAAM,MAAM;AAEN,MAAA,yBAAyB,OAAO,OAAO;AAAA,EAChD,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,aAAa;AAAA,EAAA;AAErB,CAAC;ACrIM,IAAI;AAAA,CACV,SAAUA,cAAa;AAMpB,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,EAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,EAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;AC7V7B,MAAe,gBAAgB;AAAA,EAGlC,YAAY,SAAqC;AAFjD;AAmCA;AAAA,2CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,aAAA;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ;AAEA,sCAAa,CAAC,iBAA4C;AACtD,YAAM,UAAsB;AAAA,QACxB,gBAAgB;AAAA,MACpB;AACA,UAAI,cAAc;AACN,gBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,MAAA;AAE9C,aAAA;AAAA,IACX;AAEA,qCAAY,OAAU,aAA4B,KAAa,QAAgB,aAAgC,YAA2D;AAChK,YAAA,cAAc,IAAI,eAAe,KAAK,QAAQ,KAAK,WAAW,WAAqB,GAAG,KAAK,QAAQ,OAAO;AAC5G,UAAA,mBAAK,UAAS,cAAc;AAChB,oBAAA,iBAAiB,mBAAK,UAAS,YAAY;AAAA,MAAA;AAE3D,UAAI,gBAAgB,MAAM;AACtB,oBAAY,SAAS,WAAW;AAAA,MAAA;AAGpC,YAAM,OAAO,MAAM,MAAM,YAAY,MAA4B;AAI7D,UAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,cAAA,iBAAiB,KAAK,KAAK;AACjC,YAAI,gBAAgB;AACZ,cAAA;AACM,kBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,mBAAA;AAAA,mBACD,OAAO;AACb,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,mBAAA;AAAA,UAAA;AAAA,QACX,OACG;AACH,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,iBAAA;AAAA,QAAA;AAAA,MACX,OACG;AACH,cAAM,EAAE,QAAQ,OAAO,WAAW,KAAK;AACvC,gBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,eAAA;AAAA,MAAA;AAAA,IAEf;AAlFI,uBAAK,UAAW;AAChB,SAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAAA,EAAA;AAAA,EAGnG,IAAI,eAAoC;AAChC,QAAA,mBAAK,UAAS,cAAc;AAC5B,aAAO,mBAAK,UAAS;AAAA,IAAA,OAClB;AACI,aAAA;AAAA,IAAA;AAAA,EACX;AAAA,EAGJ,IAAI,UAAsC;AACtC,WAAO,mBAAK;AAAA,EAAA;AAAA;AAAA,EAIhB,gBAAgB,SAAc;AACrB,uBAAA,UAAS,OAAO,MAAM,OAAO;AAAA,EAAA;AAAA;AAAA,EAItC,eAAe,SAAc;AACpB,uBAAA,UAAS,OAAO,KAAK,OAAO;AAAA,EAAA;AAAA;AAAA,EAIrC,gBAAgB,SAAc;AACrB,uBAAA,UAAS,OAAO,MAAM,OAAO;AAAA,EAAA;AAuD1C;AAtFI;ACHG,MAAM,uBAAuB,gBAAgB;AAAA,EAChD,YAAY,SAAqC;AAC7C,UAAM,OAAO;AAGjB,sCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,UAAA;AACA,eAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,OAAO,MAAM,OAAO;AAAA,eAE/I,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MAAA;AAAA,IAEf;AAEA,wCAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,UAAA;AACI,YAAA,CAAC,QAAQ,WAAW;AACpB,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,iBAAA;AAAA,QAAA;AAEX,eAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,SAAS,OAAO;AAAA,eAE5J,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MAAA;AAAA,IAEf;AAAA,EAzBiB;AA0BrB;ACYO,MAAM,cAAc;AAAA,EAQvB,YAAY,SAAgC;AARzC;AACH,uBAAAC;AACA,+BAAuC,CAAE;AACzC,sCAAwB;AACxB;AAEA;AAAA,qCAAe;AAgBf,sCAAa,MAAM;AACX,UAAA,mBAAKA,WAAS,cAAc;AACvB,2BAAAA,WAAS,aAAa,WAAW;AAAA,MAAA;AAAA,IAE9C;AAEA,0DAAiC,CAAC,YAAmC;AAE1D,aAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,YAAI,QAAQ,aAAa;AAErB,gBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,gBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,cAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE,iBAAA;AACL;AAAA,UAAA;AAGJ,gBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,gBAAM,sBAAsB,CAAE;AAC9B,mBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,kBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,gBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,kCAAoB,KAAK,UAAU;AAAA,YAAA;AAAA,UACvC;AAEA,cAAA,oBAAoB,SAAS,GAAG;AAChC,kBAAM,eAAe,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,gBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAA,CAAc;AACpG;AAAA,UAAA;AAGJ,cAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,+BAAA,QAAO,cAAc,IAAI;AAAA,cAC1B,QAAQ,CAAA;AAAA,YACZ;AAAA,UAAA;AAGJ,6BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,YAC3C,OAAO;AAAA,YACP,SAAS,WAAW,MAAM;AACtB,qBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,YAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,UACjC;AAAA,QAAA;AAEC,aAAA;AAAA,MACT;AAAA,IACJ;AA4CA;AAAA,2CAAkB,OAAO,SAA8B,aACvD;AACQ,UAAA,QAAQ,YAAY,GAAG;AAEvB,gBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,gBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAAA,CACjD;AAAA,MAAA,OACE;AAEH,cAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,2BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,MAAA;AAG3C,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAC9C;AAEA,6CAAoB,OAAO,aAC3B;AACW,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAC9C;AAEA,uCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,YAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc,KAC/D,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc;AAEnG,YAAM,oBAAwC;AAAA,QAC1C,OAAO;AAAA;AAAA,QACP,iBAAiB;AAAA;AAAA,QACjB,aAAa;AAAA;AAAA,QACb,WAAW;AAAA,QACX,uBAAuB;AAAA;AAAA,QACvB,SAAS;AAAA,QACT,SAAS;AAAA;AAAA,MACb;AACI,UAAA,mBAAKA,WAAS,cAAc;AAE5B,0BAAkB,eAAe,mBAAKA,WAAS,aAAa,SAAS,aAAa;AAAA,MAAA;AAGhF,YAAA,OAAO,WAAW,iBAAiB;AAGzC,YAAM,sBAAsB,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,YAAM,MAAM,oBAAoB;AAEhC,YAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,YAAA,aAAa,IAAI,aAAa;AAEpC,YAAM,gBAAgB;AAAA,QAClB,QAAQ;AAAA;AAAA,QAER;AAAA;AAAA,QAEA,WAAY,CAAC,OAAO;AAAA;AAAA,MACxB;AAEA,aAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,IACtD;AAGA;AAAA,yCAAgB,CAAC,QAAgB;AAC7B,YAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,aAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,IAC9B;AAEA,+DAAsC,OAAO,SAAsD,YAAqD;AACpJ,YAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,0BAA0B;AAErG,UAAI,QAAQ;AAEN,YAAA,gBAAgB,CAAC,UAAiB;AACpC,8BAAK,8CAAL,WAAsB;AACtB,YAAI,sBAAsB;AACD,+BAAA,iBAAiB,MAAM,kCAAkC;AAAA;AAAA,YAC1E,KAAK;AAAA,UAAA,CACR;AAAA,QAAA;AAEL,gBAAQ,KAAK;AAAA,MACjB;AAEI,UAAA;AACQ,gBAAA;AACF,cAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,YAAI,SAAwB;AAC5B,YAAI,QAAsB;AAClB,gBAAA;AACR,iBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,gBAAA,IAAI,OAAO,CAAC;AAClB,cAAI,CAAC,QAAQ;AACA,qBAAA,KAAK,cAAc,CAAC;AAC7B,gBAAI,CAAC,QAAQ;AACT,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YAAA;AAAA,UACJ,OACG;AACG,kBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,gBAAI,CAAC,YAAY;AACb,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YAAA,OACG;AACH,kBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,wBAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,cAAA;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAEI,gBAAA;AACR,YAAI,OAAO;AACP,wBAAc,KAAK;AACZ,iBAAA;AAAA,QAAA;AAGH,gBAAA;AACR,cAAM,UAAU;AAAA;AAAA,UACZ,WAAW;AAAA;AAAA,UACX,eAAe;AAAA;AAAA;AAAA,UAEf;AAAA;AAAA;AAAA;AAAA,UAGA,YAAY;AAAA,QAChB;AACQ,gBAAA;AACR,cAAM,MAAO,WACP,GAAG,QAAQ,GAAG,SAAS,cAAc,WACrC,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc;AAEzE,gBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAEzD,cAAA,cAAc,IAAI,eAAe,KAAK,MAAM,EAC7C,mBAAA,EACA,SAAS,OAAO;AACjB,YAAA,mBAAKA,WAAS,cAAc;AAChB,sBAAA,iBAAiB,mBAAKA,WAAS,YAAY;AAAA,QAAA;AAG3D,cAAM,SAAS,MAAM,MAAM,YAAY,MAAM;AAErC,gBAAA;AACR,YAAI,OAAO,QAAQ;AACX,cAAA,OAAO,WAAW,KAAK;AAEvB,kCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,UAAC;AAAA,QACxI,OACG;AACH,wBAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,iBAAA;AAAA,QAAA;AAEH,gBAAA;AACR,YAAI,OAAO,MAAM;AACL,kBAAA;AACJ,cAAA,OAAO,KAAK,cAAc;AAClB,oBAAA;AACR,gBAAI,sBAAsB;AACd,sBAAA;AACa,mCAAA,iBAAiB,MAAM,4BAA4B;AAAA,gBACpE,KAAK;AAAA,cAAA,CACR;AAAA,YAAA;AAGG,oBAAA;AACR,mBAAO,OAAO,KAAK;AAAA,UAAA,OAChB;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,mBAAA;AAAA,UAAA;AAAA,QACX,OACG;AACK,kBAAA;AACM,wBAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,iBAAA;AAAA,QAAA;AAAA,eAGN,OAAY;AACjB,YAAI,0BAA0B,MAAM;AAChC,kBAAQ,MAAM,KAAK;AAAA,QAAA;AAEvB,YAAI,UAAU;AACd,YAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,cAAA;AACA,sBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,mBAEvCC,QAAO;AACF,sBAAA;AAAA,UAAA;AAAA,QACd;AAEU,sBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,eAAA;AAAA,MAAA;AAAA,IAEf;AA3SI,uBAAKD,WAAW;AACX,uBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,EAAA;AAAA,EAQ1C,IAAI,eAAyC;AACzC,WAAO,mBAAKA,WAAS;AAAA,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuEzB,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS,SAAA;AAAA,EAAA;AAyNb;AApTIA,YAAA;AACA;AACA;AACA;AAEA;AANG;AAAA;AAcH,8BAAiB,SAAc;AACtB,qBAAAA,WAAS,OAAO,MAAM,OAAO;AAAA;","x_google_ignoreList":[1]}
package/dist/stsauthclient.umd.js CHANGED
@@ -1,6 +1,6 @@
1
1
  (function(global, factory) {
2
- typeof exports === "object" && typeof module !== "undefined" ? factory(exports, require("axios"), require("@nsshunt/stsconfig"), require("tough-cookie"), require("jsonwebtoken"), require("jwt-decode"), require("jwks-rsa"), require("@nsshunt/stsutils"), require("chalk"), require("@nsshunt/stsobservability")) : typeof define === "function" && define.amd ? define(["exports", "axios", "@nsshunt/stsconfig", "tough-cookie", "jsonwebtoken", "jwt-decode", "jwks-rsa", "@nsshunt/stsutils", "chalk", "@nsshunt/stsobservability"], factory) : (global = typeof globalThis !== "undefined" ? globalThis : global || self, factory(global["@nsshunt/stsauthclient"] = {}, global.axios, global.stsconfig, global["tough-cookie"], global.jsonwebtoken, global["jwt-decode"], global["jwks-rsa"], global.stsutils, global.chalk, global.stsobservability));
3
- })(this, function(exports2, axios, stsconfig, tough, jwt, jwtDecode, jwksClient, stsutils, chalk, stsobservability) {
2
+ typeof exports === "object" && typeof module !== "undefined" ? factory(exports, require("axios"), require("@nsshunt/stsutils"), require("tough-cookie"), require("jsonwebtoken"), require("jwt-decode"), require("jwks-rsa"), require("@nsshunt/stsconfig"), require("chalk"), require("@nsshunt/stsobservability")) : typeof define === "function" && define.amd ? define(["exports", "axios", "@nsshunt/stsutils", "tough-cookie", "jsonwebtoken", "jwt-decode", "jwks-rsa", "@nsshunt/stsconfig", "chalk", "@nsshunt/stsobservability"], factory) : (global = typeof globalThis !== "undefined" ? globalThis : global || self, factory(global["@nsshunt/stsauthclient"] = {}, global.axios, global.stsutils, global["tough-cookie"], global.jsonwebtoken, global["jwt-decode"], global["jwks-rsa"], global.stsconfig, global.chalk, global.stsobservability));
3
+ })(this, function(exports2, axios, stsutils, tough, jwt, jwtDecode, jwksClient, stsconfig, chalk, stsobservability) {
4
4
  "use strict";var __defProp = Object.defineProperty;
5
5
  var __typeError = (msg) => {
6
6
  throw TypeError(msg);
@@ -13,7 +13,7 @@ var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot
13
13
  var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
14
14
  var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
15
15
 
16
- var _options, _logger, _agentManager, _cache, _cacheTimeout, _logger2, _cookiejar, _originRegex, _agentManager2, _AuthUtilsNode_instances, LogDebugMessage_fn;
16
+ var _options, _options2, _cache, _cacheTimeout, _cookiejar, _originRegex, _AuthUtilsNode_instances, LogDebugMessage_fn;
17
17
  const iss = `https://stscore.stsmda.org/oauth2/v2.0`;
18
18
  const STSAuthClientErrorCode = Object.freeze({
19
19
  STS_AC_MISSING_PERMISSION: {
@@ -82,12 +82,9 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
82
82
  StatusCodes2[StatusCodes2["INSUFFICIENT_STORAGE"] = 507] = "INSUFFICIENT_STORAGE";
83
83
  StatusCodes2[StatusCodes2["NETWORK_AUTHENTICATION_REQUIRED"] = 511] = "NETWORK_AUTHENTICATION_REQUIRED";
84
84
  })(StatusCodes || (StatusCodes = {}));
85
- const isNode = Object.prototype.toString.call(typeof process !== "undefined" ? process : 0) === "[object process]";
86
85
  class ResourceManager {
87
- constructor(options, logger) {
86
+ constructor(options) {
88
87
  __privateAdd(this, _options);
89
- __privateAdd(this, _logger);
90
- __privateAdd(this, _agentManager, null);
91
88
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
92
89
  __publicField(this, "GetErrorMessage", (status, error, detail) => {
93
90
  return {
@@ -106,9 +103,9 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
106
103
  return headers;
107
104
  });
108
105
  __publicField(this, "GetResult", async (accessToken, url, method, requestData, errorCb) => {
109
- const axiosConfig = new stsconfig.STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
110
- if (__privateGet(this, _agentManager)) {
111
- axiosConfig.withAgentManager(__privateGet(this, _agentManager));
106
+ const axiosConfig = new stsutils.STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
107
+ if (__privateGet(this, _options).agentManager) {
108
+ axiosConfig.withAgentManager(__privateGet(this, _options).agentManager);
112
109
  }
113
110
  if (requestData !== null) {
114
111
  axiosConfig.withData(requestData);
@@ -135,43 +132,35 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
135
132
  }
136
133
  });
137
134
  __privateSet(this, _options, options);
138
- __privateSet(this, _logger, logger);
139
135
  this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options))}]`);
140
- if (isNode) {
141
- if (__privateGet(this, _options).agentOptions) {
142
- __privateSet(this, _agentManager, new stsconfig.AgentManager({
143
- agentOptions: __privateGet(this, _options).agentOptions
144
- }));
145
- } else {
146
- __privateSet(this, _agentManager, new stsconfig.AgentManager({}));
147
- }
148
- }
149
136
  }
150
137
  get agentManager() {
151
- return __privateGet(this, _agentManager);
138
+ if (__privateGet(this, _options).agentManager) {
139
+ return __privateGet(this, _options).agentManager;
140
+ } else {
141
+ return null;
142
+ }
152
143
  }
153
144
  get options() {
154
145
  return __privateGet(this, _options);
155
146
  }
156
147
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
157
148
  LogDebugMessage(message) {
158
- __privateGet(this, _logger).debug(message);
149
+ __privateGet(this, _options).logger.debug(message);
159
150
  }
160
151
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
161
152
  LogInfoMessage(message) {
162
- __privateGet(this, _logger).info(message);
153
+ __privateGet(this, _options).logger.info(message);
163
154
  }
164
155
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
165
156
  LogErrorMessage(message) {
166
- __privateGet(this, _logger).error(message);
157
+ __privateGet(this, _options).logger.error(message);
167
158
  }
168
159
  }
169
160
  _options = new WeakMap();
170
- _logger = new WeakMap();
171
- _agentManager = new WeakMap();
172
161
  class SessionManager extends ResourceManager {
173
- constructor(options, logger) {
174
- super(options, logger);
162
+ constructor(options) {
163
+ super(options);
175
164
  __publicField(this, "GetSession", async (access_token, sessionId, errorCb) => {
176
165
  try {
177
166
  return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
@@ -195,17 +184,18 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
195
184
  }
196
185
  }
197
186
  class AuthUtilsNode {
198
- constructor(logger) {
187
+ constructor(options) {
199
188
  __privateAdd(this, _AuthUtilsNode_instances);
189
+ __privateAdd(this, _options2);
200
190
  __privateAdd(this, _cache, {});
201
191
  __privateAdd(this, _cacheTimeout, 1e3);
202
- __privateAdd(this, _logger2);
203
192
  __privateAdd(this, _cookiejar);
204
193
  // Regular expression to match the origin
205
194
  __privateAdd(this, _originRegex, /^(api:\/\/\w+)/);
206
- __privateAdd(this, _agentManager2, new stsconfig.AgentManager({}));
207
195
  __publicField(this, "ResetAgent", () => {
208
- __privateGet(this, _agentManager2).ResetAgent();
196
+ if (__privateGet(this, _options2).agentManager) {
197
+ __privateGet(this, _options2).agentManager.ResetAgent();
198
+ }
209
199
  });
210
200
  __publicField(this, "VerifyRequestMiddlewareFactory", (options) => {
211
201
  return async (req, res, next) => {
@@ -262,7 +252,7 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
262
252
  });
263
253
  __publicField(this, "ValidateJWT", async (token, audience, endpoint) => {
264
254
  const jwksClientUri = endpoint ? `${endpoint}${stsconfig.goptions.asoauthapiroot}${stsconfig.goptions.asjwksjsonpath}` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}${stsconfig.goptions.asjwksjsonpath}`;
265
- const jwks = jwksClient({
255
+ const jwksClientOptions = {
266
256
  cache: true,
267
257
  //@@ all config items
268
258
  cacheMaxEntries: 5,
@@ -273,11 +263,13 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
273
263
  jwksRequestsPerMinute: 10,
274
264
  // Default value
275
265
  jwksUri: jwksClientUri,
276
- timeout: 3e4,
266
+ timeout: 3e4
277
267
  //@@ config
278
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
279
- requestAgent: __privateGet(this, _agentManager2).GetAgent(jwksClientUri)
280
- });
268
+ };
269
+ if (__privateGet(this, _options2).agentManager) {
270
+ jwksClientOptions.requestAgent = __privateGet(this, _options2).agentManager.GetAgent(jwksClientUri);
271
+ }
272
+ const jwks = jwksClient(jwksClientOptions);
281
273
  const decodedRefreshToken = jwtDecode.jwtDecode(token, { header: true });
282
274
  const kid = decodedRefreshToken.kid;
283
275
  const key = await jwks.getSigningKey(kid);
@@ -359,7 +351,11 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
359
351
  stage = "6";
360
352
  const url = endPoint ? `${endPoint}${stsconfig.goptions.asoauthapiroot}/token` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}/token`;
361
353
  stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
362
- const retVal = await axios(new stsconfig.STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload).withAgentManager(__privateGet(this, _agentManager2)).config);
354
+ const axiosConfig = new stsutils.STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload);
355
+ if (__privateGet(this, _options2).agentManager) {
356
+ axiosConfig.withAgentManager(__privateGet(this, _options2).agentManager);
357
+ }
358
+ const retVal = await axios(axiosConfig.config);
363
359
  stage = "7";
364
360
  if (retVal.status) {
365
361
  if (retVal.status !== 200) {
@@ -408,11 +404,11 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
408
404
  return "";
409
405
  }
410
406
  });
411
- __privateSet(this, _logger2, logger);
407
+ __privateSet(this, _options2, options);
412
408
  __privateSet(this, _cookiejar, new tough.CookieJar());
413
409
  }
414
410
  get agentManager() {
415
- return __privateGet(this, _agentManager2);
411
+ return __privateGet(this, _options2).agentManager;
416
412
  }
417
413
  /*
418
414
  let cookies = await this.GetCookiesFromJar();
@@ -435,16 +431,15 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
435
431
  next();
436
432
  }
437
433
  }
434
+ _options2 = new WeakMap();
438
435
  _cache = new WeakMap();
439
436
  _cacheTimeout = new WeakMap();
440
- _logger2 = new WeakMap();
441
437
  _cookiejar = new WeakMap();
442
438
  _originRegex = new WeakMap();
443
- _agentManager2 = new WeakMap();
444
439
  _AuthUtilsNode_instances = new WeakSet();
445
440
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
446
441
  LogDebugMessage_fn = function(message) {
447
- __privateGet(this, _logger2).debug(message);
442
+ __privateGet(this, _options2).logger.debug(message);
448
443
  };
449
444
  exports2.AuthUtilsNode = AuthUtilsNode;
450
445
  exports2.STSAuthClientErrorCode = STSAuthClientErrorCode;
package/dist/stsauthclient.umd.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"stsauthclient.umd.js","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../node_modules/detect-node/index.esm.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string;\n\tagentOptions?: {\n\t\tkeepAlive: boolean\n\t\tmaxSockets: number\n\t\tmaxTotalSockets: number\n\t\tmaxFreeSockets: number\n timeout: number\n\t\trejectUnauthorized: boolean\n\t}\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","// Only Node.JS has a process variable that is of [[Class]] process\nexport default Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\n","import isNode from 'detect-node'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { ISTSLogger, JSONObject } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig';\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n #logger: ISTSLogger;\n #agentManager: AgentManager | null = null;\n\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n this.#options = options;\n this.#logger = logger;\n\t\t\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n\n if (isNode) {\n if (this.#options.agentOptions) {\n this.#agentManager = new AgentManager({\n agentOptions: this.#options.agentOptions\n });\n } else {\n this.#agentManager = new AgentManager({});\n }\n }\n }\n\n get agentManager(): AgentManager | null {\n return this.#agentManager;\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string | null): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (access_token) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n GetResult = async <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void): Promise<T | null> => {\n const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken as string), this.options.timeout);\n if (this.#agentManager) {\n axiosConfig.withAgentManager(this.#agentManager)\n }\n if (requestData !== null) {\n axiosConfig.withData(requestData)\n }\n\n const data = await axios(axiosConfig.config as AxiosRequestConfig); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSLogger } from '@nsshunt/stsutils';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n super(options, logger);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get', null, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions, AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport class AuthUtilsNode\n{\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #logger: ISTSLogger\n #cookiejar: tough.CookieJar;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n #agentManager: AgentManager = new AgentManager({});\n\n constructor(logger: ISTSLogger) {\n this.#logger = logger;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n get agentManager(): AgentManager {\n return this.#agentManager;\n }\n\n ResetAgent = () => {\n this.#agentManager.ResetAgent();\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwks = jwksClient({\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n requestAgent: this.#agentManager.GetAgent(jwksClientUri) as any\n });\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const retVal = await axios(new STSAxiosConfig(url, 'post')\n .withDefaultHeaders()\n .withData(payload)\n .withAgentManager(this.#agentManager).config);\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","STSAxiosConfig","AgentManager","_logger","_agentManager","GetErrorPayload","goptions","jwtDecode","Gauge","error"],"mappings":";;;;;;;;;;;;;;;;AAqIa,QAAA,MAAM;AAEN,QAAA,yBAAyB,OAAO,OAAO;AAAA,IAChD,2BAA2B;AAAA,MACvB,MAAM;AAAA,MACN,aAAa;AAAA,IAAA;AAAA,EAErB,CAAC;AC3IM,MAAI;AACX,GAAC,SAAUA,cAAa;AAMpB,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,IAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,IAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAAA,EACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;ACpWpC,QAAA,SAAe,OAAO,UAAU,SAAS,KAAK,OAAO,YAAY,cAAc,UAAU,CAAC,MAAM;AAAA,ECWzF,MAAe,gBAAgB;AAAA,IAKlC,YAAY,SAAqC,QAAoB;AAJrE;AACA;AACA,wCAAqC;AA2CrC;AAAA,6CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,eAAA;AAAA,UACH;AAAA,UACA;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAEA,wCAAa,CAAC,iBAA4C;AACtD,cAAM,UAAsB;AAAA,UACxB,gBAAgB;AAAA,QACpB;AACA,YAAI,cAAc;AACN,kBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,QAAA;AAE9C,eAAA;AAAA,MACX;AAEA,uCAAY,OAAU,aAA4B,KAAa,QAAgB,aAAgC,YAA2D;AAChK,cAAA,cAAc,IAAIC,yBAAe,KAAK,QAAQ,KAAK,WAAW,WAAqB,GAAG,KAAK,QAAQ,OAAO;AAChH,YAAI,mBAAK,gBAAe;AACR,sBAAA,iBAAiB,mBAAK,cAAa;AAAA,QAAA;AAEnD,YAAI,gBAAgB,MAAM;AACtB,sBAAY,SAAS,WAAW;AAAA,QAAA;AAGpC,cAAM,OAAO,MAAM,MAAM,YAAY,MAA4B;AAI7D,YAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,gBAAA,iBAAiB,KAAK,KAAK;AACjC,cAAI,gBAAgB;AACZ,gBAAA;AACM,oBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,qBAAA;AAAA,qBACD,OAAO;AACb,sBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,qBAAA;AAAA,YAAA;AAAA,UACX,OACG;AACH,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,mBAAA;AAAA,UAAA;AAAA,QACX,OACG;AACH,gBAAM,EAAE,QAAQ,OAAO,WAAW,KAAK;AACvC,kBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,iBAAA;AAAA,QAAA;AAAA,MAEf;AA1FI,yBAAK,UAAW;AAChB,yBAAK,SAAW;AAEhB,WAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAE/F,UAAI,QAAQ;AACJ,YAAA,mBAAK,UAAS,cAAc;AACvB,6BAAA,eAAgB,IAAIC,uBAAa;AAAA,YAClC,cAAc,mBAAK,UAAS;AAAA,UAAA,CAC/B;AAAA,QAAA,OACE;AACH,6BAAK,eAAgB,IAAIA,UAAa,aAAA,EAAE;AAAA,QAAA;AAAA,MAC5C;AAAA,IACJ;AAAA,IAGJ,IAAI,eAAoC;AACpC,aAAO,mBAAK;AAAA,IAAA;AAAA,IAGhB,IAAI,UAAsC;AACtC,aAAO,mBAAK;AAAA,IAAA;AAAA;AAAA,IAIhB,gBAAgB,SAAc;AACrB,yBAAA,SAAQ,MAAM,OAAO;AAAA,IAAA;AAAA;AAAA,IAI9B,eAAe,SAAc;AACpB,yBAAA,SAAQ,KAAK,OAAO;AAAA,IAAA;AAAA;AAAA,IAI7B,gBAAgB,SAAc;AACrB,yBAAA,SAAQ,MAAM,OAAO;AAAA,IAAA;AAAA,EAuDlC;AAhGI;AACA;AACA;AAAA,ECPG,MAAM,uBAAuB,gBAAgB;AAAA,IAChD,YAAY,SAAqC,QAAoB;AACjE,YAAM,SAAS,MAAM;AAGzB,wCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,YAAA;AACA,iBAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,OAAO,MAAM,OAAO;AAAA,iBAE/I,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QAAA;AAAA,MAEf;AAEA,0CAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,YAAA;AACI,cAAA,CAAC,QAAQ,WAAW;AACpB,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,mBAAA;AAAA,UAAA;AAEX,iBAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,SAAS,OAAO;AAAA,iBAE5J,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QAAA;AAAA,MAEf;AAAA,IAzByB;AAAA,EA0B7B;AAAA,ECKO,MAAM,cACb;AAAA,IASI,YAAY,QAAoB;AAV7B;AAEH,iCAAuC,CAAE;AACzC,wCAAwB;AACxB,yBAAAC;AACA;AAEA;AAAA,uCAAe;AACf,yBAAAC,gBAA8B,IAAIF,UAAa,aAAA,EAAE;AAgBjD,wCAAa,MAAM;AACf,2BAAKE,gBAAc,WAAW;AAAA,MAClC;AAEA,4DAAiC,CAAC,YAAmC;AAE1D,eAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,cAAI,QAAQ,aAAa;AAErB,kBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,kBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,gBAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE,mBAAA;AACL;AAAA,YAAA;AAGJ,kBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,kBAAM,sBAAsB,CAAE;AAC9B,qBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,oBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,kBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,oCAAoB,KAAK,UAAU;AAAA,cAAA;AAAA,YACvC;AAEA,gBAAA,oBAAoB,SAAS,GAAG;AAChC,oBAAM,eAAeC,SAAA,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,kBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAA,CAAc;AACpG;AAAA,YAAA;AAGJ,gBAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,iCAAA,QAAO,cAAc,IAAI;AAAA,gBAC1B,QAAQ,CAAA;AAAA,cACZ;AAAA,YAAA;AAGJ,+BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,cAC3C,OAAO;AAAA,cACP,SAAS,WAAW,MAAM;AACtB,uBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,cAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,YACjC;AAAA,UAAA;AAEC,eAAA;AAAA,QACT;AAAA,MACJ;AA4CA;AAAA,6CAAkB,OAAO,SAA8B,aACvD;AACQ,YAAA,QAAQ,YAAY,GAAG;AAEvB,kBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,kBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,+BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,UAAA,CACjD;AAAA,QAAA,OACE;AAEH,gBAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAAA;AAG3C,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAC9C;AAEA,+CAAoB,OAAO,aAC3B;AACW,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAC9C;AAEA,yCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,cAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAGC,UAAS,SAAA,cAAc,GAAGA,mBAAS,cAAc,KAC/D,GAAGA,UAAAA,SAAS,UAAU,IAAIA,UAAAA,SAAS,MAAM,GAAGA,UAAS,SAAA,cAAc,GAAGA,mBAAS,cAAc;AAEnG,cAAM,OAAO,WAAW;AAAA,UACpB,OAAO;AAAA;AAAA,UACP,iBAAiB;AAAA;AAAA,UACjB,aAAa;AAAA;AAAA,UACb,WAAW;AAAA,UACX,uBAAuB;AAAA;AAAA,UACvB,SAAS;AAAA,UACT,SAAS;AAAA;AAAA;AAAA,UAET,cAAc,mBAAKF,gBAAc,SAAS,aAAa;AAAA,QAAA,CAC1D;AAGD,cAAM,sBAAsBG,UAAAA,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,cAAM,MAAM,oBAAoB;AAEhC,cAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,cAAA,aAAa,IAAI,aAAa;AAEpC,cAAM,gBAAgB;AAAA,UAClB,QAAQ;AAAA;AAAA,UAER;AAAA;AAAA,UAEA,WAAY,CAAC,OAAO;AAAA;AAAA,QACxB;AAEA,eAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,MACtD;AAGA;AAAA,2CAAgB,CAAC,QAAgB;AAC7B,cAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,eAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,MAC9B;AAEA,iEAAsC,OAAO,SAAsD,YAAqD;AACpJ,cAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,0BAA0B;AAErG,YAAI,QAAQ;AAEN,cAAA,gBAAgB,CAAC,UAAiB;AACpC,gCAAK,8CAAL,WAAsB;AACtB,cAAI,sBAAsB;AACD,iCAAA,iBAAiBC,uBAAM,kCAAkC;AAAA;AAAA,cAC1E,KAAK;AAAA,YAAA,CACR;AAAA,UAAA;AAEL,kBAAQ,KAAK;AAAA,QACjB;AAEI,YAAA;AACQ,kBAAA;AACF,gBAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,cAAI,SAAwB;AAC5B,cAAI,QAAsB;AAClB,kBAAA;AACR,mBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,kBAAA,IAAI,OAAO,CAAC;AAClB,gBAAI,CAAC,QAAQ;AACA,uBAAA,KAAK,cAAc,CAAC;AAC7B,kBAAI,CAAC,QAAQ;AACT,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cAAA;AAAA,YACJ,OACG;AACG,oBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,kBAAI,CAAC,YAAY;AACb,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cAAA,OACG;AACH,oBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,0BAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,gBAAA;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEI,kBAAA;AACR,cAAI,OAAO;AACP,0BAAc,KAAK;AACZ,mBAAA;AAAA,UAAA;AAGH,kBAAA;AACR,gBAAM,UAAU;AAAA;AAAA,YACZ,WAAW;AAAA;AAAA,YACX,eAAe;AAAA;AAAA;AAAA,YAEf;AAAA;AAAA;AAAA;AAAA,YAGA,YAAY;AAAA,UAChB;AACQ,kBAAA;AACR,gBAAM,MAAO,WACP,GAAG,QAAQ,GAAGF,mBAAS,cAAc,WACrC,GAAGA,mBAAS,UAAU,IAAIA,UAAA,SAAS,MAAM,GAAGA,mBAAS,cAAc;AAEzE,kBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAE/D,gBAAM,SAAS,MAAM,MAAM,IAAIL,UAAAA,eAAe,KAAK,MAAM,EACpD,mBAAmB,EACnB,SAAS,OAAO,EAChB,iBAAiB,mBAAKG,eAAa,EAAE,MAAM;AAExC,kBAAA;AACR,cAAI,OAAO,QAAQ;AACX,gBAAA,OAAO,WAAW,KAAK;AAEvB,oCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,YAAC;AAAA,UACxI,OACG;AACH,0BAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,mBAAA;AAAA,UAAA;AAEH,kBAAA;AACR,cAAI,OAAO,MAAM;AACL,oBAAA;AACJ,gBAAA,OAAO,KAAK,cAAc;AAClB,sBAAA;AACR,kBAAI,sBAAsB;AACd,wBAAA;AACa,qCAAA,iBAAiBI,uBAAM,4BAA4B;AAAA,kBACpE,KAAK;AAAA,gBAAA,CACR;AAAA,cAAA;AAGG,sBAAA;AACR,qBAAO,OAAO,KAAK;AAAA,YAAA,OAChB;AACK,sBAAA;AACM,4BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,qBAAA;AAAA,YAAA;AAAA,UACX,OACG;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,mBAAA;AAAA,UAAA;AAAA,iBAGN,OAAY;AACjB,cAAI,0BAA0B,MAAM;AAChC,oBAAQ,MAAM,KAAK;AAAA,UAAA;AAEvB,cAAI,UAAU;AACd,cAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,gBAAA;AACA,wBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,qBAEvCC,QAAO;AACF,wBAAA;AAAA,YAAA;AAAA,UACd;AAEU,wBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,iBAAA;AAAA,QAAA;AAAA,MAEf;AAjSI,yBAAKN,UAAU;AACV,yBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,IAAA;AAAA,IAQ1C,IAAI,eAA6B;AAC7B,aAAO,mBAAKC;AAAA,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAqEhB,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS,WAAA;AAAA,IAAA;AAAA,EAiNb;AA3SI;AACA;AACA,EAAAD,WAAA;AACA;AAEA;AACA,EAAAC,iBAAA;AARG;AAgBH;AAAA,gCAAiB,SAAc;AACtB,uBAAAD,UAAQ,MAAM,OAAO;AAAA,EAAA;;;;;;;","x_google_ignoreList":[1,2]}
1
+ {"version":3,"file":"stsauthclient.umd.js","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType, ISTSLogger, AgentManager } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string\n logger: ISTSLogger\n agentManager?: AgentManager\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","import { StatusCodes } from 'http-status-codes';\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { JSONObject, AgentManager, STSAxiosConfig } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n\n constructor(options: ISTSResourceManagerOptions) {\n this.#options = options;\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n }\n\n get agentManager(): AgentManager | null {\n if (this.#options.agentManager) {\n return this.#options.agentManager;\n } else {\n return null;\n }\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#options.logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#options.logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#options.logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string | null): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (access_token) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n GetResult = async <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void): Promise<T | null> => {\n const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken as string), this.options.timeout);\n if (this.#options.agentManager) {\n axiosConfig.withAgentManager(this.#options.agentManager)\n }\n if (requestData !== null) {\n axiosConfig.withData(requestData)\n }\n\n const data = await axios(axiosConfig.config as AxiosRequestConfig); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions) {\n super(options);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get', null, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject, AgentManager, STSAxiosConfig } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport interface IAuthUtilsNodeOptions {\n logger: ISTSLogger\n agentManager?: AgentManager\n}\n\nexport class AuthUtilsNode {\n #options: IAuthUtilsNodeOptions;\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #cookiejar: tough.CookieJar;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n\n constructor(options: IAuthUtilsNodeOptions) {\n this.#options = options;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#options.logger.debug(message);\n }\n\n get agentManager(): AgentManager | undefined {\n return this.#options.agentManager;\n }\n\n ResetAgent = () => {\n if (this.#options.agentManager) {\n this.#options.agentManager.ResetAgent();\n }\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwksClientOptions: jwksClient.Options = {\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n }\n if (this.#options.agentManager) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n jwksClientOptions.requestAgent = this.#options.agentManager.GetAgent(jwksClientUri) as any\n }\n\n const jwks = jwksClient(jwksClientOptions);\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const axiosConfig = new STSAxiosConfig(url, 'post')\n .withDefaultHeaders()\n .withData(payload);\n if (this.#options.agentManager) {\n axiosConfig.withAgentManager(this.#options.agentManager)\n }\n\n const retVal = await axios(axiosConfig.config);\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","STSAxiosConfig","_options","GetErrorPayload","goptions","jwtDecode","Gauge","error"],"mappings":";;;;;;;;;;;;;;;;AA+Ha,QAAA,MAAM;AAEN,QAAA,yBAAyB,OAAO,OAAO;AAAA,IAChD,2BAA2B;AAAA,MACvB,MAAM;AAAA,MACN,aAAa;AAAA,IAAA;AAAA,EAErB,CAAC;ACrIM,MAAI;AACX,GAAC,SAAUA,cAAa;AAMpB,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,IAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,IAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAAA,EACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;AAAA,EC7V7B,MAAe,gBAAgB;AAAA,IAGlC,YAAY,SAAqC;AAFjD;AAmCA;AAAA,6CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,eAAA;AAAA,UACH;AAAA,UACA;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAEA,wCAAa,CAAC,iBAA4C;AACtD,cAAM,UAAsB;AAAA,UACxB,gBAAgB;AAAA,QACpB;AACA,YAAI,cAAc;AACN,kBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,QAAA;AAE9C,eAAA;AAAA,MACX;AAEA,uCAAY,OAAU,aAA4B,KAAa,QAAgB,aAAgC,YAA2D;AAChK,cAAA,cAAc,IAAIC,wBAAe,KAAK,QAAQ,KAAK,WAAW,WAAqB,GAAG,KAAK,QAAQ,OAAO;AAC5G,YAAA,mBAAK,UAAS,cAAc;AAChB,sBAAA,iBAAiB,mBAAK,UAAS,YAAY;AAAA,QAAA;AAE3D,YAAI,gBAAgB,MAAM;AACtB,sBAAY,SAAS,WAAW;AAAA,QAAA;AAGpC,cAAM,OAAO,MAAM,MAAM,YAAY,MAA4B;AAI7D,YAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,gBAAA,iBAAiB,KAAK,KAAK;AACjC,cAAI,gBAAgB;AACZ,gBAAA;AACM,oBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,qBAAA;AAAA,qBACD,OAAO;AACb,sBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,qBAAA;AAAA,YAAA;AAAA,UACX,OACG;AACH,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,mBAAA;AAAA,UAAA;AAAA,QACX,OACG;AACH,gBAAM,EAAE,QAAQ,OAAO,WAAW,KAAK;AACvC,kBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,iBAAA;AAAA,QAAA;AAAA,MAEf;AAlFI,yBAAK,UAAW;AAChB,WAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAAA,IAAA;AAAA,IAGnG,IAAI,eAAoC;AAChC,UAAA,mBAAK,UAAS,cAAc;AAC5B,eAAO,mBAAK,UAAS;AAAA,MAAA,OAClB;AACI,eAAA;AAAA,MAAA;AAAA,IACX;AAAA,IAGJ,IAAI,UAAsC;AACtC,aAAO,mBAAK;AAAA,IAAA;AAAA;AAAA,IAIhB,gBAAgB,SAAc;AACrB,yBAAA,UAAS,OAAO,MAAM,OAAO;AAAA,IAAA;AAAA;AAAA,IAItC,eAAe,SAAc;AACpB,yBAAA,UAAS,OAAO,KAAK,OAAO;AAAA,IAAA;AAAA;AAAA,IAIrC,gBAAgB,SAAc;AACrB,yBAAA,UAAS,OAAO,MAAM,OAAO;AAAA,IAAA;AAAA,EAuD1C;AAtFI;AAAA,ECHG,MAAM,uBAAuB,gBAAgB;AAAA,IAChD,YAAY,SAAqC;AAC7C,YAAM,OAAO;AAGjB,wCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,YAAA;AACA,iBAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,OAAO,MAAM,OAAO;AAAA,iBAE/I,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QAAA;AAAA,MAEf;AAEA,0CAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,YAAA;AACI,cAAA,CAAC,QAAQ,WAAW;AACpB,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,mBAAA;AAAA,UAAA;AAEX,iBAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,SAAS,OAAO;AAAA,iBAE5J,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QAAA;AAAA,MAEf;AAAA,IAzBiB;AAAA,EA0BrB;AAAA,ECYO,MAAM,cAAc;AAAA,IAQvB,YAAY,SAAgC;AARzC;AACH,yBAAAC;AACA,iCAAuC,CAAE;AACzC,wCAAwB;AACxB;AAEA;AAAA,uCAAe;AAgBf,wCAAa,MAAM;AACX,YAAA,mBAAKA,WAAS,cAAc;AACvB,6BAAAA,WAAS,aAAa,WAAW;AAAA,QAAA;AAAA,MAE9C;AAEA,4DAAiC,CAAC,YAAmC;AAE1D,eAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,cAAI,QAAQ,aAAa;AAErB,kBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,kBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,gBAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE,mBAAA;AACL;AAAA,YAAA;AAGJ,kBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,kBAAM,sBAAsB,CAAE;AAC9B,qBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,oBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,kBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,oCAAoB,KAAK,UAAU;AAAA,cAAA;AAAA,YACvC;AAEA,gBAAA,oBAAoB,SAAS,GAAG;AAChC,oBAAM,eAAeC,SAAA,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,kBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAA,CAAc;AACpG;AAAA,YAAA;AAGJ,gBAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,iCAAA,QAAO,cAAc,IAAI;AAAA,gBAC1B,QAAQ,CAAA;AAAA,cACZ;AAAA,YAAA;AAGJ,+BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,cAC3C,OAAO;AAAA,cACP,SAAS,WAAW,MAAM;AACtB,uBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,cAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,YACjC;AAAA,UAAA;AAEC,eAAA;AAAA,QACT;AAAA,MACJ;AA4CA;AAAA,6CAAkB,OAAO,SAA8B,aACvD;AACQ,YAAA,QAAQ,YAAY,GAAG;AAEvB,kBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,kBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,+BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,UAAA,CACjD;AAAA,QAAA,OACE;AAEH,gBAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAAA;AAG3C,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAC9C;AAEA,+CAAoB,OAAO,aAC3B;AACW,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAC9C;AAEA,yCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,cAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAGC,UAAS,SAAA,cAAc,GAAGA,mBAAS,cAAc,KAC/D,GAAGA,UAAAA,SAAS,UAAU,IAAIA,UAAAA,SAAS,MAAM,GAAGA,UAAS,SAAA,cAAc,GAAGA,mBAAS,cAAc;AAEnG,cAAM,oBAAwC;AAAA,UAC1C,OAAO;AAAA;AAAA,UACP,iBAAiB;AAAA;AAAA,UACjB,aAAa;AAAA;AAAA,UACb,WAAW;AAAA,UACX,uBAAuB;AAAA;AAAA,UACvB,SAAS;AAAA,UACT,SAAS;AAAA;AAAA,QACb;AACI,YAAA,mBAAKF,WAAS,cAAc;AAE5B,4BAAkB,eAAe,mBAAKA,WAAS,aAAa,SAAS,aAAa;AAAA,QAAA;AAGhF,cAAA,OAAO,WAAW,iBAAiB;AAGzC,cAAM,sBAAsBG,UAAAA,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,cAAM,MAAM,oBAAoB;AAEhC,cAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,cAAA,aAAa,IAAI,aAAa;AAEpC,cAAM,gBAAgB;AAAA,UAClB,QAAQ;AAAA;AAAA,UAER;AAAA;AAAA,UAEA,WAAY,CAAC,OAAO;AAAA;AAAA,QACxB;AAEA,eAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,MACtD;AAGA;AAAA,2CAAgB,CAAC,QAAgB;AAC7B,cAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,eAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,MAC9B;AAEA,iEAAsC,OAAO,SAAsD,YAAqD;AACpJ,cAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,0BAA0B;AAErG,YAAI,QAAQ;AAEN,cAAA,gBAAgB,CAAC,UAAiB;AACpC,gCAAK,8CAAL,WAAsB;AACtB,cAAI,sBAAsB;AACD,iCAAA,iBAAiBC,uBAAM,kCAAkC;AAAA;AAAA,cAC1E,KAAK;AAAA,YAAA,CACR;AAAA,UAAA;AAEL,kBAAQ,KAAK;AAAA,QACjB;AAEI,YAAA;AACQ,kBAAA;AACF,gBAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,cAAI,SAAwB;AAC5B,cAAI,QAAsB;AAClB,kBAAA;AACR,mBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,kBAAA,IAAI,OAAO,CAAC;AAClB,gBAAI,CAAC,QAAQ;AACA,uBAAA,KAAK,cAAc,CAAC;AAC7B,kBAAI,CAAC,QAAQ;AACT,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cAAA;AAAA,YACJ,OACG;AACG,oBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,kBAAI,CAAC,YAAY;AACb,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cAAA,OACG;AACH,oBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,0BAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,gBAAA;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEI,kBAAA;AACR,cAAI,OAAO;AACP,0BAAc,KAAK;AACZ,mBAAA;AAAA,UAAA;AAGH,kBAAA;AACR,gBAAM,UAAU;AAAA;AAAA,YACZ,WAAW;AAAA;AAAA,YACX,eAAe;AAAA;AAAA;AAAA,YAEf;AAAA;AAAA;AAAA;AAAA,YAGA,YAAY;AAAA,UAChB;AACQ,kBAAA;AACR,gBAAM,MAAO,WACP,GAAG,QAAQ,GAAGF,mBAAS,cAAc,WACrC,GAAGA,mBAAS,UAAU,IAAIA,UAAA,SAAS,MAAM,GAAGA,mBAAS,cAAc;AAEzE,kBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAEzD,gBAAA,cAAc,IAAIH,SAAAA,eAAe,KAAK,MAAM,EAC7C,mBAAA,EACA,SAAS,OAAO;AACjB,cAAA,mBAAKC,WAAS,cAAc;AAChB,wBAAA,iBAAiB,mBAAKA,WAAS,YAAY;AAAA,UAAA;AAG3D,gBAAM,SAAS,MAAM,MAAM,YAAY,MAAM;AAErC,kBAAA;AACR,cAAI,OAAO,QAAQ;AACX,gBAAA,OAAO,WAAW,KAAK;AAEvB,oCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,YAAC;AAAA,UACxI,OACG;AACH,0BAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,mBAAA;AAAA,UAAA;AAEH,kBAAA;AACR,cAAI,OAAO,MAAM;AACL,oBAAA;AACJ,gBAAA,OAAO,KAAK,cAAc;AAClB,sBAAA;AACR,kBAAI,sBAAsB;AACd,wBAAA;AACa,qCAAA,iBAAiBI,uBAAM,4BAA4B;AAAA,kBACpE,KAAK;AAAA,gBAAA,CACR;AAAA,cAAA;AAGG,sBAAA;AACR,qBAAO,OAAO,KAAK;AAAA,YAAA,OAChB;AACK,sBAAA;AACM,4BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,qBAAA;AAAA,YAAA;AAAA,UACX,OACG;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,mBAAA;AAAA,UAAA;AAAA,iBAGN,OAAY;AACjB,cAAI,0BAA0B,MAAM;AAChC,oBAAQ,MAAM,KAAK;AAAA,UAAA;AAEvB,cAAI,UAAU;AACd,cAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,gBAAA;AACA,wBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,qBAEvCC,QAAO;AACF,wBAAA;AAAA,YAAA;AAAA,UACd;AAEU,wBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,iBAAA;AAAA,QAAA;AAAA,MAEf;AA3SI,yBAAKL,WAAW;AACX,yBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,IAAA;AAAA,IAQ1C,IAAI,eAAyC;AACzC,aAAO,mBAAKA,WAAS;AAAA,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAuEzB,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS,WAAA;AAAA,IAAA;AAAA,EAyNb;AApTI,EAAAA,YAAA;AACA;AACA;AACA;AAEA;AANG;AAcH;AAAA,gCAAiB,SAAc;AACtB,uBAAAA,WAAS,OAAO,MAAM,OAAO;AAAA,EAAA;;;;;;;","x_google_ignoreList":[1]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nsshunt/stsauthclient",
3
- "version": "1.0.20",
3
+ "version": "1.0.22",
4
4
  "description": "",
5
5
  "main": "./dist/stsauthclient.umd.js",
6
6
  "module": "./dist/stsauthclient.mjs",
@@ -41,23 +41,21 @@
41
41
  "@eslint/eslintrc": "^3.2.0",
42
42
  "@eslint/js": "^9.15.0",
43
43
  "@tsconfig/node20": "^20.1.4",
44
- "@types/detect-node": "^2.0.2",
45
44
  "@types/jsonwebtoken": "^9.0.7",
46
- "@typescript-eslint/eslint-plugin": "^8.14.0",
47
- "@typescript-eslint/parser": "^8.14.0",
45
+ "@typescript-eslint/eslint-plugin": "^8.16.0",
46
+ "@typescript-eslint/parser": "^8.16.0",
48
47
  "eslint": "^9.15.0",
49
48
  "globals": "^15.12.0",
50
- "typescript": "^5.6.3",
49
+ "typescript": "^5.7.2",
51
50
  "vite": "^5.4.11",
52
- "vitest": "^2.1.5"
51
+ "vitest": "^2.1.6"
53
52
  },
54
53
  "dependencies": {
55
- "@nsshunt/stsconfig": "^1.27.2",
56
- "@nsshunt/stsobservability": "^1.0.89",
57
- "@nsshunt/stsutils": "^1.19.7",
58
- "axios": "^1.7.7",
54
+ "@nsshunt/stsconfig": "^1.27.6",
55
+ "@nsshunt/stsobservability": "^1.0.90",
56
+ "@nsshunt/stsutils": "^1.19.8",
57
+ "axios": "^1.7.8",
59
58
  "chalk": "^4.1.2",
60
- "detect-node": "^2.1.0",
61
59
  "http-status-codes": "^2.3.0",
62
60
  "jsonwebtoken": "^9.0.2",
63
61
  "jwks-rsa": "^3.1.0",
package/types/authManager.d.ts CHANGED
@@ -1,8 +1,7 @@
1
- import { ISTSLogger } from '@nsshunt/stsutils';
2
1
  import { ISTSError, ISTSResourceManagerOptions, ISTSLoginQueryParams, ISTSAuthPayload, ISTSLogoutPayload } from './commonTypes';
3
2
  import { ResourceManager } from './resourceManager';
4
3
  export declare class AuthManager extends ResourceManager {
5
- constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger);
4
+ constructor(options: ISTSResourceManagerOptions);
6
5
  Logout: (sessionId: string, errorCb: (error: ISTSError) => void) => Promise<ISTSLogoutPayload | null>;
7
6
  Login: (loginDetails: ISTSLoginQueryParams, errorCb: (error: ISTSError) => void) => Promise<ISTSAuthPayload | null>;
8
7
  }
package/types/authManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authManager.d.ts","sourceRoot":"","sources":["../src/authManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAE/H,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,WAAY,SAAQ,eAAe;gBAChC,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAInE,MAAM,cAAqB,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAQzG;IAED,KAAK,iBAAwB,oBAAoB,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAevH;CACJ"}
1
+ {"version":3,"file":"authManager.d.ts","sourceRoot":"","sources":["../src/authManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAE/H,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,WAAY,SAAQ,eAAe;gBAChC,OAAO,EAAE,0BAA0B;IAI/C,MAAM,cAAqB,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAQzG;IAED,KAAK,iBAAwB,oBAAoB,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAevH;CACJ"}
package/types/authutilsnode.d.ts CHANGED
@@ -1,6 +1,5 @@
1
1
  import tough from 'tough-cookie';
2
- import { AgentManager } from '@nsshunt/stsconfig';
3
- import { ISTSLogger } from '@nsshunt/stsutils';
2
+ import { ISTSLogger, AgentManager } from '@nsshunt/stsutils';
4
3
  import { PublishInstrumentController } from '@nsshunt/stsobservability';
5
4
  export interface IAuthUtilsNodeOptions {
6
5
  permissions: string[];
@@ -13,10 +12,14 @@ export interface IGetAPITokenFromAuthServerUsingScopeOptions {
13
12
  instrumentController?: PublishInstrumentController;
14
13
  outputErrorsToConsole?: boolean;
15
14
  }
15
+ export interface IAuthUtilsNodeOptions {
16
+ logger: ISTSLogger;
17
+ agentManager?: AgentManager;
18
+ }
16
19
  export declare class AuthUtilsNode {
17
20
  #private;
18
- constructor(logger: ISTSLogger);
19
- get agentManager(): AgentManager;
21
+ constructor(options: IAuthUtilsNodeOptions);
22
+ get agentManager(): AgentManager | undefined;
20
23
  ResetAgent: () => void;
21
24
  VerifyRequestMiddlewareFactory: (options: IAuthUtilsNodeOptions) => (req: any, res: any, next: any) => Promise<void>;
22
25
  verifyRequestMiddleware(req: any, res: any, next: any): Promise<void>;
package/types/authutilsnode.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authutilsnode.d.ts","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,cAAc,CAAC;AAOjC,OAAO,EAAY,YAAY,EAAkB,MAAM,oBAAoB,CAAA;AAE3E,OAAO,EAAmB,UAAU,EAAc,MAAM,mBAAmB,CAAA;AAM3E,OAAO,EAAS,2BAA2B,EAAE,MAAM,2BAA2B,CAAA;AAI9E,MAAM,WAAW,qBAAqB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,2CAA2C;IACxD,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,oBAAoB,CAAC,EAAE,2BAA2B,CAAA;IAClD,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAClC;AAWD,qBAAa,aAAa;;gBAUV,MAAM,EAAE,UAAU;IAU9B,IAAI,YAAY,IAAI,YAAY,CAE/B;IAED,UAAU,aAET;IAED,8BAA8B,YAAa,qBAAqB,WAEzC,GAAG,OAAO,GAAG,QAAQ,GAAG,mBAyC9C;IAmBK,uBAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IAyB3D,eAAe,YAAmB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,YAAY,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAgB/F;IAEF,iBAAiB,aAAoB,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAGnE;IAEF,WAAW,UAAiB,MAAM,YAAY,MAAM,aAAa,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,CAiCxF;IAGD,aAAa,QAAS,MAAM,mBAG3B;IAED,mCAAmC,YAAmB,2CAA2C,WAAW,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,KAAG,OAAO,CAAC,MAAM,CAAC,CAyHnJ;CACJ"}
1
+ {"version":3,"file":"authutilsnode.d.ts","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,cAAc,CAAC;AASjC,OAAO,EAAmB,UAAU,EAAc,YAAY,EAAkB,MAAM,mBAAmB,CAAA;AAMzG,OAAO,EAAS,2BAA2B,EAAE,MAAM,2BAA2B,CAAA;AAI9E,MAAM,WAAW,qBAAqB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,2CAA2C;IACxD,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,oBAAoB,CAAC,EAAE,2BAA2B,CAAA;IAClD,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAClC;AAWD,MAAM,WAAW,qBAAqB;IAClC,MAAM,EAAE,UAAU,CAAA;IAClB,YAAY,CAAC,EAAE,YAAY,CAAA;CAC9B;AAED,qBAAa,aAAa;;gBAQV,OAAO,EAAE,qBAAqB;IAU1C,IAAI,YAAY,IAAI,YAAY,GAAG,SAAS,CAE3C;IAED,UAAU,aAIT;IAED,8BAA8B,YAAa,qBAAqB,WAEzC,GAAG,OAAO,GAAG,QAAQ,GAAG,mBAyC9C;IAmBK,uBAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IAyB3D,eAAe,YAAmB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,YAAY,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAgB/F;IAEF,iBAAiB,aAAoB,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAGnE;IAEF,WAAW,UAAiB,MAAM,YAAY,MAAM,aAAa,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,CAqCxF;IAGD,aAAa,QAAS,MAAM,mBAG3B;IAED,mCAAmC,YAAmB,2CAA2C,WAAW,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,KAAG,OAAO,CAAC,MAAM,CAAC,CA6HnJ;CACJ"}
package/types/commonTypes.d.ts CHANGED
@@ -1,16 +1,10 @@
1
1
  import { StatusCodes } from 'http-status-codes';
2
- import { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';
2
+ import { OIDCStandardClaim, OAuth2ParameterType, ISTSLogger, AgentManager } from '@nsshunt/stsutils';
3
3
  export interface ISTSResourceManagerOptions {
4
4
  timeout: number;
5
5
  asendpoint: string;
6
- agentOptions?: {
7
- keepAlive: boolean;
8
- maxSockets: number;
9
- maxTotalSockets: number;
10
- maxFreeSockets: number;
11
- timeout: number;
12
- rejectUnauthorized: boolean;
13
- };
6
+ logger: ISTSLogger;
7
+ agentManager?: AgentManager;
14
8
  }
15
9
  export interface ISTSAuthPayload {
16
10
  sessionId: string;
package/types/commonTypes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"commonTypes.d.ts","sourceRoot":"","sources":["../src/commonTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAE3E,MAAM,WAAW,0BAA0B;IAC1C,OAAO,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE;QACd,SAAS,EAAE,OAAO,CAAA;QAClB,UAAU,EAAE,MAAM,CAAA;QAClB,eAAe,EAAE,MAAM,CAAA;QACvB,cAAc,EAAE,MAAM,CAAA;QAChB,OAAO,EAAE,MAAM,CAAA;QACrB,kBAAkB,EAAE,OAAO,CAAA;KAC3B,CAAA;CACD;AAED,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,6BAA6B,EAAE,MAAM,EAAE,CAAC;IACxC,4BAA4B,EAAE,MAAM,EAAE,CAAC;IACvC,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,iBAAiB;IACjC,SAAS,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,WAAW;IACxB,OAAO,EAAE,MAAM,EAAE,CAAA;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,QAAQ,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,mBAAmB;IAChC,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,6BAA6B,EAAE,MAAM,EAAE,CAAA;IACvC,4BAA4B,EAAE,MAAM,EAAE,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,iBAAiB,EAAE,MAAM,CAAA;IACzB,sBAAsB,EAAE,MAAM,CAAA;IAC9B,MAAM,EAAE,MAAM,CAAA;IAGd,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,EAAE,MAAM,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IAEb,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB,YAAY,CAAC,EAAE,gBAAgB,CAAA;CAClC;AAED,MAAM,WAAW,oBAAoB;IACjC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IACvC,KAAK,EAAE,MAAM,CAAA;IACb,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC3C,CAAC,mBAAmB,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;IAC1C,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC3C,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACnC,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACnC,cAAc,EAAE,MAAM,CAAA;IACtB,qBAAqB,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,QAAQ;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,EAAE,CAAA;CAClB;AAED,MAAM,WAAW,6BAA6B;IAC1C,SAAS,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,UAAU;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IAEZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IAEZ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IAChC,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAElC,WAAW,EAAE,MAAM,CAAA;IAEnB,cAAc,EAAE,GAAG,CAAA;IAEnB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAA;CACrC;AAED,MAAM,WAAW,cAAc,CAAC,CAAC;IAC7B,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,KAAK,CAAC;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IAEd,MAAM,EAAE,GAAG,CAAC;CACf;AAED,eAAO,MAAM,GAAG,2CAA2C,CAAC;AAE5D,eAAO,MAAM,sBAAsB;;;;;EAKjC,CAAC"}
1
+ {"version":3,"file":"commonTypes.d.ts","sourceRoot":"","sources":["../src/commonTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAErG,MAAM,WAAW,0BAA0B;IAC1C,OAAO,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,UAAU,CAAA;IAClB,YAAY,CAAC,EAAE,YAAY,CAAA;CAC9B;AAED,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,6BAA6B,EAAE,MAAM,EAAE,CAAC;IACxC,4BAA4B,EAAE,MAAM,EAAE,CAAC;IACvC,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,iBAAiB;IACjC,SAAS,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,WAAW;IACxB,OAAO,EAAE,MAAM,EAAE,CAAA;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,QAAQ,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,mBAAmB;IAChC,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,6BAA6B,EAAE,MAAM,EAAE,CAAA;IACvC,4BAA4B,EAAE,MAAM,EAAE,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,iBAAiB,EAAE,MAAM,CAAA;IACzB,sBAAsB,EAAE,MAAM,CAAA;IAC9B,MAAM,EAAE,MAAM,CAAA;IAGd,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,EAAE,MAAM,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IAEb,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB,YAAY,CAAC,EAAE,gBAAgB,CAAA;CAClC;AAED,MAAM,WAAW,oBAAoB;IACjC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IACvC,KAAK,EAAE,MAAM,CAAA;IACb,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC3C,CAAC,mBAAmB,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;IAC1C,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC3C,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACnC,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACnC,cAAc,EAAE,MAAM,CAAA;IACtB,qBAAqB,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,QAAQ;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,EAAE,CAAA;CAClB;AAED,MAAM,WAAW,6BAA6B;IAC1C,SAAS,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,UAAU;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IAEZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IAEZ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IAChC,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAElC,WAAW,EAAE,MAAM,CAAA;IAEnB,cAAc,EAAE,GAAG,CAAA;IAEnB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAA;CACrC;AAED,MAAM,WAAW,cAAc,CAAC,CAAC;IAC7B,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,KAAK,CAAC;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IAEd,MAAM,EAAE,GAAG,CAAC;CACf;AAED,eAAO,MAAM,GAAG,2CAA2C,CAAC;AAE5D,eAAO,MAAM,sBAAsB;;;;;EAKjC,CAAC"}
package/types/resourceManager.d.ts CHANGED
@@ -1,10 +1,9 @@
1
1
  import { StatusCodes } from 'http-status-codes';
2
- import { ISTSLogger, JSONObject } from '@nsshunt/stsutils';
2
+ import { JSONObject, AgentManager } from '@nsshunt/stsutils';
3
3
  import { ISTSError, ISTSResourceManagerOptions } from './commonTypes';
4
- import { AgentManager } from '@nsshunt/stsconfig';
5
4
  export declare abstract class ResourceManager {
6
5
  #private;
7
- constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger);
6
+ constructor(options: ISTSResourceManagerOptions);
8
7
  get agentManager(): AgentManager | null;
9
8
  get options(): ISTSResourceManagerOptions;
10
9
  LogDebugMessage(message: any): void;
package/types/resourceManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"resourceManager.d.ts","sourceRoot":"","sources":["../src/resourceManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIhD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAErE,OAAO,EAAE,YAAY,EAAkB,MAAM,oBAAoB,CAAC;AAElE,8BAAsB,eAAe;;gBAKrB,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAiBnE,IAAI,YAAY,IAAI,YAAY,GAAG,IAAI,CAEtC;IAED,IAAI,OAAO,IAAI,0BAA0B,CAExC;IAGD,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,cAAc,CAAC,OAAO,EAAE,GAAG;IAK3B,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,eAAe,WAAY,WAAW,SAAS,MAAM,UAAU,GAAG,KAAG,SAAS,CAM7E;IAED,UAAU,iBAAkB,MAAM,GAAG,IAAI,KAAG,UAAU,CAQrD;IAED,SAAS,GAAU,CAAC,eAAe,MAAM,GAAG,IAAI,OAAO,MAAM,UAAU,MAAM,eAAe,UAAU,GAAG,IAAI,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAgCrK;CACJ"}
1
+ {"version":3,"file":"resourceManager.d.ts","sourceRoot":"","sources":["../src/resourceManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIhD,OAAO,EAAE,UAAU,EAAE,YAAY,EAAkB,MAAM,mBAAmB,CAAC;AAE7E,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAErE,8BAAsB,eAAe;;gBAGrB,OAAO,EAAE,0BAA0B;IAK/C,IAAI,YAAY,IAAI,YAAY,GAAG,IAAI,CAMtC;IAED,IAAI,OAAO,IAAI,0BAA0B,CAExC;IAGD,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,cAAc,CAAC,OAAO,EAAE,GAAG;IAK3B,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,eAAe,WAAY,WAAW,SAAS,MAAM,UAAU,GAAG,KAAG,SAAS,CAM7E;IAED,UAAU,iBAAkB,MAAM,GAAG,IAAI,KAAG,UAAU,CAQrD;IAED,SAAS,GAAU,CAAC,eAAe,MAAM,GAAG,IAAI,OAAO,MAAM,UAAU,MAAM,eAAe,UAAU,GAAG,IAAI,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAgCrK;CACJ"}
package/types/sessionManager.d.ts CHANGED
@@ -1,8 +1,7 @@
1
- import { ISTSLogger } from '@nsshunt/stsutils';
2
1
  import { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes';
3
2
  import { ResourceManager } from './resourceManager';
4
3
  export declare class SessionManager extends ResourceManager {
5
- constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger);
4
+ constructor(options: ISTSResourceManagerOptions);
6
5
  GetSession: (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void) => Promise<ISTSSessionResource | null>;
7
6
  PatchSession: (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void) => Promise<ISTSSessionResource | null>;
8
7
  }
package/types/sessionManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sessionManager.d.ts","sourceRoot":"","sources":["../src/sessionManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAE1F,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,cAAe,SAAQ,eAAe;gBACnC,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAInE,UAAU,iBAAwB,MAAM,aAAa,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAQrI;IAED,YAAY,iBAAwB,MAAM,WAAW,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAY3J;CACJ"}
1
+ {"version":3,"file":"sessionManager.d.ts","sourceRoot":"","sources":["../src/sessionManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAE1F,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,cAAe,SAAQ,eAAe;gBACnC,OAAO,EAAE,0BAA0B;IAI/C,UAAU,iBAAwB,MAAM,aAAa,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAQrI;IAED,YAAY,iBAAwB,MAAM,WAAW,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAY3J;CACJ"}