@nsshunt/stsoauth2plugin 0.1.35 → 0.1.38

package/src/stsoauth2types.ts

@@ -1,111 +0,0 @@
-export enum AuthorizeOptionsResponseType {
-	CODE = 'code',
-	ID_TOKEN = 'id_token',
-	TOKEN = 'token'
-}
-
-export enum AuthorizeOptionsResponseMode {
-	QUERY = 'query',
-	FRAGMENT = 'fragment',
-	FORM_POST = 'form_post'
-}
-
-// https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
-export interface IAuthorizeOptions {
-	client_id: string,
-	nonce: string,
-	response_type: AuthorizeOptionsResponseType[], // Must include: 'code' and may include: 'id_token' and/or 'token'
-	redirect_uri: string,
-	response_mode: AuthorizeOptionsResponseMode
-	scope: string, // A space-separated list of scopes that you want the user to consent to. For the /authorize leg of the request, this parameter can cover multiple resources. This value allows your app to get consent for multiple web APIs you want to call.
-	state: string, // Client application state (if required)
-	code_challenge: string,
-	code_challenge_method: string, //@@ enum S256
-	code_verifier?: string
-}
-
-export interface IAuthorizeResponse {
-	state: string, // state passed to authorize end-point
-	code: string // authorization code
-}
-
-export interface IAuthorizeErrorResponse {
-	error: string, 
-	error_description: string 
-}
-
-export enum OAuthGrantTypes {
-	CLIENT_CREDENTIALS = 'client_credentials',
-	AUTHORIZATION_CODE = 'authorization_code',
-	REFRESH_TOKEN = 'refresh_token'
-}
-
-export interface IAuthorizationCodeFlowParameters {
-	client_id: string,
-	scope: string,
-	code: string,
-	redirect_uri: string, // URI
-	grant_type: OAuthGrantTypes, // 'authorization_code', //@@ need enum
-	code_verifier: string
-}
-
-export interface IRefreshFlowParameters {
-	client_id: string,
-	scope: string,
-	refresh_token: string, // JWT
-	grant_type: OAuthGrantTypes // 'refresh_token' //@@ enum
-}
-
-export interface ITokenResponse {
-    access_token: string, // JWT
-    token_type: string, //@@ "Bearer" only
-    expires_in: number,
-    scope: string,
-    refresh_token: string, // JWT
-    id_token: string, // JWT
-}
-
-export interface ITokenErrorResponse {
-	error: string,
-	error_description: string,
-	error_codes: number[],
-	timestamp: number
-	details: unknown //@@ STS attribute ?
-	//"trace_id": "255d1aef-8c98-452f-ac51-23d051240864", //@@ MS attribute
-	//"correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7" //@@ MS attribute
-}
-
-export type AuthenticateEvent = (id_token: string) => void;
-
-// ---------------
-
-export enum IOauth2ListenerCommand {
-	RESTORE_SESSION = 'RestoreSession',
-	AUTHORIZE = 'Authorize',
-	HANDLE_REDIRECT = 'HandleRedirect',
-	LOGOUT = 'Logout',
-	AUTHENTICATE_EVENT = 'AuthenticateEvent',
-	ERROR = 'Error',
-	LOG = '__LOG',
-	UPDATE_INSTRUMENT = '__UPDATE_INSTRUMENT'
-}
-
-export interface IOauth2ListenerMessage {
-	messageId?: number
-	command: IOauth2ListenerCommand
-	payload?: any
-}
-
-export interface IOauth2ListenerMessageResponse {
-	messageId: number
-	command: IOauth2ListenerCommand
-	payload: any
-}
-
-export type StsOauth2WorkerFactory = () => Worker
-
-export interface ISTSOAuth2ManagerOptions {
-	router: any
-	authenticateEvent?: AuthenticateEvent
-	workerFactory?: StsOauth2WorkerFactory
-}

package/src/stsoauth2worker.ts

@@ -1,583 +0,0 @@
-import Debug from "debug";
-const debug = Debug(`proc:${process.pid}:stsoauth2worker.ts`);
-
-//import 'colors'
-
-import axios from "axios";
-
-import { JSONObject, OAuth2ParameterType } from '@nsshunt/stsutils';
-
-import CryptoUtils from './Utils/CryptoUtils'
-import QueryParams from './Utils/QueryParams'
-
-import jwt_decode from "jwt-decode"
-
-import { IStsStorage, ClientStorageType, ClientStorageFactory } from './stsStorage'
-
-import { StatusCodes } from 'http-status-codes'
-
-import { AuthorizeOptionsResponseType, AuthorizeOptionsResponseMode, IAuthorizationCodeFlowParameters, IRefreshFlowParameters,
-	IAuthorizeOptions, ITokenResponse, IAuthorizeResponse, IAuthorizeErrorResponse, ITokenErrorResponse, OAuthGrantTypes, AuthenticateEvent,
-	IOauth2ListenerMessage, IOauth2ListenerCommand, IOauth2ListenerMessageResponse } from './stsoauth2types'
-
-import { Gauge, InstrumentBaseTelemetry, InstrumentLogTelemetry, InstrumentGaugeTelemetry } from '@nsshunt/stsinstrumentation'
-	
-const CreateRandomString = (size = 43) => {
-	const randomValues = Array.from(self.crypto.getRandomValues(new Uint8Array(size)))
-	const b64 = window.btoa(String.fromCharCode(...randomValues));
-	return b64;
-	//return randomValues.toString('base64');
-}
-
-// STS Client SDK for SPAs
-export class STSOAuth2Worker {
-	//#storageManager = null;
-	#clientSessionStore: IStsStorage<ITokenResponse> = null; // In memory tokens while the client is logged in
-	#cUtils = new CryptoUtils();
-	#qParams = new QueryParams();
-	#STORAGE_SESSION_KEY = 'session.stsmda.com.au';
-	#aic = null;
-	#oauthWorkerPort: MessagePort = null;
-	
-	constructor(workerPort: MessagePort) {
-		//this.#store = app.config.globalProperties.$store;
-
-		// In memory storage for OAuth2 tokens for our valid session
-		this.#clientSessionStore = new ClientStorageFactory<ITokenResponse>({clientStorageType: ClientStorageType.MEMORY_STORAGE}).GetStorage();
-
-		//@@ needs to be sent the instrument manager controller port
-		//@@this.#aic = app.config.globalProperties.$sts.aic.PrimaryPublishInstrumentController;
-
-		//this.#handleAuthenticateEvent = handleAuthenticateEvent;
-
-		this.#oauthWorkerPort = workerPort;
-
-		debug(`STSOAuth2Worker:constructor:#oauthWorkerPort: [${JSON.stringify(this.#oauthWorkerPort)}]`);
-
-		this.SetupListener();
-
-		setInterval(() => {
-			this.#UpdateInstrument(Gauge.LOGGER, {
-				LogMessage: `--> [${Date.now().toString()}] <--`
-			} as InstrumentLogTelemetry);
-
-			this.#UpdateInstrument(Gauge.REQUEST_COUNT_GAUGE, {
-				Inc: 1
-			} as InstrumentGaugeTelemetry);
-
-			this.#UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {
-				Inc: 1
-			} as InstrumentGaugeTelemetry);
-		}, 1000);
-	}
-
-	// Attempt to restore a previous session using the STSBroker
-	/*
-    { parameterType: OAuth2ParameterType.CLIENT_ID, errorType: authErrorType.CLIENT_ID_MISMATCH },
-    { parameterType: OAuth2ParameterType.SCOPE, errorType: authErrorType.SCOPE_MISMATCH }
-    { parameterType: OAuth2ParameterType.REDIRECT_URI, errorType: authErrorType.REDIRECT_URI_MISMATCH },
-    { parameterType: OAuth2ParameterType.AUDIENCE, errorType: authErrorType.SCOPE_MISMATCH }
-
-    Successful Response
-    {
-        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
-        "token_type": "Bearer",
-        "expires_in": 3599,
-        "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
-        "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
-        "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
-    }
-
-    Error Response
-    {
-        "error": "invalid_scope",
-        "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
-        "error_codes": [
-            70011
-        ],
-        "timestamp": "2016-01-09 02:02:12Z",
-    }
-
-    
-    */
-
-	#HandleAuthenticateEvent = (id_token: string) => {
-		const message: IOauth2ListenerMessage = {
-			messageId: -1, // un-solicited message
-			command: IOauth2ListenerCommand.AUTHENTICATE_EVENT
-		}
-		this.#ProcessCommand(message, id_token);
-	}
-
-	#HandleErrorEvent = (error: any) => {
-		const message: IOauth2ListenerMessage = {
-			messageId: -1, // un-solicited message
-			command: IOauth2ListenerCommand.ERROR
-		}
-		this.#ProcessCommand(message, error);
-	}
-
-	#LogMessage = (messageToSend: string) => {
-		const message: IOauth2ListenerMessage = {
-			messageId: -1, // un-solicited message
-			command: IOauth2ListenerCommand.LOG
-		}
-		this.#ProcessCommand(message, messageToSend);
-	}
-
-	#UpdateInstrument = (instrumentName: Gauge, telemetry: InstrumentBaseTelemetry): void => {
-		const message: IOauth2ListenerMessage = {
-			messageId: -1, // un-solicited message
-			command: IOauth2ListenerCommand.UPDATE_INSTRUMENT
-		}
-		this.#ProcessCommand(message, {
-			instrumentName,
-			telemetry
-		});
-	}
-
-	SetupListener = () => {
-		this.#oauthWorkerPort.onmessage = async (data: MessageEvent) => {
-			const auth2ListenerMessage: IOauth2ListenerMessage = data.data as IOauth2ListenerMessage;
-			switch (auth2ListenerMessage.command) {
-			case IOauth2ListenerCommand.RESTORE_SESSION :
-				this.#ProcessCommand(auth2ListenerMessage, await this.#RestoreSession());
-				break;
-			case IOauth2ListenerCommand.AUTHORIZE :
-				this.#ProcessCommand(auth2ListenerMessage, await this.#Authorize());
-				break;
-			case IOauth2ListenerCommand.HANDLE_REDIRECT :
-				this.#ProcessCommand(auth2ListenerMessage, await this.#HandleRedirect(auth2ListenerMessage.payload));
-				break;
-			case IOauth2ListenerCommand.LOGOUT :
-				this.#ProcessCommand(auth2ListenerMessage, await this.#Logout());
-				break;
-			default :
-				throw new Error(`Command: [${auth2ListenerMessage.command}'] not found.`);
-			}
-		}
-	}
-
-	#ProcessCommand = async (auth2ListenerMessage: IOauth2ListenerMessage, response: any) => {
-		const messageResponse: IOauth2ListenerMessageResponse = {
-			messageId: auth2ListenerMessage.messageId,
-			command: auth2ListenerMessage.command,
-			payload: response
-		}
-
-		debug(`STSOAuth2Worker:ProcessCommand:#oauthWorkerPort: [${JSON.stringify(this.#oauthWorkerPort)}]`);
-		debug(this);
-
-		this.#oauthWorkerPort.postMessage(messageResponse);
-	}
-
-	#RestoreSession = async (): Promise<boolean> => {
-		//@@ attempt to get from client storage first
-
-		let restoredSessionData: ITokenResponse = null;
-		restoredSessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
-		if (restoredSessionData !== null) {
-			console.log('Session restored from client storage.');
-			if (this.#aic) {
-				this.#aic.UpdateInstrument('m', { LogMessage: 'Session restored from client storage.' });
-			}
-			this.#LogMessage('Session restored from client storage.')
-		} else {
-			const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/session`;
-			console.log('RestoreSession');
-			console.log(url);
-			if (this.#aic) {
-				this.#aic.UpdateInstrument('m', { LogMessage: 'RestoreSession' });
-				this.#aic.UpdateInstrument('m', { LogMessage: url });
-			}
-			this.#LogMessage('RestoreSession.');
-			this.#LogMessage(url);
-			try {
-				const retVal = await axios({
-					method: "post",
-					url: url,
-					data: {
-						[OAuth2ParameterType.CLIENT_ID]: process.env.CLIENT_ID,
-						[OAuth2ParameterType.SCOPE]: process.env.SCOPE,
-						[OAuth2ParameterType.REDIRECT_URI]: process.env.REDIRECT_URI,
-						[OAuth2ParameterType.AUDIENCE]: process.env.AUDIENCE
-					},
-					withCredentials: true, // Ensure cookies are passed to the service
-					timeout: parseInt(process.env.TIMEOUT),
-				});
-				if (retVal.data.status === StatusCodes.OK) {
-					restoredSessionData = retVal.data.detail;
-					this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, restoredSessionData);
-					console.log('Session restored from server side cookie.');
-					//this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
-				} else {
-					//@@ handle error better
-					//this.#store.commit('stsOAuth2SDK/SessionData', null);
-					console.log('Could not restore previous session:-');
-					console.log(JSON.stringify(retVal.data));
-				}
-			} catch (error) {
-				//@@ handle error better
-				//this.#store.commit('stsOAuth2SDK/SessionData', null);
-				console.log('Could not restore previous session (error state):-');
-				console.log(error);
-				console.log(JSON.stringify(error));
-			}
-		}
-		
-		//@@ must only use in-memory for this ...
-		//this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
-		if (restoredSessionData !== null) {
-			this.#HandleAuthenticateEvent(restoredSessionData.id_token);
-			console.log('Refreshing tokens ...');
-			return this.#RefreshToken();
-		} else {
-			this.#HandleAuthenticateEvent(null);
-			return false;
-		}
-	}
-
-	#Authorize = async (): Promise<JSONObject> => {
-		console.log('Authorize ...');
-
-		/* MS Example
-        --------------
-        https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
-        client_id=6731de76-14a6-49ae-97bc-6eba6914391e
-        &response_type=code
-        &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
-        &response_mode=query
-        &scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read%20api%3A%2F%2F
-        &state=12345
-        &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
-        &code_challenge_method=S256
-
-        Successful Response
-
-        GET http://localhost?
-        code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
-        &state=12345
-
-        Error Response
-        GET http://localhost?
-        error=access_denied
-        &error_description=the+user+canceled+the+authentication
-
-        << Hybrid Flow >>
-
-        https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
-        client_id=6731de76-14a6-49ae-97bc-6eba6914391e
-        &response_type=code%20id_token
-        &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
-        &response_mode=fragment
-        &scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
-        &state=12345
-        &nonce=abcde
-        &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
-        &code_challenge_method=S256
-
-        Successful Response
-
-        GET https://login.microsoftonline.com/common/oauth2/nativeclient#
-        code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
-        &id_token=eYj...
-        &state=12345
-
-        Notes:
-        The nonce is included as a claim inside the returned id_token
-        Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
-        */
-
-		const client_id = process.env.CLIENT_ID;
-		const nonce = this.#cUtils.CreateRandomString();
-		const response_type = [ AuthorizeOptionsResponseType.CODE ]
-		const redirect_uri = process.env.REDIRECT_URI;
-		const response_mode = AuthorizeOptionsResponseMode.QUERY
-		const scope = process.env.SCOPE;
-		const state = this.#cUtils.CreateRandomString();
-		const code_verifier = this.#cUtils.CreateRandomString();
-		const code_challenge = await this.#cUtils.DigestMessage(code_verifier);
-		const code_challenge_method = 'S256';
-		//let audience = process.env.AUDIENCE;
-
-		const authorizeOptions: IAuthorizeOptions = {
-			client_id,
-			nonce,
-			response_type,
-			redirect_uri,
-			response_mode,
-			scope,
-			state,
-			code_challenge,
-			code_challenge_method
-		}
-
-		const url = `${process.env.AUTH_ENDPOINT}:${process.env.AUTH_PORT}${process.env.AUTH_APIROOT}?${this.#qParams.CreateQueryParams(authorizeOptions)}`;
-
-		console.log(url);
-
-		// Now add the code_verifier to the transaction data
-		authorizeOptions.code_verifier = code_verifier; //@@ Is this is the only thing required across the transaction ?
-
-		console.log(`Authorize:authorizeOptions: [${JSON.stringify(authorizeOptions)}]`);
-
-		return {
-			url,
-			authorizeOptions
-		}
-		//window.location.assign(url);
-		//@@ this may need to be a message back to the plugin to re-direct
-		//window.location.replace(url);
-	}
-
-	#HandleRedirect = async (payload: any): Promise<boolean> => {
-		const queryVars: IAuthorizeResponse | IAuthorizeErrorResponse = payload.queryVars;
-		const authorizeOptions: IAuthorizeOptions = payload.authorizeOptions
-
-		console.log('HandleRedirect');
-		// We have been re-direct back here from the /authorize end-point
-		console.log(`HandleRedirect:Query Vars: [${JSON.stringify(queryVars)}]`);
-
-		if (queryVars[OAuth2ParameterType.CODE]) {
-			const response: IAuthorizeResponse = queryVars as IAuthorizeResponse;
-
-			console.log(`authorizeOptions from transaction state: [${JSON.stringify(authorizeOptions)}]`);
-	
-			const redirectState = response.state;
-			const authorizeOptionsState = authorizeOptions.state;
-	
-			if (authorizeOptionsState.localeCompare(redirectState) === 0) {
-				console.log('redirected state (from queryVars) matched previously saved transaction authorizeOptions state'); // green
-
-				return await this.#GetToken(authorizeOptions, response);
-			} else {
-				console.log('redirected state (from queryVars) did NOT match previously saved transaction authorizeOptions state'); // red
-				this.#HandleErrorEvent({message: 'State un-matched'});
-				return false;
-			}
-		} else if (queryVars[OAuth2ParameterType.ERROR]) {
-			const response: IAuthorizeErrorResponse = queryVars as IAuthorizeErrorResponse;
-			//@@ pass error back to parent thread (to the plugin) as a message
-			const error = response.error;
-			const errorDescription = response.error_description;
-			this.#HandleErrorEvent({message: 'State un-matched'});
-			return false;
-		} else {
-			// Invalid redirect query params
-			const error = 'Invalid redirect query params'; //@@ fix
-			const errorDescription = 'Invalid redirect query params description'; //@@ fix
-			this.#HandleErrorEvent({message: 'State un-matched'});
-			return false;
-		}
-	}
-
-	/*
-    client_id=6731de76-14a6-49ae-97bc-6eba6914391e
-    &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
-    &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
-    &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
-    &grant_type=authorization_code
-    &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong 
-    &client_secret=JqQX2PNo9bpM0uEihUPzyrh    // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
-
-    Successful Response
-    {
-        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
-        "token_type": "Bearer",
-        "expires_in": 3599,
-        "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
-        "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
-        "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
-    }
-    */
-
-	// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
-	#GetTokenFromBroker = async (authorizationCodeFlowParameters: IAuthorizationCodeFlowParameters | IRefreshFlowParameters): Promise<boolean> => {
-		console.log("#GetTokenFromBroker");
-
-		this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
-
-		const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/token`;
-		console.log(`#GetTokenFromBroker:url = [${url}]`);
-		console.log(authorizationCodeFlowParameters);
-
-		try {
-			const retVal = await axios({
-				method: "post",
-				url: url,
-				data: authorizationCodeFlowParameters,
-				withCredentials: true, // Ensure cookies are passed to the service
-				timeout: parseInt(process.env.TIMEOUT),
-			});
-			console.log(`retVal: ${JSON.stringify(retVal)}`);
-
-			if (retVal.status === StatusCodes.OK) {
-				console.log('Storing tokens...');
-				const tokenResponse: ITokenResponse = retVal.data as ITokenResponse;
-				//this.#store.commit('stsOAuth2SDK/SessionData', tokenResponse);
-				this.#HandleAuthenticateEvent(tokenResponse.id_token);
-				this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, tokenResponse);
-				return true;
-			} else if (retVal.status === StatusCodes.UNAUTHORIZED) {
-				console.log('NOT Storing tokens...');
-				console.log(retVal.status);
-
-				//this.#store.commit('stsOAuth2SDK/SessionData', null);
-				this.#HandleAuthenticateEvent(null);
-
-				const response: ITokenErrorResponse = retVal.data as ITokenErrorResponse;
-
-				//@@ store response in state
-				//@@ go to error page ??
-				return false;
-
-			} else {
-				// General error
-				console.log('NOT Storing tokens...');
-				console.log(retVal.status);
-
-				//this.#store.commit('stsOAuth2SDK/SessionData', null);
-				this.#HandleAuthenticateEvent(null);
-
-				console.log('Could not obtain access_token from token end-point:-');
-				console.log(JSON.stringify(retVal.data));
-				//@@ store error in state to show in error page
-				return false;
-			}
-		} catch (error) {
-			//this.#store.commit('stsOAuth2SDK/SessionData', null);
-			this.#HandleAuthenticateEvent(null);
-			//console.log('Could not restore previous session (error state):-');
-			console.log(error);
-			console.log(JSON.stringify(error));
-
-			//@@ store error in state to show in error page
-
-			return false;
-		}
-	}
-
-	// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
-	#GetToken = async (authorizeOptions: IAuthorizeOptions, authorizeResponse: IAuthorizeResponse): Promise<boolean> => {
-		console.log("#GetToken");
-		console.log(authorizeResponse);
-
-		this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, null);
-
-		const authorizationCodeFlowParameters: IAuthorizationCodeFlowParameters = {
-			client_id: process.env.CLIENT_ID,
-			scope: process.env.SCOPE,
-			code: authorizeResponse.code,
-			redirect_uri: process.env.REDIRECT_URI,
-			grant_type: OAuthGrantTypes.AUTHORIZATION_CODE,
-			code_verifier: authorizeOptions.code_verifier
-		}
-
-		return this.#GetTokenFromBroker(authorizationCodeFlowParameters);
-	}
-	
-	/*
-	// Line breaks for legibility only
-
-POST /{tenant}/oauth2/v2.0/token HTTP/1.1
-Host: https://login.microsoftonline.com
-Content-Type: application/x-www-form-urlencoded
-
-client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
-&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
-&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
-&grant_type=refresh_token
-&client_secret=sampleCredentia1s    // NOTE: Only required for web apps. This secret needs to be URL-Encoded
-
-Error Response
-{
-	"error": "invalid_scope",
-	"error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
-	"error_codes": [
-	  70011
-	],
-	"timestamp": "2016-01-09 02:02:12Z",
-	"trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
-	"correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
-  }
-*/
-
-	#RefreshToken = async (): Promise<boolean> => {
-		// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
-		console.log("RefreshToken");
-
-		//let currentSessionData = this.#store.getters['stsOAuth2SDK/SessionData'];
-		const currentSessionData: ITokenResponse = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
-		if (currentSessionData) {
-			const refreshFlowParameters: IRefreshFlowParameters = {
-				client_id: process.env.CLIENT_ID,
-				scope: process.env.SCOPE,
-				refresh_token: currentSessionData.refresh_token,
-				grant_type: OAuthGrantTypes.REFRESH_TOKEN
-			}
-
-			return this.#GetTokenFromBroker(refreshFlowParameters);
-		} else {
-			// show error
-			//@@ no valid session exists for refresh
-			return false;
-		}
-	}
-
-	// call broker to logout
-	// broker to logout of server
-	// delete cookie
-	// clear session storage
-	// clear all state from $store
-	#Logout = async (): Promise<boolean> => {
-		console.log('Logout');
-		const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/logout`;
-		console.log(url);
-
-		const currentSessionData: ITokenResponse = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
-		const refresh_token = currentSessionData.refresh_token;
-		console.log(refresh_token);
-
-		const decodedRefreshToken: JSONObject = jwt_decode<JSONObject>(refresh_token);
-		console.log(decodedRefreshToken);
-		const sessionId = decodedRefreshToken.sts_session;
-		console.log(sessionId);
-
-		this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
-		//this.#store.commit('stsOAuth2SDK/SessionData', null);
-		this.#HandleAuthenticateEvent(null);
-
-		try {
-			const retVal = await axios({
-				method: "post",
-				url: url,
-				data: {
-					sessionId
-				},
-				withCredentials: true, // Ensure cookies are passed to the service
-				timeout: parseInt(process.env.TIMEOUT),
-			});
-			if (retVal.data.status === StatusCodes.OK) {
-				return true;
-			} else {
-				console.log('Error during logout (server side)');
-				console.log(JSON.stringify(retVal.data));
-				return false;
-			}
-		} catch (error) {
-			console.log('Error during logout (server side)');
-			console.log(error);
-			console.log(JSON.stringify(error));
-			return false;
-		}
-	}
-}
-/*
-let oAuth2Worker: STSOAuth2Worker = null;
-
-onmessage = async function(data: MessageEvent)
-{
-	const workerPort = data.data as MessagePort;
-	oAuth2Worker = new STSOAuth2Worker(workerPort);
-}
-*/