@nsshunt/stsoauth2plugin 0.1.38 → 0.1.39

package/src/stsoauth2worker.ts

@@ -0,0 +1,583 @@
+import Debug from "debug";
+const debug = Debug(`proc:${process.pid}:stsoauth2worker.ts`);
+
+//import 'colors'
+
+import axios from "axios";
+
+import { JSONObject, OAuth2ParameterType } from '@nsshunt/stsutils';
+
+import CryptoUtils from './Utils/CryptoUtils'
+import QueryParams from './Utils/QueryParams'
+
+import jwt_decode from "jwt-decode"
+
+import { IStsStorage, ClientStorageType, ClientStorageFactory } from './stsStorage'
+
+import { StatusCodes } from 'http-status-codes'
+
+import { AuthorizeOptionsResponseType, AuthorizeOptionsResponseMode, IAuthorizationCodeFlowParameters, IRefreshFlowParameters,
+	IAuthorizeOptions, ITokenResponse, IAuthorizeResponse, IAuthorizeErrorResponse, ITokenErrorResponse, OAuthGrantTypes, AuthenticateEvent,
+	IOauth2ListenerMessage, IOauth2ListenerCommand, IOauth2ListenerMessageResponse } from './stsoauth2types'
+
+import { Gauge, InstrumentBaseTelemetry, InstrumentLogTelemetry, InstrumentGaugeTelemetry } from '@nsshunt/stsinstrumentation'
+	
+const CreateRandomString = (size = 43) => {
+	const randomValues = Array.from(self.crypto.getRandomValues(new Uint8Array(size)))
+	const b64 = window.btoa(String.fromCharCode(...randomValues));
+	return b64;
+	//return randomValues.toString('base64');
+}
+
+// STS Client SDK for SPAs
+export class STSOAuth2Worker {
+	//#storageManager = null;
+	#clientSessionStore: IStsStorage<ITokenResponse> = null; // In memory tokens while the client is logged in
+	#cUtils = new CryptoUtils();
+	#qParams = new QueryParams();
+	#STORAGE_SESSION_KEY = 'session.stsmda.com.au';
+	#aic = null;
+	#oauthWorkerPort: MessagePort = null;
+	
+	constructor(workerPort: MessagePort) {
+		//this.#store = app.config.globalProperties.$store;
+
+		// In memory storage for OAuth2 tokens for our valid session
+		this.#clientSessionStore = new ClientStorageFactory<ITokenResponse>({clientStorageType: ClientStorageType.MEMORY_STORAGE}).GetStorage();
+
+		//@@ needs to be sent the instrument manager controller port
+		//@@this.#aic = app.config.globalProperties.$sts.aic.PrimaryPublishInstrumentController;
+
+		//this.#handleAuthenticateEvent = handleAuthenticateEvent;
+
+		this.#oauthWorkerPort = workerPort;
+
+		debug(`STSOAuth2Worker:constructor:#oauthWorkerPort: [${JSON.stringify(this.#oauthWorkerPort)}]`);
+
+		this.SetupListener();
+
+		setInterval(() => {
+			this.#UpdateInstrument(Gauge.LOGGER, {
+				LogMessage: `--> [${Date.now().toString()}] <--`
+			} as InstrumentLogTelemetry);
+
+			this.#UpdateInstrument(Gauge.REQUEST_COUNT_GAUGE, {
+				Inc: 1
+			} as InstrumentGaugeTelemetry);
+
+			this.#UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {
+				Inc: 1
+			} as InstrumentGaugeTelemetry);
+		}, 1000);
+	}
+
+	// Attempt to restore a previous session using the STSBroker
+	/*
+    { parameterType: OAuth2ParameterType.CLIENT_ID, errorType: authErrorType.CLIENT_ID_MISMATCH },
+    { parameterType: OAuth2ParameterType.SCOPE, errorType: authErrorType.SCOPE_MISMATCH }
+    { parameterType: OAuth2ParameterType.REDIRECT_URI, errorType: authErrorType.REDIRECT_URI_MISMATCH },
+    { parameterType: OAuth2ParameterType.AUDIENCE, errorType: authErrorType.SCOPE_MISMATCH }
+
+    Successful Response
+    {
+        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
+        "token_type": "Bearer",
+        "expires_in": 3599,
+        "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
+        "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
+        "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
+    }
+
+    Error Response
+    {
+        "error": "invalid_scope",
+        "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
+        "error_codes": [
+            70011
+        ],
+        "timestamp": "2016-01-09 02:02:12Z",
+    }
+
+    
+    */
+
+	#HandleAuthenticateEvent = (id_token: string) => {
+		const message: IOauth2ListenerMessage = {
+			messageId: -1, // un-solicited message
+			command: IOauth2ListenerCommand.AUTHENTICATE_EVENT
+		}
+		this.#ProcessCommand(message, id_token);
+	}
+
+	#HandleErrorEvent = (error: any) => {
+		const message: IOauth2ListenerMessage = {
+			messageId: -1, // un-solicited message
+			command: IOauth2ListenerCommand.ERROR
+		}
+		this.#ProcessCommand(message, error);
+	}
+
+	#LogMessage = (messageToSend: string) => {
+		const message: IOauth2ListenerMessage = {
+			messageId: -1, // un-solicited message
+			command: IOauth2ListenerCommand.LOG
+		}
+		this.#ProcessCommand(message, messageToSend);
+	}
+
+	#UpdateInstrument = (instrumentName: Gauge, telemetry: InstrumentBaseTelemetry): void => {
+		const message: IOauth2ListenerMessage = {
+			messageId: -1, // un-solicited message
+			command: IOauth2ListenerCommand.UPDATE_INSTRUMENT
+		}
+		this.#ProcessCommand(message, {
+			instrumentName,
+			telemetry
+		});
+	}
+
+	SetupListener = () => {
+		this.#oauthWorkerPort.onmessage = async (data: MessageEvent) => {
+			const auth2ListenerMessage: IOauth2ListenerMessage = data.data as IOauth2ListenerMessage;
+			switch (auth2ListenerMessage.command) {
+			case IOauth2ListenerCommand.RESTORE_SESSION :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#RestoreSession());
+				break;
+			case IOauth2ListenerCommand.AUTHORIZE :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#Authorize());
+				break;
+			case IOauth2ListenerCommand.HANDLE_REDIRECT :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#HandleRedirect(auth2ListenerMessage.payload));
+				break;
+			case IOauth2ListenerCommand.LOGOUT :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#Logout());
+				break;
+			default :
+				throw new Error(`Command: [${auth2ListenerMessage.command}'] not found.`);
+			}
+		}
+	}
+
+	#ProcessCommand = async (auth2ListenerMessage: IOauth2ListenerMessage, response: any) => {
+		const messageResponse: IOauth2ListenerMessageResponse = {
+			messageId: auth2ListenerMessage.messageId,
+			command: auth2ListenerMessage.command,
+			payload: response
+		}
+
+		debug(`STSOAuth2Worker:ProcessCommand:#oauthWorkerPort: [${JSON.stringify(this.#oauthWorkerPort)}]`);
+		debug(this);
+
+		this.#oauthWorkerPort.postMessage(messageResponse);
+	}
+
+	#RestoreSession = async (): Promise<boolean> => {
+		//@@ attempt to get from client storage first
+
+		let restoredSessionData: ITokenResponse = null;
+		restoredSessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
+		if (restoredSessionData !== null) {
+			console.log('Session restored from client storage.');
+			if (this.#aic) {
+				this.#aic.UpdateInstrument('m', { LogMessage: 'Session restored from client storage.' });
+			}
+			this.#LogMessage('Session restored from client storage.')
+		} else {
+			const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/session`;
+			console.log('RestoreSession');
+			console.log(url);
+			if (this.#aic) {
+				this.#aic.UpdateInstrument('m', { LogMessage: 'RestoreSession' });
+				this.#aic.UpdateInstrument('m', { LogMessage: url });
+			}
+			this.#LogMessage('RestoreSession.');
+			this.#LogMessage(url);
+			try {
+				const retVal = await axios({
+					method: "post",
+					url: url,
+					data: {
+						[OAuth2ParameterType.CLIENT_ID]: process.env.CLIENT_ID,
+						[OAuth2ParameterType.SCOPE]: process.env.SCOPE,
+						[OAuth2ParameterType.REDIRECT_URI]: process.env.REDIRECT_URI,
+						[OAuth2ParameterType.AUDIENCE]: process.env.AUDIENCE
+					},
+					withCredentials: true, // Ensure cookies are passed to the service
+					timeout: parseInt(process.env.TIMEOUT),
+				});
+				if (retVal.data.status === StatusCodes.OK) {
+					restoredSessionData = retVal.data.detail;
+					this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, restoredSessionData);
+					console.log('Session restored from server side cookie.');
+					//this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
+				} else {
+					//@@ handle error better
+					//this.#store.commit('stsOAuth2SDK/SessionData', null);
+					console.log('Could not restore previous session:-');
+					console.log(JSON.stringify(retVal.data));
+				}
+			} catch (error) {
+				//@@ handle error better
+				//this.#store.commit('stsOAuth2SDK/SessionData', null);
+				console.log('Could not restore previous session (error state):-');
+				console.log(error);
+				console.log(JSON.stringify(error));
+			}
+		}
+		
+		//@@ must only use in-memory for this ...
+		//this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
+		if (restoredSessionData !== null) {
+			this.#HandleAuthenticateEvent(restoredSessionData.id_token);
+			console.log('Refreshing tokens ...');
+			return this.#RefreshToken();
+		} else {
+			this.#HandleAuthenticateEvent(null);
+			return false;
+		}
+	}
+
+	#Authorize = async (): Promise<JSONObject> => {
+		console.log('Authorize ...');
+
+		/* MS Example
+        --------------
+        https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
+        client_id=6731de76-14a6-49ae-97bc-6eba6914391e
+        &response_type=code
+        &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
+        &response_mode=query
+        &scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read%20api%3A%2F%2F
+        &state=12345
+        &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
+        &code_challenge_method=S256
+
+        Successful Response
+
+        GET http://localhost?
+        code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
+        &state=12345
+
+        Error Response
+        GET http://localhost?
+        error=access_denied
+        &error_description=the+user+canceled+the+authentication
+
+        << Hybrid Flow >>
+
+        https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
+        client_id=6731de76-14a6-49ae-97bc-6eba6914391e
+        &response_type=code%20id_token
+        &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
+        &response_mode=fragment
+        &scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
+        &state=12345
+        &nonce=abcde
+        &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
+        &code_challenge_method=S256
+
+        Successful Response
+
+        GET https://login.microsoftonline.com/common/oauth2/nativeclient#
+        code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
+        &id_token=eYj...
+        &state=12345
+
+        Notes:
+        The nonce is included as a claim inside the returned id_token
+        Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+        */
+
+		const client_id = process.env.CLIENT_ID;
+		const nonce = this.#cUtils.CreateRandomString();
+		const response_type = [ AuthorizeOptionsResponseType.CODE ]
+		const redirect_uri = process.env.REDIRECT_URI;
+		const response_mode = AuthorizeOptionsResponseMode.QUERY
+		const scope = process.env.SCOPE;
+		const state = this.#cUtils.CreateRandomString();
+		const code_verifier = this.#cUtils.CreateRandomString();
+		const code_challenge = await this.#cUtils.DigestMessage(code_verifier);
+		const code_challenge_method = 'S256';
+		//let audience = process.env.AUDIENCE;
+
+		const authorizeOptions: IAuthorizeOptions = {
+			client_id,
+			nonce,
+			response_type,
+			redirect_uri,
+			response_mode,
+			scope,
+			state,
+			code_challenge,
+			code_challenge_method
+		}
+
+		const url = `${process.env.AUTH_ENDPOINT}:${process.env.AUTH_PORT}${process.env.AUTH_APIROOT}?${this.#qParams.CreateQueryParams(authorizeOptions)}`;
+
+		console.log(url);
+
+		// Now add the code_verifier to the transaction data
+		authorizeOptions.code_verifier = code_verifier; //@@ Is this is the only thing required across the transaction ?
+
+		console.log(`Authorize:authorizeOptions: [${JSON.stringify(authorizeOptions)}]`);
+
+		return {
+			url,
+			authorizeOptions
+		}
+		//window.location.assign(url);
+		//@@ this may need to be a message back to the plugin to re-direct
+		//window.location.replace(url);
+	}
+
+	#HandleRedirect = async (payload: any): Promise<boolean> => {
+		const queryVars: IAuthorizeResponse | IAuthorizeErrorResponse = payload.queryVars;
+		const authorizeOptions: IAuthorizeOptions = payload.authorizeOptions
+
+		console.log('HandleRedirect');
+		// We have been re-direct back here from the /authorize end-point
+		console.log(`HandleRedirect:Query Vars: [${JSON.stringify(queryVars)}]`);
+
+		if (queryVars[OAuth2ParameterType.CODE]) {
+			const response: IAuthorizeResponse = queryVars as IAuthorizeResponse;
+
+			console.log(`authorizeOptions from transaction state: [${JSON.stringify(authorizeOptions)}]`);
+	
+			const redirectState = response.state;
+			const authorizeOptionsState = authorizeOptions.state;
+	
+			if (authorizeOptionsState.localeCompare(redirectState) === 0) {
+				console.log('redirected state (from queryVars) matched previously saved transaction authorizeOptions state'); // green
+
+				return await this.#GetToken(authorizeOptions, response);
+			} else {
+				console.log('redirected state (from queryVars) did NOT match previously saved transaction authorizeOptions state'); // red
+				this.#HandleErrorEvent({message: 'State un-matched'});
+				return false;
+			}
+		} else if (queryVars[OAuth2ParameterType.ERROR]) {
+			const response: IAuthorizeErrorResponse = queryVars as IAuthorizeErrorResponse;
+			//@@ pass error back to parent thread (to the plugin) as a message
+			const error = response.error;
+			const errorDescription = response.error_description;
+			this.#HandleErrorEvent({message: 'State un-matched'});
+			return false;
+		} else {
+			// Invalid redirect query params
+			const error = 'Invalid redirect query params'; //@@ fix
+			const errorDescription = 'Invalid redirect query params description'; //@@ fix
+			this.#HandleErrorEvent({message: 'State un-matched'});
+			return false;
+		}
+	}
+
+	/*
+    client_id=6731de76-14a6-49ae-97bc-6eba6914391e
+    &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
+    &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
+    &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
+    &grant_type=authorization_code
+    &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong 
+    &client_secret=JqQX2PNo9bpM0uEihUPzyrh    // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
+
+    Successful Response
+    {
+        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
+        "token_type": "Bearer",
+        "expires_in": 3599,
+        "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
+        "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
+        "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
+    }
+    */
+
+	// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
+	#GetTokenFromBroker = async (authorizationCodeFlowParameters: IAuthorizationCodeFlowParameters | IRefreshFlowParameters): Promise<boolean> => {
+		console.log("#GetTokenFromBroker");
+
+		this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
+
+		const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/token`;
+		console.log(`#GetTokenFromBroker:url = [${url}]`);
+		console.log(authorizationCodeFlowParameters);
+
+		try {
+			const retVal = await axios({
+				method: "post",
+				url: url,
+				data: authorizationCodeFlowParameters,
+				withCredentials: true, // Ensure cookies are passed to the service
+				timeout: parseInt(process.env.TIMEOUT),
+			});
+			console.log(`retVal: ${JSON.stringify(retVal)}`);
+
+			if (retVal.status === StatusCodes.OK) {
+				console.log('Storing tokens...');
+				const tokenResponse: ITokenResponse = retVal.data as ITokenResponse;
+				//this.#store.commit('stsOAuth2SDK/SessionData', tokenResponse);
+				this.#HandleAuthenticateEvent(tokenResponse.id_token);
+				this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, tokenResponse);
+				return true;
+			} else if (retVal.status === StatusCodes.UNAUTHORIZED) {
+				console.log('NOT Storing tokens...');
+				console.log(retVal.status);
+
+				//this.#store.commit('stsOAuth2SDK/SessionData', null);
+				this.#HandleAuthenticateEvent(null);
+
+				const response: ITokenErrorResponse = retVal.data as ITokenErrorResponse;
+
+				//@@ store response in state
+				//@@ go to error page ??
+				return false;
+
+			} else {
+				// General error
+				console.log('NOT Storing tokens...');
+				console.log(retVal.status);
+
+				//this.#store.commit('stsOAuth2SDK/SessionData', null);
+				this.#HandleAuthenticateEvent(null);
+
+				console.log('Could not obtain access_token from token end-point:-');
+				console.log(JSON.stringify(retVal.data));
+				//@@ store error in state to show in error page
+				return false;
+			}
+		} catch (error) {
+			//this.#store.commit('stsOAuth2SDK/SessionData', null);
+			this.#HandleAuthenticateEvent(null);
+			//console.log('Could not restore previous session (error state):-');
+			console.log(error);
+			console.log(JSON.stringify(error));
+
+			//@@ store error in state to show in error page
+
+			return false;
+		}
+	}
+
+	// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
+	#GetToken = async (authorizeOptions: IAuthorizeOptions, authorizeResponse: IAuthorizeResponse): Promise<boolean> => {
+		console.log("#GetToken");
+		console.log(authorizeResponse);
+
+		this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, null);
+
+		const authorizationCodeFlowParameters: IAuthorizationCodeFlowParameters = {
+			client_id: process.env.CLIENT_ID,
+			scope: process.env.SCOPE,
+			code: authorizeResponse.code,
+			redirect_uri: process.env.REDIRECT_URI,
+			grant_type: OAuthGrantTypes.AUTHORIZATION_CODE,
+			code_verifier: authorizeOptions.code_verifier
+		}
+
+		return this.#GetTokenFromBroker(authorizationCodeFlowParameters);
+	}
+	
+	/*
+	// Line breaks for legibility only
+
+POST /{tenant}/oauth2/v2.0/token HTTP/1.1
+Host: https://login.microsoftonline.com
+Content-Type: application/x-www-form-urlencoded
+
+client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
+&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
+&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
+&grant_type=refresh_token
+&client_secret=sampleCredentia1s    // NOTE: Only required for web apps. This secret needs to be URL-Encoded
+
+Error Response
+{
+	"error": "invalid_scope",
+	"error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
+	"error_codes": [
+	  70011
+	],
+	"timestamp": "2016-01-09 02:02:12Z",
+	"trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
+	"correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
+  }
+*/
+
+	#RefreshToken = async (): Promise<boolean> => {
+		// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
+		console.log("RefreshToken");
+
+		//let currentSessionData = this.#store.getters['stsOAuth2SDK/SessionData'];
+		const currentSessionData: ITokenResponse = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
+		if (currentSessionData) {
+			const refreshFlowParameters: IRefreshFlowParameters = {
+				client_id: process.env.CLIENT_ID,
+				scope: process.env.SCOPE,
+				refresh_token: currentSessionData.refresh_token,
+				grant_type: OAuthGrantTypes.REFRESH_TOKEN
+			}
+
+			return this.#GetTokenFromBroker(refreshFlowParameters);
+		} else {
+			// show error
+			//@@ no valid session exists for refresh
+			return false;
+		}
+	}
+
+	// call broker to logout
+	// broker to logout of server
+	// delete cookie
+	// clear session storage
+	// clear all state from $store
+	#Logout = async (): Promise<boolean> => {
+		console.log('Logout');
+		const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/logout`;
+		console.log(url);
+
+		const currentSessionData: ITokenResponse = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
+		const refresh_token = currentSessionData.refresh_token;
+		console.log(refresh_token);
+
+		const decodedRefreshToken: JSONObject = jwt_decode<JSONObject>(refresh_token);
+		console.log(decodedRefreshToken);
+		const sessionId = decodedRefreshToken.sts_session;
+		console.log(sessionId);
+
+		this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
+		//this.#store.commit('stsOAuth2SDK/SessionData', null);
+		this.#HandleAuthenticateEvent(null);
+
+		try {
+			const retVal = await axios({
+				method: "post",
+				url: url,
+				data: {
+					sessionId
+				},
+				withCredentials: true, // Ensure cookies are passed to the service
+				timeout: parseInt(process.env.TIMEOUT),
+			});
+			if (retVal.data.status === StatusCodes.OK) {
+				return true;
+			} else {
+				console.log('Error during logout (server side)');
+				console.log(JSON.stringify(retVal.data));
+				return false;
+			}
+		} catch (error) {
+			console.log('Error during logout (server side)');
+			console.log(error);
+			console.log(JSON.stringify(error));
+			return false;
+		}
+	}
+}
+/*
+let oAuth2Worker: STSOAuth2Worker = null;
+
+onmessage = async function(data: MessageEvent)
+{
+	const workerPort = data.data as MessagePort;
+	oAuth2Worker = new STSOAuth2Worker(workerPort);
+}
+*/

package/tsconfig.json

@@ -0,0 +1,32 @@
+{
+  "extends": "@tsconfig/node18/tsconfig.json",
+  "include": ["src/**/*" ],
+  "exclude": ["node_modules", "**/node_modules/**/*", "**/*.spec.ts"],
+  "compilerOptions": {
+    "module": "esnext",
+    "target": "es2021",
+    "moduleResolution": "node",
+    "sourceMap": true,
+    "outDir": "dist",
+    "allowJs": true,
+    "declaration": true,
+    "declarationDir": "./types",
+    "declarationMap": true,
+
+    "noImplicitAny": false,
+    "strictNullChecks": false,
+
+    "lib": [
+      // Should target at least ES2016 in Vue 3
+      // Support for newer versions of language built-ins are
+      // left for the users to include, because that would require:
+      //   - either the project doesn't need to support older versions of browsers;
+      //   - or the project has properly included the necessary polyfills.
+      "ES2016",
+      "DOM",
+      "DOM.Iterable",
+      "webworker"
+      // No `ScriptHost` because Vue 3 dropped support for IE
+    ],
+  }
+}

package/vite.config.ts

@@ -0,0 +1,62 @@
+import { fileURLToPath, URL } from 'url'
+
+import { defineConfig } from 'vite'
+import path from 'path'
+import fs from 'fs';
+
+// https://vitejs.dev/config/
+export default ({ mode }) => {
+	//export default defineConfig({
+	//process.env = {...process.env, ...loadEnv(mode, process.cwd())};
+	// https://github.com/vitejs/vite/issues/1930
+
+	return defineConfig({
+		define: { 
+			'process.argv': [ process.cwd() ], //@@ only required because of colors - delete ...
+			'process.env': { ...process.env },
+			// Define process properties used by various imports
+			'process.pid': 0,
+			'process.stdout': null,
+			'process.stderr': null,
+			'process.platform': null
+		},
+		resolve: {
+			alias: {
+				//'@': path.resolve(__dirname, 'src'),
+				'@': fileURLToPath(new URL('./src', import.meta.url))
+			},
+		},
+
+		build: {
+			lib: {
+				entry: path.resolve(__dirname, 'src/index.ts'),
+				name: 'stsoauth2plugin',
+				formats: ['es'],
+				fileName: (format) => `stsoauth2plugin.${format}.js`
+			  },
+			  /*
+			rollupOptions: {
+				output: {
+					manualChunks: {
+						stsoauth2plugin: ['@nsshunt/stsoauth2plugin'],
+						stsinstrumentation: ['@nsshunt/stsinstrumentation'],
+						stsmodels: ['@nsshunt/stsmodels'],
+						stspublisherserver: ['@nsshunt/stspublisherserver'],
+						stsutils: ['@nsshunt/stsutils'],
+						axios: ['axios'],
+						jwtdecode: ['jwt-decode']
+					}
+				}
+			}
+			*/
+		},
+
+		base: '/',
+
+		worker: {
+			format: 'es'
+		}
+
+	});
+}
+