@nsshunt/stsoauth2plugin 1.0.138 → 1.0.140

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/stsoauth2plugin.mjs +788 -858
  2. package/dist/stsoauth2plugin.mjs.map +1 -1
  3. package/dist/stsoauth2plugin.umd.js +791 -861
  4. package/dist/stsoauth2plugin.umd.js.map +1 -1
  5. package/package.json +12 -12
package/dist/stsoauth2plugin.mjs CHANGED
@@ -1,23 +1,3 @@
1
- var __defProp = Object.defineProperty;
2
- var __typeError = (msg) => {
3
- throw TypeError(msg);
4
- };
5
- var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
6
- var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
7
- var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
8
- var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
9
- var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
10
- var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
11
- var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
12
- var __privateWrapper = (obj, member, setter, getter) => ({
13
- set _(value) {
14
- __privateSet(obj, member, value, setter);
15
- },
16
- get _() {
17
- return __privateGet(obj, member, getter);
18
- }
19
- });
20
- var _router, _STORAGE_AUTHORIZE_OPTIONS_KEY, _aic, _options, _oauth2ManagerPort, _messageId, _messageHandlers, _messageTimeout, _worker, _transactionStore, _operationSemaphore, _maxSemaphoreRetries, _semaphoreRetrySleep, _STSOAuth2Manager_instances, LogDebugMessage_fn, LogInfoMessage_fn, LogErrorMessage_fn, _ProcessMessageResponse, _PostMessage, _HandleLogEvent, _HandleUpdateInstrumentEvent, _GetStore, _HandleErrorEvent, _HandleAuthenticateEvent, _SetupRoute, _crypto, _clientSessionStore, _cUtils, _qParams, _STORAGE_SESSION_KEY, _oauthWorkerPort, _options2, _logger, _agentManager, _STSOAuth2Worker_instances, LogDebugMessage_fn2, LogInfoMessage_fn2, LogErrorMessage_fn2, _HandleAuthenticateEvent2, _HandleErrorEvent2, _LogMessage, _GetAccessToken, _GetCookies, _UpdateInstrument, _ProcessCommand, _RestoreSession, _Authorize, _HandleRedirect, _GetTokenFromBroker, _GetToken, _RefreshToken, _Logout;
21
1
  import { inject } from "vue";
22
2
  import * as wt from "node:worker_threads";
23
3
  import { OAuth2ParameterType, Sleep, AgentManager, STSAxiosConfig } from "@nsshunt/stsutils";
@@ -1619,311 +1599,48 @@ const STSOauth2Store = defineStore("__sts__STSOauth2Store", {
1619
1599
  */
1620
1600
  });
1621
1601
  class STSOAuth2Manager {
1602
+ #router = null;
1603
+ #STORAGE_AUTHORIZE_OPTIONS_KEY = "authorize_options.stsmda.com.au";
1604
+ #aic = null;
1605
+ #options;
1606
+ #oauth2ManagerPort;
1607
+ #messageId = 0;
1608
+ #messageHandlers = {};
1609
+ // keyed by messageId
1610
+ #messageTimeout = 1e4;
1611
+ #worker;
1612
+ #transactionStore;
1613
+ // Transient transaction data used to establish a session via OAuth2 authorize handshake
1614
+ #operationSemaphore = false;
1615
+ #maxSemaphoreRetries = 100;
1616
+ // 100 retries, i.e. allow 100 x 50 = 5000ms to unblock
1617
+ #semaphoreRetrySleep = 50;
1622
1618
  // ms
1623
1619
  constructor(app, options) {
1624
- __privateAdd(this, _STSOAuth2Manager_instances);
1625
- __privateAdd(this, _router, null);
1626
- __privateAdd(this, _STORAGE_AUTHORIZE_OPTIONS_KEY, "authorize_options.stsmda.com.au");
1627
- __privateAdd(this, _aic, null);
1628
- __privateAdd(this, _options);
1629
- __privateAdd(this, _oauth2ManagerPort);
1630
- __privateAdd(this, _messageId, 0);
1631
- __privateAdd(this, _messageHandlers, {});
1632
- // keyed by messageId
1633
- __privateAdd(this, _messageTimeout, 1e4);
1634
- __privateAdd(this, _worker);
1635
- __privateAdd(this, _transactionStore);
1636
- // Transient transaction data used to establish a session via OAuth2 authorize handshake
1637
- __privateAdd(this, _operationSemaphore, false);
1638
- __privateAdd(this, _maxSemaphoreRetries, 100);
1639
- // 100 retries, i.e. allow 100 x 50 = 5000ms to unblock
1640
- __privateAdd(this, _semaphoreRetrySleep, 50);
1641
- __privateAdd(this, _ProcessMessageResponse, (data) => {
1642
- const messageResponse = data;
1643
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.yellow(`STSOAuth2Manager:#ProcessMessageResponse: message data = [${JSON.stringify(messageResponse)}]`));
1644
- if (messageResponse.messageId === -1) {
1645
- switch (messageResponse.command) {
1646
- case IOauth2ListenerCommand.AUTHENTICATE_EVENT:
1647
- __privateGet(this, _HandleAuthenticateEvent).call(this, messageResponse.payload);
1648
- break;
1649
- case IOauth2ListenerCommand.ERROR:
1650
- __privateGet(this, _HandleErrorEvent).call(this, messageResponse.payload);
1651
- break;
1652
- case IOauth2ListenerCommand.LOG:
1653
- __privateGet(this, _HandleLogEvent).call(this, messageResponse.payload);
1654
- break;
1655
- case IOauth2ListenerCommand.UPDATE_INSTRUMENT:
1656
- __privateGet(this, _HandleUpdateInstrumentEvent).call(this, messageResponse.payload.instrumentName, messageResponse.payload.telemetry);
1657
- break;
1658
- default:
1659
- throw new Error(`ProcessMessageResponse command [${messageResponse.command}] not valid.`);
1660
- }
1661
- } else {
1662
- const callBack = __privateGet(this, _messageHandlers)[messageResponse.messageId];
1663
- if (callBack) {
1664
- callBack(messageResponse);
1665
- } else {
1666
- throw new Error(`Message: [${messageResponse.messageId}] does not exists in callBacks.`);
1667
- }
1668
- }
1669
- });
1670
- __privateAdd(this, _PostMessage, (message) => {
1671
- message.messageId = __privateWrapper(this, _messageId)._++;
1672
- return new Promise((resolve, reject) => {
1673
- const timeout = setTimeout(() => {
1674
- delete __privateGet(this, _messageHandlers)[message.messageId];
1675
- reject(`Message: [${message.messageId}] timeout error after: [${__privateGet(this, _messageTimeout)}] ms.`);
1676
- }, __privateGet(this, _messageTimeout));
1677
- __privateGet(this, _messageHandlers)[message.messageId] = (response) => {
1678
- clearTimeout(timeout);
1679
- delete __privateGet(this, _messageHandlers)[message.messageId];
1680
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.yellow(`STSOAuth2Manager:#PostMessage: resolve callback response= [${JSON.stringify(response)}]`));
1681
- resolve(response);
1682
- };
1683
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.yellow(`STSOAuth2Manager:#PostMessage: posting message = [${JSON.stringify(message)}]`));
1684
- __privateGet(this, _oauth2ManagerPort).postMessage(message);
1685
- });
1686
- });
1687
- __privateAdd(this, _HandleLogEvent, (message) => {
1688
- if (__privateGet(this, _aic)) {
1689
- __privateGet(this, _aic).LogEx(message);
1690
- }
1691
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, message);
1692
- });
1693
- // UpdateInstrument = (instrumentName: Gauge, telemetry: InstrumentBaseTelemetry): void => {
1694
- __privateAdd(this, _HandleUpdateInstrumentEvent, (instrumentName, telemetry) => {
1695
- if (__privateGet(this, _aic)) {
1696
- __privateGet(this, _aic).UpdateInstrument(instrumentName, telemetry);
1697
- }
1698
- });
1699
- __privateAdd(this, _GetStore, () => {
1700
- return STSOauth2Store(__privateGet(this, _options).pinia);
1701
- });
1702
- // Will come from message channel
1703
- __privateAdd(this, _HandleErrorEvent, (error) => {
1704
- if (isNode) ;
1705
- else {
1706
- __privateGet(this, _GetStore).call(this).UpdateError({
1707
- // Authorize applications store
1708
- message: error
1709
- });
1710
- setTimeout(() => {
1711
- __privateGet(this, _router).replace(`${__privateGet(this, _options).uriBase}error`);
1712
- }, 0);
1713
- }
1714
- });
1715
- __privateAdd(this, _HandleAuthenticateEvent, (id_token) => {
1716
- if (isNode) ;
1717
- else {
1718
- if (__privateGet(this, _options).authenticateEvent) {
1719
- __privateGet(this, _options).authenticateEvent(id_token);
1720
- }
1721
- __privateGet(this, _GetStore).call(this).UpdateIdToken(id_token);
1722
- }
1723
- });
1724
- __privateAdd(this, _SetupRoute, (app, router) => {
1725
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.gray(`STSOAuth2Manager:#SetupRoute`));
1726
- router.beforeEach(async (to, from, next) => {
1727
- const oAuth2Manager = app.config.globalProperties.$sts[STSOAuth2ManagerPluginKey];
1728
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.gray(`beforeEach: from: [${from.path}], to: [${to.path}]`));
1729
- if (__privateGet(this, _GetStore).call(this).LoggedIn === false) {
1730
- __privateMethod(this, _STSOAuth2Manager_instances, LogInfoMessage_fn).call(this, `Not logged in`);
1731
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}authorize`) === 0) {
1732
- __privateMethod(this, _STSOAuth2Manager_instances, LogInfoMessage_fn).call(this, `to = ${__privateGet(this, _options).uriBase}authorize`);
1733
- next();
1734
- return;
1735
- } else if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}consent`) === 0) {
1736
- if (__privateGet(this, _GetStore).call(this).id_token) {
1737
- next();
1738
- return;
1739
- }
1740
- }
1741
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}logout`) === 0) {
1742
- next();
1743
- return;
1744
- }
1745
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}error`) === 0) {
1746
- next();
1747
- return;
1748
- }
1749
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}config`) === 0) {
1750
- next();
1751
- return;
1752
- }
1753
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}redirected`) === 0) {
1754
- next();
1755
- return;
1756
- }
1757
- const str = to.query;
1758
- if (str[OAuth2ParameterType.CODE] || str[OAuth2ParameterType.ERROR]) {
1759
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.magenta(`STSOAuth2Manager:#SetupRoute:Processing redirect: [${JSON.stringify(str)}]`));
1760
- const retVal = await oAuth2Manager.HandleRedirect(str);
1761
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.magenta(`STSOAuth2Manager:#SetupRoute:Redirect result: [${retVal}]`));
1762
- if (retVal) {
1763
- next({
1764
- path: `${__privateGet(this, _options).uriBase}`,
1765
- replace: true
1766
- });
1767
- return;
1768
- } else {
1769
- next({
1770
- path: `${__privateGet(this, _options).uriBase}error`,
1771
- replace: true
1772
- });
1773
- return;
1774
- }
1775
- }
1776
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, `STSOAuth2Manager:#SetupRoute:Restoring session`);
1777
- const sessionRestored = await oAuth2Manager.RestoreSession();
1778
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, `STSOAuth2Manager:#SetupRoute:Session restored: [${sessionRestored}]`);
1779
- if (sessionRestored !== true) {
1780
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, `STSOAuth2Manager:#SetupRoute:Session not restored - need to authorize`);
1781
- oAuth2Manager.Authorize();
1782
- next();
1783
- return;
1784
- } else {
1785
- next(`${__privateGet(this, _options).uriBase}`);
1786
- return;
1787
- }
1788
- } else {
1789
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}consent`) === 0) {
1790
- next(`${__privateGet(this, _options).uriBase}`);
1791
- return;
1792
- }
1793
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}authorize`) === 0) {
1794
- next(`${__privateGet(this, _options).uriBase}`);
1795
- return;
1796
- }
1797
- if (to.path.localeCompare(`${__privateGet(this, _options).uriBase}logout`) === 0) {
1798
- next(`${__privateGet(this, _options).uriBase}`);
1799
- return;
1800
- }
1801
- next();
1802
- }
1803
- });
1804
- });
1805
- //@@ this needs to be re-implemented so that access_token never leaves the auth worker
1806
- __publicField(this, "GetAccessToken", async () => {
1807
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.ACCESS_TOKEN });
1808
- return response.payload;
1809
- });
1810
- // Update operation protected using operationSemaphore. This may occur when using workers and/or multiple async fetch operations.
1811
- __publicField(this, "ExecuteRefreshToken", async (retryCount = 0) => {
1812
- if (__privateGet(this, _operationSemaphore) === true) {
1813
- if (retryCount > __privateGet(this, _maxSemaphoreRetries)) {
1814
- throw new Error(`STSOAuth2Manager:ExecuteRefreshToken:maxSemaphoreRetries: [${__privateGet(this, _maxSemaphoreRetries)}] exceeded.`);
1815
- }
1816
- await Sleep(__privateGet(this, _semaphoreRetrySleep));
1817
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.cyan(`STSOAuth2Manager:ExecuteRefreshToken:locked by operationSemaphore, retry count: [${retryCount}]`));
1818
- return await this.ExecuteRefreshToken(retryCount + 1);
1819
- } else {
1820
- __privateSet(this, _operationSemaphore, true);
1821
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.EXECUTE_REFRESH_TOKEN });
1822
- __privateSet(this, _operationSemaphore, false);
1823
- return response.payload;
1824
- }
1825
- });
1826
- __publicField(this, "GetCookies", async () => {
1827
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.COOKIES });
1828
- return response.payload;
1829
- });
1830
- __publicField(this, "RestoreSession", async () => {
1831
- try {
1832
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, `STSOAuth2Manager:RestoreSession:postMessage: [${IOauth2ListenerCommand.RESTORE_SESSION}]`);
1833
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.RESTORE_SESSION });
1834
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, `STSOAuth2Manager:RestoreSession:response: [${JSON.stringify(response.payload)}]`);
1835
- return response.payload;
1836
- } catch (error) {
1837
- __privateMethod(this, _STSOAuth2Manager_instances, LogErrorMessage_fn).call(this, chalk.red(`RestoreSession Error: ${error}`));
1838
- return false;
1839
- }
1840
- });
1841
- __publicField(this, "Authorize", async () => {
1842
- try {
1843
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.AUTHORIZE });
1844
- __privateGet(this, _transactionStore).set(__privateGet(this, _STORAGE_AUTHORIZE_OPTIONS_KEY), response.payload.authorizeOptions);
1845
- const url = response.payload.url;
1846
- if (!isNode) {
1847
- window.location.replace(url);
1848
- } else {
1849
- return response.payload.authorizeOptionsClientCopy;
1850
- }
1851
- } catch (error) {
1852
- __privateMethod(this, _STSOAuth2Manager_instances, LogErrorMessage_fn).call(this, chalk.red(`Authorize Error: ${error}`));
1853
- }
1854
- return {};
1855
- });
1856
- __publicField(this, "HandleRedirect", async (queryVars) => {
1857
- try {
1858
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.magenta(`STSOAuth2Manager:HandleRedirect`));
1859
- let response = null;
1860
- if (queryVars[OAuth2ParameterType.CODE]) {
1861
- const authorizeOptions = __privateGet(this, _transactionStore).get(__privateGet(this, _STORAGE_AUTHORIZE_OPTIONS_KEY));
1862
- __privateGet(this, _transactionStore).remove(__privateGet(this, _STORAGE_AUTHORIZE_OPTIONS_KEY));
1863
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.magenta(`STSOAuth2Manager:HandleRedirect: sending HANDLE_REDIRECT command`));
1864
- response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: {
1865
- queryVars,
1866
- authorizeOptions
1867
- } });
1868
- } else {
1869
- response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: queryVars });
1870
- }
1871
- __privateMethod(this, _STSOAuth2Manager_instances, LogDebugMessage_fn).call(this, chalk.magenta(`STSOAuth2Manager:HandleRedirect: HANDLE_REDIRECT response: [${JSON.stringify(response)}]`));
1872
- return response.payload;
1873
- } catch (error) {
1874
- __privateMethod(this, _STSOAuth2Manager_instances, LogErrorMessage_fn).call(this, chalk.red(`HandleRedirect Error: ${error}`));
1875
- return false;
1876
- }
1877
- });
1878
- __publicField(this, "Logout", async () => {
1879
- try {
1880
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.LOGOUT });
1881
- return response.payload;
1882
- } catch (error) {
1883
- __privateMethod(this, _STSOAuth2Manager_instances, LogErrorMessage_fn).call(this, chalk.red(`Logout Error: ${error}`));
1884
- return false;
1885
- }
1886
- });
1887
- __publicField(this, "InvokeExternalAPI", async () => {
1888
- try {
1889
- const response = await __privateGet(this, _PostMessage).call(this, { command: IOauth2ListenerCommand.LOGOUT });
1890
- return response.payload;
1891
- } catch (error) {
1892
- __privateMethod(this, _STSOAuth2Manager_instances, LogErrorMessage_fn).call(this, chalk.red(`InvokeExternalAPI Error: ${error}`));
1893
- return null;
1894
- }
1895
- });
1896
- __publicField(this, "LoggedIn", () => {
1897
- try {
1898
- return __privateGet(this, _GetStore).call(this).LoggedIn;
1899
- } catch (error) {
1900
- return false;
1901
- }
1902
- });
1903
- __privateSet(this, _options, options);
1620
+ this.#options = options;
1904
1621
  if (!isNode) {
1905
1622
  if (app.config.globalProperties.$sts[STSInstrumentControllerPluginKey]) {
1906
1623
  const STSInstrumentController = app.config.globalProperties.$sts[STSInstrumentControllerPluginKey];
1907
- __privateSet(this, _aic, STSInstrumentController);
1624
+ this.#aic = STSInstrumentController;
1908
1625
  }
1909
- __privateSet(this, _router, app.config.globalProperties.$router);
1626
+ this.#router = app.config.globalProperties.$router;
1910
1627
  }
1911
1628
  if (isNode) {
1912
- __privateSet(this, _transactionStore, new ClientStorageFactory({ clientStorageType: ClientStorageType.MEMORY_STORAGE, usePrefix: false }).GetStorage());
1629
+ this.#transactionStore = new ClientStorageFactory({ clientStorageType: ClientStorageType.MEMORY_STORAGE, usePrefix: false }).GetStorage();
1913
1630
  } else {
1914
- __privateSet(this, _transactionStore, new ClientStorageFactory({ clientStorageType: ClientStorageType.SESSION_STORAGE, usePrefix: false }).GetStorage());
1631
+ this.#transactionStore = new ClientStorageFactory({ clientStorageType: ClientStorageType.SESSION_STORAGE, usePrefix: false }).GetStorage();
1915
1632
  }
1916
- if (__privateGet(this, _options).workerFactory) {
1917
- __privateSet(this, _worker, __privateGet(this, _options).workerFactory());
1633
+ if (this.#options.workerFactory) {
1634
+ this.#worker = this.#options.workerFactory();
1918
1635
  } else {
1919
1636
  throw new Error(`STSOAuth2Manager:constructor: Cannot init STSOAuth2Manager - this.#options.workerFactory not specified`);
1920
1637
  }
1921
1638
  if (!isNode) {
1922
- __privateGet(this, _worker).onmessage = (data) => {
1923
- __privateMethod(this, _STSOAuth2Manager_instances, LogInfoMessage_fn).call(this, chalk.green(`this.#worker.onmessage = [${data}]`));
1639
+ this.#worker.onmessage = (data) => {
1640
+ this.#LogInfoMessage(chalk.green(`this.#worker.onmessage = [${data}]`));
1924
1641
  };
1925
- __privateGet(this, _worker).onerror = (error) => {
1926
- __privateMethod(this, _STSOAuth2Manager_instances, LogInfoMessage_fn).call(this, chalk.green(`this.#worker.onerror = [${JSON.stringify(error)}]`));
1642
+ this.#worker.onerror = (error) => {
1643
+ this.#LogInfoMessage(chalk.green(`this.#worker.onerror = [${JSON.stringify(error)}]`));
1927
1644
  };
1928
1645
  }
1929
1646
  let workerMessage;
@@ -1934,14 +1651,14 @@ class STSOAuth2Manager {
1934
1651
  port2: oauth2WorkerPort
1935
1652
  // worker port
1936
1653
  } = new wt.MessageChannel();
1937
- __privateSet(this, _oauth2ManagerPort, oauth2ManagerPort);
1654
+ this.#oauth2ManagerPort = oauth2ManagerPort;
1938
1655
  workerMessage = {
1939
1656
  workerPort: oauth2WorkerPort,
1940
- options: __privateGet(this, _options).workerOptions
1657
+ options: this.#options.workerOptions
1941
1658
  };
1942
- __privateGet(this, _worker).postMessage(workerMessage, [oauth2WorkerPort]);
1943
- __privateGet(this, _oauth2ManagerPort).on("message", (payload) => {
1944
- __privateGet(this, _ProcessMessageResponse).call(this, payload);
1659
+ this.#worker.postMessage(workerMessage, [oauth2WorkerPort]);
1660
+ this.#oauth2ManagerPort.on("message", (payload) => {
1661
+ this.#ProcessMessageResponse(payload);
1945
1662
  }).unref();
1946
1663
  } else {
1947
1664
  const {
@@ -1950,50 +1667,290 @@ class STSOAuth2Manager {
1950
1667
  port2: oauth2WorkerPort
1951
1668
  // worker port
1952
1669
  } = new MessageChannel();
1953
- __privateSet(this, _oauth2ManagerPort, oauth2ManagerPort);
1670
+ this.#oauth2ManagerPort = oauth2ManagerPort;
1954
1671
  workerMessage = {
1955
1672
  workerPort: oauth2WorkerPort,
1956
- options: __privateGet(this, _options).workerOptions
1673
+ options: this.#options.workerOptions
1957
1674
  };
1958
- __privateGet(this, _worker).postMessage(workerMessage, [oauth2WorkerPort]);
1959
- __privateGet(this, _oauth2ManagerPort).onmessage = (data) => {
1960
- __privateGet(this, _ProcessMessageResponse).call(this, data.data);
1675
+ this.#worker.postMessage(workerMessage, [oauth2WorkerPort]);
1676
+ this.#oauth2ManagerPort.onmessage = (data) => {
1677
+ this.#ProcessMessageResponse(data.data);
1961
1678
  };
1962
- __privateGet(this, _SetupRoute).call(this, app, __privateGet(this, _router));
1679
+ this.#SetupRoute(app, this.#router);
1963
1680
  }
1964
1681
  }
1682
+ #LogDebugMessage(message) {
1683
+ this.#options.logger.debug(message);
1684
+ }
1685
+ #LogInfoMessage(message) {
1686
+ this.#options.logger.info(message);
1687
+ }
1688
+ #LogErrorMessage(message) {
1689
+ this.#options.logger.error(message);
1690
+ }
1691
+ #ProcessMessageResponse = (data) => {
1692
+ const messageResponse = data;
1693
+ this.#LogDebugMessage(chalk.yellow(`STSOAuth2Manager:#ProcessMessageResponse: message data = [${JSON.stringify(messageResponse)}]`));
1694
+ if (messageResponse.messageId === -1) {
1695
+ switch (messageResponse.command) {
1696
+ case IOauth2ListenerCommand.AUTHENTICATE_EVENT:
1697
+ this.#HandleAuthenticateEvent(messageResponse.payload);
1698
+ break;
1699
+ case IOauth2ListenerCommand.ERROR:
1700
+ this.#HandleErrorEvent(messageResponse.payload);
1701
+ break;
1702
+ case IOauth2ListenerCommand.LOG:
1703
+ this.#HandleLogEvent(messageResponse.payload);
1704
+ break;
1705
+ case IOauth2ListenerCommand.UPDATE_INSTRUMENT:
1706
+ this.#HandleUpdateInstrumentEvent(messageResponse.payload.instrumentName, messageResponse.payload.telemetry);
1707
+ break;
1708
+ default:
1709
+ throw new Error(`ProcessMessageResponse command [${messageResponse.command}] not valid.`);
1710
+ }
1711
+ } else {
1712
+ const callBack = this.#messageHandlers[messageResponse.messageId];
1713
+ if (callBack) {
1714
+ callBack(messageResponse);
1715
+ } else {
1716
+ throw new Error(`Message: [${messageResponse.messageId}] does not exists in callBacks.`);
1717
+ }
1718
+ }
1719
+ };
1720
+ #PostMessage = (message) => {
1721
+ message.messageId = this.#messageId++;
1722
+ return new Promise((resolve, reject) => {
1723
+ const timeout = setTimeout(() => {
1724
+ delete this.#messageHandlers[message.messageId];
1725
+ reject(`Message: [${message.messageId}] timeout error after: [${this.#messageTimeout}] ms.`);
1726
+ }, this.#messageTimeout);
1727
+ this.#messageHandlers[message.messageId] = (response) => {
1728
+ clearTimeout(timeout);
1729
+ delete this.#messageHandlers[message.messageId];
1730
+ this.#LogDebugMessage(chalk.yellow(`STSOAuth2Manager:#PostMessage: resolve callback response= [${JSON.stringify(response)}]`));
1731
+ resolve(response);
1732
+ };
1733
+ this.#LogDebugMessage(chalk.yellow(`STSOAuth2Manager:#PostMessage: posting message = [${JSON.stringify(message)}]`));
1734
+ this.#oauth2ManagerPort.postMessage(message);
1735
+ });
1736
+ };
1737
+ #HandleLogEvent = (message) => {
1738
+ if (this.#aic) {
1739
+ this.#aic.LogEx(message);
1740
+ }
1741
+ this.#LogDebugMessage(message);
1742
+ };
1743
+ // UpdateInstrument = (instrumentName: Gauge, telemetry: InstrumentBaseTelemetry): void => {
1744
+ #HandleUpdateInstrumentEvent = (instrumentName, telemetry) => {
1745
+ if (this.#aic) {
1746
+ this.#aic.UpdateInstrument(instrumentName, telemetry);
1747
+ }
1748
+ };
1749
+ #GetStore = () => {
1750
+ return STSOauth2Store(this.#options.pinia);
1751
+ };
1752
+ // Will come from message channel
1753
+ #HandleErrorEvent = (error) => {
1754
+ if (isNode) ;
1755
+ else {
1756
+ this.#GetStore().UpdateError({
1757
+ // Authorize applications store
1758
+ message: error
1759
+ });
1760
+ setTimeout(() => {
1761
+ this.#router.replace(`${this.#options.uriBase}error`);
1762
+ }, 0);
1763
+ }
1764
+ };
1765
+ #HandleAuthenticateEvent = (id_token) => {
1766
+ if (isNode) ;
1767
+ else {
1768
+ if (this.#options.authenticateEvent) {
1769
+ this.#options.authenticateEvent(id_token);
1770
+ }
1771
+ this.#GetStore().UpdateIdToken(id_token);
1772
+ }
1773
+ };
1774
+ #SetupRoute = (app, router) => {
1775
+ this.#LogDebugMessage(chalk.gray(`STSOAuth2Manager:#SetupRoute`));
1776
+ router.beforeEach(async (to, from, next) => {
1777
+ const oAuth2Manager = app.config.globalProperties.$sts[STSOAuth2ManagerPluginKey];
1778
+ this.#LogDebugMessage(chalk.gray(`beforeEach: from: [${from.path}], to: [${to.path}]`));
1779
+ if (this.#GetStore().LoggedIn === false) {
1780
+ this.#LogInfoMessage(`Not logged in`);
1781
+ if (to.path.localeCompare(`${this.#options.uriBase}authorize`) === 0) {
1782
+ this.#LogInfoMessage(`to = ${this.#options.uriBase}authorize`);
1783
+ next();
1784
+ return;
1785
+ } else if (to.path.localeCompare(`${this.#options.uriBase}consent`) === 0) {
1786
+ if (this.#GetStore().id_token) {
1787
+ next();
1788
+ return;
1789
+ }
1790
+ }
1791
+ if (to.path.localeCompare(`${this.#options.uriBase}logout`) === 0) {
1792
+ next();
1793
+ return;
1794
+ }
1795
+ if (to.path.localeCompare(`${this.#options.uriBase}error`) === 0) {
1796
+ next();
1797
+ return;
1798
+ }
1799
+ if (to.path.localeCompare(`${this.#options.uriBase}config`) === 0) {
1800
+ next();
1801
+ return;
1802
+ }
1803
+ if (to.path.localeCompare(`${this.#options.uriBase}redirected`) === 0) {
1804
+ next();
1805
+ return;
1806
+ }
1807
+ const str = to.query;
1808
+ if (str[OAuth2ParameterType.CODE] || str[OAuth2ParameterType.ERROR]) {
1809
+ this.#LogDebugMessage(chalk.magenta(`STSOAuth2Manager:#SetupRoute:Processing redirect: [${JSON.stringify(str)}]`));
1810
+ const retVal = await oAuth2Manager.HandleRedirect(str);
1811
+ this.#LogDebugMessage(chalk.magenta(`STSOAuth2Manager:#SetupRoute:Redirect result: [${retVal}]`));
1812
+ if (retVal) {
1813
+ next({
1814
+ path: `${this.#options.uriBase}`,
1815
+ replace: true
1816
+ });
1817
+ return;
1818
+ } else {
1819
+ next({
1820
+ path: `${this.#options.uriBase}error`,
1821
+ replace: true
1822
+ });
1823
+ return;
1824
+ }
1825
+ }
1826
+ this.#LogDebugMessage(`STSOAuth2Manager:#SetupRoute:Restoring session`);
1827
+ const sessionRestored = await oAuth2Manager.RestoreSession();
1828
+ this.#LogDebugMessage(`STSOAuth2Manager:#SetupRoute:Session restored: [${sessionRestored}]`);
1829
+ if (sessionRestored !== true) {
1830
+ this.#LogDebugMessage(`STSOAuth2Manager:#SetupRoute:Session not restored - need to authorize`);
1831
+ oAuth2Manager.Authorize();
1832
+ next();
1833
+ return;
1834
+ } else {
1835
+ next(`${this.#options.uriBase}`);
1836
+ return;
1837
+ }
1838
+ } else {
1839
+ if (to.path.localeCompare(`${this.#options.uriBase}consent`) === 0) {
1840
+ next(`${this.#options.uriBase}`);
1841
+ return;
1842
+ }
1843
+ if (to.path.localeCompare(`${this.#options.uriBase}authorize`) === 0) {
1844
+ next(`${this.#options.uriBase}`);
1845
+ return;
1846
+ }
1847
+ if (to.path.localeCompare(`${this.#options.uriBase}logout`) === 0) {
1848
+ next(`${this.#options.uriBase}`);
1849
+ return;
1850
+ }
1851
+ next();
1852
+ }
1853
+ });
1854
+ };
1855
+ //@@ this needs to be re-implemented so that access_token never leaves the auth worker
1856
+ GetAccessToken = async () => {
1857
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.ACCESS_TOKEN });
1858
+ return response.payload;
1859
+ };
1860
+ // Update operation protected using operationSemaphore. This may occur when using workers and/or multiple async fetch operations.
1861
+ ExecuteRefreshToken = async (retryCount = 0) => {
1862
+ if (this.#operationSemaphore === true) {
1863
+ if (retryCount > this.#maxSemaphoreRetries) {
1864
+ throw new Error(`STSOAuth2Manager:ExecuteRefreshToken:maxSemaphoreRetries: [${this.#maxSemaphoreRetries}] exceeded.`);
1865
+ }
1866
+ await Sleep(this.#semaphoreRetrySleep);
1867
+ this.#LogDebugMessage(chalk.cyan(`STSOAuth2Manager:ExecuteRefreshToken:locked by operationSemaphore, retry count: [${retryCount}]`));
1868
+ return await this.ExecuteRefreshToken(retryCount + 1);
1869
+ } else {
1870
+ this.#operationSemaphore = true;
1871
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.EXECUTE_REFRESH_TOKEN });
1872
+ this.#operationSemaphore = false;
1873
+ return response.payload;
1874
+ }
1875
+ };
1876
+ GetCookies = async () => {
1877
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.COOKIES });
1878
+ return response.payload;
1879
+ };
1880
+ RestoreSession = async () => {
1881
+ try {
1882
+ this.#LogDebugMessage(`STSOAuth2Manager:RestoreSession:postMessage: [${IOauth2ListenerCommand.RESTORE_SESSION}]`);
1883
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.RESTORE_SESSION });
1884
+ this.#LogDebugMessage(`STSOAuth2Manager:RestoreSession:response: [${JSON.stringify(response.payload)}]`);
1885
+ return response.payload;
1886
+ } catch (error) {
1887
+ this.#LogErrorMessage(chalk.red(`RestoreSession Error: ${error}`));
1888
+ return false;
1889
+ }
1890
+ };
1891
+ Authorize = async () => {
1892
+ try {
1893
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.AUTHORIZE });
1894
+ this.#transactionStore.set(this.#STORAGE_AUTHORIZE_OPTIONS_KEY, response.payload.authorizeOptions);
1895
+ const url = response.payload.url;
1896
+ if (!isNode) {
1897
+ window.location.replace(url);
1898
+ } else {
1899
+ return response.payload.authorizeOptionsClientCopy;
1900
+ }
1901
+ } catch (error) {
1902
+ this.#LogErrorMessage(chalk.red(`Authorize Error: ${error}`));
1903
+ }
1904
+ return {};
1905
+ };
1906
+ HandleRedirect = async (queryVars) => {
1907
+ try {
1908
+ this.#LogDebugMessage(chalk.magenta(`STSOAuth2Manager:HandleRedirect`));
1909
+ let response = null;
1910
+ if (queryVars[OAuth2ParameterType.CODE]) {
1911
+ const authorizeOptions = this.#transactionStore.get(this.#STORAGE_AUTHORIZE_OPTIONS_KEY);
1912
+ this.#transactionStore.remove(this.#STORAGE_AUTHORIZE_OPTIONS_KEY);
1913
+ this.#LogDebugMessage(chalk.magenta(`STSOAuth2Manager:HandleRedirect: sending HANDLE_REDIRECT command`));
1914
+ response = await this.#PostMessage({ command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: {
1915
+ queryVars,
1916
+ authorizeOptions
1917
+ } });
1918
+ } else {
1919
+ response = await this.#PostMessage({ command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: queryVars });
1920
+ }
1921
+ this.#LogDebugMessage(chalk.magenta(`STSOAuth2Manager:HandleRedirect: HANDLE_REDIRECT response: [${JSON.stringify(response)}]`));
1922
+ return response.payload;
1923
+ } catch (error) {
1924
+ this.#LogErrorMessage(chalk.red(`HandleRedirect Error: ${error}`));
1925
+ return false;
1926
+ }
1927
+ };
1928
+ Logout = async () => {
1929
+ try {
1930
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.LOGOUT });
1931
+ return response.payload;
1932
+ } catch (error) {
1933
+ this.#LogErrorMessage(chalk.red(`Logout Error: ${error}`));
1934
+ return false;
1935
+ }
1936
+ };
1937
+ InvokeExternalAPI = async () => {
1938
+ try {
1939
+ const response = await this.#PostMessage({ command: IOauth2ListenerCommand.LOGOUT });
1940
+ return response.payload;
1941
+ } catch (error) {
1942
+ this.#LogErrorMessage(chalk.red(`InvokeExternalAPI Error: ${error}`));
1943
+ return null;
1944
+ }
1945
+ };
1946
+ LoggedIn = () => {
1947
+ try {
1948
+ return this.#GetStore().LoggedIn;
1949
+ } catch (error) {
1950
+ return false;
1951
+ }
1952
+ };
1965
1953
  }
1966
- _router = new WeakMap();
1967
- _STORAGE_AUTHORIZE_OPTIONS_KEY = new WeakMap();
1968
- _aic = new WeakMap();
1969
- _options = new WeakMap();
1970
- _oauth2ManagerPort = new WeakMap();
1971
- _messageId = new WeakMap();
1972
- _messageHandlers = new WeakMap();
1973
- _messageTimeout = new WeakMap();
1974
- _worker = new WeakMap();
1975
- _transactionStore = new WeakMap();
1976
- _operationSemaphore = new WeakMap();
1977
- _maxSemaphoreRetries = new WeakMap();
1978
- _semaphoreRetrySleep = new WeakMap();
1979
- _STSOAuth2Manager_instances = new WeakSet();
1980
- LogDebugMessage_fn = function(message) {
1981
- __privateGet(this, _options).logger.debug(message);
1982
- };
1983
- LogInfoMessage_fn = function(message) {
1984
- __privateGet(this, _options).logger.info(message);
1985
- };
1986
- LogErrorMessage_fn = function(message) {
1987
- __privateGet(this, _options).logger.error(message);
1988
- };
1989
- _ProcessMessageResponse = new WeakMap();
1990
- _PostMessage = new WeakMap();
1991
- _HandleLogEvent = new WeakMap();
1992
- _HandleUpdateInstrumentEvent = new WeakMap();
1993
- _GetStore = new WeakMap();
1994
- _HandleErrorEvent = new WeakMap();
1995
- _HandleAuthenticateEvent = new WeakMap();
1996
- _SetupRoute = new WeakMap();
1997
1954
  var sha256$2 = { exports: {} };
1998
1955
  function commonjsRequire(path) {
1999
1956
  throw new Error('Could not dynamically require "' + path + '". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.');
@@ -2010,7 +1967,7 @@ function requireCore() {
2010
1967
  module.exports = factory();
2011
1968
  }
2012
1969
  })(core, function() {
2013
- var CryptoJS = CryptoJS || function(Math2, undefined$1) {
1970
+ var CryptoJS = CryptoJS || (function(Math2, undefined$1) {
2014
1971
  var crypto2;
2015
1972
  if (typeof window !== "undefined" && window.crypto) {
2016
1973
  crypto2 = window.crypto;
@@ -2050,7 +2007,7 @@ function requireCore() {
2050
2007
  }
2051
2008
  throw new Error("Native crypto module could not be used to get secure random number.");
2052
2009
  };
2053
- var create = Object.create || /* @__PURE__ */ function() {
2010
+ var create = Object.create || /* @__PURE__ */ (function() {
2054
2011
  function F() {
2055
2012
  }
2056
2013
  return function(obj) {
@@ -2060,10 +2017,10 @@ function requireCore() {
2060
2017
  F.prototype = null;
2061
2018
  return subtype;
2062
2019
  };
2063
- }();
2020
+ })();
2064
2021
  var C = {};
2065
2022
  var C_lib = C.lib = {};
2066
- var Base = C_lib.Base = /* @__PURE__ */ function() {
2023
+ var Base = C_lib.Base = /* @__PURE__ */ (function() {
2067
2024
  return {
2068
2025
  /**
2069
2026
  * Creates a new object that inherits from this object.
@@ -2162,7 +2119,7 @@ function requireCore() {
2162
2119
  return this.init.prototype.extend(this);
2163
2120
  }
2164
2121
  };
2165
- }();
2122
+ })();
2166
2123
  var WordArray = C_lib.WordArray = Base.extend({
2167
2124
  /**
2168
2125
  * Initializes a newly created word array.
@@ -2600,7 +2557,7 @@ function requireCore() {
2600
2557
  });
2601
2558
  var C_algo = C.algo = {};
2602
2559
  return C;
2603
- }(Math);
2560
+ })(Math);
2604
2561
  return CryptoJS;
2605
2562
  });
2606
2563
  })(core$1);
@@ -2839,62 +2796,59 @@ function requireEncBase64() {
2839
2796
  var encBase64Exports = requireEncBase64();
2840
2797
  const Base64 = /* @__PURE__ */ getDefaultExportFromCjs(encBase64Exports);
2841
2798
  class CryptoUtils {
2799
+ #crypto;
2842
2800
  constructor() {
2843
- __privateAdd(this, _crypto);
2844
- __publicField(this, "DigestMessage", async function(message) {
2845
- const hashDigest = sha256(message);
2846
- return Base64.stringify(hashDigest);
2847
- });
2848
- __publicField(this, "CreateRandomString", (size = 43) => {
2849
- const randomValues = Array.from(__privateGet(this, _crypto).getRandomValues(new Uint8Array(size)));
2850
- const b64 = btoa(String.fromCharCode(...randomValues));
2851
- return b64;
2852
- });
2853
2801
  try {
2854
- __privateSet(this, _crypto, crypto);
2802
+ this.#crypto = crypto;
2855
2803
  } catch {
2856
- __privateSet(this, _crypto, require("node:crypto"));
2804
+ this.#crypto = require("node:crypto");
2857
2805
  }
2858
2806
  }
2807
+ DigestMessage = async function(message) {
2808
+ const hashDigest = sha256(message);
2809
+ return Base64.stringify(hashDigest);
2810
+ };
2811
+ CreateRandomString = (size = 43) => {
2812
+ const randomValues = Array.from(this.#crypto.getRandomValues(new Uint8Array(size)));
2813
+ const b64 = btoa(String.fromCharCode(...randomValues));
2814
+ return b64;
2815
+ };
2859
2816
  }
2860
- _crypto = new WeakMap();
2861
2817
  class QueryParams {
2862
- constructor() {
2863
- __publicField(this, "DecodeQueryParams", (params) => {
2864
- const retObj = {};
2865
- Object.keys(params).filter((k) => typeof params[k] !== "undefined").map((k) => {
2866
- retObj[decodeURIComponent(k)] = decodeURIComponent(params[k]);
2867
- });
2868
- return retObj;
2818
+ DecodeQueryParams = (params) => {
2819
+ const retObj = {};
2820
+ Object.keys(params).filter((k) => typeof params[k] !== "undefined").map((k) => {
2821
+ retObj[decodeURIComponent(k)] = decodeURIComponent(params[k]);
2869
2822
  });
2870
- __publicField(this, "CreateQueryParams", (params) => {
2871
- return Object.keys(params).filter((k) => typeof params[k] !== "undefined").map((k) => {
2872
- if (Array.isArray(params[k])) {
2873
- return encodeURIComponent(k) + "=" + encodeURIComponent(params[k].join(" "));
2874
- } else {
2875
- return encodeURIComponent(k) + "=" + encodeURIComponent(params[k]);
2876
- }
2877
- }).join("&");
2878
- });
2879
- __publicField(this, "_GetQueryParams", (param) => {
2880
- let retVal = {};
2881
- const uri = param.split("?");
2882
- if (uri.length == 2) {
2883
- const vars = uri[1].split("&");
2884
- const getVars = {};
2885
- let tmp;
2886
- vars.forEach(function(v) {
2887
- tmp = v.split("=");
2888
- if (tmp.length == 2) getVars[tmp[0]] = tmp[1];
2889
- });
2890
- retVal = this.DecodeQueryParams(getVars);
2823
+ return retObj;
2824
+ };
2825
+ CreateQueryParams = (params) => {
2826
+ return Object.keys(params).filter((k) => typeof params[k] !== "undefined").map((k) => {
2827
+ if (Array.isArray(params[k])) {
2828
+ return encodeURIComponent(k) + "=" + encodeURIComponent(params[k].join(" "));
2829
+ } else {
2830
+ return encodeURIComponent(k) + "=" + encodeURIComponent(params[k]);
2891
2831
  }
2892
- return retVal;
2893
- });
2894
- __publicField(this, "GetQueryParams", () => {
2895
- return this._GetQueryParams(window.location.href);
2896
- });
2897
- }
2832
+ }).join("&");
2833
+ };
2834
+ _GetQueryParams = (param) => {
2835
+ let retVal = {};
2836
+ const uri = param.split("?");
2837
+ if (uri.length == 2) {
2838
+ const vars = uri[1].split("&");
2839
+ const getVars = {};
2840
+ let tmp;
2841
+ vars.forEach(function(v) {
2842
+ tmp = v.split("=");
2843
+ if (tmp.length == 2) getVars[tmp[0]] = tmp[1];
2844
+ });
2845
+ retVal = this.DecodeQueryParams(getVars);
2846
+ }
2847
+ return retVal;
2848
+ };
2849
+ GetQueryParams = () => {
2850
+ return this._GetQueryParams(window.location.href);
2851
+ };
2898
2852
  }
2899
2853
  var StatusCodes;
2900
2854
  (function(StatusCodes2) {
@@ -2958,494 +2912,470 @@ var StatusCodes;
2958
2912
  StatusCodes2[StatusCodes2["NETWORK_AUTHENTICATION_REQUIRED"] = 511] = "NETWORK_AUTHENTICATION_REQUIRED";
2959
2913
  })(StatusCodes || (StatusCodes = {}));
2960
2914
  class STSOAuth2Worker {
2915
+ //#storageManager = null;
2916
+ #clientSessionStore;
2917
+ #cUtils = new CryptoUtils();
2918
+ #qParams = new QueryParams();
2919
+ #STORAGE_SESSION_KEY = "session.stsmda.com.au";
2920
+ //@@#aic = null;
2921
+ #oauthWorkerPort;
2922
+ #options;
2923
+ #logger;
2924
+ #agentManager = null;
2961
2925
  constructor(workerPort, options, logger) {
2962
- __privateAdd(this, _STSOAuth2Worker_instances);
2963
- //#storageManager = null;
2964
- __privateAdd(this, _clientSessionStore);
2965
- __privateAdd(this, _cUtils, new CryptoUtils());
2966
- __privateAdd(this, _qParams, new QueryParams());
2967
- __privateAdd(this, _STORAGE_SESSION_KEY, "session.stsmda.com.au");
2968
- //@@#aic = null;
2969
- __privateAdd(this, _oauthWorkerPort);
2970
- __privateAdd(this, _options2);
2971
- __privateAdd(this, _logger);
2972
- __privateAdd(this, _agentManager, null);
2973
- // Attempt to restore a previous session using the STSBroker
2974
- /*
2975
- { parameterType: OAuth2ParameterType.CLIENT_ID, errorType: authErrorType.CLIENT_ID_MISMATCH },
2976
- { parameterType: OAuth2ParameterType.SCOPE, errorType: authErrorType.SCOPE_MISMATCH }
2977
- { parameterType: OAuth2ParameterType.REDIRECT_URI, errorType: authErrorType.REDIRECT_URI_MISMATCH },
2978
- { parameterType: OAuth2ParameterType.AUDIENCE, errorType: authErrorType.SCOPE_MISMATCH }
2979
-
2980
- Successful Response
2981
- {
2982
- "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
2983
- "token_type": "Bearer",
2984
- "expires_in": 3599,
2985
- "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
2986
- "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
2987
- "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
2988
- }
2989
-
2990
- Error Response
2991
- {
2992
- "error": "invalid_scope",
2993
- "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
2994
- "error_codes": [
2995
- 70011
2996
- ],
2997
- "timestamp": "2016-01-09 02:02:12Z",
2926
+ this.#options = options;
2927
+ this.#logger = logger;
2928
+ this.#LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);
2929
+ this.#clientSessionStore = new ClientStorageFactory({ clientStorageType: ClientStorageType.MEMORY_STORAGE, usePrefix: false }).GetStorage();
2930
+ this.#oauthWorkerPort = workerPort;
2931
+ this.#LogDebugMessage(`STSOAuth2Worker:constructor:#oauthWorkerPort: [${JSON.stringify(this.#oauthWorkerPort)}]`);
2932
+ if (isNode && this.#options.agentOptions) {
2933
+ this.#agentManager = new AgentManager({
2934
+ agentOptions: this.#options.agentOptions,
2935
+ httpAgentFactory(options2) {
2936
+ return new http.Agent(options2);
2937
+ },
2938
+ httpsAgentFactory(options2) {
2939
+ return new https.Agent(options2);
2998
2940
  }
2999
-
3000
- */
3001
- __privateAdd(this, _HandleAuthenticateEvent2, (id_token) => {
3002
- const message = {
3003
- messageId: -1,
3004
- // un-solicited message
3005
- command: IOauth2ListenerCommand.AUTHENTICATE_EVENT
3006
- };
3007
- __privateGet(this, _ProcessCommand).call(this, message, id_token);
3008
- });
3009
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3010
- __privateAdd(this, _HandleErrorEvent2, (error) => {
3011
- const message = {
3012
- messageId: -1,
3013
- // un-solicited message
3014
- command: IOauth2ListenerCommand.ERROR
3015
- };
3016
- __privateGet(this, _ProcessCommand).call(this, message, error);
3017
- });
3018
- __privateAdd(this, _LogMessage, (messageToSend) => {
3019
- const message = {
3020
- messageId: -1,
3021
- // un-solicited message
3022
- command: IOauth2ListenerCommand.LOG
3023
- };
3024
- __privateGet(this, _ProcessCommand).call(this, message, messageToSend);
2941
+ });
2942
+ }
2943
+ this.SetupListener();
2944
+ this.#UpdateInstrument(Gauge.LOGGER, {
2945
+ LogMessage: `STSOauth2 Plugin - Successfully Loaded`
3025
2946
  });
3026
- __privateAdd(this, _GetAccessToken, () => {
3027
- const sessionData = __privateGet(this, _clientSessionStore).get(__privateGet(this, _STORAGE_SESSION_KEY));
2947
+ }
2948
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
2949
+ #LogDebugMessage(message) {
2950
+ this.#logger.debug(message);
2951
+ }
2952
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
2953
+ #LogInfoMessage(message) {
2954
+ this.#logger.info(message);
2955
+ }
2956
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
2957
+ #LogErrorMessage(message) {
2958
+ this.#logger.error(message);
2959
+ }
2960
+ // Attempt to restore a previous session using the STSBroker
2961
+ /*
2962
+ { parameterType: OAuth2ParameterType.CLIENT_ID, errorType: authErrorType.CLIENT_ID_MISMATCH },
2963
+ { parameterType: OAuth2ParameterType.SCOPE, errorType: authErrorType.SCOPE_MISMATCH }
2964
+ { parameterType: OAuth2ParameterType.REDIRECT_URI, errorType: authErrorType.REDIRECT_URI_MISMATCH },
2965
+ { parameterType: OAuth2ParameterType.AUDIENCE, errorType: authErrorType.SCOPE_MISMATCH }
2966
+
2967
+ Successful Response
2968
+ {
2969
+ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
2970
+ "token_type": "Bearer",
2971
+ "expires_in": 3599,
2972
+ "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
2973
+ "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
2974
+ "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
2975
+ }
2976
+
2977
+ Error Response
2978
+ {
2979
+ "error": "invalid_scope",
2980
+ "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
2981
+ "error_codes": [
2982
+ 70011
2983
+ ],
2984
+ "timestamp": "2016-01-09 02:02:12Z",
2985
+ }
2986
+
2987
+ */
2988
+ #HandleAuthenticateEvent = (id_token) => {
2989
+ const message = {
2990
+ messageId: -1,
2991
+ // un-solicited message
2992
+ command: IOauth2ListenerCommand.AUTHENTICATE_EVENT
2993
+ };
2994
+ this.#ProcessCommand(message, id_token);
2995
+ };
2996
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
2997
+ #HandleErrorEvent = (error) => {
2998
+ const message = {
2999
+ messageId: -1,
3000
+ // un-solicited message
3001
+ command: IOauth2ListenerCommand.ERROR
3002
+ };
3003
+ this.#ProcessCommand(message, error);
3004
+ };
3005
+ #LogMessage = (messageToSend) => {
3006
+ const message = {
3007
+ messageId: -1,
3008
+ // un-solicited message
3009
+ command: IOauth2ListenerCommand.LOG
3010
+ };
3011
+ this.#ProcessCommand(message, messageToSend);
3012
+ };
3013
+ #GetAccessToken = () => {
3014
+ const sessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
3015
+ if (sessionData) {
3016
+ const tokens = sessionData.tokenResponse;
3017
+ return tokens.access_token;
3018
+ } else {
3019
+ return null;
3020
+ }
3021
+ };
3022
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
3023
+ #GetCookies = () => {
3024
+ if (isNode) {
3025
+ const sessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
3028
3026
  if (sessionData) {
3029
- const tokens = sessionData.tokenResponse;
3030
- return tokens.access_token;
3027
+ return sessionData.brokerCookie;
3031
3028
  } else {
3032
3029
  return null;
3033
3030
  }
3031
+ } else {
3032
+ return null;
3033
+ }
3034
+ };
3035
+ #UpdateInstrument = (instrumentName, telemetry) => {
3036
+ const message = {
3037
+ messageId: -1,
3038
+ // un-solicited message
3039
+ command: IOauth2ListenerCommand.UPDATE_INSTRUMENT
3040
+ };
3041
+ this.#ProcessCommand(message, {
3042
+ instrumentName,
3043
+ telemetry
3034
3044
  });
3035
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3036
- __privateAdd(this, _GetCookies, () => {
3037
- if (isNode) {
3038
- const sessionData = __privateGet(this, _clientSessionStore).get(__privateGet(this, _STORAGE_SESSION_KEY));
3039
- if (sessionData) {
3040
- return sessionData.brokerCookie;
3041
- } else {
3042
- return null;
3043
- }
3044
- } else {
3045
- return null;
3045
+ };
3046
+ SetupListener = () => {
3047
+ this.#oauthWorkerPort.onmessage = async (data) => {
3048
+ const auth2ListenerMessage = data.data;
3049
+ this.#LogDebugMessage(`STSOAuth2Worker:SetupListener:onmessage: [${auth2ListenerMessage.command}]`);
3050
+ switch (auth2ListenerMessage.command) {
3051
+ case IOauth2ListenerCommand.RESTORE_SESSION:
3052
+ this.#ProcessCommand(auth2ListenerMessage, await this.#RestoreSession());
3053
+ break;
3054
+ case IOauth2ListenerCommand.AUTHORIZE:
3055
+ this.#ProcessCommand(auth2ListenerMessage, await this.#Authorize());
3056
+ break;
3057
+ case IOauth2ListenerCommand.HANDLE_REDIRECT:
3058
+ this.#ProcessCommand(auth2ListenerMessage, await this.#HandleRedirect(auth2ListenerMessage.payload));
3059
+ break;
3060
+ case IOauth2ListenerCommand.LOGOUT:
3061
+ this.#ProcessCommand(auth2ListenerMessage, await this.#Logout());
3062
+ break;
3063
+ //@@ Need a way of keeping this out of the main thread - should always stay within the worker
3064
+ case IOauth2ListenerCommand.ACCESS_TOKEN:
3065
+ this.#ProcessCommand(auth2ListenerMessage, await this.#GetAccessToken());
3066
+ break;
3067
+ case IOauth2ListenerCommand.EXECUTE_REFRESH_TOKEN:
3068
+ this.#ProcessCommand(auth2ListenerMessage, await this.#RefreshToken());
3069
+ break;
3070
+ case IOauth2ListenerCommand.COOKIES:
3071
+ this.#ProcessCommand(auth2ListenerMessage, await this.#GetCookies());
3072
+ break;
3073
+ default:
3074
+ throw new Error(`Command: [${auth2ListenerMessage.command}'] not found.`);
3046
3075
  }
3047
- });
3048
- __privateAdd(this, _UpdateInstrument, (instrumentName, telemetry) => {
3049
- const message = {
3050
- messageId: -1,
3051
- // un-solicited message
3052
- command: IOauth2ListenerCommand.UPDATE_INSTRUMENT
3053
- };
3054
- __privateGet(this, _ProcessCommand).call(this, message, {
3055
- instrumentName,
3056
- telemetry
3057
- });
3058
- });
3059
- __publicField(this, "SetupListener", () => {
3060
- __privateGet(this, _oauthWorkerPort).onmessage = async (data) => {
3061
- const auth2ListenerMessage = data.data;
3062
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, `STSOAuth2Worker:SetupListener:onmessage: [${auth2ListenerMessage.command}]`);
3063
- switch (auth2ListenerMessage.command) {
3064
- case IOauth2ListenerCommand.RESTORE_SESSION:
3065
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _RestoreSession).call(this));
3066
- break;
3067
- case IOauth2ListenerCommand.AUTHORIZE:
3068
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _Authorize).call(this));
3069
- break;
3070
- case IOauth2ListenerCommand.HANDLE_REDIRECT:
3071
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _HandleRedirect).call(this, auth2ListenerMessage.payload));
3072
- break;
3073
- case IOauth2ListenerCommand.LOGOUT:
3074
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _Logout).call(this));
3075
- break;
3076
- //@@ Need a way of keeping this out of the main thread - should always stay within the worker
3077
- case IOauth2ListenerCommand.ACCESS_TOKEN:
3078
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _GetAccessToken).call(this));
3079
- break;
3080
- case IOauth2ListenerCommand.EXECUTE_REFRESH_TOKEN:
3081
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _RefreshToken).call(this));
3082
- break;
3083
- case IOauth2ListenerCommand.COOKIES:
3084
- __privateGet(this, _ProcessCommand).call(this, auth2ListenerMessage, await __privateGet(this, _GetCookies).call(this));
3085
- break;
3086
- default:
3087
- throw new Error(`Command: [${auth2ListenerMessage.command}'] not found.`);
3076
+ };
3077
+ };
3078
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
3079
+ #ProcessCommand = async (auth2ListenerMessage, response) => {
3080
+ const messageResponse = {
3081
+ messageId: auth2ListenerMessage.messageId,
3082
+ command: auth2ListenerMessage.command,
3083
+ payload: response
3084
+ };
3085
+ this.#oauthWorkerPort.postMessage(messageResponse);
3086
+ };
3087
+ #RestoreSession = async () => {
3088
+ let restoredSessionData = null;
3089
+ const sessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
3090
+ if (sessionData) {
3091
+ restoredSessionData = sessionData.tokenResponse;
3092
+ this.#LogInfoMessage("Session restored from client storage.");
3093
+ this.#LogMessage("Session restored from client storage.");
3094
+ } else {
3095
+ const url = `${this.#options.brokerendpoint}:${this.#options.brokerport}${this.#options.brokerapiroot}/session`;
3096
+ this.#LogInfoMessage("RestoreSession");
3097
+ this.#LogInfoMessage(url);
3098
+ this.#LogMessage("RestoreSession.");
3099
+ this.#LogMessage(url);
3100
+ try {
3101
+ const rConfig = new STSAxiosConfig(url, "post").withData({
3102
+ [OAuth2ParameterType.CLIENT_ID]: this.#options.client_id,
3103
+ [OAuth2ParameterType.SCOPE]: this.#options.scope,
3104
+ [OAuth2ParameterType.REDIRECT_URI]: this.#options.redirect_uri,
3105
+ [OAuth2ParameterType.AUDIENCE]: this.#options.audience
3106
+ }).withDefaultHeaders().withCredentials().withTimeout(this.#options.timeout);
3107
+ this.#LogDebugMessage(chalk.magenta(`#RestoreSession:session request detail: [${JSON.stringify(rConfig)}]`));
3108
+ if (isNode && this.#agentManager) {
3109
+ rConfig.withAgentManager(this.#agentManager);
3088
3110
  }
3089
- };
3090
- });
3091
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3092
- __privateAdd(this, _ProcessCommand, async (auth2ListenerMessage, response) => {
3093
- const messageResponse = {
3094
- messageId: auth2ListenerMessage.messageId,
3095
- command: auth2ListenerMessage.command,
3096
- payload: response
3097
- };
3098
- __privateGet(this, _oauthWorkerPort).postMessage(messageResponse);
3099
- });
3100
- __privateAdd(this, _RestoreSession, async () => {
3101
- let restoredSessionData = null;
3102
- const sessionData = __privateGet(this, _clientSessionStore).get(__privateGet(this, _STORAGE_SESSION_KEY));
3103
- if (sessionData) {
3104
- restoredSessionData = sessionData.tokenResponse;
3105
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "Session restored from client storage.");
3106
- __privateGet(this, _LogMessage).call(this, "Session restored from client storage.");
3107
- } else {
3108
- const url = `${__privateGet(this, _options2).brokerendpoint}:${__privateGet(this, _options2).brokerport}${__privateGet(this, _options2).brokerapiroot}/session`;
3109
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "RestoreSession");
3110
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, url);
3111
- __privateGet(this, _LogMessage).call(this, "RestoreSession.");
3112
- __privateGet(this, _LogMessage).call(this, url);
3113
- try {
3114
- const rConfig = new STSAxiosConfig(url, "post").withData({
3115
- [OAuth2ParameterType.CLIENT_ID]: __privateGet(this, _options2).client_id,
3116
- [OAuth2ParameterType.SCOPE]: __privateGet(this, _options2).scope,
3117
- [OAuth2ParameterType.REDIRECT_URI]: __privateGet(this, _options2).redirect_uri,
3118
- [OAuth2ParameterType.AUDIENCE]: __privateGet(this, _options2).audience
3119
- }).withDefaultHeaders().withCredentials().withTimeout(__privateGet(this, _options2).timeout);
3120
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#RestoreSession:session request detail: [${JSON.stringify(rConfig)}]`));
3121
- if (isNode && __privateGet(this, _agentManager)) {
3122
- rConfig.withAgentManager(__privateGet(this, _agentManager));
3123
- }
3124
- const retVal = await axios(rConfig.config);
3125
- if (retVal.data.status === StatusCodes.OK) {
3126
- restoredSessionData = retVal.data.detail;
3127
- if (restoredSessionData) {
3128
- const newSessionData = {
3129
- tokenResponse: restoredSessionData
3130
- };
3131
- if (isNode) {
3132
- newSessionData.brokerCookie = retVal.headers["set-cookie"];
3133
- }
3134
- __privateGet(this, _clientSessionStore).set(__privateGet(this, _STORAGE_SESSION_KEY), newSessionData);
3135
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "Session restored from server side cookie.");
3136
- } else {
3137
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, `Could not restore previous session. No restoredSessionData available.`);
3138
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, JSON.stringify(retVal.data));
3111
+ const retVal = await axios(rConfig.config);
3112
+ if (retVal.data.status === StatusCodes.OK) {
3113
+ restoredSessionData = retVal.data.detail;
3114
+ if (restoredSessionData) {
3115
+ const newSessionData = {
3116
+ tokenResponse: restoredSessionData
3117
+ };
3118
+ if (isNode) {
3119
+ newSessionData.brokerCookie = retVal.headers["set-cookie"];
3139
3120
  }
3121
+ this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, newSessionData);
3122
+ this.#LogInfoMessage("Session restored from server side cookie.");
3140
3123
  } else {
3141
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, "Could not restore previous session:-");
3142
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, JSON.stringify(retVal.data));
3124
+ this.#LogErrorMessage(`Could not restore previous session. No restoredSessionData available.`);
3125
+ this.#LogErrorMessage(JSON.stringify(retVal.data));
3143
3126
  }
3144
- } catch (error) {
3145
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, "Could not restore previous session (error state):-");
3146
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, error);
3147
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, JSON.stringify(error));
3127
+ } else {
3128
+ this.#LogErrorMessage("Could not restore previous session:-");
3129
+ this.#LogErrorMessage(JSON.stringify(retVal.data));
3148
3130
  }
3131
+ } catch (error) {
3132
+ this.#LogErrorMessage("Could not restore previous session (error state):-");
3133
+ this.#LogErrorMessage(error);
3134
+ this.#LogErrorMessage(JSON.stringify(error));
3149
3135
  }
3150
- if (restoredSessionData !== null) {
3151
- __privateGet(this, _HandleAuthenticateEvent2).call(this, restoredSessionData.id_token);
3152
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "Refreshing tokens ...");
3153
- return await __privateGet(this, _RefreshToken).call(this);
3136
+ }
3137
+ if (restoredSessionData !== null) {
3138
+ this.#HandleAuthenticateEvent(restoredSessionData.id_token);
3139
+ this.#LogInfoMessage("Refreshing tokens ...");
3140
+ return await this.#RefreshToken();
3141
+ } else {
3142
+ this.#HandleAuthenticateEvent(null);
3143
+ return false;
3144
+ }
3145
+ };
3146
+ #Authorize = async () => {
3147
+ this.#LogInfoMessage("Authorize ...");
3148
+ const client_id = this.#options.client_id;
3149
+ const nonce = this.#cUtils.CreateRandomString();
3150
+ const response_type = [AuthorizeOptionsResponseType.CODE];
3151
+ const redirect_uri = this.#options.redirect_uri;
3152
+ const response_mode = AuthorizeOptionsResponseMode.QUERY;
3153
+ const scope = this.#options.scope;
3154
+ const state = this.#cUtils.CreateRandomString();
3155
+ const code_verifier = this.#cUtils.CreateRandomString();
3156
+ const code_challenge = await this.#cUtils.DigestMessage(code_verifier);
3157
+ const code_challenge_method = "S256";
3158
+ const authorizeOptions = {
3159
+ client_id,
3160
+ nonce,
3161
+ response_type,
3162
+ redirect_uri,
3163
+ response_mode,
3164
+ scope,
3165
+ state,
3166
+ code_challenge,
3167
+ code_challenge_method
3168
+ };
3169
+ const authorizeOptionsClientCopy = { ...authorizeOptions };
3170
+ const url = `${this.#options.authorizeendpoint}:${this.#options.authorizeport}${this.#options.authorizeapiroot}${this.#options.authorizeapi}?${this.#qParams.CreateQueryParams(authorizeOptions)}`;
3171
+ this.#LogInfoMessage(url);
3172
+ authorizeOptions.code_verifier = code_verifier;
3173
+ this.#LogInfoMessage(`Authorize:authorizeOptions: [${JSON.stringify(authorizeOptions)}]`);
3174
+ return {
3175
+ url,
3176
+ authorizeOptions,
3177
+ authorizeOptionsClientCopy
3178
+ };
3179
+ };
3180
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
3181
+ #HandleRedirect = async (payload) => {
3182
+ const queryVars = payload.queryVars;
3183
+ const authorizeOptions = payload.authorizeOptions;
3184
+ this.#LogDebugMessage(chalk.magenta(`#HandleRedirect: HandleRedirect`));
3185
+ this.#LogDebugMessage(chalk.magenta(`#HandleRedirect: HandleRedirect:Query Vars: [${JSON.stringify(queryVars)}]`));
3186
+ if (queryVars[OAuth2ParameterType.CODE]) {
3187
+ const response = queryVars;
3188
+ this.#LogInfoMessage(`authorizeOptions from transaction state: [${JSON.stringify(authorizeOptions)}]`);
3189
+ const redirectState = response.state;
3190
+ const authorizeOptionsState = authorizeOptions.state;
3191
+ if (authorizeOptionsState.localeCompare(redirectState) === 0) {
3192
+ this.#LogInfoMessage(chalk.green("redirected state (from queryVars) matched previously saved transaction authorizeOptions state"));
3193
+ return await this.#GetToken(authorizeOptions, response);
3154
3194
  } else {
3155
- __privateGet(this, _HandleAuthenticateEvent2).call(this, null);
3195
+ this.#LogErrorMessage(chalk.red("redirected state (from queryVars) did NOT match previously saved transaction authorizeOptions state"));
3196
+ this.#LogErrorMessage(chalk.red(`authorizeOptionsState: [${authorizeOptionsState}]`));
3197
+ this.#LogErrorMessage(chalk.red(`redirectState: [${redirectState}]`));
3198
+ this.#HandleErrorEvent({ message: "State un-matched" });
3156
3199
  return false;
3157
3200
  }
3158
- });
3159
- __privateAdd(this, _Authorize, async () => {
3160
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "Authorize ...");
3161
- const client_id = __privateGet(this, _options2).client_id;
3162
- const nonce = __privateGet(this, _cUtils).CreateRandomString();
3163
- const response_type = [AuthorizeOptionsResponseType.CODE];
3164
- const redirect_uri = __privateGet(this, _options2).redirect_uri;
3165
- const response_mode = AuthorizeOptionsResponseMode.QUERY;
3166
- const scope = __privateGet(this, _options2).scope;
3167
- const state = __privateGet(this, _cUtils).CreateRandomString();
3168
- const code_verifier = __privateGet(this, _cUtils).CreateRandomString();
3169
- const code_challenge = await __privateGet(this, _cUtils).DigestMessage(code_verifier);
3170
- const code_challenge_method = "S256";
3171
- const authorizeOptions = {
3172
- client_id,
3173
- nonce,
3174
- response_type,
3175
- redirect_uri,
3176
- response_mode,
3177
- scope,
3178
- state,
3179
- code_challenge,
3180
- code_challenge_method
3181
- };
3182
- const authorizeOptionsClientCopy = { ...authorizeOptions };
3183
- const url = `${__privateGet(this, _options2).authorizeendpoint}:${__privateGet(this, _options2).authorizeport}${__privateGet(this, _options2).authorizeapiroot}${__privateGet(this, _options2).authorizeapi}?${__privateGet(this, _qParams).CreateQueryParams(authorizeOptions)}`;
3184
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, url);
3185
- authorizeOptions.code_verifier = code_verifier;
3186
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, `Authorize:authorizeOptions: [${JSON.stringify(authorizeOptions)}]`);
3187
- return {
3188
- url,
3189
- authorizeOptions,
3190
- authorizeOptionsClientCopy
3191
- };
3192
- });
3193
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3194
- __privateAdd(this, _HandleRedirect, async (payload) => {
3195
- const queryVars = payload.queryVars;
3196
- const authorizeOptions = payload.authorizeOptions;
3197
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#HandleRedirect: HandleRedirect`));
3198
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#HandleRedirect: HandleRedirect:Query Vars: [${JSON.stringify(queryVars)}]`));
3199
- if (queryVars[OAuth2ParameterType.CODE]) {
3200
- const response = queryVars;
3201
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, `authorizeOptions from transaction state: [${JSON.stringify(authorizeOptions)}]`);
3202
- const redirectState = response.state;
3203
- const authorizeOptionsState = authorizeOptions.state;
3204
- if (authorizeOptionsState.localeCompare(redirectState) === 0) {
3205
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, chalk.green("redirected state (from queryVars) matched previously saved transaction authorizeOptions state"));
3206
- return await __privateGet(this, _GetToken).call(this, authorizeOptions, response);
3207
- } else {
3208
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red("redirected state (from queryVars) did NOT match previously saved transaction authorizeOptions state"));
3209
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(`authorizeOptionsState: [${authorizeOptionsState}]`));
3210
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(`redirectState: [${redirectState}]`));
3211
- __privateGet(this, _HandleErrorEvent2).call(this, { message: "State un-matched" });
3212
- return false;
3201
+ } else if (queryVars[OAuth2ParameterType.ERROR]) {
3202
+ this.#LogErrorMessage(chalk.red(`State un-matched (1)`));
3203
+ this.#HandleErrorEvent({ message: "State un-matched" });
3204
+ return false;
3205
+ } else {
3206
+ this.#LogErrorMessage(chalk.red(`State un-matched (2)`));
3207
+ this.#HandleErrorEvent({ message: "State un-matched" });
3208
+ return false;
3209
+ }
3210
+ };
3211
+ /*
3212
+ client_id=6731de76-14a6-49ae-97bc-6eba6914391e
3213
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
3214
+ &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
3215
+ &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
3216
+ &grant_type=authorization_code
3217
+ &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong
3218
+ &client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
3219
+
3220
+ Successful Response
3221
+ {
3222
+ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
3223
+ "token_type": "Bearer",
3224
+ "expires_in": 3599,
3225
+ "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
3226
+ "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
3227
+ "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
3228
+ }
3229
+ */
3230
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
3231
+ #GetTokenFromBroker = async (authorizationCodeFlowParameters) => {
3232
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker`));
3233
+ this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
3234
+ const url = `${this.#options.brokerendpoint}:${this.#options.brokerport}${this.#options.brokerapiroot}/token`;
3235
+ try {
3236
+ const rConfig = new STSAxiosConfig(url, "post").withDefaultHeaders().withData(authorizationCodeFlowParameters).withCredentials().withTimeout(this.#options.timeout);
3237
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker: request config: [${JSON.stringify(rConfig)}]`));
3238
+ if (isNode && this.#agentManager) {
3239
+ rConfig.withAgentManager(this.#agentManager);
3240
+ }
3241
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker: axios API call`));
3242
+ const retVal = await axios(rConfig.config);
3243
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker: axios API call result: [${retVal.status}]`));
3244
+ if (retVal.status === StatusCodes.OK) {
3245
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker: storing tokens`));
3246
+ const tokenResponse = retVal.data;
3247
+ this.#HandleAuthenticateEvent(tokenResponse.id_token);
3248
+ const newSessionData = {
3249
+ tokenResponse
3250
+ };
3251
+ if (isNode) {
3252
+ newSessionData.brokerCookie = retVal.headers["set-cookie"];
3213
3253
  }
3214
- } else if (queryVars[OAuth2ParameterType.ERROR]) {
3215
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(`State un-matched (1)`));
3216
- __privateGet(this, _HandleErrorEvent2).call(this, { message: "State un-matched" });
3254
+ this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, newSessionData);
3255
+ return true;
3256
+ } else if (retVal.status === StatusCodes.UNAUTHORIZED) {
3257
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker: NOT storing tokens, status: [${retVal.status}]`));
3258
+ this.#HandleAuthenticateEvent(null);
3217
3259
  return false;
3218
3260
  } else {
3219
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(`State un-matched (2)`));
3220
- __privateGet(this, _HandleErrorEvent2).call(this, { message: "State un-matched" });
3261
+ this.#LogDebugMessage(chalk.magenta(`#GetTokenFromBroker: NOT storing tokens (general error 1), status: [${retVal.status}]`));
3262
+ this.#HandleAuthenticateEvent(null);
3263
+ this.#LogErrorMessage(chalk.red("Could not obtain access_token from token end-point:-"));
3264
+ this.#LogErrorMessage(chalk.red(JSON.stringify(retVal.data)));
3221
3265
  return false;
3222
3266
  }
3223
- });
3224
- /*
3225
- client_id=6731de76-14a6-49ae-97bc-6eba6914391e
3226
- &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
3227
- &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
3228
- &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
3229
- &grant_type=authorization_code
3230
- &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong
3231
- &client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
3232
-
3233
- Successful Response
3234
- {
3235
- "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
3236
- "token_type": "Bearer",
3237
- "expires_in": 3599,
3238
- "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
3239
- "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
3240
- "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
3241
- }
3242
- */
3243
- // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
3244
- __privateAdd(this, _GetTokenFromBroker, async (authorizationCodeFlowParameters) => {
3245
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker`));
3246
- __privateGet(this, _clientSessionStore).remove(__privateGet(this, _STORAGE_SESSION_KEY));
3247
- const url = `${__privateGet(this, _options2).brokerendpoint}:${__privateGet(this, _options2).brokerport}${__privateGet(this, _options2).brokerapiroot}/token`;
3267
+ } catch (error) {
3268
+ this.#LogErrorMessage(chalk.red(`#GetTokenFromBroker: NOT storing tokens (general error 2), status: [${error}]`));
3269
+ this.#HandleAuthenticateEvent(null);
3270
+ return false;
3271
+ }
3272
+ };
3273
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
3274
+ #GetToken = async (authorizeOptions, authorizeResponse) => {
3275
+ this.#LogInfoMessage("#GetToken");
3276
+ this.#LogInfoMessage(authorizeResponse);
3277
+ this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
3278
+ const authorizationCodeFlowParameters = {
3279
+ client_id: this.#options.client_id,
3280
+ scope: this.#options.scope,
3281
+ code: authorizeResponse.code,
3282
+ redirect_uri: this.#options.redirect_uri,
3283
+ grant_type: OAuthGrantTypes.AUTHORIZATION_CODE,
3284
+ code_verifier: authorizeOptions.code_verifier
3285
+ };
3286
+ return await this.#GetTokenFromBroker(authorizationCodeFlowParameters);
3287
+ };
3288
+ /*
3289
+ // Line breaks for legibility only
3290
+
3291
+ POST /{tenant}/oauth2/v2.0/token HTTP/1.1
3292
+ Host: https://login.microsoftonline.com
3293
+ Content-Type: application/x-www-form-urlencoded
3294
+
3295
+ client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
3296
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
3297
+ &refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
3298
+ &grant_type=refresh_token
3299
+ &client_secret=sampleCredentia1s // NOTE: Only required for web apps. This secret needs to be URL-Encoded
3300
+
3301
+ Error Response
3302
+ {
3303
+ "error": "invalid_scope",
3304
+ "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
3305
+ "error_codes": [
3306
+ 70011
3307
+ ],
3308
+ "timestamp": "2016-01-09 02:02:12Z",
3309
+ "trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
3310
+ "correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
3311
+ }
3312
+ */
3313
+ #RefreshToken = async () => {
3314
+ this.#LogDebugMessage(chalk.cyan(`STSOAuth2Worker:#RefreshToken:start`));
3315
+ const sessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
3316
+ if (sessionData) {
3317
+ this.#LogDebugMessage(chalk.cyan(`STSOAuth2Worker:#RefreshToken:sessionData: [${JSON.stringify(sessionData)}]`));
3318
+ const currentSessionData = sessionData.tokenResponse;
3319
+ const refreshFlowParameters = {
3320
+ client_id: this.#options.client_id,
3321
+ scope: this.#options.scope,
3322
+ refresh_token: currentSessionData.refresh_token,
3323
+ grant_type: OAuthGrantTypes.REFRESH_TOKEN
3324
+ };
3325
+ return await this.#GetTokenFromBroker(refreshFlowParameters);
3326
+ } else {
3327
+ this.#LogErrorMessage(chalk.red(`STSOAuth2Worker:#RefreshToken:sessionData not found within clientSessionStore`));
3328
+ return false;
3329
+ }
3330
+ };
3331
+ // call broker to logout
3332
+ // broker to logout of server
3333
+ // delete cookie
3334
+ // clear session storage
3335
+ // clear all state from $store
3336
+ #Logout = async () => {
3337
+ this.#LogInfoMessage("Logout");
3338
+ const url = `${this.#options.brokerendpoint}:${this.#options.brokerport}${this.#options.brokerapiroot}/logout`;
3339
+ this.#LogInfoMessage(url);
3340
+ const sessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
3341
+ if (sessionData) {
3342
+ const currentSessionData = sessionData.tokenResponse;
3343
+ const refresh_token = currentSessionData.refresh_token;
3344
+ this.#LogInfoMessage(refresh_token);
3345
+ const decodedRefreshToken = jwtDecode(refresh_token);
3346
+ this.#LogInfoMessage(decodedRefreshToken);
3347
+ const sessionId = decodedRefreshToken.sts_session;
3348
+ this.#LogInfoMessage(sessionId);
3349
+ this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
3350
+ this.#HandleAuthenticateEvent(null);
3248
3351
  try {
3249
- const rConfig = new STSAxiosConfig(url, "post").withDefaultHeaders().withData(authorizationCodeFlowParameters).withCredentials().withTimeout(__privateGet(this, _options2).timeout);
3250
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker: request config: [${JSON.stringify(rConfig)}]`));
3251
- if (isNode && __privateGet(this, _agentManager)) {
3252
- rConfig.withAgentManager(__privateGet(this, _agentManager));
3352
+ const rConfig = new STSAxiosConfig(url, "post").withData({
3353
+ sessionId
3354
+ }).withDefaultHeaders().withCredentials().withTimeout(this.#options.timeout);
3355
+ if (isNode && this.#agentManager) {
3356
+ rConfig.withAgentManager(this.#agentManager);
3253
3357
  }
3254
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker: axios API call`));
3358
+ this.#LogDebugMessage(chalk.magenta(`#Logout: request config: [${rConfig}]`));
3255
3359
  const retVal = await axios(rConfig.config);
3256
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker: axios API call result: [${retVal.status}]`));
3257
- if (retVal.status === StatusCodes.OK) {
3258
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker: storing tokens`));
3259
- const tokenResponse = retVal.data;
3260
- __privateGet(this, _HandleAuthenticateEvent2).call(this, tokenResponse.id_token);
3261
- const newSessionData = {
3262
- tokenResponse
3263
- };
3264
- if (isNode) {
3265
- newSessionData.brokerCookie = retVal.headers["set-cookie"];
3266
- }
3267
- __privateGet(this, _clientSessionStore).set(__privateGet(this, _STORAGE_SESSION_KEY), newSessionData);
3360
+ if (retVal.data.status === StatusCodes.OK) {
3268
3361
  return true;
3269
- } else if (retVal.status === StatusCodes.UNAUTHORIZED) {
3270
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker: NOT storing tokens, status: [${retVal.status}]`));
3271
- __privateGet(this, _HandleAuthenticateEvent2).call(this, null);
3272
- return false;
3273
3362
  } else {
3274
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#GetTokenFromBroker: NOT storing tokens (general error 1), status: [${retVal.status}]`));
3275
- __privateGet(this, _HandleAuthenticateEvent2).call(this, null);
3276
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red("Could not obtain access_token from token end-point:-"));
3277
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(JSON.stringify(retVal.data)));
3363
+ this.#LogErrorMessage(chalk.red("Error during logout (1: server side)"));
3364
+ this.#LogErrorMessage(chalk.red(JSON.stringify(retVal.data)));
3278
3365
  return false;
3279
3366
  }
3280
3367
  } catch (error) {
3281
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(`#GetTokenFromBroker: NOT storing tokens (general error 2), status: [${error}]`));
3282
- __privateGet(this, _HandleAuthenticateEvent2).call(this, null);
3368
+ this.#LogErrorMessage(chalk.red("Error during logout (2: server side)"));
3369
+ this.#LogErrorMessage(chalk.red(error));
3370
+ this.#LogErrorMessage(chalk.red(JSON.stringify(error)));
3283
3371
  return false;
3284
3372
  }
3285
- });
3286
- // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
3287
- __privateAdd(this, _GetToken, async (authorizeOptions, authorizeResponse) => {
3288
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "#GetToken");
3289
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, authorizeResponse);
3290
- __privateGet(this, _clientSessionStore).remove(__privateGet(this, _STORAGE_SESSION_KEY));
3291
- const authorizationCodeFlowParameters = {
3292
- client_id: __privateGet(this, _options2).client_id,
3293
- scope: __privateGet(this, _options2).scope,
3294
- code: authorizeResponse.code,
3295
- redirect_uri: __privateGet(this, _options2).redirect_uri,
3296
- grant_type: OAuthGrantTypes.AUTHORIZATION_CODE,
3297
- code_verifier: authorizeOptions.code_verifier
3298
- };
3299
- return await __privateGet(this, _GetTokenFromBroker).call(this, authorizationCodeFlowParameters);
3300
- });
3301
- /*
3302
- // Line breaks for legibility only
3303
-
3304
- POST /{tenant}/oauth2/v2.0/token HTTP/1.1
3305
- Host: https://login.microsoftonline.com
3306
- Content-Type: application/x-www-form-urlencoded
3307
-
3308
- client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
3309
- &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
3310
- &refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
3311
- &grant_type=refresh_token
3312
- &client_secret=sampleCredentia1s // NOTE: Only required for web apps. This secret needs to be URL-Encoded
3313
-
3314
- Error Response
3315
- {
3316
- "error": "invalid_scope",
3317
- "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
3318
- "error_codes": [
3319
- 70011
3320
- ],
3321
- "timestamp": "2016-01-09 02:02:12Z",
3322
- "trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
3323
- "correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
3324
- }
3325
- */
3326
- __privateAdd(this, _RefreshToken, async () => {
3327
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.cyan(`STSOAuth2Worker:#RefreshToken:start`));
3328
- const sessionData = __privateGet(this, _clientSessionStore).get(__privateGet(this, _STORAGE_SESSION_KEY));
3329
- if (sessionData) {
3330
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.cyan(`STSOAuth2Worker:#RefreshToken:sessionData: [${JSON.stringify(sessionData)}]`));
3331
- const currentSessionData = sessionData.tokenResponse;
3332
- const refreshFlowParameters = {
3333
- client_id: __privateGet(this, _options2).client_id,
3334
- scope: __privateGet(this, _options2).scope,
3335
- refresh_token: currentSessionData.refresh_token,
3336
- grant_type: OAuthGrantTypes.REFRESH_TOKEN
3337
- };
3338
- return await __privateGet(this, _GetTokenFromBroker).call(this, refreshFlowParameters);
3339
- } else {
3340
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(`STSOAuth2Worker:#RefreshToken:sessionData not found within clientSessionStore`));
3341
- return false;
3342
- }
3343
- });
3344
- // call broker to logout
3345
- // broker to logout of server
3346
- // delete cookie
3347
- // clear session storage
3348
- // clear all state from $store
3349
- __privateAdd(this, _Logout, async () => {
3350
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "Logout");
3351
- const url = `${__privateGet(this, _options2).brokerendpoint}:${__privateGet(this, _options2).brokerport}${__privateGet(this, _options2).brokerapiroot}/logout`;
3352
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, url);
3353
- const sessionData = __privateGet(this, _clientSessionStore).get(__privateGet(this, _STORAGE_SESSION_KEY));
3354
- if (sessionData) {
3355
- const currentSessionData = sessionData.tokenResponse;
3356
- const refresh_token = currentSessionData.refresh_token;
3357
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, refresh_token);
3358
- const decodedRefreshToken = jwtDecode(refresh_token);
3359
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, decodedRefreshToken);
3360
- const sessionId = decodedRefreshToken.sts_session;
3361
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, sessionId);
3362
- __privateGet(this, _clientSessionStore).remove(__privateGet(this, _STORAGE_SESSION_KEY));
3363
- __privateGet(this, _HandleAuthenticateEvent2).call(this, null);
3364
- try {
3365
- const rConfig = new STSAxiosConfig(url, "post").withData({
3366
- sessionId
3367
- }).withDefaultHeaders().withCredentials().withTimeout(__privateGet(this, _options2).timeout);
3368
- if (isNode && __privateGet(this, _agentManager)) {
3369
- rConfig.withAgentManager(__privateGet(this, _agentManager));
3370
- }
3371
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, chalk.magenta(`#Logout: request config: [${rConfig}]`));
3372
- const retVal = await axios(rConfig.config);
3373
- if (retVal.data.status === StatusCodes.OK) {
3374
- return true;
3375
- } else {
3376
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red("Error during logout (1: server side)"));
3377
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(JSON.stringify(retVal.data)));
3378
- return false;
3379
- }
3380
- } catch (error) {
3381
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red("Error during logout (2: server side)"));
3382
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(error));
3383
- __privateMethod(this, _STSOAuth2Worker_instances, LogErrorMessage_fn2).call(this, chalk.red(JSON.stringify(error)));
3384
- return false;
3385
- }
3386
- } else {
3387
- __privateMethod(this, _STSOAuth2Worker_instances, LogInfoMessage_fn2).call(this, "Error during logout. Could not restore session from session storage.");
3388
- return false;
3389
- }
3390
- });
3391
- __privateSet(this, _options2, options);
3392
- __privateSet(this, _logger, logger);
3393
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, `STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options2))}]`);
3394
- __privateSet(this, _clientSessionStore, new ClientStorageFactory({ clientStorageType: ClientStorageType.MEMORY_STORAGE, usePrefix: false }).GetStorage());
3395
- __privateSet(this, _oauthWorkerPort, workerPort);
3396
- __privateMethod(this, _STSOAuth2Worker_instances, LogDebugMessage_fn2).call(this, `STSOAuth2Worker:constructor:#oauthWorkerPort: [${JSON.stringify(__privateGet(this, _oauthWorkerPort))}]`);
3397
- if (isNode && __privateGet(this, _options2).agentOptions) {
3398
- __privateSet(this, _agentManager, new AgentManager({
3399
- agentOptions: __privateGet(this, _options2).agentOptions,
3400
- httpAgentFactory(options2) {
3401
- return new http.Agent(options2);
3402
- },
3403
- httpsAgentFactory(options2) {
3404
- return new https.Agent(options2);
3405
- }
3406
- }));
3373
+ } else {
3374
+ this.#LogInfoMessage("Error during logout. Could not restore session from session storage.");
3375
+ return false;
3407
3376
  }
3408
- this.SetupListener();
3409
- __privateGet(this, _UpdateInstrument).call(this, Gauge.LOGGER, {
3410
- LogMessage: `STSOauth2 Plugin - Successfully Loaded`
3411
- });
3412
- }
3377
+ };
3413
3378
  }
3414
- _clientSessionStore = new WeakMap();
3415
- _cUtils = new WeakMap();
3416
- _qParams = new WeakMap();
3417
- _STORAGE_SESSION_KEY = new WeakMap();
3418
- _oauthWorkerPort = new WeakMap();
3419
- _options2 = new WeakMap();
3420
- _logger = new WeakMap();
3421
- _agentManager = new WeakMap();
3422
- _STSOAuth2Worker_instances = new WeakSet();
3423
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3424
- LogDebugMessage_fn2 = function(message) {
3425
- __privateGet(this, _logger).debug(message);
3426
- };
3427
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3428
- LogInfoMessage_fn2 = function(message) {
3429
- __privateGet(this, _logger).info(message);
3430
- };
3431
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
3432
- LogErrorMessage_fn2 = function(message) {
3433
- __privateGet(this, _logger).error(message);
3434
- };
3435
- _HandleAuthenticateEvent2 = new WeakMap();
3436
- _HandleErrorEvent2 = new WeakMap();
3437
- _LogMessage = new WeakMap();
3438
- _GetAccessToken = new WeakMap();
3439
- _GetCookies = new WeakMap();
3440
- _UpdateInstrument = new WeakMap();
3441
- _ProcessCommand = new WeakMap();
3442
- _RestoreSession = new WeakMap();
3443
- _Authorize = new WeakMap();
3444
- _HandleRedirect = new WeakMap();
3445
- _GetTokenFromBroker = new WeakMap();
3446
- _GetToken = new WeakMap();
3447
- _RefreshToken = new WeakMap();
3448
- _Logout = new WeakMap();
3449
3379
  const TestStore = defineStore("__sts__TestStore", {
3450
3380
  state: () => {
3451
3381
  return {