@or-sdk/authorizer 0.25.0-beta.990.0 → 0.25.0

package/src/OAuth/OAuth.ts

@@ -1,11 +1,7 @@
 import { KeyValueStorage } from '@or-sdk/key-value-storage';
 import { Providers } from '@or-sdk/providers';
-import { EVENT_MANAGER_SERVICE_KEY } from '@or-sdk/event-manager';
-import { Discovery } from '@or-sdk/discovery';
 import { timeout } from '@or-sdk/base';
 
-import { v4 as uuidv4 } from 'uuid';
-
 import {
   OAuthConfig,
   OAuthData,
@@ -13,27 +9,29 @@ import {
   CreateOAuthConfig,
   CreateOAuthResult,
   ServiceDefinitionConfig,
+  OAuthDynamicCollection,
+  OAuthInitData,
+  StepContext,
 } from './types';
 
 import {
   SERVICE_PROVIDER_PATH,
   OAUTH_REDIRECT_PROVIDER_PATH,
-  PREDEFINED_APP,
-  TEMPORARY_DATA_EXPIRATION_TIME,
   AuthStatus,
 } from '../constants';
 
-import { formatScope } from './utils/formatScope';
 import { isExpired } from './utils/isExpired';
 import { ServiceDefinition } from './utils/ServiceDefinition';
-import { createAuthKey } from './utils/createAuthKey';
+import OAuthCreator from './utils/createOAuthHelper';
 
 export class OAuth {
   private status = AuthStatus.READY;
 
-  private readonly authKey: string;
-  private readonly serviceName: string;
-  private readonly keyValueCollection: string;
+  private authKey: string;
+  private serviceName: string;
+  private keyValueCollection: string;
+  private dynamicCollection: string | undefined;
+  private authName: string | undefined;
   private readonly keyValueStorage: KeyValueStorage;
   private readonly providers: Providers;
 
@@ -41,15 +39,17 @@ export class OAuth {
     const {
       accountId,
       authKey,
+      authName,
       discoveryUrl,
       eventManagerUrl,
       keyValueCollection,
       providersAccountId,
+      dynamicCollection,
       serviceName,
       token,
     } = params;
 
-    if (!(authKey && serviceName && authKey)) {
+    if (!(authKey && serviceName)) {
       throw new Error('Invalit OAuth params passed.');
     }
 
@@ -57,8 +57,14 @@ export class OAuth {
       throw new Error('OAuth require Discovery URL or both Event Manager URL and Providers Account ID');
     }
 
+    if (dynamicCollection && !authName) {
+      throw new Error('Dynamic authorization require Authorization name.');
+    }
+
     this.authKey = authKey;
+    this.authName = authName;
     this.serviceName = serviceName;
+    this.dynamicCollection = dynamicCollection;
     this.keyValueCollection = keyValueCollection || serviceName;
 
     this.keyValueStorage = new KeyValueStorage({
@@ -75,6 +81,40 @@ export class OAuth {
     });
   }
 
+  /**
+   * Changes the target authorization of instance
+   */
+  public async init(params: OAuthInitData) {
+    this.serviceName = params.serviceName || this.serviceName;
+    this.authKey = params.authKey || this.authKey;
+    this.authName = params.authName || this.authName;
+    this.keyValueCollection = params.keyValueCollection || this.keyValueCollection;
+    this.dynamicCollection = params.dynamicCollection || this.dynamicCollection;
+
+    if (this.dynamicCollection && ! this.authName) {
+      throw new Error('Dynamic collection requires an authName to initialize');
+    }
+
+    if (params.authName && this.dynamicCollection) {
+      const collection = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        this.dynamicCollection
+      ).then(res => res.value) as OAuthDynamicCollection;
+
+      if (!collection) {
+        throw new Error('Dynamic collection is invalid');
+      }
+
+      this.authKey = collection.authorizations[this.authName as string];
+    }
+
+    this.status = await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      this.authKey
+    ).then(res => res.value ? AuthStatus.READY : AuthStatus.PENDING)
+      .catch(e => { throw new Error('Could not request authorization: ' + e.message); });
+  }
+
   /**
    * Creates a new auth record in specified collection with the given config.
    * @returns Object with OAuth instance connected to created auth and authorizerUrl
@@ -86,12 +126,28 @@ export class OAuth {
    *    instance      // new instance
    *  } = await OAuth.create({
    *   token: 'my-account-token-string',
-   *   discoveryUrl: 'discovery.example.onereach.ai',
+   *   discoveryUrl: 'https://discovery.qa.api.onereach.ai/',
    *   serviceName: '__authorization_service_test_service',
    *   authName: 'my-auth-name',
    *   appId: 'my-app-id',
-   *   keyValueCollection: 'custom_collection_name' // Pass this if you using custom name for key-value collection
-   *                                                // that differs from serviceName
+   *
+   *   // Optional params
+   *   sdkUrl: 'https://sdkapi.qa.api.onereach.ai'     // SDK API url. If passed, won't be fetched from discovery.
+   *   eventManagerUrl: 'https://em.qa.api.onereach.ai'// Event Manager url. If passed, won't be fetched from discovery.
+   *   providersAccountId: 'providers-account-id'      // ID of provider account.
+   *                                                   //   If passed, won't be fetched from discovery.
+   *   keyValueCollection: 'custom_collection_name'    // Pass this if you using custom name for key-value collection
+   *                                                   //   that differs from serviceName.
+   *   destinationAccount: 'CUSTOM' or 'PROVIDER'      // Allows to save authorization data to custom account.
+   *   customAccountId: 'custom-account-uuid-v4'       // Account ID for destinationAccount == "CUSTOM".
+   *   accountId: 'current-account-ID'                 // Account ID of current account (see crossAccount).
+   *   crossAccount: boolean (default: true)           // Treat accountId as custom account ID (SUPER-ADMIN only).
+   *                                                   //   If crossAccount=false, account ID is treated
+   *                                                   //   as current account ID.
+   *   useNextProvider: boolean (default: false)       // Use authorizer-next redirect endpoint.
+   *   userScope: 'user:read'                          // Scopes for Slack service.
+   *   useNonce: true                                  // Allows to use Nonce to avoid repetition attacks.
+   *   authKey: 'old::auth::key'                       // If passed, will reauthorize an existing authorization.
    * });
    *
    * // if you want to use returned instance, you must call a method that returns a promise
@@ -108,179 +164,9 @@ export class OAuth {
     params: CreateOAuthConfig
   ): Promise<CreateOAuthResult> {
 
-    if (!(
-      params.serviceName &&
-      params.authName &&
-      params.token &&
-      params.appId
-    ) || !(
-      params.discoveryUrl ||
-        (
-          params.accountId &&
-          params.providersAccountId &&
-          params.eventManagerUrl
-        )
-    )) {
-      throw new Error('Invalid OAuth config passed');
-    }
-
-    const {
-      appId,
-      authName,
-      discoveryUrl,
-      scope,
-      serviceName,
-      token,
-    } = params;
-
-    let {
-      accountId,
-      eventManagerUrl,
-      providersAccountId,
-    } = params;
-
-
-    // If AccountID, EventManagerURL or Providers Account ID are not available, fetch them from Discovery
-    if (discoveryUrl && !(accountId && eventManagerUrl && providersAccountId)) {
-      const discovery = new Discovery({
-        token,
-        discoveryUrl,
-      });
-
-      if (!accountId) {
-        accountId = await discovery.getCurrentAccountId();
-      }
-
-      if (!eventManagerUrl) {
-        eventManagerUrl = await discovery.getServiceUrl(EVENT_MANAGER_SERVICE_KEY);
-      }
-
-      if (!providersAccountId) {
-        providersAccountId = await discovery.getProvidersAccountId();
-      }
-    }
-
-    const keyValueCollection = params.keyValueCollection || serviceName;
-
-    const keyValueStorage = new KeyValueStorage({
-      token,
-      discoveryUrl,
-      accountId,
-    });
-
-    const providers = new Providers({
-      token,
-      discoveryUrl,
-      eventManagerUrl,
-      providersAccountId,
-    });
-
-    const services = await providers.makeRequest<{
-      [key: string]: ServiceDefinitionConfig;
-    }>({
-      method: 'GET',
-      route: SERVICE_PROVIDER_PATH,
-      params: {
-        type: 'list',
-      },
-    });
-
-
-    const currentServiceData = services[serviceName];
-
-    const apps = await keyValueStorage.getValueByKey(
-      keyValueCollection,
-      '__authorizer_apps'
-    );
-
-    // eslint-disable-next-line
-    const currentApp: OAuthApp = (apps.value as any).find(
-      (app: { label: string; value: OAuthApp; }) => app.value.appId === appId
-    ).value;
-
-    const serviceDefinition = new ServiceDefinition(
-      currentServiceData,
-      currentApp.authLinkParams,
-      currentApp.environment
-    );
-
-    const id = uuidv4();
-    const authKey = createAuthKey(id, authName, keyValueCollection, accountId || null);
-
-    const additionalBodyData = {};
-    const additionalHeaders = {};
-
-    const redirectProviderUrl = `${eventManagerUrl}/http/${providersAccountId}${OAUTH_REDIRECT_PROVIDER_PATH}`;
-
-    // eslint-disable-next-line
-    const authConfigs: any = {
-      ...additionalBodyData,
-      grant_type: 'authorization_code',
-      redirect_uri: redirectProviderUrl,
-      appId,
-    };
-
-    if (scope) {
-      const formattedScope = formatScope(scope, serviceDefinition.scopeType);
-      authConfigs.scope = formattedScope;
-    }
-
-    const configs = {
-      [serviceDefinition.requestDataType]: authConfigs,
-    };
-
-    const tempAuthData = {
-      expiresInDefaultValue: serviceDefinition.expiresInDefaultValue,
-      urlToExchangeToken: serviceDefinition.exchangeTokenUri,
-      refreshUri: serviceDefinition.refreshUri,
-      additionalHeaders,
-      configs,
-      isCustomApp: appId !== PREDEFINED_APP,
-      requestDataType: serviceDefinition.requestDataType,
-      service: keyValueCollection,
-      serviceConfigName: serviceName,
-      name: authName,
-      displayServiceName: serviceDefinition.displayServiceName,
-      accountId: accountId,
-    };
-
-    const authDataExpire = Date.now() + TEMPORARY_DATA_EXPIRATION_TIME;
-    await keyValueStorage.setValueByKey(
-      '__authorizer_temp-uuid',
-      id,
-      tempAuthData,
-      authDataExpire
-    );
-
-    const authUrl = new URL(serviceDefinition.authorizeUri);
-    const additionalParams: { [key: string]: string; } = JSON.parse(
-      serviceDefinition.authRequestAdditionalParams
-    );
-
-    Object.entries(additionalParams.queryParams).forEach(([key, value]) => {
-      authUrl.searchParams.append(key, value);
-    });
-    authUrl.searchParams.append('response_type', 'code');
-    authUrl.searchParams.append('client_id', currentApp.clientId);
-    authUrl.searchParams.append('redirect_uri', redirectProviderUrl);
-    authUrl.searchParams.append('state', authKey);
-
-    if (scope) {
-      const formattedScope = formatScope(scope, serviceDefinition.scopeType);
-      authUrl.searchParams.append('scope', formattedScope);
-    }
+    const { authorizeUrl, oAuthParams } = await (new OAuthCreator(params)).getOAuthParams();
 
-    const authorizeUrl = authUrl.href;
-
-    const newOAuth = new OAuth({
-      accountId,
-      authKey,
-      discoveryUrl,
-      eventManagerUrl,
-      providersAccountId,
-      serviceName,
-      token,
-    });
+    const newOAuth = new OAuth(oAuthParams);
 
     newOAuth.status = AuthStatus.PENDING;
 
@@ -390,13 +276,26 @@ export class OAuth {
    * const authData = await oAuthInstance.getAuthData()
    * ```
    */
-  public async getAuthData(): Promise<OAuthData> {
-    if (this.status !== AuthStatus.READY) {
-      throw new Error('This authorization is not ready');
+  public async getAuthData(stepThis: StepContext): Promise<OAuthData> {
+    if (stepThis) {
+      if (this.authKey === 'inherited') {
+        this.authKey = stepThis.getShared('shared_' + this.keyValueCollection) as string;
+      }
+
+      const ttl = (new Date(stepThis.session.expirationDate).getTime() - Date.now()) + 24 * 60 * 60 * 1000;
+      stepThis.setShared('shared_' + this.keyValueCollection, this.authKey, ttl);
+    }
+
+    if (this.status !== AuthStatus.READY && !await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      this.authKey)) {
+      throw new Error('This authorization is invalid or not ready');
+    } else {
+      this.status = AuthStatus.READY;
     }
 
     const { value } = await this.keyValueStorage.getValueByKey(
-      this.serviceName,
+      this.keyValueCollection,
       encodeURIComponent(this.authKey)
     );
 
@@ -418,7 +317,7 @@ export class OAuth {
     await this.refresh();
 
     const { value: refreshedAuthData } =
-      await this.keyValueStorage.getValueByKey(this.serviceName, encodeURIComponent(this.authKey));
+      await this.keyValueStorage.getValueByKey(this.keyValueCollection, encodeURIComponent(this.authKey));
 
     return refreshedAuthData as OAuthData;
   }
@@ -428,7 +327,7 @@ export class OAuth {
    */
   public async refresh(): Promise<void> {
     const { value } = await this.keyValueStorage.getValueByKey(
-      this.serviceName,
+      this.keyValueCollection,
       encodeURIComponent(this.authKey)
     );
 
@@ -476,7 +375,7 @@ export class OAuth {
     }
 
     const { value } = await this.keyValueStorage.getValueByKey(
-      this.serviceName,
+      this.keyValueCollection,
       encodeURIComponent(this.authKey)
     );
 
@@ -508,10 +407,27 @@ export class OAuth {
    */
   public async delete(): Promise<void> {
     await this.keyValueStorage.deleteKey(
-      this.serviceName,
+      this.keyValueCollection,
       encodeURIComponent(this.authKey)
     );
 
+    if (this.dynamicCollection) {
+      const { value } = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        this.dynamicCollection
+      );
+
+      if (value) {
+        const collection = value as OAuthDynamicCollection;
+        delete collection.authorizations[this.authName as string];
+
+        await this.keyValueStorage.setValueByKey(
+          '__authorizer_dynamic_collections',
+          this.dynamicCollection, collection
+        );
+      }
+    }
+
     this.status = AuthStatus.DELETED;
   }
 }

package/src/OAuth/index.ts

@@ -1,4 +1,3 @@
 export { OAuth } from './OAuth';
-export { OAuthCollection } from './OAuthCollection';
 
 export * from './types';

package/src/OAuth/types.ts

@@ -6,13 +6,16 @@ export type OAuthConfig = {
    * token or function which return token
    */
   token: Token;
+  authKey: string;
   discoveryUrl: string;
   serviceName: string;
-  keyValueCollection?: string;
-  authKey: string;
   accountId?: string;
+  authName?: string;
+  dynamicCollection?: string;
   eventManagerUrl?: string;
+  keyValueCollection?: string;
   providersAccountId?: string;
+  sdkUrl?: string;
 };
 
 export type OAuthData = {
@@ -30,6 +33,14 @@ export type OAuthData = {
   accountId: string;
 };
 
+export type OAuthInitData = {
+  serviceName: string;
+  keyValueCollection: string;
+  authKey?: string;
+  authName?: string;
+  dynamicCollection: string;
+};
+
 export type CreateOAuthConfig = {
   /**
    * Name of OAuth service definition.
@@ -59,25 +70,81 @@ export type CreateOAuthConfig = {
    */
   token: Token;
 
-  /*
+  /**
    * URL of Discovery API
    */
   discoveryUrl: string;
 
-  /*
+  /**
+   * Account where to save the authorization data
+   */
+  destinationAccount: 'CURRENT' | 'PROVIDER' | 'CUSTOM';
+
+  /**
    * URL of Event manager API
    */
   eventManagerUrl?: string;
 
-  /*
+  /**
    * Account ID of current account
    */
   accountId?: string;
 
-  /*
+  /**
    * Account ID of provider account
    */
   providersAccountId?: string;
+
+  /**
+   * Name of the dynamic collection where to store authorization data
+   */
+  dynamicCollection?: string;
+
+  /**
+   * User scopes (Slack only)
+   */
+  userScope?: string;
+
+  /**
+   * Flag whether nonce should be used
+   */
+  useNonce?: boolean;
+
+  /**
+   * Custom account ID (if destinationAccount === "CUSTOM")
+   */
+  customAccountId?: string;
+
+  /**
+   * Url of OneReach SDK api
+   */
+  sdkUrl?: string;
+
+  /**
+   * Flag to choose if token should be used with non-original accountId (SUPER-ADMIN only)
+   */
+  crossAccount?: boolean;
+
+  /**
+   * Flag to choose if alternative provider should be used for handling redirect
+   */
+  useNextProvider?: boolean;
+
+
+  /**
+   * Additional headers for code exchange request
+   */
+  additionalHeaders?: Record<string, unknown>;
+
+  /**
+   * Additional body data for code exchange request
+   */
+  additionalBodyData?: Record<string, unknown>;
+
+  /**
+   * Existing authorization key for reauthorization.
+   */
+  authKey?: string;
 };
 
 export type CreateOAuthInCollectionConfig = Omit<CreateOAuthConfig, 'discoveryUrl' |
@@ -117,44 +184,133 @@ export type CreateOAuthAppConfig = {
 
 export type OAuthCollectionConfig = {
   /**
-   * token or function which return token
+   * Token or function which return token
    */
   token: Token;
+
+  /**
+   * URL of Discovery API
+   */
   discoveryUrl: string;
+
+  /**
+   * Account ID of current account
+   */
   accountId?: string;
+
+  /**
+   * Name of OAuth service definition.
+   * If service definition is not found in global library, it will be taken from local library
+   */
   serviceName?: string;
+
   /**
    * Pass this if your using custom name for key-value collection that differs from serviceName
    */
   keyValueCollection?: string;
+
+  /**
+   * Account ID of provider account
+   */
+  providersAccountId?: string;
+
+  /*
+   * URL of Event manager API
+   */
+  eventManagerUrl?: string;
+
+  /**
+   * Url of OneReach SDK api
+   */
+  sdkUrl?: string;
+
+  /**
+   * Flag to treat accountId as custom, if false, accountId treated as current (default:true)
+   */
+  crossAccount: boolean;
 };
 
 export type OAuthCollectionInitConfig = Pick<OAuthCollectionConfig, 'serviceName' | 'keyValueCollection'>;
 
 export type ServiceDefinitionConfig = {
-  serviceName: string;
-  requestDataType: string;
-  grantType?: string;
   authorizeUri: string;
+  authRequestAdditionalParams: string;
+  codeExchangeRequestAdditionalParams: string;
   exchangeTokenUri: string;
-  useRefresh: boolean;
-  expiresInPropertyName: string;
   expiresInDefaultValue?: number;
+  expiresInPropertyName: string;
+  grantType?: string;
   refreshUri?: string;
+  requestDataType: string;
   scopeType: ScopeType;
-  authRequestAdditionalParams: string;
-  codeExchangeRequestAdditionalParams: string;
+  serviceName: string;
+  useRefresh: boolean;
   // eslint-disable-next-line
   environments?: Record<string, any>;
   authLinkAdditionalParams?: Record<string, string>[];
   displayServiceName?: string;
 };
 
+export type OAuthService = {
+  additionalFieldsForApp: unknown[];
+  addNonceToAuthRequest: boolean;
+  allowedScopes: [];
+  appHelp: string;
+  appTerm: string;
+  authLinkAdditionalParams: Record<string, string>[];
+  authorizationAndScopeHelp: string;
+  authorizeUri: string;
+  authRequestAdditionalParams: string;
+  codeExchangeRequestAdditionalParams: string;
+  defaultEnvironmentName: string;
+  disallowedScopes: [];
+  displayServiceName: string;
+  environments: Record<string, unknown>;
+  exchangeTokenUrl: string;
+  expiresInDefaultValue: number;
+  expiresInPropertyValue: string;
+  predefinedApps: [];
+  refreshUrl: string;
+  requestDataType: 'form' | 'json' | 'formData';
+  revokeHttpMethod: '' | 'GET' | 'POST' | 'PUT' | 'DELETE';
+  revokeUrl: string;
+  scopesDocumentationLink: string;
+  scopeType: 'JSON_ARRAY' | 'SPACE_DELIMITED' | 'COMMA_DELIMITED' | 'COMMA_DELIMITED_WITHOUT_WHITESPACE';
+  serviceName: string;
+  useRefresh: boolean;
+  grantType?: string;
+};
+
+export type OAuthDynamicCollection = {
+  name: string;
+  type: string;
+  service: string;
+  serviceConfigName: string;
+  authorizations: {
+    [key: string]: string;
+  };
+  appId?: string;
+  scope?: string;
+};
+
+export type LocalService = {
+  key: string;
+  value: ServiceDefinitionConfig;
+};
+
+export type StepContext = {
+  setShared(key: string, value: unknown, ttl: number): void;
+  getShared(key: string): unknown;
+  session: {
+    expirationDate: number;
+  };
+};
+
 export enum ScopeType {
   SPACE_DELIMITED = 'SPACE_DELIMITED',
   COMMA_DELIMITED = 'COMMA_DELIMITED',
   COMMA_DELIMITED_WITHOUT_WHITESPACE = 'COMMA_DELIMITED_WITHOUT_WHITESPACE',
-  JSON_ARRAY = 'JSON_ARRAY'
+  JSON_ARRAY = 'JSON_ARRAY',
 }
 
 

package/src/OAuth/utils/createAuthKey.ts

@@ -1,3 +1,11 @@
 export const createAuthKey = (id: string, authName: string, keyValueCollection: string, currentAccountId: string | null): string => {
   return `${id}::oauth::${authName}::${keyValueCollection}::${currentAccountId}`;
 };
+
+export function createDynamicKey(
+  id: string,
+  dynamicCollection: string,
+  serviceName: string,
+  currentAccountId: string | null): string {
+  return `${id}::oauth-collection::${dynamicCollection} authorization::${serviceName}::${currentAccountId}`;
+}