@pega/auth 0.2.23 → 0.2.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/lib/oauth-client/auth.d.ts.map +1 -1
  2. package/lib/oauth-client/auth.js +574 -571
  3. package/lib/oauth-client/auth.js.map +1 -1
  4. package/lib/sdk-auth-manager/authManager.d.ts.map +1 -1
  5. package/lib/sdk-auth-manager/authManager.js +671 -643
  6. package/lib/sdk-auth-manager/authManager.js.map +1 -1
  7. package/lib/sdk-auth-manager/config_access.js +75 -50
  8. package/lib/sdk-auth-manager/config_access.js.map +1 -1
  9. package/package.json +6 -2
package/lib/sdk-auth-manager/authManager.js CHANGED
@@ -1,5 +1,17 @@
1
1
  // This file wraps various calls related to logging in, logging out, etc.
2
2
  // that use the auth.html/auth.js to do the work of logging in via OAuth 2.0.
3
+ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
4
+ if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
5
+ if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
6
+ return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
7
+ };
8
+ var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
9
+ if (kind === "m") throw new TypeError("Private method is not writable");
10
+ if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
11
+ if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
12
+ return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
13
+ };
14
+ var _AuthManager_instances, _AuthManager_ssKeyPrefix, _AuthManager_pegaAuth, _AuthManager_ssKeyConfigInfo, _AuthManager_ssKeySessionInfo, _AuthManager_ssKeyTokenInfo, _AuthManager_ssKeyState, _AuthManager_authConfig, _AuthManager_authDynState, _AuthManager_authHeader, _AuthManager_customTokenParamsCB, _AuthManager_bOAuthCustom, _AuthManager_tokenInfo, _AuthManager_userInfo, _AuthManager_usePASS, _AuthManager_beforeUnloadAdded, _AuthManager_tokenStorage, _AuthManager_transform, _AuthManager_foldSpot, _AuthManager_loadUserinfo, _AuthManager_loginProps, _AuthManager_promiseInitialize, _AuthManager_transformAndParse, _AuthManager_getStorage, _AuthManager_setStorage, _AuthManager_calcFoldSpot, _AuthManager_transformer, _AuthManager_doUnloadUpdates, _AuthManager_doBeforeUnload, _AuthManager_doPageHide, _AuthManager_loadState, _AuthManager_doOnLoad, _AuthManager_doAuthDynStateChanged, _AuthManager_initialize, _AuthManager_constellationInit, _AuthManager_customConstellationInit, _AuthManager_fireTokenAvailable, _AuthManager_processTokenOnLogin, _AuthManager_doCustomTokenParamsCB, _AuthManager_updateLoginStatus, _AuthManager_authFullReauth, _AuthManager_authTokenUpdated;
3
15
  // It utilizes a JS Class and private members to protect any sensitive tokens
4
16
  // and token obfuscation routines
5
17
  import { PegaAuth } from '../oauth-client/auth.js';
@@ -7,156 +19,112 @@ import { isEmptyObject } from './common-utils.js';
7
19
  import { getSdkConfig, SdkConfigAccess } from './config_access.js';
8
20
  // Meant to be a singleton...only one instance per page
9
21
  class AuthManager {
10
- #ssKeyPrefix = 'rs';
11
- iOSDevice = false;
12
- // will store the PegaAuth (OAuth 2.0 client library) instance
13
- #pegaAuth = null;
14
- #ssKeyConfigInfo = '';
15
- #ssKeySessionInfo = '';
16
- #ssKeyTokenInfo = '';
17
- #ssKeyState = `${this.#ssKeyPrefix}State`;
18
- #authConfig = {};
19
- #authDynState = {};
20
- #authHeader = null;
21
- #customTokenParamsCB = null;
22
- // state that should be persisted across loads
23
- state = { usePopup: false, noInitialRedirect: false, locale: null };
24
- // # of properties within initial state object
25
- stateKeysCount = 3;
26
- bC11NBootstrapInProgress = false;
27
- bCustomAuth = false;
28
- #tokenInfo;
29
- #userInfo;
30
- onLoadDone = false;
31
- msReauthStart = null;
32
- initInProgress = false;
33
- isLoggedIn = false;
34
- // Whether to pass a session storage key or structure to auth library
35
- #usePASS = false;
36
- #beforeUnloadAdded = false;
37
- #tokenStorage = 'temp';
38
- #transform = true;
39
- #foldSpot = 2;
40
- // Whether to load and cache user info as part of login
41
- #loadUserinfo = false;
42
- // Keep loginProps passed to loginIfNecessary
43
- #loginProps = null;
44
- // Promise for Initialization of PegaAuth and resolution callback
45
- #promiseInitialize = null;
46
22
  constructor() {
23
+ _AuthManager_instances.add(this);
24
+ _AuthManager_ssKeyPrefix.set(this, 'rs');
25
+ Object.defineProperty(this, "iOSDevice", {
26
+ enumerable: true,
27
+ configurable: true,
28
+ writable: true,
29
+ value: false
30
+ });
31
+ // will store the PegaAuth (OAuth 2.0 client library) instance
32
+ _AuthManager_pegaAuth.set(this, null);
33
+ _AuthManager_ssKeyConfigInfo.set(this, '');
34
+ _AuthManager_ssKeySessionInfo.set(this, '');
35
+ _AuthManager_ssKeyTokenInfo.set(this, '');
36
+ _AuthManager_ssKeyState.set(this, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}State`);
37
+ _AuthManager_authConfig.set(this, {});
38
+ _AuthManager_authDynState.set(this, {});
39
+ _AuthManager_authHeader.set(this, null);
40
+ _AuthManager_customTokenParamsCB.set(this, null);
41
+ // state that should be persisted across loads
42
+ Object.defineProperty(this, "state", {
43
+ enumerable: true,
44
+ configurable: true,
45
+ writable: true,
46
+ value: { usePopup: false, noInitialRedirect: false, locale: null }
47
+ });
48
+ // # of properties within initial state object
49
+ Object.defineProperty(this, "stateKeysCount", {
50
+ enumerable: true,
51
+ configurable: true,
52
+ writable: true,
53
+ value: 3
54
+ });
55
+ Object.defineProperty(this, "bC11NBootstrapInProgress", {
56
+ enumerable: true,
57
+ configurable: true,
58
+ writable: true,
59
+ value: false
60
+ });
61
+ Object.defineProperty(this, "bCustomAuth", {
62
+ enumerable: true,
63
+ configurable: true,
64
+ writable: true,
65
+ value: false
66
+ });
67
+ _AuthManager_bOAuthCustom.set(this, false);
68
+ _AuthManager_tokenInfo.set(this, void 0);
69
+ _AuthManager_userInfo.set(this, void 0);
70
+ Object.defineProperty(this, "onLoadDone", {
71
+ enumerable: true,
72
+ configurable: true,
73
+ writable: true,
74
+ value: false
75
+ });
76
+ Object.defineProperty(this, "msReauthStart", {
77
+ enumerable: true,
78
+ configurable: true,
79
+ writable: true,
80
+ value: null
81
+ });
82
+ Object.defineProperty(this, "initInProgress", {
83
+ enumerable: true,
84
+ configurable: true,
85
+ writable: true,
86
+ value: false
87
+ });
88
+ Object.defineProperty(this, "isLoggedIn", {
89
+ enumerable: true,
90
+ configurable: true,
91
+ writable: true,
92
+ value: false
93
+ });
94
+ // Whether to pass a session storage key or structure to auth library
95
+ _AuthManager_usePASS.set(this, false);
96
+ _AuthManager_beforeUnloadAdded.set(this, false);
97
+ _AuthManager_tokenStorage.set(this, 'temp');
98
+ _AuthManager_transform.set(this, true);
99
+ _AuthManager_foldSpot.set(this, 2);
100
+ // Whether to load and cache user info as part of login
101
+ _AuthManager_loadUserinfo.set(this, false);
102
+ // Keep loginProps passed to loginIfNecessary
103
+ _AuthManager_loginProps.set(this, null);
104
+ // Promise for Initialization of PegaAuth and resolution callback
105
+ _AuthManager_promiseInitialize.set(this, null);
47
106
  // Auth Manager specific state is saved within session storage as important in redirect and popup window scenarios
48
- this.#loadState();
107
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_loadState).call(this);
49
108
  this.iOSDevice = /iPad|iPhone|iPod/.test(navigator.userAgent);
50
109
  }
51
- #transformAndParse(ssKey, ssItem, bForce = false) {
52
- let obj = {};
53
- try {
54
- obj = JSON.parse(this.#transformer(ssKey, ssItem, false, bForce));
55
- }
56
- catch (e) {
57
- // fall thru and return empty object
58
- }
59
- return obj;
60
- }
61
- // helper routine to retrieve JSON object stored in a session storage key
62
- // a 2nd optional arg can also retrieve an individual attribute
63
- #getStorage(ssKey, sAttrib = null) {
64
- let ssItem = ssKey ? window.sessionStorage.getItem(ssKey) : null;
65
- let obj = {};
66
- if (this.#loginProps?.altStateStorage &&
67
- !this.isLoggedIn &&
68
- !ssItem &&
69
- (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo)) {
70
- ssItem = window.localStorage.getItem(ssKey);
71
- }
72
- if (ssItem) {
73
- try {
74
- obj = JSON.parse(ssItem);
75
- }
76
- catch (e) {
77
- obj = this.#transformAndParse(ssKey, ssItem, true);
78
- }
79
- }
80
- return sAttrib ? obj[sAttrib] : obj;
81
- }
82
- // helper routine to set storage to the passed in JSON
83
- #setStorage(ssKey, obj, bVerify = false) {
84
- try {
85
- // Set storage only if obj is not empty, else delete the storage
86
- if (!obj || isEmptyObject(obj)) {
87
- window.sessionStorage.removeItem(ssKey);
88
- }
89
- else {
90
- // const bClear = (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo);
91
- const bClear = false;
92
- const sValue = bClear
93
- ? JSON.stringify(obj)
94
- : this.#transformer(ssKey, JSON.stringify(obj), true);
95
- window.sessionStorage.setItem(ssKey, sValue);
96
- if (bVerify) {
97
- const sStored = window.sessionStorage.getItem(ssKey);
98
- if (sStored !== sValue) {
99
- // eslint-disable-next-line no-console
100
- console.error(`Failed to properly write sessionStorage (${ssKey})`);
101
- }
102
- }
103
- if (this.#loginProps?.altStateStorage &&
104
- !this.isLoggedIn &&
105
- (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo)) {
106
- window.localStorage.setItem(ssKey, sValue);
107
- }
108
- }
109
- }
110
- catch (e) {
111
- // eslint-disable-next-line no-console
112
- console.error(`Exception ${e} on attempted write of sessionStorage (${ssKey})`);
113
- }
114
- }
115
- #calcFoldSpot(s) {
116
- const nOffset = 1;
117
- const sChar = s.length > nOffset ? s.charAt(nOffset) : '2';
118
- const nSpot = parseInt(sChar, 10);
119
- this.#foldSpot = Number.isNaN(nSpot) ? 2 : (nSpot % 4) + 2;
120
- }
121
- // helper function to encode storage
122
- #transformer(ssKey, s, bIn, bForce = false) {
123
- const bTransform = bForce || this.#transform;
124
- const fnFold = (x) => {
125
- const nLen = x.length;
126
- const nExtra = nLen % this.#foldSpot;
127
- const nOffset = Math.floor(nLen / this.#foldSpot) + nExtra;
128
- const nRem = x.length - nOffset;
129
- return x.substring(bIn ? nOffset : nRem) + x.substring(0, bIn ? nOffset : nRem);
130
- };
131
- const bTknInfo = ssKey === this.#ssKeyTokenInfo;
132
- if (bTknInfo && !bIn && bTransform) {
133
- s = window.atob(fnFold(s));
134
- }
135
- // eslint-disable-next-line no-nested-ternary
136
- let result = bTransform ? (bIn ? window.btoa(s) : window.atob(s)) : s;
137
- if (bTknInfo && bIn && bTransform) {
138
- result = fnFold(window.btoa(result));
139
- }
140
- return result;
141
- }
142
110
  // Setter for authHeader (no getter)
143
111
  set authHeader(value) {
144
- this.#authHeader = value;
112
+ __classPrivateFieldSet(this, _AuthManager_authHeader, value, "f");
145
113
  // setAuthorizationHeader method not available til 8.8 so do safety check
146
114
  if (window.PCore?.getAuthUtils().setAuthorizationHeader) {
147
115
  const authHdr = value === null ? '' : value;
148
116
  window.PCore.getAuthUtils().setAuthorizationHeader(authHdr);
149
117
  }
150
- this.#updateLoginStatus();
118
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
151
119
  }
152
120
  // Setter for customTokenParamsCB
153
121
  set customTokenParamsCB(fn) {
154
- this.#customTokenParamsCB = fn;
122
+ __classPrivateFieldSet(this, _AuthManager_customTokenParamsCB, fn, "f");
155
123
  }
156
124
  // Setter/getter for appName
157
125
  set appName(appName) {
158
126
  this.state.appName = appName;
159
- this.#setStorage(this.#ssKeyState, this.state);
127
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
160
128
  }
161
129
  get appName() {
162
130
  return this.state.appName;
@@ -164,7 +132,7 @@ class AuthManager {
164
132
  // Setter/getter for usePopupForRestOfSession
165
133
  set usePopupForRestOfSession(usePopup) {
166
134
  this.state.usePopup = usePopup;
167
- this.#setStorage(this.#ssKeyState, this.state);
135
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
168
136
  }
169
137
  get usePopupForRestOfSession() {
170
138
  return this.state.usePopup;
@@ -175,7 +143,7 @@ class AuthManager {
175
143
  this.usePopupForRestOfSession = true;
176
144
  }
177
145
  this.state.noInitialRedirect = bNoInitialRedirect;
178
- this.#setStorage(this.#ssKeyState, this.state);
146
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
179
147
  }
180
148
  get noInitialRedirect() {
181
149
  return this.state.noInitialRedirect || false;
@@ -183,7 +151,7 @@ class AuthManager {
183
151
  // Setter/getter for locale (override)
184
152
  set locale(localeOverride) {
185
153
  this.state.locale = localeOverride;
186
- this.#setStorage(this.#ssKeyState, this.state);
154
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
187
155
  }
188
156
  get locale() {
189
157
  return this.state.locale;
@@ -196,7 +164,7 @@ class AuthManager {
196
164
  else if (this.msReauthStart) {
197
165
  delete this.msReauthStart;
198
166
  }
199
- this.#setStorage(this.#ssKeyState, this.state);
167
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
200
168
  }
201
169
  get reauthStart() {
202
170
  return this.msReauthStart || 0;
@@ -205,22 +173,22 @@ class AuthManager {
205
173
  set keySuffix(s) {
206
174
  this.state.sfx = s || undefined;
207
175
  if (s) {
208
- this.#setStorage(this.#ssKeyState, this.state);
176
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
209
177
  // To make it a bit more obtuse reverse the string and use that as the actual suffix
210
178
  const sSfx = s.split('').reverse().join('');
211
- this.#ssKeyConfigInfo = `${this.#ssKeyPrefix}CI_${sSfx}`;
212
- this.#ssKeySessionInfo = `${this.#ssKeyPrefix}SI_${sSfx}`;
213
- this.#ssKeyTokenInfo = `${this.#ssKeyPrefix}TI_${sSfx}`;
214
- this.#calcFoldSpot(sSfx);
179
+ __classPrivateFieldSet(this, _AuthManager_ssKeyConfigInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}CI_${sSfx}`, "f");
180
+ __classPrivateFieldSet(this, _AuthManager_ssKeySessionInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}SI_${sSfx}`, "f");
181
+ __classPrivateFieldSet(this, _AuthManager_ssKeyTokenInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}TI_${sSfx}`, "f");
182
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_calcFoldSpot).call(this, sSfx);
215
183
  }
216
184
  else {
217
- sessionStorage.removeItem(this.#ssKeyTokenInfo);
218
- sessionStorage.removeItem(this.#ssKeyConfigInfo);
219
- sessionStorage.removeItem(this.#ssKeySessionInfo);
220
- sessionStorage.removeItem(this.#ssKeyState);
221
- this.#ssKeyConfigInfo = '';
222
- this.#ssKeySessionInfo = '';
223
- this.#ssKeyTokenInfo = '';
185
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
186
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"));
187
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
188
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
189
+ __classPrivateFieldSet(this, _AuthManager_ssKeyConfigInfo, '', "f");
190
+ __classPrivateFieldSet(this, _AuthManager_ssKeySessionInfo, '', "f");
191
+ __classPrivateFieldSet(this, _AuthManager_ssKeyTokenInfo, '', "f");
224
192
  }
225
193
  }
226
194
  /**
@@ -228,435 +196,25 @@ class AuthManager {
228
196
  */
229
197
  clear(bFullReauth = false) {
230
198
  if (!this.bCustomAuth) {
231
- this.#authHeader = null;
199
+ __classPrivateFieldSet(this, _AuthManager_authHeader, null, "f");
232
200
  }
233
201
  // Clear any established auth tokens
234
- this.#tokenInfo = null;
235
- sessionStorage.removeItem(this.#ssKeyTokenInfo);
202
+ __classPrivateFieldSet(this, _AuthManager_tokenInfo, null, "f");
203
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
236
204
  this.isLoggedIn = false;
237
205
  // reset the initial redirect as well by using this setter
238
206
  this.usePopupForRestOfSession = bFullReauth;
239
207
  if (!bFullReauth) {
240
- if (!this.#usePASS) {
241
- this.#authConfig = {};
242
- this.#authDynState = {};
208
+ if (!__classPrivateFieldGet(this, _AuthManager_usePASS, "f")) {
209
+ __classPrivateFieldSet(this, _AuthManager_authConfig, {}, "f");
210
+ __classPrivateFieldSet(this, _AuthManager_authDynState, {}, "f");
243
211
  }
244
212
  // keySuffix setter has cleanup logic
245
213
  this.keySuffix = '';
246
214
  }
247
215
  }
248
- // Found beforeunload to not work well on iOS browsers, and pagehide to work better
249
- // However also seeing some scenario like navigating to a different page on Chrome & Firefox only invoking beforeunload
250
- // Chrome, Firefox, Safari browsers sequence on page reload: beforeunload, pagehide, visibilitychange
251
- // visibilitychange is fired whenever a tab is made visible and when it is hidden
252
- #doUnloadUpdates() {
253
- // Safari and particularly Safari on mobile devices doesn't seem to load this on first main redirect or
254
- // reliably, so have moved to having PegaAuth manage writing all state props to session storage
255
- this.#setStorage(this.#ssKeyState, this.state);
256
- this.#setStorage(this.#ssKeySessionInfo, this.#authDynState);
257
- // If tokenStorage was always, token would already be there
258
- if (this.#tokenStorage === 'temp') {
259
- this.#setStorage(this.#ssKeyTokenInfo, this.#tokenInfo);
260
- }
261
- }
262
- #doBeforeUnload() {
263
- this.#doUnloadUpdates();
264
- }
265
- #doPageHide() {
266
- this.#doUnloadUpdates();
267
- }
268
- #loadState() {
269
- // Note: State storage key doesn't have a client id associated with it
270
- const oState = this.#getStorage(this.#ssKeyState);
271
- if (oState) {
272
- Object.assign(this.state, oState);
273
- if (this.state.sfx) {
274
- // Setter sets up the ssKey values as well
275
- this.keySuffix = this.state.sfx;
276
- }
277
- }
278
- }
279
- // This is only called from initialize after #ssKey values are setup
280
- #doOnLoad() {
281
- if (!this.onLoadDone) {
282
- // This authConfig state doesn't collide with other calculated static state...so load it first
283
- // Note: transform setting will have already been loaded into #authConfig at this point
284
- this.#authDynState = this.#getStorage(this.#ssKeySessionInfo);
285
- this.#tokenInfo = this.#getStorage(this.#ssKeyTokenInfo);
286
- if (this.#tokenStorage !== 'always') {
287
- sessionStorage.removeItem(this.#ssKeyTokenInfo);
288
- // Finding on iOS browsers the pageHide event is sometimes not happening causing failed redirects.
289
- if (!this.iOSDevice) {
290
- sessionStorage.removeItem(this.#ssKeySessionInfo);
291
- }
292
- }
293
- this.onLoadDone = true;
294
- }
295
- }
296
- // Callback when auth dynamic state has changed. Decide whether to persisting it based on
297
- // config settings
298
- #doAuthDynStateChanged() {
299
- // If tokenStorage is setup for always then always persist the auth dynamic state as well
300
- if (this.#tokenStorage === 'always' || this.iOSDevice) {
301
- this.#setStorage(this.#ssKeySessionInfo, this.#authDynState);
302
- }
303
- }
304
- /**
305
- * Initialize OAuth config structure members and create authMgr instance (if necessary)
306
- * bNew - governs whether to create new sessionStorage or load existing one
307
- */
308
- async #initialize(bNew = false) {
309
- if (!bNew && this.#promiseInitialize) {
310
- return this.#promiseInitialize;
311
- }
312
- this.#promiseInitialize = new Promise(resolve => {
313
- /* if (!this.initInProgress && (bNew || isEmptyObject(this.#authConfig) || !this.#pegaAuth)) { */
314
- this.initInProgress = true;
315
- getSdkConfig().then(sdkConfig => {
316
- const sdkConfigAuth = sdkConfig.authConfig;
317
- const sdkConfigServer = sdkConfig.serverConfig;
318
- const serverType = sdkConfigServer.serverType || 'infinity';
319
- const bInfinity = serverType === 'infinity';
320
- let pegaUrl = bInfinity
321
- ? sdkConfigServer.infinityRestServerUrl
322
- : sdkConfigServer.launchpadRestServerUrl;
323
- // Expecting boolean true/false or undefined
324
- const secureCookie = !!sdkConfigAuth.secureCookie;
325
- const bNoInitialRedirect = this.noInitialRedirect;
326
- const appAliasSeg = sdkConfigServer.appAlias ? `app/${sdkConfigServer.appAlias}/` : '';
327
- // Construct default OAuth endpoints (if not explicitly specified)
328
- if (pegaUrl) {
329
- // Cope with trailing slash being present
330
- if (!pegaUrl.endsWith('/')) {
331
- pegaUrl += '/';
332
- }
333
- if (!sdkConfigAuth.authorize) {
334
- sdkConfigAuth.authorize = bInfinity
335
- ? `${pegaUrl}PRRestService/oauth2/v1/authorize`
336
- : `${pegaUrl}uas/oauth/authorize`;
337
- }
338
- const infinityOAuth2Url = bInfinity
339
- ? pegaUrl + (secureCookie && appAliasSeg ? `${appAliasSeg}api/` : 'PRRestService/')
340
- : '';
341
- if (!sdkConfigAuth.token) {
342
- sdkConfigAuth.token = bInfinity
343
- ? `${infinityOAuth2Url}oauth2/v1/token`
344
- : `${pegaUrl}uas/oauth/token`;
345
- }
346
- if (!sdkConfigAuth.revoke) {
347
- // Launchpad still does not have a revoke endpoint
348
- sdkConfigAuth.revoke = bInfinity ? `${infinityOAuth2Url}oauth2/v1/revoke` : '';
349
- }
350
- if (!sdkConfigAuth.redirectUri) {
351
- sdkConfigAuth.redirectUri = `${window.location.origin}${window.location.pathname}`;
352
- }
353
- if (!sdkConfigAuth.userinfo) {
354
- sdkConfigAuth.userinfo = bInfinity
355
- ? `${pegaUrl}${appAliasSeg}api/oauthclients/v1/userinfo/JSON`
356
- : '';
357
- }
358
- }
359
- // Auth service alias
360
- if (!sdkConfigAuth.authService) {
361
- sdkConfigAuth.authService = 'pega';
362
- }
363
- // mashupAuthService provides way to have a different auth service for embedded
364
- if (!sdkConfigAuth.mashupAuthService) {
365
- sdkConfigAuth.mashupAuthService = sdkConfigAuth.authService;
366
- }
367
- // Construct path to auth.html (used for case when not doing a main window redirect)
368
- let sNoMainRedirectUri = sdkConfigAuth.redirectUri;
369
- const nLastPathSep = sNoMainRedirectUri.lastIndexOf('/');
370
- sNoMainRedirectUri =
371
- nLastPathSep !== -1
372
- ? `${sNoMainRedirectUri.substring(0, nLastPathSep + 1)}auth.html`
373
- : `${sNoMainRedirectUri}/auth.html`;
374
- const portalGrantType = sdkConfigAuth.portalGrantType || 'authCode';
375
- const mashupGrantType = sdkConfigAuth.mashupGrantType || 'authCode';
376
- // Some grant types are only available with confidential registrations and require a client secret
377
- const clientSecret = bNoInitialRedirect
378
- ? sdkConfigAuth.mashupClientSecret
379
- : sdkConfigAuth.portalClientSecret;
380
- const pegaAuthConfig = {
381
- serverType,
382
- clientId: bNoInitialRedirect
383
- ? sdkConfigAuth.mashupClientId
384
- : sdkConfigAuth.portalClientId,
385
- grantType: bNoInitialRedirect ? mashupGrantType : portalGrantType,
386
- tokenUri: sdkConfigAuth.token,
387
- revokeUri: sdkConfigAuth.revoke,
388
- userinfoUri: sdkConfigAuth.userinfo,
389
- authService: bNoInitialRedirect
390
- ? sdkConfigAuth.mashupAuthService
391
- : sdkConfigAuth.authService,
392
- appAlias: sdkConfigServer.appAlias || '',
393
- useLocking: true
394
- };
395
- if (clientSecret) {
396
- pegaAuthConfig.clientSecret = clientSecret;
397
- }
398
- if (serverType === 'launchpad' && pegaAuthConfig.grantType === 'authCode') {
399
- pegaAuthConfig.noPKCE = true;
400
- }
401
- // Invoke keySuffix setter
402
- // Was using pegaAuthConfig.clientId as key but more secure to just use a random string as getting
403
- // both a clientId and the refresh token could yield a new access token.
404
- // Suffix is so we might in future move to an array of suffixes based on the appName, so might store
405
- // both portal and embedded tokens/session info at same time
406
- if (!this.state?.sfx) {
407
- // Just using a random number to make the suffix unique on each session
408
- this.keySuffix = `${Math.ceil(Math.random() * 100000000)}`;
409
- }
410
- this.#authConfig.transform =
411
- sdkConfigAuth.transform !== undefined ? sdkConfigAuth.transform : this.#transform;
412
- // Using property in class as authConfig may be empty at times
413
- this.#transform = this.#authConfig.transform;
414
- if (sdkConfigAuth.tokenStorage !== undefined) {
415
- this.#tokenStorage = sdkConfigAuth.tokenStorage;
416
- }
417
- if (sdkConfigAuth.secureCookie) {
418
- this.#authConfig.secureCookie = true;
419
- }
420
- // Get latest state once client ids, transform and tokenStorage have been established
421
- this.#doOnLoad();
422
- // If no clientId is specified assume not OAuth but custom auth
423
- if (pegaAuthConfig.grantType === 'none' || !pegaAuthConfig.clientId) {
424
- this.bCustomAuth = true;
425
- return;
426
- }
427
- if (pegaAuthConfig.grantType === 'authCode') {
428
- const authCodeProps = {
429
- authorizeUri: sdkConfigAuth.authorize,
430
- // If we have already specified a redirect on the authorize redirect, we need to continue to use that
431
- // on token endpoint
432
- redirectUri: bNoInitialRedirect || this.usePopupForRestOfSession
433
- ? sNoMainRedirectUri
434
- : sdkConfigAuth.redirectUri
435
- };
436
- if ('silentTimeout' in sdkConfigAuth) {
437
- authCodeProps.silentTimeout = sdkConfigAuth.silentTimeout;
438
- }
439
- if (bNoInitialRedirect &&
440
- pegaAuthConfig.authService === 'pega' &&
441
- sdkConfigAuth.mashupUserIdentifier &&
442
- sdkConfigAuth.mashupPassword) {
443
- authCodeProps.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
444
- authCodeProps.password = sdkConfigAuth.mashupPassword;
445
- }
446
- if ('iframeLoginUI' in sdkConfigAuth) {
447
- authCodeProps.iframeLoginUI =
448
- sdkConfigAuth.iframeLoginUI.toString().toLowerCase() === 'true';
449
- }
450
- Object.assign(pegaAuthConfig, authCodeProps);
451
- }
452
- else if (pegaAuthConfig.grantType === 'passwordCreds') {
453
- pegaAuthConfig.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
454
- pegaAuthConfig.password = sdkConfigAuth.mashupPassword;
455
- }
456
- Object.assign(this.#authConfig, pegaAuthConfig);
457
- // Add beforeunload and page hide handlers to write out key properties that we want to survive a
458
- // browser reload
459
- if (!this.#beforeUnloadAdded && (!this.#usePASS || this.#tokenStorage !== 'always')) {
460
- window.addEventListener('beforeunload', this.#doBeforeUnload.bind(this));
461
- window.addEventListener('pagehide', this.#doPageHide.bind(this));
462
- this.#beforeUnloadAdded = true;
463
- }
464
- // Initialize PegaAuth OAuth 2.0 client library
465
- if (this.#usePASS) {
466
- this.#setStorage(this.#ssKeyConfigInfo, this.#authConfig);
467
- this.#setStorage(this.#ssKeySessionInfo, this.#authDynState);
468
- this.#pegaAuth = new PegaAuth(this.#ssKeyConfigInfo, this.#ssKeySessionInfo);
469
- }
470
- else {
471
- this.#authConfig.fnDynStateChangedCB = this.#doAuthDynStateChanged.bind(this);
472
- this.#pegaAuth = new PegaAuth(this.#authConfig, this.#authDynState);
473
- }
474
- this.initInProgress = false;
475
- resolve(this.#pegaAuth);
476
- });
477
- });
478
- return this.#promiseInitialize;
479
- }
480
- /**
481
- * Initiate the process to get the Constellation bootstrap shell loaded and initialized
482
- * @param {Object} tokenInfo
483
- * @param {Function} authTokenUpdated - callback invoked when Constellation JS Engine silently updates
484
- * an expired access_token
485
- * @param {Function} fnReauth - callback invoked when a full or custom reauth is needed
486
- */
487
- #constellationInit(tokenInfo, authTokenUpdated, fnReauth) {
488
- const constellationBootConfig = {};
489
- const sdkConfigServer = SdkConfigAccess.getSdkConfigServer();
490
- const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
491
- const authConfig = this.#authConfig;
492
- // Set up constellationConfig with data that bootstrapWithAuthHeader expects
493
- constellationBootConfig.customRendering = true;
494
- constellationBootConfig.restServerUrl = sdkConfigServer.infinityRestServerUrl;
495
- // NOTE: Needs a trailing slash! So add one if not provided
496
- if (!sdkConfigServer.sdkContentServerUrl.endsWith('/')) {
497
- sdkConfigServer.sdkContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}/`;
498
- }
499
- constellationBootConfig.staticContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}constellation/`;
500
- if (!constellationBootConfig.staticContentServerUrl.endsWith('/')) {
501
- constellationBootConfig.staticContentServerUrl = `${constellationBootConfig.staticContentServerUrl}/`;
502
- }
503
- // If appAlias specified, use it
504
- if (sdkConfigServer.appAlias) {
505
- constellationBootConfig.appAlias = sdkConfigServer.appAlias;
506
- }
507
- // Determine whether to send credentials with DX API transactions
508
- if (sdkConfigAuth.customCookies) {
509
- constellationBootConfig.customCookies = true;
510
- }
511
- if (this.#authConfig.grantType === 'customBearer' || !tokenInfo) {
512
- if (tokenInfo) {
513
- this.#authHeader = `${tokenInfo.token_type} ${tokenInfo.access_token}`;
514
- }
515
- if (this.#authHeader) {
516
- constellationBootConfig.authorizationHeader = this.#authHeader;
517
- }
518
- }
519
- else {
520
- // Pass in auth info to Constellation
521
- constellationBootConfig.authInfo = {
522
- authType: 'OAuth2.0',
523
- tokenInfo,
524
- // Set whether we want constellation to try to do a full re-Auth or not ()
525
- // true doesn't seem to be working in SDK scenario so always passing false for now
526
- popupReauth: false /* !this.noInitialRedirect */,
527
- client_id: authConfig.clientId,
528
- authentication_service: authConfig.authService,
529
- redirect_uri: authConfig.redirectUri,
530
- endPoints: {
531
- authorize: authConfig.authorizeUri,
532
- token: authConfig.tokenUri,
533
- revoke: authConfig.revokeUri
534
- },
535
- secureCookie: authConfig.secureCookie,
536
- onTokenRetrieval: authTokenUpdated
537
- };
538
- }
539
- // Turn off dynamic load components (should be able to do it here instead of after load?)
540
- constellationBootConfig.dynamicLoadComponents = false;
541
- // Set envType if appropriate
542
- if (authConfig.serverType === 'launchpad') {
543
- constellationBootConfig.envType = 'LAUNCHPAD';
544
- }
545
- // Set locale override if specified
546
- const localeOverride = this.locale;
547
- if (localeOverride) {
548
- constellationBootConfig.locale = localeOverride;
549
- }
550
- // Set additional headers if specified
551
- const additionalHeaders = this.#loginProps.additionalHeaders;
552
- if (additionalHeaders) {
553
- constellationBootConfig.additionalHeaders = additionalHeaders;
554
- }
555
- if (this.bC11NBootstrapInProgress) {
556
- return;
557
- }
558
- this.bC11NBootstrapInProgress = true;
559
- // Note that staticContentServerUrl already ends with a slash (see above), so no slash added.
560
- // In order to have this import succeed needed to use the webpackIgnore magic comment tag.
561
- // See: https://webpack.js.org/api/module-methods/
562
- import(
563
- /* webpackIgnore: true */ `${constellationBootConfig.staticContentServerUrl}bootstrap-shell.js?v=${Date.now()}`).then(bootstrapShell => {
564
- // NOTE: once this callback is done, we lose the ability to access loadMashup.
565
- // So, create a reference to it
566
- window.myLoadMashup = bootstrapShell.loadMashup;
567
- window.myLoadPortal = bootstrapShell.loadPortal;
568
- window.myLoadDefaultPortal = bootstrapShell.loadDefaultPortal;
569
- bootstrapShell
570
- .bootstrapWithAuthHeader(constellationBootConfig, 'pega-root')
571
- .then(() => {
572
- // eslint-disable-next-line no-console
573
- console.log('ConstellationJS bootstrap successful!');
574
- this.bC11NBootstrapInProgress = false;
575
- // Setup listener for the reauth event
576
- if (tokenInfo) {
577
- PCore.getPubSubUtils().subscribe(PCore.getConstants().PUB_SUB_EVENTS.EVENT_FULL_REAUTH, fnReauth, 'authFullReauth');
578
- }
579
- else {
580
- // customReauth event introduced with 8.8
581
- const sEvent = PCore.getConstants().PUB_SUB_EVENTS.EVENT_CUSTOM_REAUTH;
582
- if (sEvent) {
583
- PCore.getPubSubUtils().subscribe(sEvent, fnReauth, 'doReauth');
584
- }
585
- }
586
- // Fire SdkConstellationReady event so bridge and app route can do expected post PCore initializations
587
- const event = new CustomEvent('SdkConstellationReady', {});
588
- document.dispatchEvent(event);
589
- })
590
- .catch(e => {
591
- // Assume error caught is because token is not valid and attempt a full reauth
592
- // eslint-disable-next-line no-console
593
- console.error(`ConstellationJS bootstrap failed. ${e}`);
594
- this.bC11NBootstrapInProgress = false;
595
- fnReauth();
596
- });
597
- });
598
- /* Ends here */
599
- }
600
- #customConstellationInit(fnReauth) {
601
- this.#constellationInit(null, null, fnReauth);
602
- }
603
- #fireTokenAvailable(token, bLoadC11N = true) {
604
- if (!token) {
605
- // This is used on page reload to load the token from sessionStorage and carry on
606
- token = this.#tokenInfo;
607
- if (!token) {
608
- return;
609
- }
610
- }
611
- this.#tokenInfo = token;
612
- if (this.#tokenStorage === 'always') {
613
- this.#setStorage(this.#ssKeyTokenInfo, this.#tokenInfo);
614
- }
615
- this.#updateLoginStatus();
616
- // this.isLoggedIn is getting updated in updateLoginStatus
617
- this.isLoggedIn = true;
618
- this.usePopupForRestOfSession = true;
619
- if (!window.PCore && bLoadC11N) {
620
- this.#constellationInit(token, this.#authTokenUpdated.bind(this), this.#authFullReauth.bind(this));
621
- }
622
- /*
623
- // Create and dispatch the SdkLoggedIn event to trigger constellationInit
624
- const event = new CustomEvent('SdkLoggedIn', { detail: { authConfig, tokenInfo: token } });
625
- document.dispatchEvent(event);
626
- */
627
- }
628
- #processTokenOnLogin(token, bLoadC11N = true) {
629
- this.#tokenInfo = token;
630
- if (this.#tokenStorage === 'always') {
631
- this.#setStorage(this.#ssKeyTokenInfo, this.#tokenInfo);
632
- }
633
- if (this.#authConfig.grantType === 'customBearer') {
634
- // authHeader setter will also set #authHeader and invoke getAuthUtils().setAuthorizationHeader
635
- this.authHeader = `${token.token_type} ${token.access_token}`;
636
- }
637
- if (window.PCore && !this.#authHeader) {
638
- PCore.getAuthUtils().setTokens(token);
639
- }
640
- else {
641
- this.#fireTokenAvailable(token, bLoadC11N);
642
- }
643
- }
644
- #doCustomTokenParamsCB() {
645
- if (this.#authConfig.grantType === 'customBearer' && this.#customTokenParamsCB) {
646
- try {
647
- const customTokenParams = this.#customTokenParamsCB();
648
- if (customTokenParams) {
649
- this.#authConfig.customTokenParams = customTokenParams;
650
- }
651
- }
652
- catch (e) {
653
- // eslint-disable-next-line no-console
654
- console.error(`Error on customTokenParams callback. ${e}`);
655
- }
656
- }
657
- }
658
216
  updateRedirectUri(sRedirectUri) {
659
- this.#authConfig.redirectUri = sRedirectUri;
217
+ __classPrivateFieldGet(this, _AuthManager_authConfig, "f").redirectUri = sRedirectUri;
660
218
  }
661
219
  /**
662
220
  * Get available portals which supports SDK
@@ -672,9 +230,9 @@ class AuthManager {
672
230
  const appAlias = serverConfig.appAlias;
673
231
  const appAliasPath = appAlias ? `/app/${appAlias}` : '';
674
232
  const arExcludedPortals = serverConfig.excludePortals;
675
- const additionalHeaders = this.#loginProps.additionalHeaders || {};
676
- const oHeaders = this.#authHeader
677
- ? { Authorization: this.#authHeader, ...additionalHeaders }
233
+ const additionalHeaders = __classPrivateFieldGet(this, _AuthManager_loginProps, "f").additionalHeaders || {};
234
+ const oHeaders = __classPrivateFieldGet(this, _AuthManager_authHeader, "f")
235
+ ? { Authorization: __classPrivateFieldGet(this, _AuthManager_authHeader, "f"), ...additionalHeaders }
678
236
  : additionalHeaders;
679
237
  const headers = {
680
238
  'Content-Type': 'application/json',
@@ -685,7 +243,7 @@ class AuthManager {
685
243
  return fetch(`${serverUrl}${appAliasPath}/api/v1/data/${dataPageName}`, {
686
244
  method: 'GET',
687
245
  headers,
688
- credentials: this.#authConfig.secureCookie ? 'include' : 'omit'
246
+ credentials: __classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie ? 'include' : 'omit'
689
247
  })
690
248
  .then(response => {
691
249
  if (response.ok && response.status === 200) {
@@ -726,66 +284,27 @@ class AuthManager {
726
284
  });
727
285
  });
728
286
  }
729
- #updateLoginStatus() {
730
- if (!this.#authHeader && this.#tokenInfo?.access_token) {
731
- // Use setter to set this securely
732
- this.authHeader = `${this.#tokenInfo.token_type} ${this.#tokenInfo.access_token}`;
733
- }
734
- this.isLoggedIn =
735
- !!(this.#authHeader && this.#authHeader.length > 0) ||
736
- (this.#authConfig.secureCookie && Object.keys(this.#tokenInfo || {}).length > 0);
737
- }
738
- // Initiate a full OAuth re-authorization (any refresh token has also expired).
739
- #authFullReauth() {
740
- const bHandleHere = true; // Other alternative is to raise an event and have someone else handle it
741
- if (this.reauthStart) {
742
- const reauthIgnoreInterval = 300000; // 5 minutes
743
- const currTime = Date.now();
744
- const bReauthInProgress = currTime - this.reauthStart <= reauthIgnoreInterval;
745
- if (bReauthInProgress) {
746
- return;
747
- }
748
- }
749
- if (bHandleHere) {
750
- // Don't want to do a full clear of authMgr as will loose state props (like sessionIndex). Rather just clear the tokens
751
- this.clear(true);
752
- // eslint-disable-next-line @typescript-eslint/no-use-before-define
753
- login(true);
754
- }
755
- else {
756
- // Fire the SdkFullReauth event to indicate a new token is needed (PCore.getAuthUtils.setTokens method
757
- // should be used to communicate the new token to Constellation JS Engine.
758
- const event = new CustomEvent('SdkFullReauth', {
759
- detail: this.#processTokenOnLogin.bind(this)
760
- });
761
- document.dispatchEvent(event);
762
- }
763
- }
764
- // Passive update where just session storage is updated so can be used on a window refresh
765
- #authTokenUpdated(tokenInfo) {
766
- this.#tokenInfo = tokenInfo;
767
- }
768
287
  // TODO: Cope with 401 and refresh token if possible (or just hope that it succeeds during login)
769
288
  /**
770
289
  * Retrieve UserInfo for current authentication service
771
290
  */
772
291
  getUserInfo() {
773
- if (this.#userInfo) {
774
- return this.#userInfo;
292
+ if (__classPrivateFieldGet(this, _AuthManager_userInfo, "f")) {
293
+ return __classPrivateFieldGet(this, _AuthManager_userInfo, "f");
775
294
  }
776
- return this.#initialize(false).then(aMgr => {
777
- return aMgr.getUserinfo(this.#tokenInfo.access_token).then(data => {
778
- this.#userInfo = data;
779
- return this.#userInfo;
295
+ return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(aMgr => {
296
+ return aMgr.getUserinfo(__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token).then(data => {
297
+ __classPrivateFieldSet(this, _AuthManager_userInfo, data, "f");
298
+ return __classPrivateFieldGet(this, _AuthManager_userInfo, "f");
780
299
  });
781
300
  });
782
301
  }
783
302
  login(bFullReauth = false) {
784
303
  if (this.bCustomAuth)
785
304
  return;
786
- this.#initialize(!bFullReauth).then(aMgr => {
305
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, !bFullReauth).then(aMgr => {
787
306
  const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
788
- if (this.#authConfig.grantType === 'authCode') {
307
+ if (__classPrivateFieldGet(this, _AuthManager_authConfig, "f").grantType === 'authCode') {
789
308
  const bMainRedirect = !this.noInitialRedirect;
790
309
  let sRedirectUri = sdkConfigAuth.redirectUri;
791
310
  // If initial main redirect is OK, redirect to main page, otherwise will authorize in a popup window
@@ -806,12 +325,12 @@ class AuthManager {
806
325
  this.updateRedirectUri(sRedirectUri);
807
326
  }
808
327
  return new Promise((resolve, reject) => {
809
- this.#doCustomTokenParamsCB();
328
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doCustomTokenParamsCB).call(this);
810
329
  aMgr
811
330
  .login()
812
331
  .then(token => {
813
- this.#processTokenOnLogin(token);
814
- if (this.#loadUserinfo) {
332
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).call(this, token);
333
+ if (__classPrivateFieldGet(this, _AuthManager_loadUserinfo, "f")) {
815
334
  this.getUserInfo();
816
335
  }
817
336
  resolve(token.access_token);
@@ -832,17 +351,17 @@ class AuthManager {
832
351
  const state = urlParams.get('state');
833
352
  // If state should also match before accepting code
834
353
  if (code) {
835
- this.#initialize(false).then(aMgr => {
354
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(aMgr => {
836
355
  if (aMgr.checkStateMatch(state)) {
837
356
  aMgr.getToken(code).then(token => {
838
357
  // Remove any altStateStorage
839
- if (this.#loginProps?.altStateStorage) {
840
- window.localStorage.removeItem(this.#ssKeySessionInfo);
841
- window.localStorage.removeItem(this.#ssKeyState);
358
+ if (__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage) {
359
+ window.localStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
360
+ window.localStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
842
361
  }
843
362
  if (token && token.token_type) {
844
- this.#processTokenOnLogin(token, false);
845
- if (this.#loadUserinfo) {
363
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).call(this, token, false);
364
+ if (__classPrivateFieldGet(this, _AuthManager_loadUserinfo, "f")) {
846
365
  this.getUserInfo();
847
366
  }
848
367
  if (fnLoggedInCB) {
@@ -868,14 +387,14 @@ class AuthManager {
868
387
  }
869
388
  loginIfNecessary(loginProps) {
870
389
  const { appName, deferLogin, redirectDoneCB, locale } = loginProps;
871
- this.#loginProps = { ...loginProps };
390
+ __classPrivateFieldSet(this, _AuthManager_loginProps, { ...loginProps }, "f");
872
391
  const noMainRedirect = !loginProps.mainRedirect;
873
392
  // We need to load state before making any decisions. If appName is not there
874
393
  // and this is not the first time load...suspect something is wrong and we need to reload
875
394
  if (Object.keys(this.state).length <= this.stateKeysCount || !this.appName) {
876
395
  // Once appName is defined it should exceed this count. If not there should be no
877
396
  // harm trying once more
878
- this.#loadState();
397
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_loadState).call(this);
879
398
  }
880
399
  // If no initial redirect status of page changed...clear AuthMgr
881
400
  const currNoMainRedirect = this.noInitialRedirect;
@@ -894,9 +413,9 @@ class AuthManager {
894
413
  }
895
414
  // If custom auth no need to do any OAuth logic
896
415
  if (this.bCustomAuth) {
897
- this.#updateLoginStatus();
416
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
898
417
  if (!window.PCore) {
899
- this.#customConstellationInit(() => {
418
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_customConstellationInit).call(this, () => {
900
419
  // Fire the SdkCustomReauth event to indicate a new authHeader is needed. Event listener should invoke sdkSetAuthHeader
901
420
  // to communicate the new token to sdk (and Constellation JS Engine)
902
421
  // eslint-disable-next-line @typescript-eslint/no-use-before-define
@@ -925,7 +444,7 @@ class AuthManager {
925
444
  window.location.replace(window.location.pathname);
926
445
  };
927
446
  // INC-B43979 had strange case where sessionStorage was empty after redirects
928
- if (!this.state.sfx && !this.#loginProps?.altStateStorage) {
447
+ if (!this.state.sfx && !__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage) {
929
448
  // Reload the page to trigger another login. Invoking login method here instead didn't
930
449
  // resolve the issue in client environment.
931
450
  this.clear();
@@ -934,11 +453,11 @@ class AuthManager {
934
453
  return this.authRedirectCallback(window.location.href, redirectDoneCB || cbDefault);
935
454
  }
936
455
  if (!deferLogin) {
937
- return this.#initialize(false).then(() => {
938
- this.#updateLoginStatus();
456
+ return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(() => {
457
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
939
458
  if (this.isLoggedIn) {
940
- this.#fireTokenAvailable(this.#tokenInfo);
941
- if (this.#loadUserinfo) {
459
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_fireTokenAvailable).call(this, __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
460
+ if (__classPrivateFieldGet(this, _AuthManager_loadUserinfo, "f")) {
942
461
  this.getUserInfo();
943
462
  }
944
463
  }
@@ -949,10 +468,10 @@ class AuthManager {
949
468
  }
950
469
  }
951
470
  logout() {
952
- if (this.#beforeUnloadAdded) {
953
- window.removeEventListener('beforeunload', this.#doBeforeUnload.bind(this));
954
- window.removeEventListener('pagehide', this.#doPageHide.bind(this));
955
- this.#beforeUnloadAdded = false;
471
+ if (__classPrivateFieldGet(this, _AuthManager_beforeUnloadAdded, "f")) {
472
+ window.removeEventListener('beforeunload', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doBeforeUnload).bind(this));
473
+ window.removeEventListener('pagehide', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doPageHide).bind(this));
474
+ __classPrivateFieldSet(this, _AuthManager_beforeUnloadAdded, false, "f");
956
475
  }
957
476
  return new Promise(resolve => {
958
477
  const fnClearAndResolve = () => {
@@ -966,8 +485,8 @@ class AuthManager {
966
485
  return;
967
486
  }
968
487
  // For secure cookie there will not be an access_token so just check for token_type
969
- if (this.#tokenInfo && this.#tokenInfo.token_type) {
970
- if (window.PCore) {
488
+ if (__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f") && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").token_type) {
489
+ if (window.PCore && !__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f")) {
971
490
  window.PCore.getAuthUtils()
972
491
  .revokeTokens()
973
492
  .catch(err => {
@@ -979,11 +498,11 @@ class AuthManager {
979
498
  });
980
499
  }
981
500
  else {
982
- this.#initialize(false).then(aMgr => {
501
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(aMgr => {
983
502
  aMgr
984
- .revokeTokens(this.#authConfig.secureCookie ? 'cookie' : this.#tokenInfo.access_token, this.#authConfig.secureCookie && this.#tokenInfo.is_refresh_token_enabled
503
+ .revokeTokens(__classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie ? 'cookie' : __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token, __classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").is_refresh_token_enabled
985
504
  ? 'cookie'
986
- : this.#tokenInfo.refresh_token)
505
+ : __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").refresh_token)
987
506
  .then(() => {
988
507
  // Go to finally
989
508
  })
@@ -999,6 +518,515 @@ class AuthManager {
999
518
  });
1000
519
  }
1001
520
  }
521
+ _AuthManager_ssKeyPrefix = new WeakMap(), _AuthManager_pegaAuth = new WeakMap(), _AuthManager_ssKeyConfigInfo = new WeakMap(), _AuthManager_ssKeySessionInfo = new WeakMap(), _AuthManager_ssKeyTokenInfo = new WeakMap(), _AuthManager_ssKeyState = new WeakMap(), _AuthManager_authConfig = new WeakMap(), _AuthManager_authDynState = new WeakMap(), _AuthManager_authHeader = new WeakMap(), _AuthManager_customTokenParamsCB = new WeakMap(), _AuthManager_bOAuthCustom = new WeakMap(), _AuthManager_tokenInfo = new WeakMap(), _AuthManager_userInfo = new WeakMap(), _AuthManager_usePASS = new WeakMap(), _AuthManager_beforeUnloadAdded = new WeakMap(), _AuthManager_tokenStorage = new WeakMap(), _AuthManager_transform = new WeakMap(), _AuthManager_foldSpot = new WeakMap(), _AuthManager_loadUserinfo = new WeakMap(), _AuthManager_loginProps = new WeakMap(), _AuthManager_promiseInitialize = new WeakMap(), _AuthManager_instances = new WeakSet(), _AuthManager_transformAndParse = function _AuthManager_transformAndParse(ssKey, ssItem, bForce = false) {
522
+ let obj = {};
523
+ try {
524
+ obj = JSON.parse(__classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformer).call(this, ssKey, ssItem, false, bForce));
525
+ }
526
+ catch (e) {
527
+ // fall thru and return empty object
528
+ }
529
+ return obj;
530
+ }, _AuthManager_getStorage = function _AuthManager_getStorage(ssKey, sAttrib = null) {
531
+ let ssItem = ssKey ? window.sessionStorage.getItem(ssKey) : null;
532
+ let obj = {};
533
+ if (__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage &&
534
+ !this.isLoggedIn &&
535
+ !ssItem &&
536
+ (ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f") || ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"))) {
537
+ ssItem = window.localStorage.getItem(ssKey);
538
+ }
539
+ if (ssItem) {
540
+ try {
541
+ obj = JSON.parse(ssItem);
542
+ }
543
+ catch (e) {
544
+ obj = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformAndParse).call(this, ssKey, ssItem, true);
545
+ }
546
+ }
547
+ return sAttrib ? obj[sAttrib] : obj;
548
+ }, _AuthManager_setStorage = function _AuthManager_setStorage(ssKey, obj, bVerify = false) {
549
+ try {
550
+ // Set storage only if obj is not empty, else delete the storage
551
+ if (!obj || isEmptyObject(obj)) {
552
+ window.sessionStorage.removeItem(ssKey);
553
+ }
554
+ else {
555
+ // const bClear = (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo);
556
+ const bClear = false;
557
+ const sValue = bClear
558
+ ? JSON.stringify(obj)
559
+ : __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformer).call(this, ssKey, JSON.stringify(obj), true);
560
+ window.sessionStorage.setItem(ssKey, sValue);
561
+ if (bVerify) {
562
+ const sStored = window.sessionStorage.getItem(ssKey);
563
+ if (sStored !== sValue) {
564
+ // eslint-disable-next-line no-console
565
+ console.error(`Failed to properly write sessionStorage (${ssKey})`);
566
+ }
567
+ }
568
+ if (__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage &&
569
+ !this.isLoggedIn &&
570
+ (ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f") || ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"))) {
571
+ window.localStorage.setItem(ssKey, sValue);
572
+ }
573
+ }
574
+ }
575
+ catch (e) {
576
+ // eslint-disable-next-line no-console
577
+ console.error(`Exception ${e} on attempted write of sessionStorage (${ssKey})`);
578
+ }
579
+ }, _AuthManager_calcFoldSpot = function _AuthManager_calcFoldSpot(s) {
580
+ const nOffset = 1;
581
+ const sChar = s.length > nOffset ? s.charAt(nOffset) : '2';
582
+ const nSpot = parseInt(sChar, 10);
583
+ __classPrivateFieldSet(this, _AuthManager_foldSpot, Number.isNaN(nSpot) ? 2 : (nSpot % 4) + 2, "f");
584
+ }, _AuthManager_transformer = function _AuthManager_transformer(ssKey, s, bIn, bForce = false) {
585
+ const bTransform = bForce || __classPrivateFieldGet(this, _AuthManager_transform, "f");
586
+ const fnFold = (x) => {
587
+ const nLen = x.length;
588
+ const nExtra = nLen % __classPrivateFieldGet(this, _AuthManager_foldSpot, "f");
589
+ const nOffset = Math.floor(nLen / __classPrivateFieldGet(this, _AuthManager_foldSpot, "f")) + nExtra;
590
+ const nRem = x.length - nOffset;
591
+ return x.substring(bIn ? nOffset : nRem) + x.substring(0, bIn ? nOffset : nRem);
592
+ };
593
+ const bTknInfo = ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f");
594
+ if (bTknInfo && !bIn && bTransform) {
595
+ s = window.atob(fnFold(s));
596
+ }
597
+ // eslint-disable-next-line no-nested-ternary
598
+ let result = bTransform ? (bIn ? window.btoa(s) : window.atob(s)) : s;
599
+ if (bTknInfo && bIn && bTransform) {
600
+ result = fnFold(window.btoa(result));
601
+ }
602
+ return result;
603
+ }, _AuthManager_doUnloadUpdates = function _AuthManager_doUnloadUpdates() {
604
+ // Safari and particularly Safari on mobile devices doesn't seem to load this on first main redirect or
605
+ // reliably, so have moved to having PegaAuth manage writing all state props to session storage
606
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
607
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
608
+ // If tokenStorage was always, token would already be there
609
+ if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'temp') {
610
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
611
+ }
612
+ }, _AuthManager_doBeforeUnload = function _AuthManager_doBeforeUnload() {
613
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doUnloadUpdates).call(this);
614
+ }, _AuthManager_doPageHide = function _AuthManager_doPageHide() {
615
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doUnloadUpdates).call(this);
616
+ }, _AuthManager_loadState = function _AuthManager_loadState() {
617
+ // Note: State storage key doesn't have a client id associated with it
618
+ const oState = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
619
+ if (oState) {
620
+ Object.assign(this.state, oState);
621
+ if (this.state.sfx) {
622
+ // Setter sets up the ssKey values as well
623
+ this.keySuffix = this.state.sfx;
624
+ }
625
+ }
626
+ }, _AuthManager_doOnLoad = function _AuthManager_doOnLoad() {
627
+ if (!this.onLoadDone) {
628
+ // This authConfig state doesn't collide with other calculated static state...so load it first
629
+ // Note: transform setting will have already been loaded into #authConfig at this point
630
+ __classPrivateFieldSet(this, _AuthManager_authDynState, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f")), "f");
631
+ __classPrivateFieldSet(this, _AuthManager_tokenInfo, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f")), "f");
632
+ if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") !== 'always') {
633
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
634
+ // Finding on iOS browsers the pageHide event is sometimes not happening causing failed redirects.
635
+ if (!this.iOSDevice) {
636
+ sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
637
+ }
638
+ }
639
+ this.onLoadDone = true;
640
+ }
641
+ }, _AuthManager_doAuthDynStateChanged = function _AuthManager_doAuthDynStateChanged() {
642
+ // If tokenStorage is setup for always then always persist the auth dynamic state as well
643
+ if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always' || this.iOSDevice) {
644
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
645
+ }
646
+ }, _AuthManager_initialize =
647
+ /**
648
+ * Initialize OAuth config structure members and create authMgr instance (if necessary)
649
+ * bNew - governs whether to create new sessionStorage or load existing one
650
+ */
651
+ async function _AuthManager_initialize(bNew = false) {
652
+ if (!bNew && __classPrivateFieldGet(this, _AuthManager_promiseInitialize, "f")) {
653
+ return __classPrivateFieldGet(this, _AuthManager_promiseInitialize, "f");
654
+ }
655
+ __classPrivateFieldSet(this, _AuthManager_promiseInitialize, new Promise(resolve => {
656
+ /* if (!this.initInProgress && (bNew || isEmptyObject(this.#authConfig) || !this.#pegaAuth)) { */
657
+ this.initInProgress = true;
658
+ getSdkConfig().then(sdkConfig => {
659
+ const sdkConfigAuth = sdkConfig.authConfig;
660
+ const sdkConfigServer = sdkConfig.serverConfig;
661
+ const serverType = sdkConfigServer.serverType || 'infinity';
662
+ const bInfinity = serverType === 'infinity';
663
+ let pegaUrl = bInfinity
664
+ ? sdkConfigServer.infinityRestServerUrl
665
+ : sdkConfigServer.launchpadRestServerUrl;
666
+ // Expecting boolean true/false or undefined
667
+ const secureCookie = !!sdkConfigAuth.secureCookie;
668
+ const bNoInitialRedirect = this.noInitialRedirect;
669
+ const appAliasSeg = sdkConfigServer.appAlias ? `app/${sdkConfigServer.appAlias}/` : '';
670
+ // Construct default OAuth endpoints (if not explicitly specified)
671
+ if (pegaUrl) {
672
+ // Cope with trailing slash being present
673
+ if (!pegaUrl.endsWith('/')) {
674
+ pegaUrl += '/';
675
+ }
676
+ if (!sdkConfigAuth.authorize) {
677
+ sdkConfigAuth.authorize = bInfinity
678
+ ? `${pegaUrl}PRRestService/oauth2/v1/authorize`
679
+ : `${pegaUrl}uas/oauth/authorize`;
680
+ }
681
+ const infinityOAuth2Url = bInfinity
682
+ ? pegaUrl + (secureCookie && appAliasSeg ? `${appAliasSeg}api/` : 'PRRestService/')
683
+ : '';
684
+ if (!sdkConfigAuth.token) {
685
+ sdkConfigAuth.token = bInfinity
686
+ ? `${infinityOAuth2Url}oauth2/v1/token`
687
+ : `${pegaUrl}uas/oauth/token`;
688
+ }
689
+ if (!sdkConfigAuth.revoke) {
690
+ // Launchpad still does not have a revoke endpoint
691
+ sdkConfigAuth.revoke = bInfinity ? `${infinityOAuth2Url}oauth2/v1/revoke` : '';
692
+ }
693
+ if (!sdkConfigAuth.redirectUri) {
694
+ sdkConfigAuth.redirectUri = `${window.location.origin}${window.location.pathname}`;
695
+ }
696
+ if (!sdkConfigAuth.userinfo) {
697
+ sdkConfigAuth.userinfo = bInfinity
698
+ ? `${pegaUrl}${appAliasSeg}api/oauthclients/v1/userinfo/JSON`
699
+ : '';
700
+ }
701
+ }
702
+ // Auth service alias
703
+ if (!sdkConfigAuth.authService) {
704
+ sdkConfigAuth.authService = 'pega';
705
+ }
706
+ // mashupAuthService provides way to have a different auth service for embedded
707
+ if (!sdkConfigAuth.mashupAuthService) {
708
+ sdkConfigAuth.mashupAuthService = sdkConfigAuth.authService;
709
+ }
710
+ // Construct path to auth.html (used for case when not doing a main window redirect)
711
+ let sNoMainRedirectUri = sdkConfigAuth.redirectUri;
712
+ const nLastPathSep = sNoMainRedirectUri.lastIndexOf('/');
713
+ sNoMainRedirectUri =
714
+ nLastPathSep !== -1
715
+ ? `${sNoMainRedirectUri.substring(0, nLastPathSep + 1)}auth.html`
716
+ : `${sNoMainRedirectUri}/auth.html`;
717
+ const portalGrantType = sdkConfigAuth.portalGrantType || 'authCode';
718
+ const mashupGrantType = sdkConfigAuth.mashupGrantType || 'authCode';
719
+ // Some grant types are only available with confidential registrations and require a client secret
720
+ const clientSecret = bNoInitialRedirect
721
+ ? sdkConfigAuth.mashupClientSecret
722
+ : sdkConfigAuth.portalClientSecret;
723
+ const pegaAuthConfig = {
724
+ serverType,
725
+ clientId: bNoInitialRedirect
726
+ ? sdkConfigAuth.mashupClientId
727
+ : sdkConfigAuth.portalClientId,
728
+ grantType: bNoInitialRedirect ? mashupGrantType : portalGrantType,
729
+ tokenUri: sdkConfigAuth.token,
730
+ revokeUri: sdkConfigAuth.revoke,
731
+ userinfoUri: sdkConfigAuth.userinfo,
732
+ authService: bNoInitialRedirect
733
+ ? sdkConfigAuth.mashupAuthService
734
+ : sdkConfigAuth.authService,
735
+ appAlias: sdkConfigServer.appAlias || '',
736
+ useLocking: true
737
+ };
738
+ if (clientSecret) {
739
+ pegaAuthConfig.clientSecret = clientSecret;
740
+ }
741
+ if (serverType === 'launchpad' && pegaAuthConfig.grantType === 'authCode') {
742
+ pegaAuthConfig.noPKCE = true;
743
+ }
744
+ // Invoke keySuffix setter
745
+ // Was using pegaAuthConfig.clientId as key but more secure to just use a random string as getting
746
+ // both a clientId and the refresh token could yield a new access token.
747
+ // Suffix is so we might in future move to an array of suffixes based on the appName, so might store
748
+ // both portal and embedded tokens/session info at same time
749
+ if (!this.state?.sfx) {
750
+ // Just using a random number to make the suffix unique on each session
751
+ this.keySuffix = `${Math.ceil(Math.random() * 100000000)}`;
752
+ }
753
+ __classPrivateFieldGet(this, _AuthManager_authConfig, "f").transform =
754
+ sdkConfigAuth.transform !== undefined ? sdkConfigAuth.transform : __classPrivateFieldGet(this, _AuthManager_transform, "f");
755
+ // Using property in class as authConfig may be empty at times
756
+ __classPrivateFieldSet(this, _AuthManager_transform, __classPrivateFieldGet(this, _AuthManager_authConfig, "f").transform, "f");
757
+ if (sdkConfigAuth.tokenStorage !== undefined) {
758
+ __classPrivateFieldSet(this, _AuthManager_tokenStorage, sdkConfigAuth.tokenStorage, "f");
759
+ }
760
+ if (sdkConfigAuth.secureCookie) {
761
+ __classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie = true;
762
+ }
763
+ // Get latest state once client ids, transform and tokenStorage have been established
764
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doOnLoad).call(this);
765
+ // If no clientId is specified assume not OAuth but custom auth
766
+ if (pegaAuthConfig.grantType === 'none' || !pegaAuthConfig.clientId) {
767
+ this.bCustomAuth = true;
768
+ return;
769
+ }
770
+ // For some OAuth grant type scenarios we opt to pass the Orchestration Engine just an authHeader as
771
+ // service broker doesn't have proper support for dealing with refreshing or revoking these:
772
+ // * customBearer (except when secureCookie being used)
773
+ // * confidential grant types (ones with clientSecret)
774
+ // (With 25.1 orchestration engine does support this if client_secret is specified on bootstrap)
775
+ __classPrivateFieldSet(this, _AuthManager_bOAuthCustom, (pegaAuthConfig.grantType === 'customBearer' && !secureCookie) || clientSecret, "f");
776
+ if (pegaAuthConfig.grantType === 'authCode') {
777
+ const authCodeProps = {
778
+ authorizeUri: sdkConfigAuth.authorize,
779
+ // If we have already specified a redirect on the authorize redirect, we need to continue to use that
780
+ // on token endpoint
781
+ redirectUri: bNoInitialRedirect || this.usePopupForRestOfSession
782
+ ? sNoMainRedirectUri
783
+ : sdkConfigAuth.redirectUri
784
+ };
785
+ if ('silentTimeout' in sdkConfigAuth) {
786
+ authCodeProps.silentTimeout = sdkConfigAuth.silentTimeout;
787
+ }
788
+ if (bNoInitialRedirect &&
789
+ pegaAuthConfig.authService === 'pega' &&
790
+ sdkConfigAuth.mashupUserIdentifier &&
791
+ sdkConfigAuth.mashupPassword) {
792
+ authCodeProps.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
793
+ authCodeProps.password = sdkConfigAuth.mashupPassword;
794
+ }
795
+ if ('iframeLoginUI' in sdkConfigAuth) {
796
+ authCodeProps.iframeLoginUI =
797
+ sdkConfigAuth.iframeLoginUI.toString().toLowerCase() === 'true';
798
+ }
799
+ Object.assign(pegaAuthConfig, authCodeProps);
800
+ }
801
+ else if (pegaAuthConfig.grantType === 'passwordCreds') {
802
+ pegaAuthConfig.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
803
+ pegaAuthConfig.password = sdkConfigAuth.mashupPassword;
804
+ }
805
+ Object.assign(__classPrivateFieldGet(this, _AuthManager_authConfig, "f"), pegaAuthConfig);
806
+ // Add beforeunload and page hide handlers to write out key properties that we want to survive a
807
+ // browser reload
808
+ if (!__classPrivateFieldGet(this, _AuthManager_beforeUnloadAdded, "f") && (!__classPrivateFieldGet(this, _AuthManager_usePASS, "f") || __classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") !== 'always')) {
809
+ window.addEventListener('beforeunload', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doBeforeUnload).bind(this));
810
+ window.addEventListener('pagehide', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doPageHide).bind(this));
811
+ __classPrivateFieldSet(this, _AuthManager_beforeUnloadAdded, true, "f");
812
+ }
813
+ // Initialize PegaAuth OAuth 2.0 client library
814
+ if (__classPrivateFieldGet(this, _AuthManager_usePASS, "f")) {
815
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authConfig, "f"));
816
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
817
+ __classPrivateFieldSet(this, _AuthManager_pegaAuth, new PegaAuth(__classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"), __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f")), "f");
818
+ }
819
+ else {
820
+ __classPrivateFieldGet(this, _AuthManager_authConfig, "f").fnDynStateChangedCB = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doAuthDynStateChanged).bind(this);
821
+ __classPrivateFieldSet(this, _AuthManager_pegaAuth, new PegaAuth(__classPrivateFieldGet(this, _AuthManager_authConfig, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f")), "f");
822
+ }
823
+ this.initInProgress = false;
824
+ resolve(__classPrivateFieldGet(this, _AuthManager_pegaAuth, "f"));
825
+ });
826
+ }), "f");
827
+ return __classPrivateFieldGet(this, _AuthManager_promiseInitialize, "f");
828
+ }, _AuthManager_constellationInit = function _AuthManager_constellationInit(tokenInfo, authTokenUpdated, fnReauth) {
829
+ const constellationBootConfig = {};
830
+ const sdkConfigServer = SdkConfigAccess.getSdkConfigServer();
831
+ const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
832
+ const authConfig = __classPrivateFieldGet(this, _AuthManager_authConfig, "f");
833
+ // Set up constellationConfig with data that bootstrapWithAuthHeader expects
834
+ constellationBootConfig.customRendering = true;
835
+ constellationBootConfig.restServerUrl = sdkConfigServer.infinityRestServerUrl;
836
+ // NOTE: Needs a trailing slash! So add one if not provided
837
+ if (!sdkConfigServer.sdkContentServerUrl.endsWith('/')) {
838
+ sdkConfigServer.sdkContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}/`;
839
+ }
840
+ constellationBootConfig.staticContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}constellation/`;
841
+ if (!constellationBootConfig.staticContentServerUrl.endsWith('/')) {
842
+ constellationBootConfig.staticContentServerUrl = `${constellationBootConfig.staticContentServerUrl}/`;
843
+ }
844
+ // If appAlias specified, use it
845
+ if (sdkConfigServer.appAlias) {
846
+ constellationBootConfig.appAlias = sdkConfigServer.appAlias;
847
+ }
848
+ // Determine whether to send credentials with DX API transactions
849
+ if (sdkConfigAuth.customCookies) {
850
+ constellationBootConfig.customCookies = true;
851
+ }
852
+ if (__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f") || !tokenInfo) {
853
+ if (tokenInfo) {
854
+ __classPrivateFieldSet(this, _AuthManager_authHeader, `${tokenInfo.token_type} ${tokenInfo.access_token}`, "f");
855
+ }
856
+ if (__classPrivateFieldGet(this, _AuthManager_authHeader, "f")) {
857
+ constellationBootConfig.authorizationHeader = __classPrivateFieldGet(this, _AuthManager_authHeader, "f");
858
+ }
859
+ }
860
+ else {
861
+ // Pass in auth info to Constellation
862
+ constellationBootConfig.authInfo = {
863
+ authType: 'OAuth2.0',
864
+ tokenInfo,
865
+ // Set whether we want constellation to try to do a full re-Auth or not ()
866
+ // true doesn't seem to be working in SDK scenario so always passing false for now
867
+ popupReauth: false /* !this.noInitialRedirect */,
868
+ client_id: authConfig.clientId,
869
+ client_secret: authConfig.clientSecret,
870
+ authentication_service: authConfig.authService,
871
+ redirect_uri: authConfig.redirectUri,
872
+ endPoints: {
873
+ authorize: authConfig.authorizeUri,
874
+ token: authConfig.tokenUri,
875
+ revoke: authConfig.revokeUri
876
+ },
877
+ secureCookie: authConfig.secureCookie,
878
+ onTokenRetrieval: authTokenUpdated
879
+ };
880
+ }
881
+ // Turn off dynamic load components (should be able to do it here instead of after load?)
882
+ constellationBootConfig.dynamicLoadComponents = false;
883
+ // Set envType if appropriate
884
+ if (authConfig.serverType === 'launchpad') {
885
+ constellationBootConfig.envType = 'LAUNCHPAD';
886
+ }
887
+ // Set locale override if specified
888
+ const localeOverride = this.locale;
889
+ if (localeOverride) {
890
+ constellationBootConfig.locale = localeOverride;
891
+ }
892
+ // Set additional headers if specified
893
+ const additionalHeaders = __classPrivateFieldGet(this, _AuthManager_loginProps, "f").additionalHeaders;
894
+ if (additionalHeaders) {
895
+ constellationBootConfig.additionalHeaders = additionalHeaders;
896
+ }
897
+ if (this.bC11NBootstrapInProgress) {
898
+ return;
899
+ }
900
+ this.bC11NBootstrapInProgress = true;
901
+ // Note that staticContentServerUrl already ends with a slash (see above), so no slash added.
902
+ // In order to have this import succeed needed to use the webpackIgnore magic comment tag.
903
+ // See: https://webpack.js.org/api/module-methods/
904
+ import(
905
+ /* webpackIgnore: true */ `${constellationBootConfig.staticContentServerUrl}bootstrap-shell.js?v=${Date.now()}`).then(bootstrapShell => {
906
+ // NOTE: once this callback is done, we lose the ability to access loadMashup.
907
+ // So, create a reference to it
908
+ window.myLoadMashup = bootstrapShell.loadMashup;
909
+ window.myLoadPortal = bootstrapShell.loadPortal;
910
+ window.myLoadDefaultPortal = bootstrapShell.loadDefaultPortal;
911
+ bootstrapShell
912
+ .bootstrapWithAuthHeader(constellationBootConfig, 'pega-root')
913
+ .then(() => {
914
+ // eslint-disable-next-line no-console
915
+ console.log('ConstellationJS bootstrap successful!');
916
+ this.bC11NBootstrapInProgress = false;
917
+ // Setup listener for the reauth event
918
+ if (!__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f") && tokenInfo) {
919
+ PCore.getPubSubUtils().subscribe(PCore.getConstants().PUB_SUB_EVENTS.EVENT_FULL_REAUTH, fnReauth, 'authFullReauth');
920
+ }
921
+ else {
922
+ // customReauth event introduced with 8.8
923
+ const sEvent = PCore.getConstants().PUB_SUB_EVENTS.EVENT_CUSTOM_REAUTH;
924
+ if (sEvent) {
925
+ PCore.getPubSubUtils().subscribe(sEvent, fnReauth, 'doReauth');
926
+ }
927
+ }
928
+ // Fire SdkConstellationReady event so bridge and app route can do expected post PCore initializations
929
+ const event = new CustomEvent('SdkConstellationReady', {});
930
+ document.dispatchEvent(event);
931
+ })
932
+ .catch(e => {
933
+ // Assume error caught is because token is not valid and attempt a full reauth
934
+ // eslint-disable-next-line no-console
935
+ console.error(`ConstellationJS bootstrap failed. ${e}`);
936
+ this.bC11NBootstrapInProgress = false;
937
+ fnReauth();
938
+ });
939
+ });
940
+ /* Ends here */
941
+ }, _AuthManager_customConstellationInit = function _AuthManager_customConstellationInit(fnReauth) {
942
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_constellationInit).call(this, null, null, fnReauth);
943
+ }, _AuthManager_fireTokenAvailable = function _AuthManager_fireTokenAvailable(token, bLoadC11N = true) {
944
+ if (!token) {
945
+ // This is used on page reload to load the token from sessionStorage and carry on
946
+ token = __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f");
947
+ if (!token) {
948
+ return;
949
+ }
950
+ }
951
+ __classPrivateFieldSet(this, _AuthManager_tokenInfo, token, "f");
952
+ if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
953
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
954
+ }
955
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
956
+ // this.isLoggedIn is getting updated in updateLoginStatus
957
+ this.isLoggedIn = true;
958
+ this.usePopupForRestOfSession = true;
959
+ if (!window.PCore && bLoadC11N) {
960
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_constellationInit).call(this, token, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authTokenUpdated).bind(this), __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authFullReauth).bind(this));
961
+ }
962
+ /*
963
+ // Create and dispatch the SdkLoggedIn event to trigger constellationInit
964
+ const event = new CustomEvent('SdkLoggedIn', { detail: { authConfig, tokenInfo: token } });
965
+ document.dispatchEvent(event);
966
+ */
967
+ }, _AuthManager_processTokenOnLogin = function _AuthManager_processTokenOnLogin(token, bLoadC11N = true) {
968
+ __classPrivateFieldSet(this, _AuthManager_tokenInfo, token, "f");
969
+ if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
970
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
971
+ }
972
+ if (__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f")) {
973
+ // authHeader setter will also set #authHeader and invoke getAuthUtils().setAuthorizationHeader
974
+ this.authHeader = `${token.token_type} ${token.access_token}`;
975
+ }
976
+ if (window.PCore && !__classPrivateFieldGet(this, _AuthManager_authHeader, "f")) {
977
+ PCore.getAuthUtils().setTokens(token);
978
+ }
979
+ else {
980
+ __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_fireTokenAvailable).call(this, token, bLoadC11N);
981
+ }
982
+ }, _AuthManager_doCustomTokenParamsCB = function _AuthManager_doCustomTokenParamsCB() {
983
+ if (__classPrivateFieldGet(this, _AuthManager_authConfig, "f").grantType === 'customBearer' && __classPrivateFieldGet(this, _AuthManager_customTokenParamsCB, "f")) {
984
+ try {
985
+ const customTokenParams = __classPrivateFieldGet(this, _AuthManager_customTokenParamsCB, "f").call(this);
986
+ if (customTokenParams) {
987
+ __classPrivateFieldGet(this, _AuthManager_authConfig, "f").customTokenParams = customTokenParams;
988
+ }
989
+ }
990
+ catch (e) {
991
+ // eslint-disable-next-line no-console
992
+ console.error(`Error on customTokenParams callback. ${e}`);
993
+ }
994
+ }
995
+ }, _AuthManager_updateLoginStatus = function _AuthManager_updateLoginStatus() {
996
+ if (!__classPrivateFieldGet(this, _AuthManager_authHeader, "f") && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f")?.access_token) {
997
+ // Use setter to set this securely
998
+ this.authHeader = `${__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").token_type} ${__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token}`;
999
+ }
1000
+ this.isLoggedIn =
1001
+ !!(__classPrivateFieldGet(this, _AuthManager_authHeader, "f") && __classPrivateFieldGet(this, _AuthManager_authHeader, "f").length > 0) ||
1002
+ (__classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie && Object.keys(__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f") || {}).length > 0);
1003
+ }, _AuthManager_authFullReauth = function _AuthManager_authFullReauth() {
1004
+ const bHandleHere = true; // Other alternative is to raise an event and have someone else handle it
1005
+ if (this.reauthStart) {
1006
+ const reauthIgnoreInterval = 300000; // 5 minutes
1007
+ const currTime = Date.now();
1008
+ const bReauthInProgress = currTime - this.reauthStart <= reauthIgnoreInterval;
1009
+ if (bReauthInProgress) {
1010
+ return;
1011
+ }
1012
+ }
1013
+ if (bHandleHere) {
1014
+ // Don't want to do a full clear of authMgr as will loose state props (like sessionIndex). Rather just clear the tokens
1015
+ this.clear(true);
1016
+ // eslint-disable-next-line @typescript-eslint/no-use-before-define
1017
+ login(true);
1018
+ }
1019
+ else {
1020
+ // Fire the SdkFullReauth event to indicate a new token is needed (PCore.getAuthUtils.setTokens method
1021
+ // should be used to communicate the new token to Constellation JS Engine.
1022
+ const event = new CustomEvent('SdkFullReauth', {
1023
+ detail: __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).bind(this)
1024
+ });
1025
+ document.dispatchEvent(event);
1026
+ }
1027
+ }, _AuthManager_authTokenUpdated = function _AuthManager_authTokenUpdated(tokenInfo) {
1028
+ __classPrivateFieldSet(this, _AuthManager_tokenInfo, tokenInfo, "f");
1029
+ };
1002
1030
  const gAuthMgr = new AuthManager();
1003
1031
  // TODO: Cope with 401 and refresh token if possible (or just hope that it succeeds during login)
1004
1032
  /**