@pega/auth 0.2.25 → 0.2.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/lib/oauth-client/auth.js +571 -562
  2. package/lib/oauth-client/auth.js.map +1 -1
  3. package/lib/sdk-auth-manager/authManager.js +652 -671
  4. package/lib/sdk-auth-manager/authManager.js.map +1 -1
  5. package/lib/sdk-auth-manager/config_access.js +50 -75
  6. package/lib/sdk-auth-manager/config_access.js.map +1 -1
  7. package/package.json +1 -1
package/lib/sdk-auth-manager/authManager.js CHANGED
@@ -1,17 +1,5 @@
1
1
  // This file wraps various calls related to logging in, logging out, etc.
2
2
  // that use the auth.html/auth.js to do the work of logging in via OAuth 2.0.
3
- var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
4
- if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
5
- if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
6
- return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
7
- };
8
- var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
9
- if (kind === "m") throw new TypeError("Private method is not writable");
10
- if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
11
- if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
12
- return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
13
- };
14
- var _AuthManager_instances, _AuthManager_ssKeyPrefix, _AuthManager_pegaAuth, _AuthManager_ssKeyConfigInfo, _AuthManager_ssKeySessionInfo, _AuthManager_ssKeyTokenInfo, _AuthManager_ssKeyState, _AuthManager_authConfig, _AuthManager_authDynState, _AuthManager_authHeader, _AuthManager_customTokenParamsCB, _AuthManager_bOAuthCustom, _AuthManager_tokenInfo, _AuthManager_userInfo, _AuthManager_usePASS, _AuthManager_beforeUnloadAdded, _AuthManager_tokenStorage, _AuthManager_transform, _AuthManager_foldSpot, _AuthManager_loadUserinfo, _AuthManager_loginProps, _AuthManager_promiseInitialize, _AuthManager_transformAndParse, _AuthManager_getStorage, _AuthManager_setStorage, _AuthManager_calcFoldSpot, _AuthManager_transformer, _AuthManager_doUnloadUpdates, _AuthManager_doBeforeUnload, _AuthManager_doPageHide, _AuthManager_loadState, _AuthManager_doOnLoad, _AuthManager_doAuthDynStateChanged, _AuthManager_initialize, _AuthManager_constellationInit, _AuthManager_customConstellationInit, _AuthManager_fireTokenAvailable, _AuthManager_processTokenOnLogin, _AuthManager_doCustomTokenParamsCB, _AuthManager_updateLoginStatus, _AuthManager_authFullReauth, _AuthManager_authTokenUpdated;
15
3
  // It utilizes a JS Class and private members to protect any sensitive tokens
16
4
  // and token obfuscation routines
17
5
  import { PegaAuth } from '../oauth-client/auth.js';
@@ -19,112 +7,157 @@ import { isEmptyObject } from './common-utils.js';
19
7
  import { getSdkConfig, SdkConfigAccess } from './config_access.js';
20
8
  // Meant to be a singleton...only one instance per page
21
9
  class AuthManager {
10
+ #ssKeyPrefix = 'rs';
11
+ iOSDevice = false;
12
+ // will store the PegaAuth (OAuth 2.0 client library) instance
13
+ #pegaAuth = null;
14
+ #ssKeyConfigInfo = '';
15
+ #ssKeySessionInfo = '';
16
+ #ssKeyTokenInfo = '';
17
+ #ssKeyState = `${this.#ssKeyPrefix}State`;
18
+ #authConfig = {};
19
+ #authDynState = {};
20
+ #authHeader = null;
21
+ #customTokenParamsCB = null;
22
+ // state that should be persisted across loads
23
+ state = { usePopup: false, noInitialRedirect: false, locale: null };
24
+ // # of properties within initial state object
25
+ stateKeysCount = 3;
26
+ bC11NBootstrapInProgress = false;
27
+ bCustomAuth = false;
28
+ #bOAuthCustom = false;
29
+ #tokenInfo;
30
+ #userInfo;
31
+ onLoadDone = false;
32
+ msReauthStart = null;
33
+ initInProgress = false;
34
+ isLoggedIn = false;
35
+ // Whether to pass a session storage key or structure to auth library
36
+ #usePASS = false;
37
+ #beforeUnloadAdded = false;
38
+ #tokenStorage = 'temp';
39
+ #transform = true;
40
+ #foldSpot = 2;
41
+ // Whether to load and cache user info as part of login
42
+ #loadUserinfo = false;
43
+ // Keep loginProps passed to loginIfNecessary
44
+ #loginProps = null;
45
+ // Promise for Initialization of PegaAuth and resolution callback
46
+ #promiseInitialize = null;
22
47
  constructor() {
23
- _AuthManager_instances.add(this);
24
- _AuthManager_ssKeyPrefix.set(this, 'rs');
25
- Object.defineProperty(this, "iOSDevice", {
26
- enumerable: true,
27
- configurable: true,
28
- writable: true,
29
- value: false
30
- });
31
- // will store the PegaAuth (OAuth 2.0 client library) instance
32
- _AuthManager_pegaAuth.set(this, null);
33
- _AuthManager_ssKeyConfigInfo.set(this, '');
34
- _AuthManager_ssKeySessionInfo.set(this, '');
35
- _AuthManager_ssKeyTokenInfo.set(this, '');
36
- _AuthManager_ssKeyState.set(this, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}State`);
37
- _AuthManager_authConfig.set(this, {});
38
- _AuthManager_authDynState.set(this, {});
39
- _AuthManager_authHeader.set(this, null);
40
- _AuthManager_customTokenParamsCB.set(this, null);
41
- // state that should be persisted across loads
42
- Object.defineProperty(this, "state", {
43
- enumerable: true,
44
- configurable: true,
45
- writable: true,
46
- value: { usePopup: false, noInitialRedirect: false, locale: null }
47
- });
48
- // # of properties within initial state object
49
- Object.defineProperty(this, "stateKeysCount", {
50
- enumerable: true,
51
- configurable: true,
52
- writable: true,
53
- value: 3
54
- });
55
- Object.defineProperty(this, "bC11NBootstrapInProgress", {
56
- enumerable: true,
57
- configurable: true,
58
- writable: true,
59
- value: false
60
- });
61
- Object.defineProperty(this, "bCustomAuth", {
62
- enumerable: true,
63
- configurable: true,
64
- writable: true,
65
- value: false
66
- });
67
- _AuthManager_bOAuthCustom.set(this, false);
68
- _AuthManager_tokenInfo.set(this, void 0);
69
- _AuthManager_userInfo.set(this, void 0);
70
- Object.defineProperty(this, "onLoadDone", {
71
- enumerable: true,
72
- configurable: true,
73
- writable: true,
74
- value: false
75
- });
76
- Object.defineProperty(this, "msReauthStart", {
77
- enumerable: true,
78
- configurable: true,
79
- writable: true,
80
- value: null
81
- });
82
- Object.defineProperty(this, "initInProgress", {
83
- enumerable: true,
84
- configurable: true,
85
- writable: true,
86
- value: false
87
- });
88
- Object.defineProperty(this, "isLoggedIn", {
89
- enumerable: true,
90
- configurable: true,
91
- writable: true,
92
- value: false
93
- });
94
- // Whether to pass a session storage key or structure to auth library
95
- _AuthManager_usePASS.set(this, false);
96
- _AuthManager_beforeUnloadAdded.set(this, false);
97
- _AuthManager_tokenStorage.set(this, 'temp');
98
- _AuthManager_transform.set(this, true);
99
- _AuthManager_foldSpot.set(this, 2);
100
- // Whether to load and cache user info as part of login
101
- _AuthManager_loadUserinfo.set(this, false);
102
- // Keep loginProps passed to loginIfNecessary
103
- _AuthManager_loginProps.set(this, null);
104
- // Promise for Initialization of PegaAuth and resolution callback
105
- _AuthManager_promiseInitialize.set(this, null);
106
48
  // Auth Manager specific state is saved within session storage as important in redirect and popup window scenarios
107
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_loadState).call(this);
49
+ this.#loadState();
108
50
  this.iOSDevice = /iPad|iPhone|iPod/.test(navigator.userAgent);
109
51
  }
52
+ #transformAndParse(ssKey, ssItem, bForce = false) {
53
+ let obj = {};
54
+ try {
55
+ obj = JSON.parse(this.#transformer(ssKey, ssItem, false, bForce));
56
+ }
57
+ catch (e) {
58
+ // fall thru and return empty object
59
+ }
60
+ return obj;
61
+ }
62
+ // helper routine to retrieve JSON object stored in a session storage key
63
+ // a 2nd optional arg can also retrieve an individual attribute
64
+ #getStorage(ssKey, sAttrib = null) {
65
+ let ssItem = ssKey ? window.sessionStorage.getItem(ssKey) : null;
66
+ let obj = {};
67
+ if (this.#loginProps?.altStateStorage &&
68
+ !this.isLoggedIn &&
69
+ !ssItem &&
70
+ (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo)) {
71
+ ssItem = window.localStorage.getItem(ssKey);
72
+ }
73
+ if (ssItem) {
74
+ try {
75
+ obj = JSON.parse(ssItem);
76
+ }
77
+ catch (e) {
78
+ obj = this.#transformAndParse(ssKey, ssItem, true);
79
+ }
80
+ }
81
+ return sAttrib ? obj[sAttrib] : obj;
82
+ }
83
+ // helper routine to set storage to the passed in JSON
84
+ #setStorage(ssKey, obj, bVerify = false) {
85
+ try {
86
+ // Set storage only if obj is not empty, else delete the storage
87
+ if (!obj || isEmptyObject(obj)) {
88
+ window.sessionStorage.removeItem(ssKey);
89
+ }
90
+ else {
91
+ // const bClear = (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo);
92
+ const bClear = false;
93
+ const sValue = bClear
94
+ ? JSON.stringify(obj)
95
+ : this.#transformer(ssKey, JSON.stringify(obj), true);
96
+ window.sessionStorage.setItem(ssKey, sValue);
97
+ if (bVerify) {
98
+ const sStored = window.sessionStorage.getItem(ssKey);
99
+ if (sStored !== sValue) {
100
+ // eslint-disable-next-line no-console
101
+ console.error(`Failed to properly write sessionStorage (${ssKey})`);
102
+ }
103
+ }
104
+ if (this.#loginProps?.altStateStorage &&
105
+ !this.isLoggedIn &&
106
+ (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo)) {
107
+ window.localStorage.setItem(ssKey, sValue);
108
+ }
109
+ }
110
+ }
111
+ catch (e) {
112
+ // eslint-disable-next-line no-console
113
+ console.error(`Exception ${e} on attempted write of sessionStorage (${ssKey})`);
114
+ }
115
+ }
116
+ #calcFoldSpot(s) {
117
+ const nOffset = 1;
118
+ const sChar = s.length > nOffset ? s.charAt(nOffset) : '2';
119
+ const nSpot = parseInt(sChar, 10);
120
+ this.#foldSpot = Number.isNaN(nSpot) ? 2 : (nSpot % 4) + 2;
121
+ }
122
+ // helper function to encode storage
123
+ #transformer(ssKey, s, bIn, bForce = false) {
124
+ const bTransform = bForce || this.#transform;
125
+ const fnFold = (x) => {
126
+ const nLen = x.length;
127
+ const nExtra = nLen % this.#foldSpot;
128
+ const nOffset = Math.floor(nLen / this.#foldSpot) + nExtra;
129
+ const nRem = x.length - nOffset;
130
+ return x.substring(bIn ? nOffset : nRem) + x.substring(0, bIn ? nOffset : nRem);
131
+ };
132
+ const bTknInfo = ssKey === this.#ssKeyTokenInfo;
133
+ if (bTknInfo && !bIn && bTransform) {
134
+ s = window.atob(fnFold(s));
135
+ }
136
+ // eslint-disable-next-line no-nested-ternary
137
+ let result = bTransform ? (bIn ? window.btoa(s) : window.atob(s)) : s;
138
+ if (bTknInfo && bIn && bTransform) {
139
+ result = fnFold(window.btoa(result));
140
+ }
141
+ return result;
142
+ }
110
143
  // Setter for authHeader (no getter)
111
144
  set authHeader(value) {
112
- __classPrivateFieldSet(this, _AuthManager_authHeader, value, "f");
145
+ this.#authHeader = value;
113
146
  // setAuthorizationHeader method not available til 8.8 so do safety check
114
147
  if (window.PCore?.getAuthUtils().setAuthorizationHeader) {
115
148
  const authHdr = value === null ? '' : value;
116
149
  window.PCore.getAuthUtils().setAuthorizationHeader(authHdr);
117
150
  }
118
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
151
+ this.#updateLoginStatus();
119
152
  }
120
153
  // Setter for customTokenParamsCB
121
154
  set customTokenParamsCB(fn) {
122
- __classPrivateFieldSet(this, _AuthManager_customTokenParamsCB, fn, "f");
155
+ this.#customTokenParamsCB = fn;
123
156
  }
124
157
  // Setter/getter for appName
125
158
  set appName(appName) {
126
159
  this.state.appName = appName;
127
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
160
+ this.#setStorage(this.#ssKeyState, this.state);
128
161
  }
129
162
  get appName() {
130
163
  return this.state.appName;
@@ -132,7 +165,7 @@ class AuthManager {
132
165
  // Setter/getter for usePopupForRestOfSession
133
166
  set usePopupForRestOfSession(usePopup) {
134
167
  this.state.usePopup = usePopup;
135
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
168
+ this.#setStorage(this.#ssKeyState, this.state);
136
169
  }
137
170
  get usePopupForRestOfSession() {
138
171
  return this.state.usePopup;
@@ -143,7 +176,7 @@ class AuthManager {
143
176
  this.usePopupForRestOfSession = true;
144
177
  }
145
178
  this.state.noInitialRedirect = bNoInitialRedirect;
146
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
179
+ this.#setStorage(this.#ssKeyState, this.state);
147
180
  }
148
181
  get noInitialRedirect() {
149
182
  return this.state.noInitialRedirect || false;
@@ -151,7 +184,7 @@ class AuthManager {
151
184
  // Setter/getter for locale (override)
152
185
  set locale(localeOverride) {
153
186
  this.state.locale = localeOverride;
154
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
187
+ this.#setStorage(this.#ssKeyState, this.state);
155
188
  }
156
189
  get locale() {
157
190
  return this.state.locale;
@@ -164,7 +197,7 @@ class AuthManager {
164
197
  else if (this.msReauthStart) {
165
198
  delete this.msReauthStart;
166
199
  }
167
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
200
+ this.#setStorage(this.#ssKeyState, this.state);
168
201
  }
169
202
  get reauthStart() {
170
203
  return this.msReauthStart || 0;
@@ -173,22 +206,22 @@ class AuthManager {
173
206
  set keySuffix(s) {
174
207
  this.state.sfx = s || undefined;
175
208
  if (s) {
176
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
209
+ this.#setStorage(this.#ssKeyState, this.state);
177
210
  // To make it a bit more obtuse reverse the string and use that as the actual suffix
178
211
  const sSfx = s.split('').reverse().join('');
179
- __classPrivateFieldSet(this, _AuthManager_ssKeyConfigInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}CI_${sSfx}`, "f");
180
- __classPrivateFieldSet(this, _AuthManager_ssKeySessionInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}SI_${sSfx}`, "f");
181
- __classPrivateFieldSet(this, _AuthManager_ssKeyTokenInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}TI_${sSfx}`, "f");
182
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_calcFoldSpot).call(this, sSfx);
212
+ this.#ssKeyConfigInfo = `${this.#ssKeyPrefix}CI_${sSfx}`;
213
+ this.#ssKeySessionInfo = `${this.#ssKeyPrefix}SI_${sSfx}`;
214
+ this.#ssKeyTokenInfo = `${this.#ssKeyPrefix}TI_${sSfx}`;
215
+ this.#calcFoldSpot(sSfx);
183
216
  }
184
217
  else {
185
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
186
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"));
187
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
188
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
189
- __classPrivateFieldSet(this, _AuthManager_ssKeyConfigInfo, '', "f");
190
- __classPrivateFieldSet(this, _AuthManager_ssKeySessionInfo, '', "f");
191
- __classPrivateFieldSet(this, _AuthManager_ssKeyTokenInfo, '', "f");
218
+ sessionStorage.removeItem(this.#ssKeyTokenInfo);
219
+ sessionStorage.removeItem(this.#ssKeyConfigInfo);
220
+ sessionStorage.removeItem(this.#ssKeySessionInfo);
221
+ sessionStorage.removeItem(this.#ssKeyState);
222
+ this.#ssKeyConfigInfo = '';
223
+ this.#ssKeySessionInfo = '';
224
+ this.#ssKeyTokenInfo = '';
192
225
  }
193
226
  }
194
227
  /**
@@ -196,25 +229,443 @@ class AuthManager {
196
229
  */
197
230
  clear(bFullReauth = false) {
198
231
  if (!this.bCustomAuth) {
199
- __classPrivateFieldSet(this, _AuthManager_authHeader, null, "f");
232
+ this.#authHeader = null;
200
233
  }
201
234
  // Clear any established auth tokens
202
- __classPrivateFieldSet(this, _AuthManager_tokenInfo, null, "f");
203
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
235
+ this.#tokenInfo = null;
236
+ sessionStorage.removeItem(this.#ssKeyTokenInfo);
204
237
  this.isLoggedIn = false;
205
238
  // reset the initial redirect as well by using this setter
206
239
  this.usePopupForRestOfSession = bFullReauth;
207
240
  if (!bFullReauth) {
208
- if (!__classPrivateFieldGet(this, _AuthManager_usePASS, "f")) {
209
- __classPrivateFieldSet(this, _AuthManager_authConfig, {}, "f");
210
- __classPrivateFieldSet(this, _AuthManager_authDynState, {}, "f");
241
+ if (!this.#usePASS) {
242
+ this.#authConfig = {};
243
+ this.#authDynState = {};
211
244
  }
212
245
  // keySuffix setter has cleanup logic
213
246
  this.keySuffix = '';
214
247
  }
215
248
  }
249
+ // Found beforeunload to not work well on iOS browsers, and pagehide to work better
250
+ // However also seeing some scenario like navigating to a different page on Chrome & Firefox only invoking beforeunload
251
+ // Chrome, Firefox, Safari browsers sequence on page reload: beforeunload, pagehide, visibilitychange
252
+ // visibilitychange is fired whenever a tab is made visible and when it is hidden
253
+ #doUnloadUpdates() {
254
+ // Safari and particularly Safari on mobile devices doesn't seem to load this on first main redirect or
255
+ // reliably, so have moved to having PegaAuth manage writing all state props to session storage
256
+ this.#setStorage(this.#ssKeyState, this.state);
257
+ this.#setStorage(this.#ssKeySessionInfo, this.#authDynState);
258
+ // If tokenStorage was always, token would already be there
259
+ if (this.#tokenStorage === 'temp') {
260
+ this.#setStorage(this.#ssKeyTokenInfo, this.#tokenInfo);
261
+ }
262
+ }
263
+ #doBeforeUnload() {
264
+ this.#doUnloadUpdates();
265
+ }
266
+ #doPageHide() {
267
+ this.#doUnloadUpdates();
268
+ }
269
+ #loadState() {
270
+ // Note: State storage key doesn't have a client id associated with it
271
+ const oState = this.#getStorage(this.#ssKeyState);
272
+ if (oState) {
273
+ Object.assign(this.state, oState);
274
+ if (this.state.sfx) {
275
+ // Setter sets up the ssKey values as well
276
+ this.keySuffix = this.state.sfx;
277
+ }
278
+ }
279
+ }
280
+ // This is only called from initialize after #ssKey values are setup
281
+ #doOnLoad() {
282
+ if (!this.onLoadDone) {
283
+ // This authConfig state doesn't collide with other calculated static state...so load it first
284
+ // Note: transform setting will have already been loaded into #authConfig at this point
285
+ this.#authDynState = this.#getStorage(this.#ssKeySessionInfo);
286
+ this.#tokenInfo = this.#getStorage(this.#ssKeyTokenInfo);
287
+ if (this.#tokenStorage !== 'always') {
288
+ sessionStorage.removeItem(this.#ssKeyTokenInfo);
289
+ // Finding on iOS browsers the pageHide event is sometimes not happening causing failed redirects.
290
+ if (!this.iOSDevice) {
291
+ sessionStorage.removeItem(this.#ssKeySessionInfo);
292
+ }
293
+ }
294
+ this.onLoadDone = true;
295
+ }
296
+ }
297
+ // Callback when auth dynamic state has changed. Decide whether to persisting it based on
298
+ // config settings
299
+ #doAuthDynStateChanged() {
300
+ // If tokenStorage is setup for always then always persist the auth dynamic state as well
301
+ if (this.#tokenStorage === 'always' || this.iOSDevice) {
302
+ this.#setStorage(this.#ssKeySessionInfo, this.#authDynState);
303
+ }
304
+ }
305
+ /**
306
+ * Initialize OAuth config structure members and create authMgr instance (if necessary)
307
+ * bNew - governs whether to create new sessionStorage or load existing one
308
+ */
309
+ async #initialize(bNew = false) {
310
+ if (!bNew && this.#promiseInitialize) {
311
+ return this.#promiseInitialize;
312
+ }
313
+ this.#promiseInitialize = new Promise(resolve => {
314
+ /* if (!this.initInProgress && (bNew || isEmptyObject(this.#authConfig) || !this.#pegaAuth)) { */
315
+ this.initInProgress = true;
316
+ getSdkConfig().then(sdkConfig => {
317
+ const sdkConfigAuth = sdkConfig.authConfig;
318
+ const sdkConfigServer = sdkConfig.serverConfig;
319
+ const serverType = sdkConfigServer.serverType || 'infinity';
320
+ const bInfinity = serverType === 'infinity';
321
+ let pegaUrl = bInfinity
322
+ ? sdkConfigServer.infinityRestServerUrl
323
+ : sdkConfigServer.launchpadRestServerUrl;
324
+ // Expecting boolean true/false or undefined
325
+ const secureCookie = !!sdkConfigAuth.secureCookie;
326
+ const bNoInitialRedirect = this.noInitialRedirect;
327
+ const appAliasSeg = sdkConfigServer.appAlias ? `app/${sdkConfigServer.appAlias}/` : '';
328
+ // Construct default OAuth endpoints (if not explicitly specified)
329
+ if (pegaUrl) {
330
+ // Cope with trailing slash being present
331
+ if (!pegaUrl.endsWith('/')) {
332
+ pegaUrl += '/';
333
+ }
334
+ if (!sdkConfigAuth.authorize) {
335
+ sdkConfigAuth.authorize = bInfinity
336
+ ? `${pegaUrl}PRRestService/oauth2/v1/authorize`
337
+ : `${pegaUrl}uas/oauth/authorize`;
338
+ }
339
+ const infinityOAuth2Url = bInfinity
340
+ ? pegaUrl + (secureCookie && appAliasSeg ? `${appAliasSeg}api/` : 'PRRestService/')
341
+ : '';
342
+ if (!sdkConfigAuth.token) {
343
+ sdkConfigAuth.token = bInfinity
344
+ ? `${infinityOAuth2Url}oauth2/v1/token`
345
+ : `${pegaUrl}uas/oauth/token`;
346
+ }
347
+ if (!sdkConfigAuth.revoke) {
348
+ // Launchpad still does not have a revoke endpoint
349
+ sdkConfigAuth.revoke = bInfinity ? `${infinityOAuth2Url}oauth2/v1/revoke` : '';
350
+ }
351
+ if (!sdkConfigAuth.redirectUri) {
352
+ sdkConfigAuth.redirectUri = `${window.location.origin}${window.location.pathname}`;
353
+ }
354
+ if (!sdkConfigAuth.userinfo) {
355
+ sdkConfigAuth.userinfo = bInfinity
356
+ ? `${pegaUrl}${appAliasSeg}api/oauthclients/v1/userinfo/JSON`
357
+ : '';
358
+ }
359
+ }
360
+ // Auth service alias
361
+ if (!sdkConfigAuth.authService) {
362
+ sdkConfigAuth.authService = 'pega';
363
+ }
364
+ // mashupAuthService provides way to have a different auth service for embedded
365
+ if (!sdkConfigAuth.mashupAuthService) {
366
+ sdkConfigAuth.mashupAuthService = sdkConfigAuth.authService;
367
+ }
368
+ // Construct path to auth.html (used for case when not doing a main window redirect)
369
+ let sNoMainRedirectUri = sdkConfigAuth.redirectUri;
370
+ const nLastPathSep = sNoMainRedirectUri.lastIndexOf('/');
371
+ sNoMainRedirectUri =
372
+ nLastPathSep !== -1
373
+ ? `${sNoMainRedirectUri.substring(0, nLastPathSep + 1)}auth.html`
374
+ : `${sNoMainRedirectUri}/auth.html`;
375
+ const portalGrantType = sdkConfigAuth.portalGrantType || 'authCode';
376
+ const mashupGrantType = sdkConfigAuth.mashupGrantType || 'authCode';
377
+ // Some grant types are only available with confidential registrations and require a client secret
378
+ const clientSecret = bNoInitialRedirect
379
+ ? sdkConfigAuth.mashupClientSecret
380
+ : sdkConfigAuth.portalClientSecret;
381
+ const pegaAuthConfig = {
382
+ serverType,
383
+ clientId: bNoInitialRedirect
384
+ ? sdkConfigAuth.mashupClientId
385
+ : sdkConfigAuth.portalClientId,
386
+ grantType: bNoInitialRedirect ? mashupGrantType : portalGrantType,
387
+ tokenUri: sdkConfigAuth.token,
388
+ revokeUri: sdkConfigAuth.revoke,
389
+ userinfoUri: sdkConfigAuth.userinfo,
390
+ authService: bNoInitialRedirect
391
+ ? sdkConfigAuth.mashupAuthService
392
+ : sdkConfigAuth.authService,
393
+ appAlias: sdkConfigServer.appAlias || '',
394
+ useLocking: true
395
+ };
396
+ if (clientSecret) {
397
+ pegaAuthConfig.clientSecret = clientSecret;
398
+ }
399
+ if (serverType === 'launchpad' && pegaAuthConfig.grantType === 'authCode') {
400
+ pegaAuthConfig.noPKCE = true;
401
+ }
402
+ // Invoke keySuffix setter
403
+ // Was using pegaAuthConfig.clientId as key but more secure to just use a random string as getting
404
+ // both a clientId and the refresh token could yield a new access token.
405
+ // Suffix is so we might in future move to an array of suffixes based on the appName, so might store
406
+ // both portal and embedded tokens/session info at same time
407
+ if (!this.state?.sfx) {
408
+ // Just using a random number to make the suffix unique on each session
409
+ this.keySuffix = `${Math.ceil(Math.random() * 100000000)}`;
410
+ }
411
+ this.#authConfig.transform =
412
+ sdkConfigAuth.transform !== undefined ? sdkConfigAuth.transform : this.#transform;
413
+ // Using property in class as authConfig may be empty at times
414
+ this.#transform = this.#authConfig.transform;
415
+ if (sdkConfigAuth.tokenStorage !== undefined) {
416
+ this.#tokenStorage = sdkConfigAuth.tokenStorage;
417
+ }
418
+ if (sdkConfigAuth.secureCookie) {
419
+ this.#authConfig.secureCookie = true;
420
+ }
421
+ // Get latest state once client ids, transform and tokenStorage have been established
422
+ this.#doOnLoad();
423
+ // If no clientId is specified assume not OAuth but custom auth
424
+ if (pegaAuthConfig.grantType === 'none' || !pegaAuthConfig.clientId) {
425
+ this.bCustomAuth = true;
426
+ return;
427
+ }
428
+ // For some OAuth grant type scenarios we opt to pass the Orchestration Engine just an authHeader as
429
+ // service broker doesn't have proper support for dealing with refreshing or revoking these:
430
+ // * customBearer (except when secureCookie being used)
431
+ // * confidential grant types (ones with clientSecret)
432
+ // (With 25.1 orchestration engine does support this if client_secret is specified on bootstrap)
433
+ this.#bOAuthCustom =
434
+ (pegaAuthConfig.grantType === 'customBearer' && !secureCookie) || clientSecret;
435
+ if (pegaAuthConfig.grantType === 'authCode') {
436
+ const authCodeProps = {
437
+ authorizeUri: sdkConfigAuth.authorize,
438
+ // If we have already specified a redirect on the authorize redirect, we need to continue to use that
439
+ // on token endpoint
440
+ redirectUri: bNoInitialRedirect || this.usePopupForRestOfSession
441
+ ? sNoMainRedirectUri
442
+ : sdkConfigAuth.redirectUri
443
+ };
444
+ if ('silentTimeout' in sdkConfigAuth) {
445
+ authCodeProps.silentTimeout = sdkConfigAuth.silentTimeout;
446
+ }
447
+ if (bNoInitialRedirect &&
448
+ pegaAuthConfig.authService === 'pega' &&
449
+ sdkConfigAuth.mashupUserIdentifier &&
450
+ sdkConfigAuth.mashupPassword) {
451
+ authCodeProps.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
452
+ authCodeProps.password = sdkConfigAuth.mashupPassword;
453
+ }
454
+ if ('iframeLoginUI' in sdkConfigAuth) {
455
+ authCodeProps.iframeLoginUI =
456
+ sdkConfigAuth.iframeLoginUI.toString().toLowerCase() === 'true';
457
+ }
458
+ Object.assign(pegaAuthConfig, authCodeProps);
459
+ }
460
+ else if (pegaAuthConfig.grantType === 'passwordCreds') {
461
+ pegaAuthConfig.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
462
+ pegaAuthConfig.password = sdkConfigAuth.mashupPassword;
463
+ }
464
+ Object.assign(this.#authConfig, pegaAuthConfig);
465
+ // Add beforeunload and page hide handlers to write out key properties that we want to survive a
466
+ // browser reload
467
+ if (!this.#beforeUnloadAdded && (!this.#usePASS || this.#tokenStorage !== 'always')) {
468
+ window.addEventListener('beforeunload', this.#doBeforeUnload.bind(this));
469
+ window.addEventListener('pagehide', this.#doPageHide.bind(this));
470
+ this.#beforeUnloadAdded = true;
471
+ }
472
+ // Initialize PegaAuth OAuth 2.0 client library
473
+ if (this.#usePASS) {
474
+ this.#setStorage(this.#ssKeyConfigInfo, this.#authConfig);
475
+ this.#setStorage(this.#ssKeySessionInfo, this.#authDynState);
476
+ this.#pegaAuth = new PegaAuth(this.#ssKeyConfigInfo, this.#ssKeySessionInfo);
477
+ }
478
+ else {
479
+ this.#authConfig.fnDynStateChangedCB = this.#doAuthDynStateChanged.bind(this);
480
+ this.#pegaAuth = new PegaAuth(this.#authConfig, this.#authDynState);
481
+ }
482
+ this.initInProgress = false;
483
+ resolve(this.#pegaAuth);
484
+ });
485
+ });
486
+ return this.#promiseInitialize;
487
+ }
488
+ /**
489
+ * Initiate the process to get the Constellation bootstrap shell loaded and initialized
490
+ * @param {Object} tokenInfo
491
+ * @param {Function} authTokenUpdated - callback invoked when Constellation JS Engine silently updates
492
+ * an expired access_token
493
+ * @param {Function} fnReauth - callback invoked when a full or custom reauth is needed
494
+ */
495
+ #constellationInit(tokenInfo, authTokenUpdated, fnReauth) {
496
+ const constellationBootConfig = {};
497
+ const sdkConfigServer = SdkConfigAccess.getSdkConfigServer();
498
+ const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
499
+ const authConfig = this.#authConfig;
500
+ // Set up constellationConfig with data that bootstrapWithAuthHeader expects
501
+ constellationBootConfig.customRendering = true;
502
+ constellationBootConfig.restServerUrl = sdkConfigServer.infinityRestServerUrl;
503
+ // NOTE: Needs a trailing slash! So add one if not provided
504
+ if (!sdkConfigServer.sdkContentServerUrl.endsWith('/')) {
505
+ sdkConfigServer.sdkContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}/`;
506
+ }
507
+ constellationBootConfig.staticContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}constellation/`;
508
+ if (!constellationBootConfig.staticContentServerUrl.endsWith('/')) {
509
+ constellationBootConfig.staticContentServerUrl = `${constellationBootConfig.staticContentServerUrl}/`;
510
+ }
511
+ // If appAlias specified, use it
512
+ if (sdkConfigServer.appAlias) {
513
+ constellationBootConfig.appAlias = sdkConfigServer.appAlias;
514
+ }
515
+ // Determine whether to send credentials with DX API transactions
516
+ if (sdkConfigAuth.customCookies) {
517
+ constellationBootConfig.customCookies = true;
518
+ }
519
+ if (this.#bOAuthCustom || !tokenInfo) {
520
+ if (tokenInfo) {
521
+ this.#authHeader = `${tokenInfo.token_type} ${tokenInfo.access_token}`;
522
+ }
523
+ if (this.#authHeader) {
524
+ constellationBootConfig.authorizationHeader = this.#authHeader;
525
+ }
526
+ }
527
+ else {
528
+ // Pass in auth info to Constellation
529
+ constellationBootConfig.authInfo = {
530
+ authType: 'OAuth2.0',
531
+ tokenInfo,
532
+ // Set whether we want constellation to try to do a full re-Auth or not ()
533
+ // true doesn't seem to be working in SDK scenario so always passing false for now
534
+ popupReauth: false /* !this.noInitialRedirect */,
535
+ client_id: authConfig.clientId,
536
+ client_secret: authConfig.clientSecret,
537
+ authentication_service: authConfig.authService,
538
+ redirect_uri: authConfig.redirectUri,
539
+ endPoints: {
540
+ authorize: authConfig.authorizeUri,
541
+ token: authConfig.tokenUri,
542
+ revoke: authConfig.revokeUri
543
+ },
544
+ secureCookie: authConfig.secureCookie,
545
+ onTokenRetrieval: authTokenUpdated
546
+ };
547
+ }
548
+ // Turn off dynamic load components (should be able to do it here instead of after load?)
549
+ constellationBootConfig.dynamicLoadComponents = false;
550
+ // Set envType if appropriate
551
+ if (authConfig.serverType === 'launchpad') {
552
+ constellationBootConfig.envType = 'LAUNCHPAD';
553
+ }
554
+ // Set locale override if specified
555
+ const localeOverride = this.locale;
556
+ if (localeOverride) {
557
+ constellationBootConfig.locale = localeOverride;
558
+ }
559
+ // Set additional headers if specified
560
+ const additionalHeaders = this.#loginProps.additionalHeaders;
561
+ if (additionalHeaders) {
562
+ constellationBootConfig.additionalHeaders = additionalHeaders;
563
+ }
564
+ if (this.bC11NBootstrapInProgress) {
565
+ return;
566
+ }
567
+ this.bC11NBootstrapInProgress = true;
568
+ // Note that staticContentServerUrl already ends with a slash (see above), so no slash added.
569
+ // In order to have this import succeed needed to use the webpackIgnore magic comment tag.
570
+ // See: https://webpack.js.org/api/module-methods/
571
+ import(
572
+ /* webpackIgnore: true */ `${constellationBootConfig.staticContentServerUrl}bootstrap-shell.js?v=${Date.now()}`).then(bootstrapShell => {
573
+ // NOTE: once this callback is done, we lose the ability to access loadMashup.
574
+ // So, create a reference to it
575
+ window.myLoadMashup = bootstrapShell.loadMashup;
576
+ window.myLoadPortal = bootstrapShell.loadPortal;
577
+ window.myLoadDefaultPortal = bootstrapShell.loadDefaultPortal;
578
+ bootstrapShell
579
+ .bootstrapWithAuthHeader(constellationBootConfig, 'pega-root')
580
+ .then(() => {
581
+ // eslint-disable-next-line no-console
582
+ console.log('ConstellationJS bootstrap successful!');
583
+ this.bC11NBootstrapInProgress = false;
584
+ // Setup listener for the reauth event
585
+ if (!this.#bOAuthCustom && tokenInfo) {
586
+ PCore.getPubSubUtils().subscribe(PCore.getConstants().PUB_SUB_EVENTS.EVENT_FULL_REAUTH, fnReauth, 'authFullReauth');
587
+ }
588
+ else {
589
+ // customReauth event introduced with 8.8
590
+ const sEvent = PCore.getConstants().PUB_SUB_EVENTS.EVENT_CUSTOM_REAUTH;
591
+ if (sEvent) {
592
+ PCore.getPubSubUtils().subscribe(sEvent, fnReauth, 'doReauth');
593
+ }
594
+ }
595
+ // Fire SdkConstellationReady event so bridge and app route can do expected post PCore initializations
596
+ const event = new CustomEvent('SdkConstellationReady', {});
597
+ document.dispatchEvent(event);
598
+ })
599
+ .catch(e => {
600
+ // Assume error caught is because token is not valid and attempt a full reauth
601
+ // eslint-disable-next-line no-console
602
+ console.error(`ConstellationJS bootstrap failed. ${e}`);
603
+ this.bC11NBootstrapInProgress = false;
604
+ fnReauth();
605
+ });
606
+ });
607
+ /* Ends here */
608
+ }
609
+ #customConstellationInit(fnReauth) {
610
+ this.#constellationInit(null, null, fnReauth);
611
+ }
612
+ #fireTokenAvailable(token, bLoadC11N = true) {
613
+ if (!token) {
614
+ // This is used on page reload to load the token from sessionStorage and carry on
615
+ token = this.#tokenInfo;
616
+ if (!token) {
617
+ return;
618
+ }
619
+ }
620
+ this.#tokenInfo = token;
621
+ if (this.#tokenStorage === 'always') {
622
+ this.#setStorage(this.#ssKeyTokenInfo, this.#tokenInfo);
623
+ }
624
+ this.#updateLoginStatus();
625
+ // this.isLoggedIn is getting updated in updateLoginStatus
626
+ this.isLoggedIn = true;
627
+ this.usePopupForRestOfSession = true;
628
+ if (!window.PCore && bLoadC11N) {
629
+ this.#constellationInit(token, this.#authTokenUpdated.bind(this), this.#authFullReauth.bind(this));
630
+ }
631
+ /*
632
+ // Create and dispatch the SdkLoggedIn event to trigger constellationInit
633
+ const event = new CustomEvent('SdkLoggedIn', { detail: { authConfig, tokenInfo: token } });
634
+ document.dispatchEvent(event);
635
+ */
636
+ }
637
+ #processTokenOnLogin(token, bLoadC11N = true) {
638
+ this.#tokenInfo = token;
639
+ if (this.#tokenStorage === 'always') {
640
+ this.#setStorage(this.#ssKeyTokenInfo, this.#tokenInfo);
641
+ }
642
+ if (this.#bOAuthCustom) {
643
+ // authHeader setter will also set #authHeader and invoke getAuthUtils().setAuthorizationHeader
644
+ this.authHeader = `${token.token_type} ${token.access_token}`;
645
+ }
646
+ if (window.PCore && !this.#authHeader) {
647
+ PCore.getAuthUtils().setTokens(token);
648
+ }
649
+ else {
650
+ this.#fireTokenAvailable(token, bLoadC11N);
651
+ }
652
+ }
653
+ #doCustomTokenParamsCB() {
654
+ if (this.#authConfig.grantType === 'customBearer' && this.#customTokenParamsCB) {
655
+ try {
656
+ const customTokenParams = this.#customTokenParamsCB();
657
+ if (customTokenParams) {
658
+ this.#authConfig.customTokenParams = customTokenParams;
659
+ }
660
+ }
661
+ catch (e) {
662
+ // eslint-disable-next-line no-console
663
+ console.error(`Error on customTokenParams callback. ${e}`);
664
+ }
665
+ }
666
+ }
216
667
  updateRedirectUri(sRedirectUri) {
217
- __classPrivateFieldGet(this, _AuthManager_authConfig, "f").redirectUri = sRedirectUri;
668
+ this.#authConfig.redirectUri = sRedirectUri;
218
669
  }
219
670
  /**
220
671
  * Get available portals which supports SDK
@@ -230,9 +681,9 @@ class AuthManager {
230
681
  const appAlias = serverConfig.appAlias;
231
682
  const appAliasPath = appAlias ? `/app/${appAlias}` : '';
232
683
  const arExcludedPortals = serverConfig.excludePortals;
233
- const additionalHeaders = __classPrivateFieldGet(this, _AuthManager_loginProps, "f").additionalHeaders || {};
234
- const oHeaders = __classPrivateFieldGet(this, _AuthManager_authHeader, "f")
235
- ? { Authorization: __classPrivateFieldGet(this, _AuthManager_authHeader, "f"), ...additionalHeaders }
684
+ const additionalHeaders = this.#loginProps.additionalHeaders || {};
685
+ const oHeaders = this.#authHeader
686
+ ? { Authorization: this.#authHeader, ...additionalHeaders }
236
687
  : additionalHeaders;
237
688
  const headers = {
238
689
  'Content-Type': 'application/json',
@@ -243,7 +694,7 @@ class AuthManager {
243
694
  return fetch(`${serverUrl}${appAliasPath}/api/v1/data/${dataPageName}`, {
244
695
  method: 'GET',
245
696
  headers,
246
- credentials: __classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie ? 'include' : 'omit'
697
+ credentials: this.#authConfig.secureCookie ? 'include' : 'omit'
247
698
  })
248
699
  .then(response => {
249
700
  if (response.ok && response.status === 200) {
@@ -284,27 +735,66 @@ class AuthManager {
284
735
  });
285
736
  });
286
737
  }
738
+ #updateLoginStatus() {
739
+ if (!this.#authHeader && this.#tokenInfo?.access_token) {
740
+ // Use setter to set this securely
741
+ this.authHeader = `${this.#tokenInfo.token_type} ${this.#tokenInfo.access_token}`;
742
+ }
743
+ this.isLoggedIn =
744
+ !!(this.#authHeader && this.#authHeader.length > 0) ||
745
+ (this.#authConfig.secureCookie && Object.keys(this.#tokenInfo || {}).length > 0);
746
+ }
747
+ // Initiate a full OAuth re-authorization (any refresh token has also expired).
748
+ #authFullReauth() {
749
+ const bHandleHere = true; // Other alternative is to raise an event and have someone else handle it
750
+ if (this.reauthStart) {
751
+ const reauthIgnoreInterval = 300000; // 5 minutes
752
+ const currTime = Date.now();
753
+ const bReauthInProgress = currTime - this.reauthStart <= reauthIgnoreInterval;
754
+ if (bReauthInProgress) {
755
+ return;
756
+ }
757
+ }
758
+ if (bHandleHere) {
759
+ // Don't want to do a full clear of authMgr as will loose state props (like sessionIndex). Rather just clear the tokens
760
+ this.clear(true);
761
+ // eslint-disable-next-line @typescript-eslint/no-use-before-define
762
+ login(true);
763
+ }
764
+ else {
765
+ // Fire the SdkFullReauth event to indicate a new token is needed (PCore.getAuthUtils.setTokens method
766
+ // should be used to communicate the new token to Constellation JS Engine.
767
+ const event = new CustomEvent('SdkFullReauth', {
768
+ detail: this.#processTokenOnLogin.bind(this)
769
+ });
770
+ document.dispatchEvent(event);
771
+ }
772
+ }
773
+ // Passive update where just session storage is updated so can be used on a window refresh
774
+ #authTokenUpdated(tokenInfo) {
775
+ this.#tokenInfo = tokenInfo;
776
+ }
287
777
  // TODO: Cope with 401 and refresh token if possible (or just hope that it succeeds during login)
288
778
  /**
289
779
  * Retrieve UserInfo for current authentication service
290
780
  */
291
781
  getUserInfo() {
292
- if (__classPrivateFieldGet(this, _AuthManager_userInfo, "f")) {
293
- return __classPrivateFieldGet(this, _AuthManager_userInfo, "f");
782
+ if (this.#userInfo) {
783
+ return this.#userInfo;
294
784
  }
295
- return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(aMgr => {
296
- return aMgr.getUserinfo(__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token).then(data => {
297
- __classPrivateFieldSet(this, _AuthManager_userInfo, data, "f");
298
- return __classPrivateFieldGet(this, _AuthManager_userInfo, "f");
785
+ return this.#initialize(false).then(aMgr => {
786
+ return aMgr.getUserinfo(this.#tokenInfo.access_token).then(data => {
787
+ this.#userInfo = data;
788
+ return this.#userInfo;
299
789
  });
300
790
  });
301
791
  }
302
792
  login(bFullReauth = false) {
303
793
  if (this.bCustomAuth)
304
794
  return;
305
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, !bFullReauth).then(aMgr => {
795
+ this.#initialize(!bFullReauth).then(aMgr => {
306
796
  const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
307
- if (__classPrivateFieldGet(this, _AuthManager_authConfig, "f").grantType === 'authCode') {
797
+ if (this.#authConfig.grantType === 'authCode') {
308
798
  const bMainRedirect = !this.noInitialRedirect;
309
799
  let sRedirectUri = sdkConfigAuth.redirectUri;
310
800
  // If initial main redirect is OK, redirect to main page, otherwise will authorize in a popup window
@@ -325,12 +815,12 @@ class AuthManager {
325
815
  this.updateRedirectUri(sRedirectUri);
326
816
  }
327
817
  return new Promise((resolve, reject) => {
328
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doCustomTokenParamsCB).call(this);
818
+ this.#doCustomTokenParamsCB();
329
819
  aMgr
330
820
  .login()
331
821
  .then(token => {
332
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).call(this, token);
333
- if (__classPrivateFieldGet(this, _AuthManager_loadUserinfo, "f")) {
822
+ this.#processTokenOnLogin(token);
823
+ if (this.#loadUserinfo) {
334
824
  this.getUserInfo();
335
825
  }
336
826
  resolve(token.access_token);
@@ -351,17 +841,17 @@ class AuthManager {
351
841
  const state = urlParams.get('state');
352
842
  // If state should also match before accepting code
353
843
  if (code) {
354
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(aMgr => {
844
+ this.#initialize(false).then(aMgr => {
355
845
  if (aMgr.checkStateMatch(state)) {
356
846
  aMgr.getToken(code).then(token => {
357
847
  // Remove any altStateStorage
358
- if (__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage) {
359
- window.localStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
360
- window.localStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
848
+ if (this.#loginProps?.altStateStorage) {
849
+ window.localStorage.removeItem(this.#ssKeySessionInfo);
850
+ window.localStorage.removeItem(this.#ssKeyState);
361
851
  }
362
852
  if (token && token.token_type) {
363
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).call(this, token, false);
364
- if (__classPrivateFieldGet(this, _AuthManager_loadUserinfo, "f")) {
853
+ this.#processTokenOnLogin(token, false);
854
+ if (this.#loadUserinfo) {
365
855
  this.getUserInfo();
366
856
  }
367
857
  if (fnLoggedInCB) {
@@ -387,14 +877,14 @@ class AuthManager {
387
877
  }
388
878
  loginIfNecessary(loginProps) {
389
879
  const { appName, deferLogin, redirectDoneCB, locale } = loginProps;
390
- __classPrivateFieldSet(this, _AuthManager_loginProps, { ...loginProps }, "f");
880
+ this.#loginProps = { ...loginProps };
391
881
  const noMainRedirect = !loginProps.mainRedirect;
392
882
  // We need to load state before making any decisions. If appName is not there
393
883
  // and this is not the first time load...suspect something is wrong and we need to reload
394
884
  if (Object.keys(this.state).length <= this.stateKeysCount || !this.appName) {
395
885
  // Once appName is defined it should exceed this count. If not there should be no
396
886
  // harm trying once more
397
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_loadState).call(this);
887
+ this.#loadState();
398
888
  }
399
889
  // If no initial redirect status of page changed...clear AuthMgr
400
890
  const currNoMainRedirect = this.noInitialRedirect;
@@ -413,9 +903,9 @@ class AuthManager {
413
903
  }
414
904
  // If custom auth no need to do any OAuth logic
415
905
  if (this.bCustomAuth) {
416
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
906
+ this.#updateLoginStatus();
417
907
  if (!window.PCore) {
418
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_customConstellationInit).call(this, () => {
908
+ this.#customConstellationInit(() => {
419
909
  // Fire the SdkCustomReauth event to indicate a new authHeader is needed. Event listener should invoke sdkSetAuthHeader
420
910
  // to communicate the new token to sdk (and Constellation JS Engine)
421
911
  // eslint-disable-next-line @typescript-eslint/no-use-before-define
@@ -444,7 +934,7 @@ class AuthManager {
444
934
  window.location.replace(window.location.pathname);
445
935
  };
446
936
  // INC-B43979 had strange case where sessionStorage was empty after redirects
447
- if (!this.state.sfx && !__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage) {
937
+ if (!this.state.sfx && !this.#loginProps?.altStateStorage) {
448
938
  // Reload the page to trigger another login. Invoking login method here instead didn't
449
939
  // resolve the issue in client environment.
450
940
  this.clear();
@@ -453,11 +943,11 @@ class AuthManager {
453
943
  return this.authRedirectCallback(window.location.href, redirectDoneCB || cbDefault);
454
944
  }
455
945
  if (!deferLogin) {
456
- return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(() => {
457
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
946
+ return this.#initialize(false).then(() => {
947
+ this.#updateLoginStatus();
458
948
  if (this.isLoggedIn) {
459
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_fireTokenAvailable).call(this, __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
460
- if (__classPrivateFieldGet(this, _AuthManager_loadUserinfo, "f")) {
949
+ this.#fireTokenAvailable(this.#tokenInfo);
950
+ if (this.#loadUserinfo) {
461
951
  this.getUserInfo();
462
952
  }
463
953
  }
@@ -468,10 +958,10 @@ class AuthManager {
468
958
  }
469
959
  }
470
960
  logout() {
471
- if (__classPrivateFieldGet(this, _AuthManager_beforeUnloadAdded, "f")) {
472
- window.removeEventListener('beforeunload', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doBeforeUnload).bind(this));
473
- window.removeEventListener('pagehide', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doPageHide).bind(this));
474
- __classPrivateFieldSet(this, _AuthManager_beforeUnloadAdded, false, "f");
961
+ if (this.#beforeUnloadAdded) {
962
+ window.removeEventListener('beforeunload', this.#doBeforeUnload.bind(this));
963
+ window.removeEventListener('pagehide', this.#doPageHide.bind(this));
964
+ this.#beforeUnloadAdded = false;
475
965
  }
476
966
  return new Promise(resolve => {
477
967
  const fnClearAndResolve = () => {
@@ -485,8 +975,8 @@ class AuthManager {
485
975
  return;
486
976
  }
487
977
  // For secure cookie there will not be an access_token so just check for token_type
488
- if (__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f") && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").token_type) {
489
- if (window.PCore && !__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f")) {
978
+ if (this.#tokenInfo && this.#tokenInfo.token_type) {
979
+ if (window.PCore && !this.#bOAuthCustom) {
490
980
  window.PCore.getAuthUtils()
491
981
  .revokeTokens()
492
982
  .catch(err => {
@@ -498,11 +988,11 @@ class AuthManager {
498
988
  });
499
989
  }
500
990
  else {
501
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(aMgr => {
991
+ this.#initialize(false).then(aMgr => {
502
992
  aMgr
503
- .revokeTokens(__classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie ? 'cookie' : __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token, __classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").is_refresh_token_enabled
993
+ .revokeTokens(this.#authConfig.secureCookie ? 'cookie' : this.#tokenInfo.access_token, this.#authConfig.secureCookie && this.#tokenInfo.is_refresh_token_enabled
504
994
  ? 'cookie'
505
- : __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").refresh_token)
995
+ : this.#tokenInfo.refresh_token)
506
996
  .then(() => {
507
997
  // Go to finally
508
998
  })
@@ -518,515 +1008,6 @@ class AuthManager {
518
1008
  });
519
1009
  }
520
1010
  }
521
- _AuthManager_ssKeyPrefix = new WeakMap(), _AuthManager_pegaAuth = new WeakMap(), _AuthManager_ssKeyConfigInfo = new WeakMap(), _AuthManager_ssKeySessionInfo = new WeakMap(), _AuthManager_ssKeyTokenInfo = new WeakMap(), _AuthManager_ssKeyState = new WeakMap(), _AuthManager_authConfig = new WeakMap(), _AuthManager_authDynState = new WeakMap(), _AuthManager_authHeader = new WeakMap(), _AuthManager_customTokenParamsCB = new WeakMap(), _AuthManager_bOAuthCustom = new WeakMap(), _AuthManager_tokenInfo = new WeakMap(), _AuthManager_userInfo = new WeakMap(), _AuthManager_usePASS = new WeakMap(), _AuthManager_beforeUnloadAdded = new WeakMap(), _AuthManager_tokenStorage = new WeakMap(), _AuthManager_transform = new WeakMap(), _AuthManager_foldSpot = new WeakMap(), _AuthManager_loadUserinfo = new WeakMap(), _AuthManager_loginProps = new WeakMap(), _AuthManager_promiseInitialize = new WeakMap(), _AuthManager_instances = new WeakSet(), _AuthManager_transformAndParse = function _AuthManager_transformAndParse(ssKey, ssItem, bForce = false) {
522
- let obj = {};
523
- try {
524
- obj = JSON.parse(__classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformer).call(this, ssKey, ssItem, false, bForce));
525
- }
526
- catch (e) {
527
- // fall thru and return empty object
528
- }
529
- return obj;
530
- }, _AuthManager_getStorage = function _AuthManager_getStorage(ssKey, sAttrib = null) {
531
- let ssItem = ssKey ? window.sessionStorage.getItem(ssKey) : null;
532
- let obj = {};
533
- if (__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage &&
534
- !this.isLoggedIn &&
535
- !ssItem &&
536
- (ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f") || ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"))) {
537
- ssItem = window.localStorage.getItem(ssKey);
538
- }
539
- if (ssItem) {
540
- try {
541
- obj = JSON.parse(ssItem);
542
- }
543
- catch (e) {
544
- obj = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformAndParse).call(this, ssKey, ssItem, true);
545
- }
546
- }
547
- return sAttrib ? obj[sAttrib] : obj;
548
- }, _AuthManager_setStorage = function _AuthManager_setStorage(ssKey, obj, bVerify = false) {
549
- try {
550
- // Set storage only if obj is not empty, else delete the storage
551
- if (!obj || isEmptyObject(obj)) {
552
- window.sessionStorage.removeItem(ssKey);
553
- }
554
- else {
555
- // const bClear = (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo);
556
- const bClear = false;
557
- const sValue = bClear
558
- ? JSON.stringify(obj)
559
- : __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformer).call(this, ssKey, JSON.stringify(obj), true);
560
- window.sessionStorage.setItem(ssKey, sValue);
561
- if (bVerify) {
562
- const sStored = window.sessionStorage.getItem(ssKey);
563
- if (sStored !== sValue) {
564
- // eslint-disable-next-line no-console
565
- console.error(`Failed to properly write sessionStorage (${ssKey})`);
566
- }
567
- }
568
- if (__classPrivateFieldGet(this, _AuthManager_loginProps, "f")?.altStateStorage &&
569
- !this.isLoggedIn &&
570
- (ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f") || ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"))) {
571
- window.localStorage.setItem(ssKey, sValue);
572
- }
573
- }
574
- }
575
- catch (e) {
576
- // eslint-disable-next-line no-console
577
- console.error(`Exception ${e} on attempted write of sessionStorage (${ssKey})`);
578
- }
579
- }, _AuthManager_calcFoldSpot = function _AuthManager_calcFoldSpot(s) {
580
- const nOffset = 1;
581
- const sChar = s.length > nOffset ? s.charAt(nOffset) : '2';
582
- const nSpot = parseInt(sChar, 10);
583
- __classPrivateFieldSet(this, _AuthManager_foldSpot, Number.isNaN(nSpot) ? 2 : (nSpot % 4) + 2, "f");
584
- }, _AuthManager_transformer = function _AuthManager_transformer(ssKey, s, bIn, bForce = false) {
585
- const bTransform = bForce || __classPrivateFieldGet(this, _AuthManager_transform, "f");
586
- const fnFold = (x) => {
587
- const nLen = x.length;
588
- const nExtra = nLen % __classPrivateFieldGet(this, _AuthManager_foldSpot, "f");
589
- const nOffset = Math.floor(nLen / __classPrivateFieldGet(this, _AuthManager_foldSpot, "f")) + nExtra;
590
- const nRem = x.length - nOffset;
591
- return x.substring(bIn ? nOffset : nRem) + x.substring(0, bIn ? nOffset : nRem);
592
- };
593
- const bTknInfo = ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f");
594
- if (bTknInfo && !bIn && bTransform) {
595
- s = window.atob(fnFold(s));
596
- }
597
- // eslint-disable-next-line no-nested-ternary
598
- let result = bTransform ? (bIn ? window.btoa(s) : window.atob(s)) : s;
599
- if (bTknInfo && bIn && bTransform) {
600
- result = fnFold(window.btoa(result));
601
- }
602
- return result;
603
- }, _AuthManager_doUnloadUpdates = function _AuthManager_doUnloadUpdates() {
604
- // Safari and particularly Safari on mobile devices doesn't seem to load this on first main redirect or
605
- // reliably, so have moved to having PegaAuth manage writing all state props to session storage
606
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
607
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
608
- // If tokenStorage was always, token would already be there
609
- if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'temp') {
610
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
611
- }
612
- }, _AuthManager_doBeforeUnload = function _AuthManager_doBeforeUnload() {
613
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doUnloadUpdates).call(this);
614
- }, _AuthManager_doPageHide = function _AuthManager_doPageHide() {
615
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doUnloadUpdates).call(this);
616
- }, _AuthManager_loadState = function _AuthManager_loadState() {
617
- // Note: State storage key doesn't have a client id associated with it
618
- const oState = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
619
- if (oState) {
620
- Object.assign(this.state, oState);
621
- if (this.state.sfx) {
622
- // Setter sets up the ssKey values as well
623
- this.keySuffix = this.state.sfx;
624
- }
625
- }
626
- }, _AuthManager_doOnLoad = function _AuthManager_doOnLoad() {
627
- if (!this.onLoadDone) {
628
- // This authConfig state doesn't collide with other calculated static state...so load it first
629
- // Note: transform setting will have already been loaded into #authConfig at this point
630
- __classPrivateFieldSet(this, _AuthManager_authDynState, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f")), "f");
631
- __classPrivateFieldSet(this, _AuthManager_tokenInfo, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f")), "f");
632
- if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") !== 'always') {
633
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
634
- // Finding on iOS browsers the pageHide event is sometimes not happening causing failed redirects.
635
- if (!this.iOSDevice) {
636
- sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
637
- }
638
- }
639
- this.onLoadDone = true;
640
- }
641
- }, _AuthManager_doAuthDynStateChanged = function _AuthManager_doAuthDynStateChanged() {
642
- // If tokenStorage is setup for always then always persist the auth dynamic state as well
643
- if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always' || this.iOSDevice) {
644
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
645
- }
646
- }, _AuthManager_initialize =
647
- /**
648
- * Initialize OAuth config structure members and create authMgr instance (if necessary)
649
- * bNew - governs whether to create new sessionStorage or load existing one
650
- */
651
- async function _AuthManager_initialize(bNew = false) {
652
- if (!bNew && __classPrivateFieldGet(this, _AuthManager_promiseInitialize, "f")) {
653
- return __classPrivateFieldGet(this, _AuthManager_promiseInitialize, "f");
654
- }
655
- __classPrivateFieldSet(this, _AuthManager_promiseInitialize, new Promise(resolve => {
656
- /* if (!this.initInProgress && (bNew || isEmptyObject(this.#authConfig) || !this.#pegaAuth)) { */
657
- this.initInProgress = true;
658
- getSdkConfig().then(sdkConfig => {
659
- const sdkConfigAuth = sdkConfig.authConfig;
660
- const sdkConfigServer = sdkConfig.serverConfig;
661
- const serverType = sdkConfigServer.serverType || 'infinity';
662
- const bInfinity = serverType === 'infinity';
663
- let pegaUrl = bInfinity
664
- ? sdkConfigServer.infinityRestServerUrl
665
- : sdkConfigServer.launchpadRestServerUrl;
666
- // Expecting boolean true/false or undefined
667
- const secureCookie = !!sdkConfigAuth.secureCookie;
668
- const bNoInitialRedirect = this.noInitialRedirect;
669
- const appAliasSeg = sdkConfigServer.appAlias ? `app/${sdkConfigServer.appAlias}/` : '';
670
- // Construct default OAuth endpoints (if not explicitly specified)
671
- if (pegaUrl) {
672
- // Cope with trailing slash being present
673
- if (!pegaUrl.endsWith('/')) {
674
- pegaUrl += '/';
675
- }
676
- if (!sdkConfigAuth.authorize) {
677
- sdkConfigAuth.authorize = bInfinity
678
- ? `${pegaUrl}PRRestService/oauth2/v1/authorize`
679
- : `${pegaUrl}uas/oauth/authorize`;
680
- }
681
- const infinityOAuth2Url = bInfinity
682
- ? pegaUrl + (secureCookie && appAliasSeg ? `${appAliasSeg}api/` : 'PRRestService/')
683
- : '';
684
- if (!sdkConfigAuth.token) {
685
- sdkConfigAuth.token = bInfinity
686
- ? `${infinityOAuth2Url}oauth2/v1/token`
687
- : `${pegaUrl}uas/oauth/token`;
688
- }
689
- if (!sdkConfigAuth.revoke) {
690
- // Launchpad still does not have a revoke endpoint
691
- sdkConfigAuth.revoke = bInfinity ? `${infinityOAuth2Url}oauth2/v1/revoke` : '';
692
- }
693
- if (!sdkConfigAuth.redirectUri) {
694
- sdkConfigAuth.redirectUri = `${window.location.origin}${window.location.pathname}`;
695
- }
696
- if (!sdkConfigAuth.userinfo) {
697
- sdkConfigAuth.userinfo = bInfinity
698
- ? `${pegaUrl}${appAliasSeg}api/oauthclients/v1/userinfo/JSON`
699
- : '';
700
- }
701
- }
702
- // Auth service alias
703
- if (!sdkConfigAuth.authService) {
704
- sdkConfigAuth.authService = 'pega';
705
- }
706
- // mashupAuthService provides way to have a different auth service for embedded
707
- if (!sdkConfigAuth.mashupAuthService) {
708
- sdkConfigAuth.mashupAuthService = sdkConfigAuth.authService;
709
- }
710
- // Construct path to auth.html (used for case when not doing a main window redirect)
711
- let sNoMainRedirectUri = sdkConfigAuth.redirectUri;
712
- const nLastPathSep = sNoMainRedirectUri.lastIndexOf('/');
713
- sNoMainRedirectUri =
714
- nLastPathSep !== -1
715
- ? `${sNoMainRedirectUri.substring(0, nLastPathSep + 1)}auth.html`
716
- : `${sNoMainRedirectUri}/auth.html`;
717
- const portalGrantType = sdkConfigAuth.portalGrantType || 'authCode';
718
- const mashupGrantType = sdkConfigAuth.mashupGrantType || 'authCode';
719
- // Some grant types are only available with confidential registrations and require a client secret
720
- const clientSecret = bNoInitialRedirect
721
- ? sdkConfigAuth.mashupClientSecret
722
- : sdkConfigAuth.portalClientSecret;
723
- const pegaAuthConfig = {
724
- serverType,
725
- clientId: bNoInitialRedirect
726
- ? sdkConfigAuth.mashupClientId
727
- : sdkConfigAuth.portalClientId,
728
- grantType: bNoInitialRedirect ? mashupGrantType : portalGrantType,
729
- tokenUri: sdkConfigAuth.token,
730
- revokeUri: sdkConfigAuth.revoke,
731
- userinfoUri: sdkConfigAuth.userinfo,
732
- authService: bNoInitialRedirect
733
- ? sdkConfigAuth.mashupAuthService
734
- : sdkConfigAuth.authService,
735
- appAlias: sdkConfigServer.appAlias || '',
736
- useLocking: true
737
- };
738
- if (clientSecret) {
739
- pegaAuthConfig.clientSecret = clientSecret;
740
- }
741
- if (serverType === 'launchpad' && pegaAuthConfig.grantType === 'authCode') {
742
- pegaAuthConfig.noPKCE = true;
743
- }
744
- // Invoke keySuffix setter
745
- // Was using pegaAuthConfig.clientId as key but more secure to just use a random string as getting
746
- // both a clientId and the refresh token could yield a new access token.
747
- // Suffix is so we might in future move to an array of suffixes based on the appName, so might store
748
- // both portal and embedded tokens/session info at same time
749
- if (!this.state?.sfx) {
750
- // Just using a random number to make the suffix unique on each session
751
- this.keySuffix = `${Math.ceil(Math.random() * 100000000)}`;
752
- }
753
- __classPrivateFieldGet(this, _AuthManager_authConfig, "f").transform =
754
- sdkConfigAuth.transform !== undefined ? sdkConfigAuth.transform : __classPrivateFieldGet(this, _AuthManager_transform, "f");
755
- // Using property in class as authConfig may be empty at times
756
- __classPrivateFieldSet(this, _AuthManager_transform, __classPrivateFieldGet(this, _AuthManager_authConfig, "f").transform, "f");
757
- if (sdkConfigAuth.tokenStorage !== undefined) {
758
- __classPrivateFieldSet(this, _AuthManager_tokenStorage, sdkConfigAuth.tokenStorage, "f");
759
- }
760
- if (sdkConfigAuth.secureCookie) {
761
- __classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie = true;
762
- }
763
- // Get latest state once client ids, transform and tokenStorage have been established
764
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doOnLoad).call(this);
765
- // If no clientId is specified assume not OAuth but custom auth
766
- if (pegaAuthConfig.grantType === 'none' || !pegaAuthConfig.clientId) {
767
- this.bCustomAuth = true;
768
- return;
769
- }
770
- // For some OAuth grant type scenarios we opt to pass the Orchestration Engine just an authHeader as
771
- // service broker doesn't have proper support for dealing with refreshing or revoking these:
772
- // * customBearer (except when secureCookie being used)
773
- // * confidential grant types (ones with clientSecret)
774
- // (With 25.1 orchestration engine does support this if client_secret is specified on bootstrap)
775
- __classPrivateFieldSet(this, _AuthManager_bOAuthCustom, (pegaAuthConfig.grantType === 'customBearer' && !secureCookie) || clientSecret, "f");
776
- if (pegaAuthConfig.grantType === 'authCode') {
777
- const authCodeProps = {
778
- authorizeUri: sdkConfigAuth.authorize,
779
- // If we have already specified a redirect on the authorize redirect, we need to continue to use that
780
- // on token endpoint
781
- redirectUri: bNoInitialRedirect || this.usePopupForRestOfSession
782
- ? sNoMainRedirectUri
783
- : sdkConfigAuth.redirectUri
784
- };
785
- if ('silentTimeout' in sdkConfigAuth) {
786
- authCodeProps.silentTimeout = sdkConfigAuth.silentTimeout;
787
- }
788
- if (bNoInitialRedirect &&
789
- pegaAuthConfig.authService === 'pega' &&
790
- sdkConfigAuth.mashupUserIdentifier &&
791
- sdkConfigAuth.mashupPassword) {
792
- authCodeProps.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
793
- authCodeProps.password = sdkConfigAuth.mashupPassword;
794
- }
795
- if ('iframeLoginUI' in sdkConfigAuth) {
796
- authCodeProps.iframeLoginUI =
797
- sdkConfigAuth.iframeLoginUI.toString().toLowerCase() === 'true';
798
- }
799
- Object.assign(pegaAuthConfig, authCodeProps);
800
- }
801
- else if (pegaAuthConfig.grantType === 'passwordCreds') {
802
- pegaAuthConfig.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
803
- pegaAuthConfig.password = sdkConfigAuth.mashupPassword;
804
- }
805
- Object.assign(__classPrivateFieldGet(this, _AuthManager_authConfig, "f"), pegaAuthConfig);
806
- // Add beforeunload and page hide handlers to write out key properties that we want to survive a
807
- // browser reload
808
- if (!__classPrivateFieldGet(this, _AuthManager_beforeUnloadAdded, "f") && (!__classPrivateFieldGet(this, _AuthManager_usePASS, "f") || __classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") !== 'always')) {
809
- window.addEventListener('beforeunload', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doBeforeUnload).bind(this));
810
- window.addEventListener('pagehide', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doPageHide).bind(this));
811
- __classPrivateFieldSet(this, _AuthManager_beforeUnloadAdded, true, "f");
812
- }
813
- // Initialize PegaAuth OAuth 2.0 client library
814
- if (__classPrivateFieldGet(this, _AuthManager_usePASS, "f")) {
815
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authConfig, "f"));
816
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
817
- __classPrivateFieldSet(this, _AuthManager_pegaAuth, new PegaAuth(__classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"), __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f")), "f");
818
- }
819
- else {
820
- __classPrivateFieldGet(this, _AuthManager_authConfig, "f").fnDynStateChangedCB = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doAuthDynStateChanged).bind(this);
821
- __classPrivateFieldSet(this, _AuthManager_pegaAuth, new PegaAuth(__classPrivateFieldGet(this, _AuthManager_authConfig, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f")), "f");
822
- }
823
- this.initInProgress = false;
824
- resolve(__classPrivateFieldGet(this, _AuthManager_pegaAuth, "f"));
825
- });
826
- }), "f");
827
- return __classPrivateFieldGet(this, _AuthManager_promiseInitialize, "f");
828
- }, _AuthManager_constellationInit = function _AuthManager_constellationInit(tokenInfo, authTokenUpdated, fnReauth) {
829
- const constellationBootConfig = {};
830
- const sdkConfigServer = SdkConfigAccess.getSdkConfigServer();
831
- const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
832
- const authConfig = __classPrivateFieldGet(this, _AuthManager_authConfig, "f");
833
- // Set up constellationConfig with data that bootstrapWithAuthHeader expects
834
- constellationBootConfig.customRendering = true;
835
- constellationBootConfig.restServerUrl = sdkConfigServer.infinityRestServerUrl;
836
- // NOTE: Needs a trailing slash! So add one if not provided
837
- if (!sdkConfigServer.sdkContentServerUrl.endsWith('/')) {
838
- sdkConfigServer.sdkContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}/`;
839
- }
840
- constellationBootConfig.staticContentServerUrl = `${sdkConfigServer.sdkContentServerUrl}constellation/`;
841
- if (!constellationBootConfig.staticContentServerUrl.endsWith('/')) {
842
- constellationBootConfig.staticContentServerUrl = `${constellationBootConfig.staticContentServerUrl}/`;
843
- }
844
- // If appAlias specified, use it
845
- if (sdkConfigServer.appAlias) {
846
- constellationBootConfig.appAlias = sdkConfigServer.appAlias;
847
- }
848
- // Determine whether to send credentials with DX API transactions
849
- if (sdkConfigAuth.customCookies) {
850
- constellationBootConfig.customCookies = true;
851
- }
852
- if (__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f") || !tokenInfo) {
853
- if (tokenInfo) {
854
- __classPrivateFieldSet(this, _AuthManager_authHeader, `${tokenInfo.token_type} ${tokenInfo.access_token}`, "f");
855
- }
856
- if (__classPrivateFieldGet(this, _AuthManager_authHeader, "f")) {
857
- constellationBootConfig.authorizationHeader = __classPrivateFieldGet(this, _AuthManager_authHeader, "f");
858
- }
859
- }
860
- else {
861
- // Pass in auth info to Constellation
862
- constellationBootConfig.authInfo = {
863
- authType: 'OAuth2.0',
864
- tokenInfo,
865
- // Set whether we want constellation to try to do a full re-Auth or not ()
866
- // true doesn't seem to be working in SDK scenario so always passing false for now
867
- popupReauth: false /* !this.noInitialRedirect */,
868
- client_id: authConfig.clientId,
869
- client_secret: authConfig.clientSecret,
870
- authentication_service: authConfig.authService,
871
- redirect_uri: authConfig.redirectUri,
872
- endPoints: {
873
- authorize: authConfig.authorizeUri,
874
- token: authConfig.tokenUri,
875
- revoke: authConfig.revokeUri
876
- },
877
- secureCookie: authConfig.secureCookie,
878
- onTokenRetrieval: authTokenUpdated
879
- };
880
- }
881
- // Turn off dynamic load components (should be able to do it here instead of after load?)
882
- constellationBootConfig.dynamicLoadComponents = false;
883
- // Set envType if appropriate
884
- if (authConfig.serverType === 'launchpad') {
885
- constellationBootConfig.envType = 'LAUNCHPAD';
886
- }
887
- // Set locale override if specified
888
- const localeOverride = this.locale;
889
- if (localeOverride) {
890
- constellationBootConfig.locale = localeOverride;
891
- }
892
- // Set additional headers if specified
893
- const additionalHeaders = __classPrivateFieldGet(this, _AuthManager_loginProps, "f").additionalHeaders;
894
- if (additionalHeaders) {
895
- constellationBootConfig.additionalHeaders = additionalHeaders;
896
- }
897
- if (this.bC11NBootstrapInProgress) {
898
- return;
899
- }
900
- this.bC11NBootstrapInProgress = true;
901
- // Note that staticContentServerUrl already ends with a slash (see above), so no slash added.
902
- // In order to have this import succeed needed to use the webpackIgnore magic comment tag.
903
- // See: https://webpack.js.org/api/module-methods/
904
- import(
905
- /* webpackIgnore: true */ `${constellationBootConfig.staticContentServerUrl}bootstrap-shell.js?v=${Date.now()}`).then(bootstrapShell => {
906
- // NOTE: once this callback is done, we lose the ability to access loadMashup.
907
- // So, create a reference to it
908
- window.myLoadMashup = bootstrapShell.loadMashup;
909
- window.myLoadPortal = bootstrapShell.loadPortal;
910
- window.myLoadDefaultPortal = bootstrapShell.loadDefaultPortal;
911
- bootstrapShell
912
- .bootstrapWithAuthHeader(constellationBootConfig, 'pega-root')
913
- .then(() => {
914
- // eslint-disable-next-line no-console
915
- console.log('ConstellationJS bootstrap successful!');
916
- this.bC11NBootstrapInProgress = false;
917
- // Setup listener for the reauth event
918
- if (!__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f") && tokenInfo) {
919
- PCore.getPubSubUtils().subscribe(PCore.getConstants().PUB_SUB_EVENTS.EVENT_FULL_REAUTH, fnReauth, 'authFullReauth');
920
- }
921
- else {
922
- // customReauth event introduced with 8.8
923
- const sEvent = PCore.getConstants().PUB_SUB_EVENTS.EVENT_CUSTOM_REAUTH;
924
- if (sEvent) {
925
- PCore.getPubSubUtils().subscribe(sEvent, fnReauth, 'doReauth');
926
- }
927
- }
928
- // Fire SdkConstellationReady event so bridge and app route can do expected post PCore initializations
929
- const event = new CustomEvent('SdkConstellationReady', {});
930
- document.dispatchEvent(event);
931
- })
932
- .catch(e => {
933
- // Assume error caught is because token is not valid and attempt a full reauth
934
- // eslint-disable-next-line no-console
935
- console.error(`ConstellationJS bootstrap failed. ${e}`);
936
- this.bC11NBootstrapInProgress = false;
937
- fnReauth();
938
- });
939
- });
940
- /* Ends here */
941
- }, _AuthManager_customConstellationInit = function _AuthManager_customConstellationInit(fnReauth) {
942
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_constellationInit).call(this, null, null, fnReauth);
943
- }, _AuthManager_fireTokenAvailable = function _AuthManager_fireTokenAvailable(token, bLoadC11N = true) {
944
- if (!token) {
945
- // This is used on page reload to load the token from sessionStorage and carry on
946
- token = __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f");
947
- if (!token) {
948
- return;
949
- }
950
- }
951
- __classPrivateFieldSet(this, _AuthManager_tokenInfo, token, "f");
952
- if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
953
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
954
- }
955
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
956
- // this.isLoggedIn is getting updated in updateLoginStatus
957
- this.isLoggedIn = true;
958
- this.usePopupForRestOfSession = true;
959
- if (!window.PCore && bLoadC11N) {
960
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_constellationInit).call(this, token, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authTokenUpdated).bind(this), __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authFullReauth).bind(this));
961
- }
962
- /*
963
- // Create and dispatch the SdkLoggedIn event to trigger constellationInit
964
- const event = new CustomEvent('SdkLoggedIn', { detail: { authConfig, tokenInfo: token } });
965
- document.dispatchEvent(event);
966
- */
967
- }, _AuthManager_processTokenOnLogin = function _AuthManager_processTokenOnLogin(token, bLoadC11N = true) {
968
- __classPrivateFieldSet(this, _AuthManager_tokenInfo, token, "f");
969
- if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
970
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
971
- }
972
- if (__classPrivateFieldGet(this, _AuthManager_bOAuthCustom, "f")) {
973
- // authHeader setter will also set #authHeader and invoke getAuthUtils().setAuthorizationHeader
974
- this.authHeader = `${token.token_type} ${token.access_token}`;
975
- }
976
- if (window.PCore && !__classPrivateFieldGet(this, _AuthManager_authHeader, "f")) {
977
- PCore.getAuthUtils().setTokens(token);
978
- }
979
- else {
980
- __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_fireTokenAvailable).call(this, token, bLoadC11N);
981
- }
982
- }, _AuthManager_doCustomTokenParamsCB = function _AuthManager_doCustomTokenParamsCB() {
983
- if (__classPrivateFieldGet(this, _AuthManager_authConfig, "f").grantType === 'customBearer' && __classPrivateFieldGet(this, _AuthManager_customTokenParamsCB, "f")) {
984
- try {
985
- const customTokenParams = __classPrivateFieldGet(this, _AuthManager_customTokenParamsCB, "f").call(this);
986
- if (customTokenParams) {
987
- __classPrivateFieldGet(this, _AuthManager_authConfig, "f").customTokenParams = customTokenParams;
988
- }
989
- }
990
- catch (e) {
991
- // eslint-disable-next-line no-console
992
- console.error(`Error on customTokenParams callback. ${e}`);
993
- }
994
- }
995
- }, _AuthManager_updateLoginStatus = function _AuthManager_updateLoginStatus() {
996
- if (!__classPrivateFieldGet(this, _AuthManager_authHeader, "f") && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f")?.access_token) {
997
- // Use setter to set this securely
998
- this.authHeader = `${__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").token_type} ${__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token}`;
999
- }
1000
- this.isLoggedIn =
1001
- !!(__classPrivateFieldGet(this, _AuthManager_authHeader, "f") && __classPrivateFieldGet(this, _AuthManager_authHeader, "f").length > 0) ||
1002
- (__classPrivateFieldGet(this, _AuthManager_authConfig, "f").secureCookie && Object.keys(__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f") || {}).length > 0);
1003
- }, _AuthManager_authFullReauth = function _AuthManager_authFullReauth() {
1004
- const bHandleHere = true; // Other alternative is to raise an event and have someone else handle it
1005
- if (this.reauthStart) {
1006
- const reauthIgnoreInterval = 300000; // 5 minutes
1007
- const currTime = Date.now();
1008
- const bReauthInProgress = currTime - this.reauthStart <= reauthIgnoreInterval;
1009
- if (bReauthInProgress) {
1010
- return;
1011
- }
1012
- }
1013
- if (bHandleHere) {
1014
- // Don't want to do a full clear of authMgr as will loose state props (like sessionIndex). Rather just clear the tokens
1015
- this.clear(true);
1016
- // eslint-disable-next-line @typescript-eslint/no-use-before-define
1017
- login(true);
1018
- }
1019
- else {
1020
- // Fire the SdkFullReauth event to indicate a new token is needed (PCore.getAuthUtils.setTokens method
1021
- // should be used to communicate the new token to Constellation JS Engine.
1022
- const event = new CustomEvent('SdkFullReauth', {
1023
- detail: __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).bind(this)
1024
- });
1025
- document.dispatchEvent(event);
1026
- }
1027
- }, _AuthManager_authTokenUpdated = function _AuthManager_authTokenUpdated(tokenInfo) {
1028
- __classPrivateFieldSet(this, _AuthManager_tokenInfo, tokenInfo, "f");
1029
- };
1030
1011
  const gAuthMgr = new AuthManager();
1031
1012
  // TODO: Cope with 401 and refresh token if possible (or just hope that it succeeds during login)
1032
1013
  /**