@theshelf/authentication 0.1.0 → 0.2.0

package/README.md

@@ -18,59 +18,57 @@ This package is based on the following authentication flow:
 npm install @theshelf/authentication
 ```
 
-## Implementations
+## Drivers
 
-Currently, there is only one implementation:
+Currently, there are two drivers available:
 
 * **OpenID** - persistent document storage.
 * **Google** - authentication via Google accounts
 
-## Configuration
+## How to use
 
-The used implementation needs to be configured in the `.env` file, together with the client URL.
+The basic set up looks like this.
 
-```env
-AUTHENTICATION_IMPLEMENTATION="openid"
-AUTHENTICATION_CLIENT_URI="https://application.com/authenticate"
-```
+```ts
+import IdentityProvider, { OpenIDDriver | GoogleDriver as SelectedDriver } from '@theshelf/authentication';
 
-In case of OpenID, additional configuration is required.
+const driver = new SelectedDriver(/* configuration */);
+const identityProvider = new IdentityProvider(driver);
 
-```env
-OPENID_ISSUER="https://identityprovider.com"
-OPENID_CLIENT_ID="openid"
-OPENID_CLIENT_SECRET=""
-OPENID_REDIRECT_PATH="https://application.com/login"
-OPENID_ALLOW_INSECURE_REQUESTS=false
+// Perform operations with the identityProvider instance
 ```
 
-In case of Google, the following configuration is required.
+### Configuration
 
-```env
-GOOGLE_ISSUER="https://accounts.google.com"
-GOOGLE_CLIENT_ID="google-client-id.apps.googleusercontent.com"
-GOOGLE_CLIENT_SECRET=""
-GOOGLE_REDIRECT_PATH="https://application.com/login"
-GOOGLE_ACCESS_TYPE="offline"
-GOOGLE_ORGANIZATION_DOMAIN="yourdomain.com"
-```
-
-The ACCESS_TYPE can be either `online` or `offline`. The default is `offline`, which provides refresh tokens. The ORGANIZATION_DOMAIN can be used to restrict login to a specific Google Workspace domain.
+#### OpenID driver
 
-## How to use
+```ts
+type OpenIDConfiguration = {
+    issuer: string; // URL to the provider
+    clientId: string; // provided by the provider
+    clientSecret: string; // provided by the provider
+    redirectPath: string; // e.g. "https://application.com/login"
+    allowInsecureRequests: boolean; // only set to false in development
+};
+```
 
-An instance of the configured identity provider implementation can be imported for performing authentication operations.
+#### Google driver
 
 ```ts
-import identityProvider from '@theshelf/authentication';
-
-// Perform operations with the identityProvider instance
+type GoogleConfiguration = {
+    issuer: string; // "https://accounts.google.com"
+    clientId: string; // provided by Google
+    clientSecret: string; // provided by Google
+    redirectPath: string; // e.g. "https://application.com/login"
+    accessType: string; // "online" | "offline"
+    organizationDomain: string; // "application.com"
+};
 ```
 
 ### Operations
 
 ```ts
-import identityProvider, { Session } from '@theshelf/authentication';
+import { Session } from '@theshelf/authentication';
 
 // Open connection
 await identityProvider.connect();

package/dist/ConnectionManager.d.ts

@@ -0,0 +1,9 @@
+import type { ConnectionState } from './definitions/constants.js';
+import type { Driver } from './definitions/interfaces.js';
+export default class ConnectionManager {
+    #private;
+    constructor(driver: Driver);
+    get state(): ConnectionState;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+}

package/dist/ConnectionManager.js

@@ -0,0 +1,53 @@
+import { ConnectionStates } from './definitions/constants.js';
+export default class ConnectionManager {
+    #driver;
+    #state = ConnectionStates.DISCONNECTED;
+    #connectPromise;
+    #disconnectPromise;
+    constructor(driver) {
+        this.#driver = driver;
+    }
+    get state() { return this.#state; }
+    async connect() {
+        if (this.#connectPromise !== undefined) {
+            return this.#connectPromise;
+        }
+        if (this.#state !== ConnectionStates.DISCONNECTED) {
+            return;
+        }
+        this.#state = ConnectionStates.CONNECTING;
+        try {
+            this.#connectPromise = this.#driver.connect();
+            await this.#connectPromise;
+            this.#state = ConnectionStates.CONNECTED;
+        }
+        catch (error) {
+            this.#state = ConnectionStates.DISCONNECTED;
+            throw error;
+        }
+        finally {
+            this.#connectPromise = undefined;
+        }
+    }
+    async disconnect() {
+        if (this.#disconnectPromise !== undefined) {
+            return this.#disconnectPromise;
+        }
+        if (this.#state !== ConnectionStates.CONNECTED) {
+            return;
+        }
+        this.#state = ConnectionStates.DISCONNECTING;
+        try {
+            this.#disconnectPromise = this.#driver.disconnect();
+            await this.#disconnectPromise;
+            this.#state = ConnectionStates.DISCONNECTED;
+        }
+        catch (error) {
+            this.#state = ConnectionStates.CONNECTED;
+            throw error;
+        }
+        finally {
+            this.#disconnectPromise = undefined;
+        }
+    }
+}

package/dist/IdentityProvider.d.ts

@@ -0,0 +1,15 @@
+import type { ConnectionState } from './definitions/constants.js';
+import type { Driver } from './definitions/interfaces.js';
+import type { Session } from './definitions/types.js';
+export default class IdentityProvider implements Driver {
+    #private;
+    constructor(driver: Driver);
+    get connectionState(): ConnectionState;
+    get connected(): boolean;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    getLoginUrl(origin: string): Promise<string>;
+    login(origin: string, data: Record<string, unknown>): Promise<Session>;
+    refresh(session: Session): Promise<Session>;
+    logout(session: Session): Promise<void>;
+}

package/dist/IdentityProvider.js

@@ -0,0 +1,34 @@
+import { ConnectionStates } from './definitions/constants.js';
+import ConnectionManager from './ConnectionManager.js';
+export default class IdentityProvider {
+    #driver;
+    #connectionManager;
+    constructor(driver) {
+        this.#driver = driver;
+        this.#connectionManager = new ConnectionManager(driver);
+    }
+    get connectionState() {
+        return this.#connectionManager.state;
+    }
+    get connected() {
+        return this.connectionState === ConnectionStates.CONNECTED;
+    }
+    connect() {
+        return this.#connectionManager.connect();
+    }
+    disconnect() {
+        return this.#connectionManager.disconnect();
+    }
+    getLoginUrl(origin) {
+        return this.#driver.getLoginUrl(origin);
+    }
+    login(origin, data) {
+        return this.#driver.login(origin, data);
+    }
+    refresh(session) {
+        return this.#driver.refresh(session);
+    }
+    logout(session) {
+        return this.#driver.logout(session);
+    }
+}

package/dist/definitions/constants.d.ts

@@ -0,0 +1,7 @@
+export declare const ConnectionStates: {
+    readonly DISCONNECTED: "DISCONNECTED";
+    readonly DISCONNECTING: "DISCONNECTING";
+    readonly CONNECTING: "CONNECTING";
+    readonly CONNECTED: "CONNECTED";
+};
+export type ConnectionState = typeof ConnectionStates[keyof typeof ConnectionStates];

package/dist/definitions/constants.js

@@ -0,0 +1,6 @@
+export const ConnectionStates = {
+    DISCONNECTED: 'DISCONNECTED',
+    DISCONNECTING: 'DISCONNECTING',
+    CONNECTING: 'CONNECTING',
+    CONNECTED: 'CONNECTED'
+};

package/dist/definitions/interfaces.d.ts

@@ -1,5 +1,5 @@
 import type { Session } from './types.js';
-export interface IdentityProvider {
+export interface Driver {
     get connected(): boolean;
     connect(): Promise<void>;
     disconnect(): Promise<void>;

package/dist/definitions/types.d.ts

@@ -11,7 +11,7 @@ type Session = {
     requester?: unknown;
     identity: Identity;
     accessToken: Token;
-    refreshToken: Token;
+    refreshToken?: Token;
     expires: Date;
 };
 export type { Identity, Session };

package/dist/{implementations/google → drivers}/Google.d.ts

@@ -1,5 +1,5 @@
-import type { IdentityProvider } from '../../definitions/interfaces.js';
-import type { Session } from '../../definitions/types.js';
+import type { Driver } from '../definitions/interfaces.js';
+import type { Session } from '../definitions/types.js';
 type GoogleConfiguration = {
     issuer: string;
     clientId: string;
@@ -8,7 +8,7 @@ type GoogleConfiguration = {
     accessType: string;
     organizationDomain: string;
 };
-export default class OpenID implements IdentityProvider {
+export default class OpenID implements Driver {
     #private;
     constructor(configuration: GoogleConfiguration);
     get connected(): boolean;

package/dist/{implementations/google → drivers}/Google.js

@@ -1,7 +1,8 @@
 import { authorizationCodeGrant, buildAuthorizationUrl, calculatePKCECodeChallenge, discovery, fetchUserInfo, randomNonce, randomPKCECodeVerifier, refreshTokenGrant, tokenRevocation } from 'openid-client';
 import crypto from 'node:crypto';
-import LoginFailed from '../../errors/LoginFailed.js';
-import NotConnected from '../../errors/NotConnected.js';
+import LoginFailed from '../errors/LoginFailed.js';
+import RefreshFailed from '../errors/RefreshFailed.js';
+import NotConnected from '../errors/NotConnected.js';
 const SECRET = crypto.randomUUID() + crypto.randomUUID();
 const TTL = 30000;
 export default class OpenID {
@@ -51,7 +52,7 @@ export default class OpenID {
         const clientConfiguration = this.#getClientConfiguration();
         const url = new URL(this.#providerConfiguration.redirectPath, origin);
         for (const [key, value] of Object.entries(data)) {
-            url.searchParams.set(key, value);
+            url.searchParams.set(key, String(value));
         }
         const payload = this.#getPayload(data.state);
         const tokens = await authorizationCodeGrant(clientConfiguration, url, {
@@ -80,6 +81,9 @@ export default class OpenID {
         };
     }
     async refresh(session) {
+        if (session.refreshToken === undefined) {
+            throw new RefreshFailed('Missing refresh token');
+        }
         const config = this.#getClientConfiguration();
         const tokens = await refreshTokenGrant(config, session.refreshToken);
         const claims = this.#getClaims(tokens);
@@ -94,7 +98,7 @@ export default class OpenID {
     }
     logout(session) {
         const config = this.#getClientConfiguration();
-        return tokenRevocation(config, session.refreshToken);
+        return tokenRevocation(config, session.refreshToken ?? session.accessToken);
     }
     #getClientConfiguration() {
         if (this.#clientConfiguration === undefined) {

package/dist/{implementations/openid → drivers}/OpenID.d.ts

@@ -1,5 +1,5 @@
-import type { IdentityProvider } from '../../definitions/interfaces.js';
-import type { Session } from '../../definitions/types.js';
+import type { Driver } from '../definitions/interfaces.js';
+import type { Session } from '../definitions/types.js';
 type OpenIDConfiguration = {
     issuer: string;
     clientId: string;
@@ -7,7 +7,7 @@ type OpenIDConfiguration = {
     redirectPath: string;
     allowInsecureRequests: boolean;
 };
-export default class OpenID implements IdentityProvider {
+export default class OpenID implements Driver {
     #private;
     constructor(configuration: OpenIDConfiguration);
     get connected(): boolean;

package/dist/{implementations/openid → drivers}/OpenID.js

@@ -1,6 +1,7 @@
 import { allowInsecureRequests, authorizationCodeGrant, buildAuthorizationUrlWithPAR, calculatePKCECodeChallenge, discovery, fetchUserInfo, randomPKCECodeVerifier, refreshTokenGrant, tokenRevocation } from 'openid-client';
-import LoginFailed from '../../errors/LoginFailed.js';
-import NotConnected from '../../errors/NotConnected.js';
+import LoginFailed from '../errors/LoginFailed.js';
+import RefreshFailed from '../errors/RefreshFailed.js';
+import NotConnected from '../errors/NotConnected.js';
 export default class OpenID {
     #providerConfiguration;
     #clientConfiguration;
@@ -40,7 +41,7 @@ export default class OpenID {
         const clientConfiguration = this.#getClientConfiguration();
         const url = new URL(this.#providerConfiguration.redirectPath, origin);
         for (const [key, value] of Object.entries(data)) {
-            url.searchParams.set(key, value);
+            url.searchParams.set(key, String(value));
         }
         const tokens = await authorizationCodeGrant(clientConfiguration, url, {
             pkceCodeVerifier: this.#codeVerifier,
@@ -66,6 +67,9 @@ export default class OpenID {
         };
     }
     async refresh(session) {
+        if (session.refreshToken === undefined) {
+            throw new RefreshFailed('Missing refresh token');
+        }
         const config = this.#getClientConfiguration();
         const tokens = await refreshTokenGrant(config, session.refreshToken);
         const claims = this.#getClaims(tokens);
@@ -80,7 +84,7 @@ export default class OpenID {
     }
     logout(session) {
         const config = this.#getClientConfiguration();
-        return tokenRevocation(config, session.refreshToken);
+        return tokenRevocation(config, session.refreshToken ?? session.accessToken);
     }
     #getClientConfiguration() {
         if (this.#clientConfiguration === undefined) {

package/dist/errors/AuthenticationError.d.ts

@@ -1,2 +1,3 @@
 export default class AuthenticationError extends Error {
+    constructor(message?: string);
 }

package/dist/errors/AuthenticationError.js

@@ -1,2 +1,9 @@
 export default class AuthenticationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = this.constructor.name;
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
+    }
 }

package/dist/errors/RefreshFailed.d.ts

@@ -0,0 +1,3 @@
+import AuthenticationError from './AuthenticationError.js';
+export default class RefreshFailed extends AuthenticationError {
+}

package/dist/errors/RefreshFailed.js

@@ -0,0 +1,3 @@
+import AuthenticationError from './AuthenticationError.js';
+export default class RefreshFailed extends AuthenticationError {
+}

package/dist/index.d.ts

@@ -1,6 +1,7 @@
-export * from './definitions/interfaces.js';
-export * from './definitions/types.js';
+export type * from './definitions/interfaces.js';
+export type * from './definitions/types.js';
 export { default as AuthenticationError } from './errors/AuthenticationError.js';
 export { default as NotConnected } from './errors/NotConnected.js';
-export { default as UnknownImplementation } from './errors/UnknownImplementation.js';
-export { default } from './implementation.js';
+export { default as GoogleDriver } from './drivers/Google.js';
+export { default as OpenIDDriver } from './drivers/OpenID.js';
+export { default } from './IdentityProvider.js';

package/dist/index.js

@@ -1,6 +1,5 @@
-export * from './definitions/interfaces.js';
-export * from './definitions/types.js';
 export { default as AuthenticationError } from './errors/AuthenticationError.js';
 export { default as NotConnected } from './errors/NotConnected.js';
-export { default as UnknownImplementation } from './errors/UnknownImplementation.js';
-export { default } from './implementation.js';
+export { default as GoogleDriver } from './drivers/Google.js';
+export { default as OpenIDDriver } from './drivers/OpenID.js';
+export { default } from './IdentityProvider.js';

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@theshelf/authentication",
   "private": false,
-  "version": "0.1.0",
+  "version": "0.2.0",
   "type": "module",
   "repository": {
     "url": "https://github.com/MaskingTechnology/theshelf"

package/dist/errors/UnknownImplementation.d.ts

@@ -1,4 +0,0 @@
-import AuthenticationError from './AuthenticationError.js';
-export default class UnknownImplementation extends AuthenticationError {
-    constructor(name: string);
-}

package/dist/errors/UnknownImplementation.js

@@ -1,6 +0,0 @@
-import AuthenticationError from './AuthenticationError.js';
-export default class UnknownImplementation extends AuthenticationError {
-    constructor(name) {
-        super(`Unknown authentication implementation: ${name}`);
-    }
-}

package/dist/implementation.d.ts

@@ -1,3 +0,0 @@
-import type { IdentityProvider } from './definitions/interfaces.js';
-declare const _default: IdentityProvider;
-export default _default;

package/dist/implementation.js

@@ -1,14 +0,0 @@
-import UnknownImplementation from './errors/UnknownImplementation.js';
-import createGoogle from './implementations/google/create.js';
-import createOpenID from './implementations/openid/create.js';
-const implementations = new Map([
-    ['openid', createOpenID],
-    ['google', createGoogle]
-]);
-const DEFAULT_AUTHENTICATION_IMPLEMENTATION = 'openid';
-const implementationName = process.env.AUTHENTICATION_IMPLEMENTATION ?? DEFAULT_AUTHENTICATION_IMPLEMENTATION;
-const creator = implementations.get(implementationName.toLowerCase());
-if (creator === undefined) {
-    throw new UnknownImplementation(implementationName);
-}
-export default creator();

package/dist/implementations/google/create.d.ts

@@ -1,2 +0,0 @@
-import Google from './Google.js';
-export default function create(): Google;

package/dist/implementations/google/create.js

@@ -1,10 +0,0 @@
-import Google from './Google.js';
-export default function create() {
-    const issuer = process.env.GOOGLE_ISSUER ?? 'undefined';
-    const clientId = process.env.GOOGLE_CLIENT_ID ?? 'undefined';
-    const clientSecret = process.env.GOOGLE_CLIENT_SECRET ?? 'undefined';
-    const redirectPath = process.env.GOOGLE_REDIRECT_PATH ?? 'undefined';
-    const accessType = process.env.GOOGLE_ACCESS_TYPE ?? 'online';
-    const organizationDomain = process.env.GOOGLE_ORGANIZATION_DOMAIN ?? '';
-    return new Google({ issuer, clientId, clientSecret, redirectPath, accessType, organizationDomain });
-}

package/dist/implementations/openid/create.d.ts

@@ -1,2 +0,0 @@
-import OpenID from './OpenID.js';
-export default function create(): OpenID;

package/dist/implementations/openid/create.js

@@ -1,9 +0,0 @@
-import OpenID from './OpenID.js';
-export default function create() {
-    const issuer = process.env.OPENID_ISSUER ?? 'undefined';
-    const clientId = process.env.OPENID_CLIENT_ID ?? 'undefined';
-    const clientSecret = process.env.OPENID_CLIENT_SECRET ?? 'undefined';
-    const redirectPath = process.env.OPENID_REDIRECT_PATH ?? 'undefined';
-    const allowInsecureRequests = process.env.OPENID_ALLOW_INSECURE_REQUESTS === 'true';
-    return new OpenID({ issuer, clientId, clientSecret, redirectPath, allowInsecureRequests });
-}